Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What value does k8s offer a traditional stack on a single node?



I like these things about the setup:

- Straightforward upgrades of the environment to incorporate security patches

- Straightforward deploys

- Straightforward recreation of the setup (sort of like what terraform gets you)

- Straightforward migration to another hosted k8s shop if the savings are attractive

- I don't have to configure HAProxy, logging, systemd, etc.

- Straightforward horizontal scaling


> - Straightforward upgrades of the environment to incorporate security patches

How do you ensure that your exposed containers have all the relevant security patches, especially if the images aren't uniform? Are you using something like Watchtower to monitor for vulnerable packages and automatically rebuild and redeploy the containers when e.g. the underlying Ubuntu or Alpine image uses a vulnerable library?

Lots of people have the mistaken impression that containerization inherently protects their application from running vulnerable code. If you already have this built in to your pipeline, I'll be impressed!


It's a side project. :) The "environment" in this case would be k8s. My (small) point was that that component is straightforward to upgrade if needed.


Is any of that different than a more traditional configuration management system?


You do not need k8s if that's all you got. Focus on making money first.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: