TechOps Examples
Hey — It's Govardhana MK 👋
Welcome to another technical edition.
Every Tuesday – You’ll receive a free edition with a byte-size use case, remote job opportunities, top news, tools, and articles.
Every Thursday and Saturday – You’ll receive a special edition with a deep dive use case, remote job opportunities, and articles.
👋 👋 A big thank you to today's sponsor WISPR FLOW
Your prompts are leaving out 80% of what you're thinking.
When you type a prompt, you summarize. When you speak one, you explain. Wispr Flow captures your full reasoning — constraints, edge cases, examples, tone — and turns it into clean, structured text you paste into ChatGPT, Claude, or any AI tool. The difference shows up immediately. More context in, fewer follow-ups out.
89% of messages sent with zero edits. Used by teams at OpenAI, Vercel, and Clay. Try Wispr Flow free — works on Mac, Windows, and iPhone.
👀 Remote Jobs
Supabase is hiring a Head of Observability
Remote Location: Worldwide
Miratech is hiring a AWS Infrastructure Engineer
Remote Location: India
Powered by: Jobsurface.com
📚 Resources
Looking to promote your company, product, service, or event to 49,000+ Cloud Native Professionals? Let's work together. Advertise With Us
🧠 DEEP DIVE USE CASE
Kubernetes Multi Cluster Monitoring
A team running Prometheus per cluster usually notices the gap during an actual incident. A pod starts crash looping in tenant cluster 3, an on-call engineer pulls up that cluster's Grafana, sees CPU throttling on a node, and has no way to check in the same view whether cluster 7 or cluster 12 are hitting the same node pressure from the same upstream cause.
Each Prometheus instance only scrapes its own cluster's API server and kubelets, so cross cluster correlation means opening multiple browser tabs and manually lining up timestamps. Multi cluster monitoring exists to collapse that into one place.
Monitoring Architecture
A multi cluster monitoring setup splits into two zones. A control plane runs the components that manage monitoring itself, an API for configuration objects, operators that reconcile them, and the monitoring stack. Tenant clusters are the actual workload clusters, each running its own API server and kubelets, each exposing metrics endpoints that something external has to reach and authenticate against.

Keeping the control plane workload-free matters for a concrete reason. The kubelet's /metrics endpoint sits behind port 10250 with either a client certificate or a bearer token required, and the API server enforces its own RBAC on /metrics too.
If the control plane were also running application workloads, a resource starved node in the control plane cluster could delay a scrape cycle, which then shows up as a false-positive gap in every tenant cluster's data at once.
Network Design
None of this works without routable IP space between the control plane and every tenant, since cross cluster scraping is a real network hop, typically over VPC peering or a transit gateway, not something Kubernetes abstracts away.

A /24 per tenant caps each cluster at roughly 254 usable addresses, which is tight for pod IPs on a CNI that assigns one IP per pod, so in practice this scheme usually pairs with a CNI that does not require pod-routable overlay space to match this block, or the /24 here refers only to node and service addressing that the control plane needs to reach, not the full pod CIDR. Getting this allocation wrong after twenty tenant clusters exist means renumbering live VPCs, which is exactly the kind of change nobody wants to schedule during business hours.

The controller watches Cluster objects through a standard informer/watch loop, reads the associated CA certificate secret for each one, writes both the scrape configuration into the Prometheus ConfigMap and the CA bundle into a mounted Certificate Volume, then triggers a config reload, typically a POST to Prometheus's /-/reload endpoint rather than a full pod restart.
A tenant cluster's certificate rotating is the actual event this loop is built to survive, since an expired or rotated CA reference is the single most common reason a previously working scrape target starts failing overnight with no code change on either side.
🔴 Get my DevOps & Kubernetes ebooks! (free for Premium Club and Personal Tier newsletter subscribers)
Upgrade to Paid to read the rest.
Become a paying subscriber to get access to this post and other subscriber-only content.
UpgradePaid subscriptions get you:
- Access to archive of 250+ use cases
- Deep Dive use case editions (Thursdays and Saturdays)
- Access to Private Discord Community
- Invitations to monthly Zoom calls for use case discussions and industry leaders meetups
- Quarterly 1:1 'Ask Me Anything' power session



