9 notes · newest first · last logged 2026-05-28
Stop eyeballing pod age. --sort-by takes any JSONPath, so you can rank by restart count and surface the flapping pod immediately.
$ kubectl get pods --sort-by='.status.containerStatuses[0].restartCount'http.ServeMux finally does method routingYou can drop the third-party router for most services now. mux.HandleFunc("POST /items/{id}", h) gives you path params and method matching in the standard library — one fewer dependency to patch.
If a job touches a cloud API, it can use federation. There's no traffic too small to justify a long-lived service-account key sitting on disk waiting to leak. The cron is exactly the thing nobody rotates.
#gcp#securityTrace exemplars on your latency histogram turn "p99 is bad" into "here's the exact slow request." Wire them before you add another dashboard nobody reads.
#observabilitymoved blocks are an apology you write in advanceRefactoring resource addresses without a moved block means a destroy/recreate you didn't intend. Add the block in the same PR as the rename and the plan stays a no-op.
moved { from = aws_instance.web to = aws_instance.frontend}readiness probe that hits the database is a footgunIf your readiness probe checks the DB, one slow database evicts every replica at once and you've turned a degradation into an outage. Probe liveness of the process; let the app handle dependency failure gracefully.
#kubernetes#reliabilityFOR UPDATE SKIP LOCKED is a queue you already ownBefore reaching for a broker, remember Postgres can be a perfectly good job queue for moderate throughput. SKIP LOCKED lets workers grab rows without blocking each other.
Fetch /.well-known/openid-configuration once and you get the JWKS endpoint, supported algorithms, and issuer — all the things people otherwise paste into config and forget to rotate.
GOMEMLIMIT is the flag your OOMKilled pods wantedGo's GC didn't know about your container's memory cap. Set a soft GOMEMLIMIT and the runtime collects more aggressively before the kernel does it for you.