Reading List
Production-Ready Kubernetes
Five-part series on the controllers and operators that do 80% of the job of making your cluster production ready.
A guided walkthrough from planning to scheduling — covering secrets management, DNS & service discovery, ingress routing, and workload scheduling. Each post pairs the theory behind Kubernetes control loops with concrete operator choices so you can harden any cluster without reinventing the wheel.
Inside the series
-
Part 1 · Planning & Intro
Survey the gaps in vanilla Kubernetes and map the controllers that fill them.
- Secrets management and configuration rotation
- Ingress and traffic routing
- Autoscaling strategies
- Monitoring, logging, and tracing
- Bootstrap & disaster recovery
-
Part 2 · Secrets & Configuration
Replace manual secret handling with External Secrets Operator and Reloader for automated, event-driven rotation.
- RBAC hardening for secret resources
- External Secrets Operator (ESO) CRDs and providers
- Stakater Reloader for rolling updates on config change
-
Part 3 · DNS & Service Discovery
Trace how CoreDNS handles internal resolution and ExternalDNS bridges cluster services to the outside world.
- CoreDNS and internal service discovery
- Service types: ClusterIP, NodePort, LoadBalancer, ExternalName
- ExternalDNS with AWS Route 53 and ingress annotations
-
Part 4 · Ingress & SSL Termination
Route external traffic efficiently with Ingress controllers and secure it with Cert-Manager.
- Ingress vs LoadBalancer: cost, security, and flexibility trade-offs
- Choosing an Ingress controller (NGINX, Traefik, Contour)
- SSL termination with Cert-Manager and Let's Encrypt
- Cloud-provided LoadBalancer with SSL termination
-
Part 5 · Scheduling & Resource Management
Master pod placement with resource requests, limits, VPA, labels, taints, and tolerations.
- Resource requests vs limits and why limits can hurt
- Vertical Pod Autoscaler and Goldilocks
- Node selectors, taints, and tolerations
- Separation of concerns across node pools