Kubernetes is Ruby on Rails | ✉️ #74

Illustration featuring "MKDEV Dispatch #74" text, with "Kubernetes is Ruby on Rails" on an orange background. A person is smiling while holding a fluffy cat. Paper plane icons are present in the background.

Last updated: 26/07/25 | Published: 26/07/25

Hey! 👋

I’ve been helping out one of mkdev’s customers with interviewing for a senior infra engineer position. That particular customer is heavy on cloud-specific services and tools and there is no Kubernetes in sight - I support and approve both of this choices. Speaking on a technical level, there is no technical reason to use Kubernetes inside cloud provider in most cases. I spoke about this on conferences, and also described “why” at length in a series of blog posts.

There is however a none-technical reason to pick (or learn) Kubernetes: you are simply more likely to find professionals who know Kubernetes, than the ones who know in-depth your particular combination of cloud-specific services. And, in reverse, you are more likely to find a new job if you know Kubernetes, because there are more companies that use it, than the ones which don’t.

As fantastic as some serverless offerings like Lambda or ECS Fargate are, our industry decided that Kubernetes is the way to go for any reasonably sized company. I can disagree with this, but I can’t ignore the state of things. Kubernetes won and, luckily, Kubernetes is a great technology. But it won for a none-technical reasons - and it’s definitely not the simplest or the cheapest or the most performant way to run your applications (even though it can be all of those things, if you have a team that is capable of bringing your clusters there).

Let’s take a simple case: my company uses Kubernetes, and I hire someone who never worked with our Kubernetes clusters, but did work with Kubernetes since few years or more. This new team member will instantly know what’s inside our clusters - it’s Namespaces, Deployments, ServiceAccounts, Ingresses, Gateways, Secrets, ConfigMaps, load of Pods and some CRDs. Of course, we structure our namespaces the certain way and we might deploy our applications with Helm, Kustomize, Skaffold, even Terraform - whatever. But the environment is familiar, the tooling is well-known. This new team member will be able to roughly understand the setup on the first day, and learn it inside out in a matter of couple of weeks max.

This reminds me of Ruby on Rails, with it’s beautiful conventions and standards. Throw at me any Rails application, and I will be able to figure out how it works very, very fast - not because I am smart, but because all Ruby on Rails applications have the same familiar skeleton and primitives, regardless if they are sprinkled with today’s most fashionable approach to configure domain logic.

It makes sense to pick Kubernetes both as a company and as a professional, because supply and demand are in the healthy state.

There are many reasons why it became the case, including the fact that it’s the most succesful attempt to bring proper open infrastructure abstractions and the alphabet to build new abstractions, the ones that are understood by developers and infrastructure engineers alike.

It does not mean that Kubernetes should be your first or second choice, and I am not going to start recommending it to every customer of mkdev.

But, as a company, you need to be mindful about the none-engineering implications of choosing against Kubernetes.

What We've Shared

Buildah: A Complete Overview: In the 6th Dockerless Course lesson, Kirill introduces Buildah, the rootless tool for building container images without needing Docker or a privileged daemon. You’ll learn how to build images both via Containerfiles and manual shell scripting, and why Buildah is perfect for CI/CD automation.
Container Managers and ContainerD: The 7th lesson from our Dockerless Course explains what a container manager is and why tools like Podman and ContainerD matter.

What We've Discovered

Amazon EKS introduces node monitoring and auto repair capabilities: It looks like AWS cuts out EKS Auto Mode component so that you can use them even without the Auto Mode itself.
Shadow Roles: AWS Defaults Can Open the Door to Service Takeover. We'd like to think that Managed Roles and Policies from AWS are good and can just be used as-is. Unfortunately, they are not - in many occasions, like the one described in this article, configurations from AWS are far from optimal security-wise.
A Can of Shardines: SQLite Multitenancy With Rails. "Did you know that the way iCloud works, for example, is literally millions of isolated SQLite databases, stored inside of larger Cassandra databases?" - No, we didn't know, and at least this fact alone made it worth reading this excellent article!
Why Recreating an IAM Role Doesn't Restore Trust: A Gotcha in Role ARNs. This happened to us more than once - if some service references an IAM role in a policy, and you remove this role, then policy will replace the role with its internal ID. When you create a new role with the same name, that new role will have a new internal ID, meaning your old policy won't work.
Introduction to the Fundamentals of Amazon Redshift: This looks like an excellent read if you are about to start using Redshift and you need the introduction to this database.

The 75th mkdev dispatch will arrive on Friday, August 8th. See you next time!