Generally speaking, in my experience most container images are using UTC, which seems like a reasonable default. It is consistent all around the world, and doesn’t change for daylight savings time, which helps to avoid ambiguous log entries… you should definitely consider using UTC. However, either the image or the…

Part 1 of this series can be found here. Overlays can be a base for other overlays Imagine that you have multiple instances of an application… for example, a green/blue deployment. In such a scenario, you may have some settings that are dev-specific, but common to both green and blue instances — and similarly for prod. As…

TL;DR When Service’s targetPort is specified, and is set to a different value than the port field, use the value of targetPort in your Ingress NetworkPolicy. You would continue to use the port field value, however, from the source Pod to actually connect. Details A Service can map any incoming port to…

Kubectl includes a very useful command called kustomize that allows a template-free way to customize Kubernetes application configuration¹. You might already be using helm to achieve many of the same outcomes that you can achieve with kustomize. Although there certainly are some pros and cons to each, they aren’t necessarily…

Share everything … or at least start implementing practices that promote sharing and reuse. Use and build APIs, define common standards or defaults for your organization, establish communities of practice for knowledge sharing. Use open source. Consider building and deploying applications using technologies that can provide isolation (e.g. containers/Kubernetes, serverless cloud services…

A HorizontalPodAutoscaler can be used to increase and decrease the number of Pods for your application based on changes in average resource utilization of your Pods. That’s really useful! For example, an HPA can create more Pods when CPU utilization exceeds your configured threshold. When utilization drops such that fewer…

Sometimes you should care about where your Pods are running. Your cluster may have worker nodes in different availabity zones (or perhaps even different regions) and be using a topologySpreadConstraint to provide high-availability for your application. You might be using a podAntiAffinity to prevent multiple Pods from being scheduled on…

Most people see the value of ingress NetworkPolicy, but convincing them to implement egress NetworkPolicy tends to be a little more difficult. The thinking seems to be “since ingress NetworkPolicies stop the ‘bad guys’ from getting to my app, why do I need to do anything else? …

1 Unreasonable resources.requests compared to actual usage. Ideally, you would be doing some load-testing at volumes that are representative for the environment in question, and configuring your resources.requests and resources.limits accordingly. Remember, requests are reservations and once those reservations reach the capacity of the worker node, no more Pods will…