Today I Learned

Discovered that GCS backend for Terraform supports state locking natively when you enable object versioning on the bucket. This prevents two team members from running terraform apply simultaneously and corrupting the state file. Just add versioning { enabled = true } to your bucket resource.

Updated a ConfigMap expecting my pods to pick up the new values. They didn't. Turns out Kubernetes doesn't automatically restart pods when a ConfigMap changes. Options: use kubectl rollout restart, a hash annotation in the deployment template, or mount ConfigMaps as volumes (which do eventually update, but with a delay).

Switched my PHP Dockerfile from a single stage to multi-stage. The build stage installs Composer and dev dependencies, copies the vendor directory, then the production stage starts fresh with just PHP-FPM and the application code. Image went from 450MB to 89MB. Always use multi-stage builds for production images.

Cloud Build has built-in substitution variables like $PROJECT_ID, $COMMIT_SHA, and $TAG_NAME. You can also define custom ones with substitutions in cloudbuild.yaml. Prefix custom ones with an underscore: $_CLUSTER_NAME. Super useful for making pipelines portable across projects.

Default PHP-FPM settings are conservative. For a small container, I set pm = static with pm.max_children = 5 to avoid the overhead of dynamic process management. For larger servers, pm = dynamic with tuned values is better. The key metric to watch is pm.max_children — set it too low and requests queue, too high and you run out of memory.

Finally understood the difference clearly. Liveness probes answer "is the process stuck?" — if it fails, K8s restarts the container. Readiness probes answer "can this handle traffic?" — if it fails, K8s removes the pod from the Service endpoints but doesn't restart it. Always set both, and make them check different things.