Kubernetes integration patterns
Typical Go-in-K8s cases
- Controllers / operators (reconcile desired state)
- Admission webhooks (validate/mutate resources)
- Sidecars / agents (collect, proxy, sync)
- CLI tools (kubectl plugins, deploy tools)
Client libraries
client-go: Kubernetes API client.controller-runtime: common base for operators (reconcile loop, caches, predicates).
In-cluster config
- Pods can use service account tokens and
KUBERNETES_SERVICE_HOST.
- For local dev, use kubeconfig from
$HOME/.kube/config.
RBAC
Design minimal permissions:
- ClusterRole/Role only for required resources + verbs
- Bind via ServiceAccount
Leader election
For HA controllers, enable leader election so only one instance actively reconciles at a time.
Probes
Expose:
/healthz (liveness)/readyz (readiness)
Keep probe handlers lightweight.
Observability
- Prometheus metrics endpoint
- OpenTelemetry tracing where it makes sense
- Structured logs (include resource names/UIDs)