Sources

More troubling still, more than 65% of workloads run under half their requested CPU or memory, suggesting that wasted spending on the infrastructure required to run Kubernetes clusters is exceedingly high. A full 82% of the Kubernetes workloads are overprovisioned, compared to 11% that are underprovisioned, the report finds. Komodor estimates almost 90% of organizations are also overspending on cloud resources, with capacity utilization often falling below 80%. Well more than a third of IT teams (37%) have a need to rightsize 50% or more of their workloads.

Kubernetes has revolutionized container orchestration, but let's be honest—it's not all smooth sailing. After years of wrestling with K8s in production environments, every DevOps engineer has a collection of war stories about seemingly simple tasks that turned into multi-hour debugging sessions. This post explores the most common Kubernetes annoyances that keep DevOps teams up at night, along with practical solutions and workarounds. ## 1. The YAML Verbosity Nightmare **The Problem:** Kubernetes YAML manifests are notoriously verbose. A simple application deployment can require hundreds of lines of YAML across multiple files, making them error-prone and difficult to maintain. **Example of the Pain:** … This seemingly "simple" application deployment requires 80+ lines of YAML just to run a basic web service. Notice the massive amount of repetition—labels are duplicated across metadata sections, and configuration references are scattered throughout. The verbosity makes it error-prone; a single mismatched label in the selector will break the deployment entirely. The real pain comes when you need to maintain this across multiple environments. Each environment requires its own copy with slight variations, leading to configuration drift and deployment inconsistencies. Small changes like updating the image tag require careful editing across multiple sections, and forgetting to update the version label means your monitoring and rollback strategies break silently. **Solution:** Use templating tools like Helm or Kustomize to reduce repetition: … ## 2. Resource Limits: The Guessing Game **The Problem:** Setting appropriate CPU and memory limits feels like throwing darts blindfolded. Set them too low, and your pods get OOMKilled or throttled into oblivion. Set them too high, and you're burning money on wasted cluster resources. Most teams resort to cargo-cult configurations copied from tutorials, leading to production surprises. … **Over-allocation consequences:** - Cluster resource waste leading to unnecessary infrastructure costs - Reduced pod density requiring more nodes than necessary - Poor bin-packing efficiency in the scheduler - Higher blast radius during node failures due to fewer pods per node … ## 3. ConfigMap and Secret Management Hell **The Problem:** Configuration management in Kubernetes starts simple but quickly becomes a maintenance nightmare. What begins as a few environment-specific ConfigMaps evolves into dozens of scattered configuration files with duplicated values, inconsistent formatting, and no clear source of truth. Add secrets into the mix, and you're juggling sensitive data across multiple environments with no automated rotation or centralized management. … demo app-secrets-demo Opaque 4 67d # Ancient passwords! # No way to tell which secrets are current or which need rotation $ kubectl get secret app-secrets-prod -o yaml # Shows base64 gibberish with no metadata about source or age ``` Each environment requires manual secret creation and updates. When the database password changes, you'll need to manually update 5+ Kubernetes secrets, inevitably forgetting one environment. There's no audit trail, no automated rotation, and no way to verify that secrets are current across all environments. … ## 4. Networking: The Black Box of Pain **The Problem:** Kubernetes networking is where simple concepts collide with complex reality. What should be straightforward—"make this service talk to that service"—becomes a maze of DNS resolution, iptables rules, CNI plugins, service meshes, and network policies. When networking breaks, debugging feels like performing surgery blindfolded while the entire application stack is on fire. … ## 6. Persistent Volume Provisioning Nightmares **The Problem:** Persistent volumes often fail to provision correctly, leaving your stateful applications in pending state with cryptic error messages. **The Frustrating Experience:**

#### Highlights ... - **87%** of companies now run Kubernetes in hybrid-cloud setups. - The challenge isn’t adoption - it’s **optimization and security**. - Clusters are **larger, faster, and business-critical** than ever. ... … **Avoid 2025’s Top Kubernetes Mistakes** - Overprovisioning → Use VPA - Ignoring security → Apply PSS and scanning - Outdated versions → Regular upgrades - Weak monitoring → Adopt observability stack - Overprivileged RBAC → Enforce least privilege **Learn by Doing** … That’s not just a statistic - it’s a wake-up call for DevOps engineers. As Kubernetes becomes the default platform for running modern workloads, the real challenge isn’t *adoption* anymore - it’s *optimization*. Teams that don’t follow the right **Kubernetes best practices 2025** risk higher cloud bills, underperforming clusters, and serious security gaps. … ## Kubernetes Cost Optimization Strategies In 2025, Kubernetes continues to dominate enterprise infrastructure - but with great flexibility comes great waste. According to the Cast AI 2025 Kubernetes Cost Benchmark Report, **99.94 % of clusters are over-provisioned**, with average CPU utilisation at just **10 %** and memory utilisation around **23 %**. That means nearly three-quarters of allocated cloud spend is sitting idle. … ## Common Kubernetes Mistakes to Avoid in 2025 In 2025, Kubernetes isn’t just about running workloads - it’s about **running them securely, efficiently, and intelligently**. According to the Sysdig 2025 Kubernetes and Cloud-Native Security Report, **60% of containers live for less than one minute**, while **machine identities are now 7.5x riskier than human identities**, and **AI/ML workloads have exploded by 500%**. That’s the new reality: faster, smarter, and infinitely more complex. Yet despite all these advancements, organizations still stumble on fundamental Kubernetes best practices - the kind that separate reliable clusters from costly chaos. > “Most Kubernetes issues in 2025 don’t come from innovation gaps - they come from ignoring the basics.” Let’s break down the most common mistakes and how to fix them before they break your cluster (or your cloud bill). ### 1. Overprovisioning Nodes and Resources Even with advanced autoscalers, many teams still allocate double what they need. Real-time monitoring data from Sysdig shows that **resource overprovisioning remains one of the top causes of unnecessary cloud spend**, especially as teams scale AI/ML workloads. **Fix it:** Use proper resource requests and limits with Vertical Pod Autoscaler (VPA) for automated right-sizing. … > 💡 > **Pro tip:** Monitor real CPU/memory trends in Prometheus or KodeKloud’s hands-on labs before adjusting limits. ### 2. Ignoring Security Policies Sysdig’s 2025 report highlights a key shift: **in-use vulnerabilities dropped below 6%**, but **image bloat has quintupled**- meaning heavier, less-optimized images are still increasing attack surfaces. Many clusters also skip security policies altogether, leaving room for privilege escalations and cross-pod attacks. … ### 3. Skipping Regular Version Upgrades Despite increased automation, **31% of organizations still run unsupported Kubernetes versions**, often missing vital security and performance patches. Each skipped release compounds tech debt - and increases API breakage risks. **Fix it:** Upgrade regularly and run deprecation checks before every major update. … ### 4. Weak Observability and Reactive Monitoring With **60% of containers living for under a minute**, waiting for logs to reveal problems is no longer sustainable. The modern cluster demands **real-time detection and response**, something Sysdig notes can now happen **in under 10 minutes** - with top teams initiating responses in as little as 4 minutes. **Fix it:** Set up observability from day one. Use: … ### 5. Overprivileged RBAC Configurations According to Sysdig, **machine identities now outnumber human identities by 40,000x** - and they’re far riskier. Overprivileged service accounts are the easiest entry point for attackers. **Fix it:** Apply least privilege with scoped roles and namespace restrictions. … ### Quick Recap |Mistake|Real-World Impact|Fix| |--|--|--| |Overprovisioning|High cost, poor efficiency|Apply limits, use VPA| |Ignoring security|Increased attack surface|PodSecurity + scanning| |Outdated versions|Incompatibility, CVEs|Regular version upgrades| |Weak observability|Slow detection|Full metrics-logs-traces pipeline| |Overprivileged RBAC|Machine identity risk|Enforce least privilege|

However, hosted K8s options have improved significantly in recent years (all cloud providers have Kubernetes options that are pretty much self-managed), and I feel like with LLMs, it's become extremely easy to read & write deployment configs. ... At early stage the product should usually be a monolith and there are a LOT of simple ways to deploy & manage 1 thing. Probably not an issue for you but costs will also tend to bump up quite a lot, you will be ingesting way more logs, tons more metrics etc just for the cluster itself, you may find yourself paying for more things to help manage & maintain your cluster(s) . Security add-ons can quickly get expensive. … atmosx 6 months ago The real challenge isn’t setting up the EKS cluster, but configuring everything around it: RBAC, secrets management, infrastructure-as-code, and so on. That part takes experience. If you haven’t done it before, you're likely to make decisions that will eventually come back to haunt you — not in a catastrophic way, but enough to require a painful redesign later. … (I’m not claiming this is a real architecture that makes sense, just an example of how different layers can be chosen to be managed or unmanaged). 2. Not correct, IAM authentication is not the preferred connection method, and it has a performance limit of 200 connections per second. It's intended for access by humans and not by your applications. In my experience I've never seen any organization set it up. The other authentication methods are not AWS specific (Kerberos/password auth). Easy to avoid. 3. Most performance features of RDS have some kind of non-AWS equivalent. AWS isn't reinventing the wheel as a database host. … PS. Link in bio therealfiona 6 months ago The time sink required for the care and feeding just isn't worth it. I pretty much have to dedicate one engineer about 50% of the year to keeping the dang thing updated. The folks who set it all up did a poor job. And it has been a mess to clean up. Not for lack of trying, but for lack of those same people being able to refine their work, getting pulled into the new hotness and letting the clusters rot. Idk your workload, but mine is not even suited for K8s... The app doesn't like to scale. And if the leader node gets terminated from a scale down, or an EC2 fails, processing stops while the leader is reelected. Hopefully not another node that is going down in a few seconds... Most of the app teams stopped trying to scale their app up and down because of this ... … At early stage the product should usually be a monolith and there are a LOT of simple ways to deploy & manage 1 thing. Probably not an issue for you but costs will also tend to bump up quite a lot, you will be ingesting way more logs, tons more metrics etc just for the cluster itself, you may find yourself paying for more things to help manage & maintain your cluster(s) . Security add-ons can quickly get expensive.

# 7 Common Kubernetes Pitfalls (and How I Learned to Avoid Them) It’s no secret that Kubernetes can be both powerful and frustrating at times. When I first started dabbling with container orchestration, I made more than my fair share of mistakes enough to compile a whole list of pitfalls. In this post, I want to walk through seven big gotchas I’ve encountered (or seen others run into) and share some tips on how to avoid them. Whether you’re just kicking the tires on Kubernetes or already managing production clusters, I hope these insights help you steer clear of a little extra stress. ## 1. Skipping resource requests and limits **The pitfall**: Not specifying CPU and memory requirements in Pod specifications. This typically happens because Kubernetes does not require these fields, and workloads can often start and run without them—making the omission easy to overlook in early configurations or during rapid deployment cycles. … 1. Resource Starvation: Pods may get insufficient resources, leading to degraded performance or failures. This is because Kubernetes schedules pods based on these requests. Without them, the scheduler might place too many pods on a single node, leading to resource contention and performance bottlenecks. 2. Resource Hoarding: Conversely, without limits, a pod might consume more than its fair share of resources, impacting the performance and stability of other pods on the same node. This can lead to issues such as other pods getting evicted or killed by the Out-Of-Memory (OOM) killer due to lack of available memory. ### How to avoid it: - Start with modest `requests` (for example `100m` CPU, `128Mi` memory) and see how your app behaves. - Monitor real-world usage and refine your values; the HorizontalPodAutoscaler can help automate scaling based on metrics. - Keep an eye on `kubectl top pods` or your logging/monitoring tool to confirm you’re not over- or under-provisioning. **My reality check**: Early on, I never thought about memory limits. ... Lesson learned. For detailed instructions on configuring resource requests and limits for your containers, please refer to Assign Memory Resources to Containers and Pods (part of the official Kubernetes documentation). ## 2. Underestimating liveness and readiness probes **The pitfall**: Deploying containers without explicitly defining how Kubernetes should check their health or readiness. This tends to happen because Kubernetes will consider a container “running” as long as the process inside hasn’t exited. Without additional signals, Kubernetes assumes the workload is functioning—even if the application inside is unresponsive, initializing, or stuck. … ## 4. Treating dev and prod exactly the same **The pitfall**: Deploying the same Kubernetes manifests with identical settings across development, staging, and production environments. This often occurs when teams aim for consistency and reuse, but overlook that environment-specific factors—such as traffic patterns, resource availability, scaling needs, or access control—can differ significantly. Without customization, configurations optimized for one environment may cause instability, poor performance, or security gaps in another. … ## 5. Leaving old stuff floating around **The pitfall**: Leaving unused or outdated resources—such as Deployments, Services, ConfigMaps, or PersistentVolumeClaims—running in the cluster. This often happens because Kubernetes does not automatically remove resources unless explicitly instructed, and there is no built-in mechanism to track ownership or expiration. Over time, these forgotten objects can accumulate, consuming cluster resources, increasing cloud costs, and creating operational confusion, especially when stale Services or LoadBalancers continue to route traffic. … ## 6. Diving too deep into networking too soon **The pitfall**: Introducing advanced networking solutions—such as service meshes, custom CNI plugins, or multi-cluster communication—before fully understanding Kubernetes' native networking primitives. This commonly occurs when teams implement features like traffic routing, observability, or mTLS using external tools without first mastering how core Kubernetes networking works: including Pod-to-Pod communication, ClusterIP Services, DNS resolution, and basic ingress traffic handling. As a result, network-related issues become harder to troubleshoot, especially when overlays introduce additional abstractions and failure points. … ## 7. Going too light on security and RBAC **The pitfall**: Deploying workloads with insecure configurations, such as running containers as the root user, using the `latest` image tag, disabling security contexts, or assigning overly broad RBAC roles like `cluster-admin`. These practices persist because Kubernetes does not enforce strict security defaults out of the box, and the platform is designed to be flexible rather than opinionated. Without explicit security policies in place, clusters can remain exposed to risks like container escape, unauthorized privilege escalation, or accidental production changes due to unpinned images.

Another area to consider is the choice of libraries and frameworks. Some libraries are heavier than others. This can lead to longer load times and increased resource demands. Selecting a lighter alternative might yield noticeable improvement. Profiling tools, like cProfile or line_profiler, can provide insights into which parts of your code consume the most resources. … - Syntax mistakes - Indentation errors - Type mismatches - Variable scope problems - Incorrect use of functions and methods Syntax errors are the most straightforward to identify. They occur when the code doesn’t conform to the language rules. For instance: ` print(Hello, World! ` This snippet will throw a syntax error because the closing parenthesis is missing. Indentation errors, on the other hand, can be elusive. Python relies on whitespace to define code blocks. An incorrect indentation level can lead to unexpected behavior:

{ts:456} kind of awful because when you start an right now in year one the people who work there Define the first years to {ts:464} come and when they might go away or other people come or the mindset changes then suddenly the C base looks different {ts:472} you see this you know this salad you have created this old thing this new thing this thing in between and this is {ts:479} what I don't like in react you have a clear Paradigm UI equals function stank and you have components you have hooks {ts:488} you have State Management and you have some libraries like tster cre which is actually a hook or a set of hooks which {ts:494} communicates with the outside world you have a clear process what is going on and as soon as you have this structure

All of that is a lot more than what a local dev would want, deploying to their own private test instance, probably with a bunch of API keys that are read-only or able to write only to other areas meant for validation. ... To me, personally, the Github Actions CVE from August 2024 was the final nail in the coffin. I blogged about it in more technical detail [1] and guess what was the reason that the TJ actions have been compromised last week? Yep, you guessed right, the same attack surface that Github refuses to fix, a year later. … On one side, you got 50 plugins with CVEs but you can't update them because you need to find a slot that works for all development teams to have a week or two to fix their pipelines again, and on the other side you got a Jenkins instance for each project which lessens the coordination effort but you gotta worry about dozens of Jenkins instances. Oh and that doesn't include the fact many old pipelines aren't written in Groovy or, in fact, in any code at all but only in Jenkins's UI... … > How does the resulting YAML look like? ... Agreed. GitHub actions, or any remote CI runner for that matter, makes the problem even worse. The whole cycle of having to push CI code, wait 10 minutes while praying for it to work, still getting an error, trying to figure out the mistake, fixing one subtle syntax error, then pushing the code again in the hope that that works is just a terrible workflow. Massive waste of time. … I don't understand what problem you could possibly be experiencing. What exactly do you find hard about running commands in, say, GitLab CICD? iterating a GitHub Actions workflow is a gigantic pain in the ass. Capturing all of the important logic in a script/makefile/whatever means I can iterate it locally way faster and then all I need github to do is provision an environment and call my scripts in the order I require.

The reason it gets unbearably messy is because most people google "how to do x in github actions" (e.g. send a slack message) and there is a way and it's almost always worse than scripting it yourself. SOLAR_FIELDS on Jan 21, 2025 Without tooling like this any sufficiently complex system is guaranteed to evolve into a spaghetti mess, because no sane way exists to maintain such a system at scale without proper tooling, which one would need to hand roll themselves against a giant, ever changing mostly undocumented black box proprietary system (GitHub Actions). Someone tried to do this, the project is called “act”. The results are described by the author in the article as “subpar”. … It is somewhat heavy on configuration, but it just moves the complexity from CI configuration to NX configuration (which is nicer IMO). Our CI pipelines are super fast if you don't hit one of one of our slow compilling parts of the codebase. … I do have to say that our NX configuration is quite long though, but I feel that once you start using NX it is just too tempting to split your project up in individual cacheable steps even if said steps are very fast to run and produce no artifacts. Although you don't have to. For example we have separate steps for linting, typescript type-checking, code formatting, unit testing for each unique project in our mono-repo. In practice they could be all the same step because they all get invalidated at the same time (basically on any file change). … hinkley on Jan 20, 2025 The only functionality a CI tool should be providing is: - starting and running an environment to build shit in - accurately tracking success or failure - accurate association of builds with artifacts - telemetry (either their own or integration) and audit trails - correlation with project planning software - scheduled builds - build chaining … chubot on Jan 21, 2025 Especially for Github Actions, which is stateless. If you want to reuse computation within their VMs (i.e. not do a fresh build / test / whatever), you can't rely on Just or Make A problem with Make is that it literally shells out, and the syntax collides. For example, the PID in Make is $$$$, because it's $$ in shell, and then you have to escape $ as $$ with Make. … and it feels like fighting against the flow when you're trying to make it reusable across many repos akdev1l on Jan 20, 2025 necovek on Jan 21, 2025 I've rarely seen a feedback loop with containers that's not longer than 10s only due to containerization itself, and that breaks the "golden" 10s rule (see https://www.nngroup.com/articles/response-times-3-important-...). … Why would it be slow? It needs to be rebuilt? (on a fast moving project with mid-sized or large team, you'll get dependency or Dockerfile changes frequently) It needs to restart a bunch of dependent services? Container itself is slow to initialize? Caching of Docker layers is tricky, silly (you re-arrange a single command line and poof, it's invalidated, including all the layers after) and hard to make the most of. … Stateful virtualenvs with no way to check if they're clean (or undo mistakes), no locking of version resolution (much less deterministic resolution), only one-way pip freeze that only works for leaf projects (and poorly even then), no consistency/standards about how the project management works or even basic things like the directory layout, no structured unit tests, no way to manage any of this stuff because all the python tooling is written in python so it needs a python environment to run so even if you try to isolate pieces you always have bootstrap problems... and most frustrating of all, a community that's ok with all this and tries to gaslight you that the problems aren't actually problems. … (I could rant for ages about Azure DevOps and how broken and unloved it is from Microsoft's side. ... It seems to me that a big part of the problem here (which I have also seen/experienced) is that there's no one specific thing that something like GitHub Actions is uniquely suited for. Instead, people want "a bunch of stuff to happen" when somebody pushes a commit, and they imagine that the best way to trigger all of that is to have an incredibly complex - and also bespoke - system on the other end that does all of it.

You click the step that failed. The page hitches. You scroll. There is a pause, a held breath, and then the logs appear, slowly, like a manuscript being revealed one line at a time to a supplicant who has not yet proven worthy. That’s three or four clicks just to see the error, and every one of them loads a new page with its own loading spinner, and none of them are fast. You are navigating a bureaucracy. You are filling out forms at the DMV of CI. And then the log viewer itself. I have used every CI system known to man, and the GitHub Actions log viewer is the only one that has *crashed my browser*. Not once. Repeatedly. Reliably. Open a long build log, try to search for an error, and Chrome will look you in the eye and die. This is the log viewer for the most popular CI system in the world. This is the tool you are expected to use to understand why your build failed. It cannot survive contact with its own output. … Or a different run. Or a page you don’t recognize. The back button in the GitHub Actions UI is a roulette wheel. You will land somewhere. It will not be where you wanted to go. You will click the back button again. You will land somewhere else. Eventually you give up and type the PR URL from memory or go find it in your browser history, which is now 80% GitHub Actions URLs, a fact that will haunt you when you look at it later. … ## ”But the Marketplace!” Ah yes, the GitHub Actions Marketplace. The npm of CI. A bazaar of community-maintained actions of varying quality, most of which are shell scripts with a `Dockerfile` and a dream. Every time you type `uses: some-stranger/cool-action@v2`, you’re handing a stranger access to your repo, your secrets, and your build environment. Yes, you can pin to a SHA. Nobody does. And even if you do, you’re still running opaque code you didn’t write and probably haven’t read, in a context where it has access to your … *can* bring your own runners to GitHub Actions. Self-hosted runners exist. You can set up your own machines, install Nix, configure your environment exactly how you want it. And this does solve the compute problem. Your builds will be faster. Your caches will be warm. But you’ll still be writing GitHub Actions YAML. You’ll still be fighting the expression syntax and the permissions model and the marketplace and the log viewer that crashes your browser. You’ve upgraded the engine but you’re still driving the car that catches fire when you turn on the radio. … `workflow_call` trigger was. That person was happy. The `GITHUB_TOKEN` permissions model is a maze. `permissions: write-all` is a hammer, fine-grained permissions are a puzzle, and the interaction between repository settings, workflow settings, and job-level settings will make you want to lie down on the floor. I once spent an entire day on token permissions. I will never get that day back. It’s gone. I could have learned to paint. I could have called my mother. I could have mass-tested a new CI system. Anything.

However, I've observed and experienced that **the React community has had a growing sense of frustrations and disagreements on where React is headed, how it's developed, and the recommended approaches for using React, as well as the interactions between the React team and the community**. This in turn overlaps with dozens of different arguments that have ricocheted around the React and general web dev communities in the last few years, as well as specific technical concerns with how React works, comparisons with other similar JS frameworks, and how web apps should be built going forward. … The flexibility and variety of ecosystem options has been both a strength and a weakness. You *get* to choose the exact combination of tools you need for your project... but you also *have* to choose a combination of tools. That leads to decision fatigue, variations in project codebases, and constant changes in what tools are commonly used. … This ties into several other related points of concern: - Next is recommended first in the React docs, and the Next App Router is also mentioned as the main example under "Which features make up the React team’s full-stack architecture vision?" - Next is still the only production implementation of RSCs - React team members have been quoted as saying that "This Next release is the real React 18" … ### Concern: React Only Works with Next 🔗︎ I've seen multiple comments online with people saying, either seriously or wonderingly, that "React only works with Next now". This is easily refuted. **Even just looking at the "Start a New React Project" page shows other frameworks that are *not* Next**, as well as the somewhat infamous "Can I use React without a framework?" section. … It's also worth noting that many of the features in React 19 and 19.1 are client-only. If anything, the community has over-estimated the amount of effort put into server-side functionality, and missed the amount of effort put into client-side features. … Every truly efficient React setup was custom, different, and unachievable with Create React App. > These user experience problems are not specific to Create React App. They are not even specific to React. For example, apps created from the Vite homepage templates for Preact, Vue, Lit, and Svelte suffer from all of the same problems. These problems are inherent to purely client-side apps with no static site generation (SSG) or server-side rendering (SSR). > If you build entire apps with React, being able to use SSG/SSR is important. The lack of support for them in Create React App is glaring. But it's not the only area where Create React App is behind … I've also had conversations with the React team where they directly told me that they have heard many of the external complaints about React apps having bad loading times and overall poor performance. So, the frameworks emphasis is a direct response to that, with the goal of getting more apps to have decent performance by default. Based on that, we can summarize the React team's stance as: … - Frameworks add many additional features and functionality, but that's also added complexity to learn, making them less suitable for beginners that are just trying to get a handle on how to use React at all. - The added complexity can also be a trap that leads to confusion, such as accidentally using Context or hooks in Server Components (which throws errors) - Many companies may not be running JS backends, and may even have rules and restrictions against that - Frameworks with server functionality do require specific hosting to run, whereas a pure SPA can be trivially hosted anywhere that serves static HTML and JS (including Github Pages and Amazon S3) - While the *need* to pick and choose your libraries has often been a source of frustration for React users, it does enable customizing projects to meet your specific needs. Opinionated frameworks remove the need to make most of those decisions, but can also limit your ability to customize behavior later. … (SPA routers & loaders are a mess & underserved!) > It's not about React or Vite. It's the ecosystem. It's painful to realize that React won't encourage the traditional "non-framework" as strongly as the "new ways". The "React without a framework" section is tucked away in the docs and depressing. > As a non-Node backend company we see those docs as a sign that we don't align with React's primary direction anymore.

**the React community has had a growing sense of frustrations and disagreements on where React is headed, how it's developed, and the recommended approaches for using React, as well as the interactions between the React team and the community**. This in turn overlaps with dozens of different arguments that have ricocheted around the React and general web dev communities in the last few years, as well as specific technical concerns with how React works, comparisons with other similar JS frameworks, and how web apps should be built going forward. What makes this a lot worse is that everyone is arguing and debating a different subset of these concerns, and **many of the stated concerns are either false or outright FUD**. Unfortunately, the arguments and fears have also been exacerbated by **numerous self-inflicted missteps, communications problems, and lack of developer relations work from the React team itself**. All of these intertwine heavily. … ... Most of the React apps I've worked on have been internal tools with limited distribution, and mostly "desktop-style apps in a browser" - in other words, true SPAs without even any routing or CRUD-type behavior. I did work on … *get* to choose the exact combination of tools you need for your project... but you also *have* to choose a combination of tools. That leads to decision fatigue, variations in project codebases, and constant changes in what tools are commonly used. Overall, **both the React library and the React team intentionally stayed unopinonated**. They didn't want to play favorites with specific tools in the ecosystem, their time and attention was focused on building React itself, and they still viewed the scope of React as being somewhat narrow. ... *should* use a framework to write React apps - they have routing, data fetching, and build capabilities built in". This also tied into the work to build RSCs. As part of this, the "Start a New React Project" page specifically warned *against* using React without a framework. ... That said, by 2015 React was most commonly used for client-side SPA app architectures. As with everything, these had tradeoffs. They made it easier to generate the page contents (it's all React components), had faster user interactions (show a different component on click or route change instead of a full page refresh), and enabled richer app experiences. It didn't matter what the backend was (JS, Java, PHP, .NET, Python) - just expose a JSON API and fetch data. However, they also were slower to load the initial page bundle, and client-side routing could lead to uncanny interactions vs native browser behavior. … *felt* particularly native to React. This has led to a general mindset shift in the React ecosystem. There's more of a push for SSR-based architectures to improve page loading experiences and minimize the amount of JS needed for a page, as well as removing the need to use data fetching libraries on the client side. The React team has argued loudly against "waterfalls" in data fetching in order to improve page loading performance, and even client-side routers like React Router and TanStack Router offer ways to prefetch data at the route/page level rather than triggering fetches nested deep in the component tree.