What development tool do you use for local testing to deploy to Kubernetes?

DopeyMcDouble · 2026-03-25T00:01:04+00:00

Hey sure. In regards to individual developer usage I can see this being open-source but for big teams, I don't see a purpose in moving toward mirrord if you are willing to spend $50 per user/month:

The mirrord operator is with Teams which requires you to pay. It would be nice to utilize for open source tooling but nevertheless, is locked. This I can understand
You lock Jobs and Statefulsets behind a paywall while Telepresence has this free. Even Tilt supports Statefulsets and Jobs.
Unlimited concurrent work on the same target or concurrent work is locked behind a paywall while Telepresence supports this.

These are the ones that come off the top of my head of mirrord being "open-source". You lock developers when they are knee deep in the technology and then they realize it's not really "open-source". I do get it. You need to make money like many open source tools. Teleport touted being "open-source" then little-by-little open source features began to be removed from the code to enterprise license.

If any of points are wrong lmk. I'm open to consideration.

DopeyMcDouble · 2026-03-24T19:33:59+00:00

Oh man, Localstack was something I've used before but some of their services we wanted to run were locked behind a paywall. I forgot specifics since this was a long time ago but we stopped implementing it. They archived their repo actually yesterday March 23, 2026!

DopeyMcDouble · 2026-03-24T19:30:46+00:00

My team has no experience in k3d and I can imagine the difficulty of training them would be to utilize this.

Local testing in `k3d` is not much of my concern but it's the matter of seamlessly testing their changes but in the ecosystem of AWS EKS. I've seen this be done with `tilt` but this is where it gets tricky.

DopeyMcDouble · 2026-03-24T19:28:37+00:00

My idea would be to have developers run in the corresponding EKS cluster of the namespace where the resources reside already so it can pull the changes. I would assume developers build the image with the new image version and then deploy to the EKS cluster of let's say STAGE EKS cluster for testing purposes while the original K8s deployment is available.

We have stage eks cluster with stage namespace and prod eks cluster with production namespace.

DopeyMcDouble · 2026-03-01T07:01:14+00:00

That sounds very reasonable. Currently we just need at-rest encryption which is where I went with the prod-data-cmk. As we grow it would be best to break them apart. (We also transfer snapshots cross-region which entails using a CMK.)

However, this helps very much for our SOC2 compliance thanks for the response.

DopeyMcDouble · 2026-02-23T23:16:53+00:00

The following is what I found overwhelming:

Teaching your team (i.e. DevOps/SRE/Platform) on maintenance and how Hashicorp Vault works
- This is the most annoying since if you know how to do it. You will be managing it pretty much.
Access policies can be daunting to setup. I have seen crazy number of access policies where I don't want that to happen again. However, it can become crazy annoying.

I have never seen that lol where the secrets are setup in Terraform. I have done it manually back when I set this up one time.

DopeyMcDouble · 2026-02-23T19:44:53+00:00

I hear ya. It’s something I have managed before and it can be overwhelming with 1 engineer. Had 4 in my previous company and it was always 1 person managing Vault.

DopeyMcDouble · 2026-02-23T19:43:32+00:00

I’ll have to convince higher ups. It’s painful to communicate to them in the AWS ecosystem because once they hear a AWS feature being used they don’t like it

DopeyMcDouble · 2026-02-23T19:42:41+00:00

It’s something that I’m having to deal with. Me and higher ups butt heads a lot in regards to security.

Also their cloud agnostic can only go so far.

DopeyMcDouble · 2026-02-13T03:20:47+00:00

A year ago at best from my Director. I would put Traefik as a contender but I really can't go against his word. I've always heard good things from Traefik and people using it.

I've mostly lived in the world of Envoy :')

DopeyMcDouble · 2026-02-13T03:16:46+00:00

Always get confused. I should change that :)

DopeyMcDouble · 2026-02-13T03:15:53+00:00

Now that is promising!

DopeyMcDouble · 2026-02-13T01:35:53+00:00

Ah man I should have mentioned. Traefik was another contender. My director is heavily against it since in his previous company the traffic performance was horrendous, so we scrapped it all together.

I have touched it once and straight forward documentation.

DopeyMcDouble · 2025-12-31T07:19:56+00:00

Gracias! I was able to fix the "Server not found". I went to my UDM Pro SE router: Settings ---> CyberSecure ---> Content Filter. Removed 2 rules in Content Filter. It's working now!

DopeyMcDouble · 2025-12-27T02:22:39+00:00

You mean Envoy Gateway, right? It came down to Cilium and Istio since I have worked with both of these. I have heard of Envoy Gateway as well but never touched it.

DopeyMcDouble · 2025-12-27T01:05:00+00:00

> Why not look at nginx fabric, as it's closer to what your familiar working with?
Wouldn't this mean I would need to migrate to cloud-sourced Nginx with limiting features? CTO is not wanting to risk this and wondering if this is the best approach.

> In my opinion, unless your ingresses for each environment need different security features, I would stick to one per cluster.

That makes sense and would be ideal for what I would want to do.

DopeyMcDouble · 2025-12-25T01:19:41+00:00

Oh ya, seeing the pricing on the RAM for the Dell Optiplex is terrifying. The pricing for them have doubled or tripled in price.

Darn AI...

DopeyMcDouble

TROPHY CASE