The Kubernetes integration tax: Prometheus, Cilium, and production reality
CNCF blog (2026-05-28) arguing that running production Kubernetes is dominated by
an “integration tax” — the hidden labour of making ~20–30 standard CNCF tools
(Prometheus, Cilium, cert-manager, Cluster API, GitOps) actually work together —
not by the individual tools. A grounding source for platform-engineering and the
operational face of observability. (Routed here 2026-06-05; previously parked in
the hub _inbox under platform-ops-sre.)
The tax, concretely
- Cilium metrics invisible to Prometheus for want of a
ServiceMonitor. - cert-manager broken by ingress HTTP→HTTPS redirects.
- Generally: each tool works alone; the cost is the seams between them.
Recommended practices
Jsonnet-generated monitoring, NetworkPolicies shipped in Helm charts, two-repo GitOps, Sealed Secrets, and bootstrap-time DR.
Why it routed here
cloud-wiki’s domain is cloud-hosting providers (Hetzner/Oracle/AWS, pricing,
regions/bandwidth), not the Kubernetes/CNCF platform-ops layer (orchestration,
observability, networking, GitOps); force-fitting would dilute that spoke. This is
core platform-engineering. Pairs with google-sre-agentic-ai and
netflix-service-topology (production observability). See synthesis.