Share everything … or at least start implementing practices that promote sharing and reuse. Use and build APIs, define common standards or defaults for your organization, establish communities of practice for knowledge sharing. Use open source. Consider building and deploying applications using technologies that can provide isolation (e.g. containers/Kubernetes, serverless cloud services…

A HorizontalPodAutoscaler can be used to increase and decrease the number of Pods for your application based on changes in average resource utilization of your Pods. That’s really useful! For example, an HPA can create more Pods when CPU utilization exceeds your configured threshold. When utilization drops such that fewer…

Sometimes you should care about where your Pods are running. Your cluster may have worker nodes in different availabity zones (or perhaps even different regions) and be using a topologySpreadConstraint to provide high-availability for your application. You might be using a podAntiAffinity to prevent multiple Pods from being scheduled on…

Most people see the value of ingress NetworkPolicy, but convincing them to implement egress NetworkPolicy tends to be a little more difficult. The thinking seems to be “since ingress NetworkPolicies stop the ‘bad guys’ from getting to my app, why do I need to do anything else? …

1 Unreasonable resources.requests compared to actual usage. Ideally, you would be doing some load-testing at volumes that are representative for the environment in question, and configuring your resources.requests and resources.limits accordingly. Remember, requests are reservations and once those reservations reach the capacity of the worker node, no more Pods will…

What is a sidecar? In the context of Kubernetes, a sidecar is simply a container that is co-located with and tightly-coupled to your primary application container(s). The sidecar can also share resources (like network and storage) with the primary application container(s). You want a container to have only a single concern, which is why…

Once upon a time, there was an IT professional named Goldilocks. One day, Goldilocks went for a walk in the forest and came upon a house, from which a delicious scent was emanating. Goldilocks knocked on the door, and when no one answered, walked right in! On the kitchen table…

Unlike ConfigMaps and Secrets consumed as environment variables (which are not updated automatically and require a Pod restart), mounted ConfigMaps and Secrets are updated automatically. So why isn’t your application seeing those updates? Two reasons are most common: The ConfigMap or Secret is being used as a subPath volumeMount. …

You’ve deployed an Ingress object, and it doesn’t seem to be working. Now what? Is the container healthy? The underlying container needs to be healthy for the Ingress to work. Do a kubectl describe pod … to see if the Pod/containers are healthy. If the Pod is pending, look at the nodeSelectors, affinity clauses…