#kubernetes
27 posts
-
The Most Important Image in Your Registry Has No Application Code
Your debug container — the one with curl, dig, tcpdump, and nmap — is the image you'll reach for when everything else stops making sense. Treat it accordingly.
-
The Upgrade Treadmill Never Stops
Kubernetes releases three versions a year and supports each for fourteen months. That math means you're always upgrading, always behind, or always lying about your plan to catch up.
-
Every Abstraction Leaks, and That's the Point
Kubernetes hides the nodes. Service meshes hide the network. Terraform hides the API calls. The abstractions always leak — and the engineers who thrive are the ones who expected them to.
-
Every Cluster Has a Junk Drawer Namespace
The default namespace is where good intentions go to die. Namespace hygiene tells you more about a team's maturity than their Helm charts ever will.
-
Your Platform Team Is a Product Team (Whether You Like It Or Not)
If your developers avoid your internal platform, you don't have an adoption problem. You have a product problem. Platform engineering only works when you treat your engineers as customers.
-
Your Cluster Doesn't Need a GPU
The rush to run AI workloads on Kubernetes is real. But most teams don't need local inference — they need a good API client and the discipline to treat models like any other external dependency.
-
GitOps Is a One-Way Door
Once you make Git the source of truth for your infrastructure, going back isn't really an option. That's a feature, but only if you walk through the door deliberately.
-
Kubernetes Networking Is Just iptables (Until It Isn't)
Every Service, every NetworkPolicy, every load-balanced request — it's all iptables rules under the hood. Understanding what's underneath changes how you debug everything.
-
Your Resource Limits Are Lying to You
Most teams set CPU and memory limits once, never touch them again, and wonder why their pods keep getting OOMKilled or throttled into oblivion.
-
Observability Is Not Free
Everyone says you need metrics, logs, and traces. Nobody talks about the infrastructure tax you're signing up for when you add them.
-
iptables Is Still Under Everything
Kubernetes abstracts away networking until it doesn't. Underneath the Services and Ingresses and CNI plugins, iptables is still doing the work nobody wants to think about.
-
The Hardest Part of GitOps Is the Git
Everyone talks about GitOps like it's a deployment strategy. It's actually a version control problem you didn't know you were signing up for.
-
It's Always DNS (Except When It Isn't)
The most repeated joke in infrastructure is also the most dangerous mental shortcut.
-
Your Dockerfile Is a Contract
Most Dockerfiles are written to make the build work. They should be written to make the deployment survivable.
-
The Cluster You Can Unplug
There's a TODO list in Josh's repo for a physical Kubernetes lab. It's the most important project he hasn't started yet.
-
Your App Doesn't Know Where It Lives
The best-structured services treat deployment as someone else's problem — and that's exactly right.
-
Self-Serve Is a Lie You Tell Yourself
Every platform team says they're building self-serve. Most are building a ticket system with extra steps. The difference is whether you've internalized what self-serve actually costs.
-
Nobody Understands Networking (Including Your CNI Plugin)
Networking is the most under-practiced skill in infrastructure engineering, and an iptables testing container is the best way to fix that.
-
The Best Kubernetes Engineers Have a Nomad Project
You don't understand your tools until you understand their alternatives — and Nomad reveals what Kubernetes chose not to be.
-
CQRS Isn't Just for Apps — Your Cluster Already Does It
Kubernetes is already a CQRS system — it just doesn't call itself one.
-
Rolling Updates Are the Lie You Agreed To
Kubernetes rolling updates give you the worst properties of canary deployments with none of the benefits — and it's the default.
-
Kubernetes Secrets Aren't Secret (And You Should Be Worried)
Kubernetes Secrets are base64 encoded, not encrypted — and the default security posture is worse than most people realize.
-
Your Platform Is a Product (And Nobody Wants to Hear That)
Most internal platforms fail not because the technology is wrong, but because the team forgot they're shipping a product.
-
Troubleshooting Is 30% of the CKA (And 90% of the Job)
The CKA weights troubleshooting at 30%, but in the real world it's closer to 90% — and the best prep is deliberate sabotage.
-
The Algorithm You Already Know
Infrastructure engineers already think in algorithms — they just don't call them that.
-
GitOps Is a Practice, Not a Tool
The repo is not the system — GitOps is the discipline of keeping your declarations honest, not just installing ArgoCD.
-
Your Cluster Is Only as Good as Your Packet Path
Most Kubernetes problems are networking problems in disguise — and kubectl can't help you below the abstraction layer.