# kubernetes

A comprehensive guide to every Kubernetes deployment strategy — rolling updates, blue-green, canary, and progressive delivery with Argo Rollouts and Flagger.

Harden Kubernetes clusters for production with RBAC, network policies, pod security standards, secrets management, and admission controllers.

Build a production Prometheus and Grafana monitoring stack from scratch — service discovery, recording rules, alerting, and dashboards.

Security headers and configuration reference — copy-paste snippets for Nginx, Kubernetes Ingress, Cloudflare, and Helmet.js.

Configure ArgoCD Image Updater to automatically detect and deploy new container images to Kubernetes without manual manifest changes or CI triggers.

How to use Crossplane to provision and manage cloud infrastructure using Kubernetes-native APIs — one control plane to rule them all.

Deploy Kubecost for real-time Kubernetes cost monitoring with namespace-level showback, idle cost detection, and actionable Slack alerts.

A practical comparison of Kubernetes Ingress and Gateway API, with a migration strategy that won't take down your production traffic.

A deep dive into Kubernetes resource requests, limits, QoS classes, and why getting them wrong leads to OOM kills, throttling, and wasted money.

How to configure encryption at rest for Kubernetes secrets using KMS providers, because your secrets in etcd are stored in plaintext by default.

A systematic approach to debugging CrashLoopBackOff in Kubernetes, covering the most common causes and the exact commands to diagnose each one.

Deploy Grafana Loki and Promtail for cost-effective, scalable log aggregation — without indexing yourself into bankruptcy.

Deploy OPA Gatekeeper to enforce Kubernetes admission policies — block privileged containers, enforce labels, and prevent misconfigurations.

Deploy and configure the OpenTelemetry Collector to unify traces, metrics, and logs into a single pipeline — with production-tested patterns.

Use Mozilla SOPS to encrypt secrets in Git for secure GitOps workflows. Covers AGE, AWS KMS, and ArgoCD integration with real examples.

How to configure Kubernetes HPA with Prometheus custom metrics so your workloads scale on what actually matters — not just CPU and memory.

How to implement zero-trust networking in Kubernetes using NetworkPolicies — deny by default, allow by exception, and sleep better at night.

The kubectl quick reference — organized by task with copy-paste ready commands for pods, deployments, services, debugging, and more.

Learn everything about Kubernetes Pod Security Standards (PSS) and Pod Security Admission (PSA) — from baseline to restricted profiles with practical examples.

Practical ArgoCD patterns for managing dozens of applications — from App of Apps to ApplicationSets to multi-cluster rollouts. All in code, obviously.

Battle-tested patterns for writing Helm charts that survive production — covering values design, template structure, lifecycle hooks, and chart testing.

Implement least-privilege RBAC in Kubernetes to prevent lateral movement and privilege escalation — with real threat models and pipeline-ready examples.

Integrate HashiCorp Vault with Kubernetes to eliminate static secrets from your cluster — with working manifests, threat models, and pipeline automation.

A battle-tested guide to running Kubernetes workloads on spot instances — safely, reliably, and at 60-90% less than on-demand pricing.