Do You Actually Need a Service Mesh?
A service mesh gives mTLS, traffic control, and observability, at real complexity cost. When a mesh is worth it, when it isn't, and the lighter alternatives.
8 articles
A service mesh gives mTLS, traffic control, and observability, at real complexity cost. When a mesh is worth it, when it isn't, and the lighter alternatives.
A PodDisruptionBudget keeps your service up during node drains and upgrades, but a wrong value blocks drains or protects nothing. How to set PDBs correctly.
For queue-driven workers, CPU-based autoscaling reacts too late. Scale your Kubernetes HPA on queue depth or lag instead. Why CPU lies, and how to switch.
A production Kubernetes deployment checklist: resource limits, probes, rollout strategy, PodDisruptionBudgets, graceful shutdown, and the items teams skip.
Slow Kubernetes pod startup hurts autoscaling, deploys, and recovery. The five things that make pods slow to start and how to fix each, in priority order.
Running K3s on Hetzner is the cheapest path to real Kubernetes, but bare-metal means you own the security boundaries. What to trust, what to isolate, and how.
Most Kubernetes readiness probes lie: they return 200 because the process started, not because the service can serve. How to write probes that tell the truth.
Kubernetes namespace strategy for SaaS: namespace-per-tenant vs cluster-per-tenant vs shared. The isolation, cost, and blast-radius tradeoffs, with a decision table.