Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Kubernetes needs regular updates, just as everything else (unless you carefully freeze your environment and somehow manage the vulnerability risks) and that requires manual work

Just use a managed K8s solution that deals with this? AKS, EKS and GKE all do this for you.



There's still Helm oddities, "annotations", CRDs, mutating web hooks, operators, etc. to comprehend before you have any idea of what the system is doing. All it takes is a random annotation to throw all your assumptions away.

It's a complicated mess compared to something like a Nomad jobspec. That's one of the reasons we decided on Nomad while I was at Cloudflare.


It doesn't do everything for you. You still need to update applications that use deprecated APIs.

This sort of "just" thinking is a great way for teams to drown in ops toil.


I agree with @metaltyphoon on this. Even for small teams, a managed version of Kubernetes takes away most of the pain. I've used both ECS+Fargate and Kubernetes, but these days, I prefer Kubernetes mainly because the ecosystem is way bigger, both vendor and open source. Most of the problems we run into are always one search or open source project away.


My experience with k8s has been very much “just”, and I’ve never really had issues or experienced any real friction with updates. shrugs


That's great. I guess I've somehow been making things harder than they need to be.


Looks like you were using k8s APIs directly in your applications, which is a more complex set-up.

In my experience, most k8s deployments are just "dumb" docker images, they're not very "k8s native".

Your use case may be more complex, which is why you have had more difficulty keeping things up-to-date.


Are you assuming the workloads have to use K8s APIs? Where is this coming from? If that’s not the case can you actually explain with a concrete example?


Any cluster extension. Helm is a good example.

https://helm.sh/docs/topics/version_skew/

Istio: https://istio.io/latest/docs/releases/supported-releases/#su...

Literally every kubernetes manifest that hits the server uses a k8s api:

    apiVersion: apps/v1


Man, you don't need to use service mesh just because you use k8s. Istio is a very advanced component that 99% of users don't need.

So if you are going to compare with a managed solution, compare with something equivalent. Take a bare managed cluster and add a single Deployment to it, it will be no more complex than ECS, while giving you much better developer ergonomics.


99% of users don't need kubernetes. Just deploy to heroku, and you'll have a much better developer experience.


My wallet says otherwise


You mean operators?

(genuine tone, not rhetorical)


Sure, an operator is likely to use a wide array of APIs.

But, to reiterate, everything uses APIs. The *betavX APIs are of course likely to be deprecated and replaced with stable APIs after a few versions.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: