Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If developers don't maintain their apps, it doesn't really matter that much how and where you deploy them. With Kubernetes, you just end up with unmaintained Docker images that potentially contain a ton of vulnerabilities.


Yeah but at least the fucked-ness is contained in the app layer and the infra layer can live in a happy and optimized modern world.

Also, intricate linkage between an app and the host OS also means there’s more work involved with upgrading.


But with a containerized app image you can reduce the blast radius of the poorly maintained app compared to running it bare metal on a host with other services. Also you can still maintain base images to patch/try to reduce vulnerability surfaces




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: