Engineering Blog

A “Krispr” Approach to Kubernetes Infrastructure: Keeping Pods Fresh and Rolling Out Updates Smoothly


In the demanding world of modern service-oriented architectures, maintaining fresh and up-to-date infrastructure is crucial for optimal performance and security. Airbnb, with its hundreds of services relying on Kubernetes, faced challenges in efficiently updating shared infrastructure components within their platform. Their existing approach, heavily dependent on service owner upgrades, led to version fragmentation, complexity, and limited control for infrastructure engineers.

Pursuing Improvement

Exploring a solution to these limitations, the Airbnb team turned to the concept of mutating admission controller webhooks within Kubernetes. These webhooks intercept pod creation requests and can modify them before deployment. Using this mechanism, they envisioned a system where infrastructure updates could be injected directly into pods as needed, bypassing the service owner upgrade cycle.

Introducing Krispr: Simplifying and Centralizing Infrastructure Updates

The core of this approach lies in “mutators,” pure functions defining the specific changes to be made to a pod’s configuration. For common tasks like injecting containers, a simplified “container mutator” was developed. But the magic truly unfolds with Krispr, a command-line tool that aggregates and executes these mutators. Krispr operates both at build time, catching errors early, and as part of the admission controller, ensuring real-time updates.

Key Benefits

This “Krispr” approach delivers several key advantages:

  • Decoupled Infrastructure Updates: Updates are no longer tied to service owner upgrades, enabling faster and more targeted rollouts.
  • Centralized Management: Krispr provides a single point of control for defining and applying infrastructure changes across different services.
  • Targeted Rollouts: Infrastructure engineers can now specify which services and environments receive specific updates.
  • Rollback Option: A two-week mutation pause period empowers service owners to revert to previous deployments if needed.
  • Increased Reliability: Running Krispr at build time strengthens reliability and allows pods to be created even during temporary admission controller downtime.


By leveraging mutators and the powerful Krispr tool, Airbnb successfully addressed the challenges of their previous infrastructure update approach. This solution delivers enhanced flexibility, control, and reliability, ultimately promoting a more efficient and streamlined development workflow for both infrastructure and service teams. The “Krispr” approach offers valuable insights for anyone seeking to optimize shared infrastructure management within their Kubernetes environment.


Previous Post
Next Post