https://allenz.net/tags/kubernetes/Recent content in Kubernetes on Allen ZiegenfusHugoen-usThu, 28 May 2026 00:00:00 +0000https://allenz.net/writing/statefulset-vs-deployment-for-stateless-with-fragile-upgrade-workloads/Thu, 28 May 2026 00:00:00 +0000https://allenz.net/writing/statefulset-vs-deployment-for-stateless-with-fragile-upgrade-workloads/A decision record for a workload that’s operationally stateless but has a fragile single-instance upgrade: StatefulSet vs Deployment, with live operational evidence and the case for Deployment plus a startup lock.https://allenz.net/writing/when-go-templates-outgrow-you-a-typed-language-alternative-for-crossplane-compositions/Sat, 23 May 2026 00:00:00 +0000https://allenz.net/writing/when-go-templates-outgrow-you-a-typed-language-alternative-for-crossplane-compositions/When Crossplane’s Go-template compositions outgrow you — no types, no tests, global scope — KCL offers a typed, testable alternative. The multi-step pipeline architecture, and the bugs only end-to-end validation catches.https://allenz.net/writing/stable-vs.-rewritten-identity-cross-environment-database-restore-in-a-stateful-platform/Fri, 15 May 2026 00:00:00 +0000https://allenz.net/writing/stable-vs.-rewritten-identity-cross-environment-database-restore-in-a-stateful-platform/When a platform bakes an environment-derived identity into its database on first boot, restoring across environments crash-loops on a mismatch. The fix is a product question: stabilize the identity, or rewrite it after restore?https://allenz.net/writing/tearing-down-a-managed-kubernetes-deployment-without-leaving-a-tail/Tue, 28 Apr 2026 00:00:00 +0000https://allenz.net/writing/tearing-down-a-managed-kubernetes-deployment-without-leaving-a-tail/A field guide to deleting a GKE or EKS deployment cleanly when the cluster, the in-cluster GitOps/Crossplane layer, and Terraform all disagree about who owns cleanup — orphans, deletion order, and the stuck cases.https://allenz.net/writing/structured-json-logging-for-a-legacy-java-app-on-kubernetes-without-forking-the-image/Wed, 22 Apr 2026 00:00:00 +0000https://allenz.net/writing/structured-json-logging-for-a-legacy-java-app-on-kubernetes-without-forking-the-image/How to retrofit machine-parseable JSON logging onto a legacy Java app on Kubernetes — both log4j2 and Tomcat’s JUL — without forking the vendor image, as an opt-in, fail-open, cleanly revertible layer.https://allenz.net/writing/use-gke-connect-gateway-to-protect-your-private-control-plane/Tue, 21 Apr 2026 00:00:00 +0000https://allenz.net/writing/use-gke-connect-gateway-to-protect-your-private-control-plane/Reach a private GKE cluster’s API server without a bastion or authorized-networks — using the GKE-native Connect Gateway, with GCP IAM outside the gateway and Kubernetes RBAC inside.https://allenz.net/writing/the-crossplane-object-that-synced-green-and-changed-nothing/Wed, 15 Apr 2026 00:00:00 +0000https://allenz.net/writing/the-crossplane-object-that-synced-green-and-changed-nothing/Everything’s green — Argo CD Synced, Crossplane Ready — but the change never took effect. The trap where Crossplane management policies without Update meet Kubernetes immutability.https://allenz.net/writing/why-deleting-an-env-var-from-your-gitops-values-doesnt-remove-it-from-the-pod/Thu, 09 Apr 2026 00:00:00 +0000https://allenz.net/writing/why-deleting-an-env-var-from-your-gitops-values-doesnt-remove-it-from-the-pod/You delete an env var from your Helm values, Argo CD reports Synced — and it’s still on the pod. Why strategic-merge-patch can’t remove list items, and the Server-Side Apply fix.