Situation before containerisation
- Teams shipped images faster than they agreed on runtime policy and backup paths.
- Finance asked for unit economics while engineering chased utilisation blind spots.
- Incidents showed gaps in health checks, rollout order, and secret handling.
Packaging wins and new risks
Core points
- Stakeholders needed a single credible story before budgets and timelines locked in.
- Legacy habits and tooling debt competed with the outcomes marketing promised externally.
- Scope stayed honest by naming what would move in phase one versus what waited on data.
Orchestration choices
Core points
- Regulated or high-trust contexts punish silent assumptions about access, retention, and blast radius.
- Integration seams between teams multiplied rework when contracts were not written down.
- Non-prod behaviour that did not mirror production invited surprises during the first real traffic.
Operational guardrails
Core points
- Automation and observability had to land together so operators could trust rollback and forward fix.
- Owners were named for pipelines, environments, and data handoffs instead of a shared inbox.
- Change management sat next to engineering so habits survived the first month after go live.
Skunk tip
- Rehearse one failure mode weekly until the runbook is boring, not heroic.
Lessons at scale
Core points
- Velocity showed up when releases shrank and evidence travelled with the merge request.
- Cost and risk curves improved when unused paths were retired instead of left on life support.
- The durable lesson is that discipline on ownership beats another headline feature without adoption.
If your rollback is a myth, your deploy frequency is vanity.
