Container technologies and orchestration
View All Tags
You know Kubernetes. You've run minikube start a hundred times, maybe even wrestled with kubeadm on bare metal. But running Kubernetes in production is a different animal — one where the control plane going down at 3 AM means your pager goes off instead of someone else's. Amazon EKS takes that control plane problem off your plate and lets you focus on what actually matters: deploying and scaling your workloads.
Every megabyte in your Docker image is attack surface you do not need, bandwidth you pay for, and startup time your users wait through. A default Node.js image weighs over 1 GB. The same application built on a distroless base can drop to 120 MB. This post walks through every base image option, shows real size comparisons, and gives you language-specific recommendations for building the smallest, most secure images possible.
Docker made containers mainstream, but it is no longer the only way to run them. Kubernetes dropped Docker as a runtime in version 1.24. Podman offers a daemonless, rootless alternative with Docker CLI compatibility. containerd and CRI-O power most production Kubernetes clusters. The container ecosystem has matured beyond a single tool, and understanding the options helps you make the right choice for your specific use case.
Every request to your microservices needs authentication, rate limiting, logging, and routing — but implementing these in every service creates massive duplication and inconsistency. An API gateway centralizes these cross-cutting concerns into a single entry point, letting your services focus on business logic.
"Docker Compose is only for development." You hear this constantly, but it is not universally true. Compose is not the right choice for a 200-service microservices platform, but for a team running 5-15 services on a single server or small cluster, Compose provides everything you need: restart policies, health-based dependency ordering, resource limits, logging, and deployment configuration. The question is not whether Compose can run in production — it is whether your use case fits.
Your microservices architecture has grown to forty services. You need mutual TLS between all of them, but implementing certificate management in every service is a nightmare. You need traffic splitting for canary deployments, but your Ingress controller only handles north-south traffic. You need to answer "why is service A slow when calling service B?" but your application has no distributed tracing. A service mesh handles all of this at the infrastructure level, without changing a single line of application code.