Day 36/100 of #100DaysOfDevOps. K8s Config 101: - `ConfigMap` = Plain text, non-sensitive config. - `Secret` = Base64 "obfuscated" sensitive data. Base64 is NOT encryption. For production-grade security, you need to integrate an external secrets manager like HashiCorp Vault. #DevOpsUnlocked #Kubernetes #Security #SecretsManagement #DevSecOps #Vault

Day 35/100 of #100DaysOfDevOps. Your K8s bill is too high. Here's how I fix it: 1. Install Cluster Autoscaler to kill idle nodes. 2. Install Kubecost/OpenCost for visibility. 3. Use actual usage data to slash over-provisioned pod resource requests. Stop guessing. Start measuring. #DevOpsUnlocked #Kubernetes #FinOps #AWS #Azure

Day 34/100 of #100DaysOfDevOps. K8s Probes Explained: - **Readiness:** "Can I have traffic?" -> Fails? Stop sending traffic. - **Liveness:** "Are you alive?" -> Fails? Restart the pod. Don't confuse them. One handles temporary load, the other handles catastrophic failure. #DevOpsUnlocked #Kubernetes #K8s #Reliability #SRE

Day 33/100 of #100DaysOfDevOps. Forgetting K8s resource requests/limits is the #1 cause of unstable clusters. - `requests`: What your pod is guaranteed. The key to scheduling & stability. - `limits`: The hard cap before your pod is throttled (CPU) or killed (memory). Always set requests. Your cluster's health depends on it. #DevOpsUnlocked #Kubernetes #K8s #ResourceManagement #CostOptimization

Day 32/100 of #100DaysOfDevOps. Three non-negotiable security settings for your production K8s pods: 1. Don't run as root. 2. Read-only root filesystem. 3. Disable privilege escalation. This should be your baseline. Enforce it with a policy engine. #DevOpsUnlocked #Kubernetes #Security #K8s #PodSecurity #DevSecOps

Day 31/100 of #100DaysOfDevOps. If your devs have `cluster-admin` on a production K8s cluster, you have a security incident waiting to happen. Not "if," but "when." Use RBAC. Grant permissions per-namespace. Default to read-only. Least privilege isn't a suggestion; it's a requirement. #DevOpsUnlocked #Kubernetes #Security #K8s #Security #RBAC #DevSecOps

Day 30/100 of #100DaysOfDevOps. Kubernetes Namespaces are for organization, not for security. Use them to: - Group resources by team or environment. - Apply RBAC and resource quotas. - Avoid naming conflicts. They are a wall made of paper, not steel. Don't rely on them for hard security isolation. #DevOpsUnlocked #Kubernetes #K8s #Namespaces #DevOps

Day 29/100 of #100DaysOfDevOps. How to get internet traffic into your K8s app? `Internet -> Ingress Controller (e.g., NGINX) -> Ingress Rule -> Service -> Pod` The Ingress object defines the routing rules ("host.com/path goes here"). The Ingress Controller is the actual proxy server that does the work. #DevOpsUnlocked #Kubernetes #K8s #Ingress #Networking #DevOps

Day 28/100 of #100DaysOfDevOps. Stop giving your CI pipeline `cluster-admin` rights. It's a huge security hole. Adopt GitOps (ArgoCD/Flux). 1. Git is your source of truth. 2. An in-cluster agent pulls changes. 3. All changes are via Pull Request. It's more secure and the future of Continuous Delivery. #DevOpsUnlocked #GitOps #Kubernetes #DevOps

Day 27/100 of #100DaysOfDevOps. Helm is a necessary evil in Kubernetes. Good for: - Installing third-party charts (e.g., Prometheus). - Basic templating of your app YAML. Bad for: - Complex logic. `{{ if .Values... }}` gets ugly, fast. Use it wisely. #DevOpsUnlocked #Kubernetes #Helm #k8s #DevOps

Day 26/100 of #100DaysOfDevOps. Stop using `kubectl run`. Stop using `kubectl create`. Define your desired state in a YAML file. Store that YAML in Git. Run kubectl apply -f your-file.yaml. This is the way. It's declarative, version-controlled, and the core of GitOps. #DevOpsUnlocked #Kubernetes #GitOps #K8s #DevOps

Day 25/100 of #100DaysOfDevOps. Opinion: Unless your company's product IS a Kubernetes distribution, you have no business building your own cluster. Use EKS, AKS, or GKE. Your team's time is better spent building features, not debugging etcd. #DevOpsUnlocked #Kubernetes #EKS #AKS #GKE #AWS #Azure