at least this time i was able to tear cilium down, install tigera-operator and calico, reboot and everything came back up. still, might be on the search for a lighter CNI but that still supports netpol, i suppose that would be kube-router

There are controllers for Kubernetes that surpass anything in the traditional Linux userland. CNPG Is beautiful. You just upload one yaml document, it figures out your storage, networking, auth, all for you, and registers a secret that you can pass directly to you application. The Tailscale operator just got so much better now that Services are up and running. The kubelet itself is more powerful, for example it can actually run migration containers, even if it is lacking in the SELinux and user namespacing department compared to Podman

I love k8s, and that's even just using single-node clusters! Kubernetes people really don't want you to use k8s, but the loop of bringing stuff up is just so much better and easier than, for example, quadlets which I was using before. Running kubectl apply -k . and then observing the behaviour is a lot nicer than edit, systemctl daemon-reload, systemctl start service --no-block && journalctl -fu service, ^C, repeat

I thought I'd reach for writing a Helm chart because Kustomize makes it really difficult to just copy and merge fields into multiple places ie env, envFrom, securityContext, etc. Big fucking mistake, I now have a kustomization which patches the application's container spec and then copies the right fields to init containers, cronjobs, etc

It's an imperative package manager for a fully declarative control plane. All of the pain of traditional package managers, which, when added to Helm's own special properties, will really leave you grasping for the co-codamol. helm-controller and flux can only sort of alleviate the agony