Kubernetes Namespace Strategy for SaaS Platforms
Kubernetes namespace strategy for SaaS: namespace-per-tenant vs cluster-per-tenant vs shared. The isolation, cost, and blast-radius tradeoffs, with a decision table.
Guide · 8-part series
A connected series on operating Kubernetes in production: tenancy and isolation models, readiness and liveness probes that reflect reality, and the platform decisions that contain blast radius.
Kubernetes namespace strategy for SaaS: namespace-per-tenant vs cluster-per-tenant vs shared. The isolation, cost, and blast-radius tradeoffs, with a decision table.
Most Kubernetes readiness probes lie: they return 200 because the process started, not because the service can serve. How to write probes that tell the truth.
Running K3s on Hetzner is the cheapest path to real Kubernetes, but bare-metal means you own the security boundaries. What to trust, what to isolate, and how.
Slow Kubernetes pod startup hurts autoscaling, deploys, and recovery. The five things that make pods slow to start and how to fix each, in priority order.
A production Kubernetes deployment checklist: resource limits, probes, rollout strategy, PodDisruptionBudgets, graceful shutdown, and the items teams skip.
For queue-driven workers, CPU-based autoscaling reacts too late. Scale your Kubernetes HPA on queue depth or lag instead. Why CPU lies, and how to switch.
A PodDisruptionBudget keeps your service up during node drains and upgrades, but a wrong value blocks drains or protects nothing. How to set PDBs correctly.
A service mesh gives mTLS, traffic control, and observability, at real complexity cost. When a mesh is worth it, when it isn't, and the lighter alternatives.
Newsletter
New posts in this series and others, when there is something worth saying. No spam.