Home / Companies / Cloudflare / Blog / Post Details
Content Deep Dive

A one-line Kubernetes fix that saved 600 hours a year

Blog post from Cloudflare

Post Details
Company
Date Published
Author
Braxton Schafer
Word Count
1,346
Company Posts That Month
37
Language
English
Hacker News Points
-
Post removed?
No
Summary

Engineers faced a significant bottleneck when restarting Atlantis, a tool used to manage Terraform changes, due to Kubernetes' default behavior of recursively changing file permissions on a persistent volume. This resulted in 30-minute restart times, blocking engineering work and triggering false alarms. The issue arose because the persistent volume had grown to millions of files, causing inode exhaustion and slow operations. The team identified that Kubernetes' fsGroupChangePolicy, which defaults to Always, was unnecessarily changing permissions on every file during restarts. By setting this policy to OnRootMismatch, they reduced restart times to 30 seconds, reclaiming nearly 50 hours of engineering time per month. This fix highlights how default Kubernetes settings can become bottlenecks as data scales, and emphasizes the importance of auditing securityContext settings to optimize performance.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Kubernetes 17 1,840 308 106 +33%
Secrets Management 1 1,488 268 99 +7%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.