kubernetes-docs-design-principles
https://github.com/kubernetes/kubernetes/blob/master/docs/design/principles.md
"no hidden internal APIs" ^no-hidden-internal-apis
"Object status must be 100% reconstructable by observation. Any history kept must be just an optimization and not required for correct operation." ^history-not-needed
"Cluster-wide invariants are difficult to enforce correctly. Try not to add them. If you must have them, don't enforce them atomically in master components, that is contention-prone and doesn't provide a recovery path in the case of a bug allowing the invariant to be violated. Instead, provide a series of checks to reduce the probability of a violation, and make every component involved able to recover from an invariant violation." ^cluster-wide-invariants
"Higher-level APIs should be intent-oriented (think SLOs) rather than implementation-oriented (think control knobs)." ^high-level-apis-intent-oriented
Edge-triggered behavior must be just an optimization. ^edge-triggered-behavior
"Assume an open world: continually verify assumptions and gracefully adapt to external events and/or actors. Example: we allow users to kill pods under control of a replication controller; it just replaces them." ^assume-an-open-world
Components should be self-healing. For example, if you must keep some state (e.g., cache) the content needs to be periodically refreshed, so that if an item does get erroneously stored or a deletion event is missed etc, it will be soon fixed, ideally on timescales that are shorter than what will attract attention from humans. ^self-healing-before-people-notice
Component behavior should degrade gracefully. Prioritize actions so that the most important activities can continue to function even when overloaded and/or in states of partial failure. ^degrade-gracefully
Only the apiserver should communicate with etcd/store, and not other components (scheduler, kubelet, etc.). ^only-api-server-communicates-with-etcd
References eric-raymond-17-unix-rules