AI 资讯
From A10 to M60: An Architect's Journey into Azure GPU VM Sizing for Kubernetes Inference Workloads
How an unexpected regional constraint forced us to deeply understand Azure GPU VM families, naming conventions, and workload fit. Introduction As architects, we often assume that infrastructure decisions are straightforward: "The workload is already running successfully in Region A. Let's deploy the same Kubernetes workload in Region B." That's exactly what we thought. Our workload consisted of a Visual Element Detection (VED) service hosted on Kubernetes. The application uses a PyTorch model to analyze images and detect various visual elements in an image file. The service was already running successfully on a node pool backed by Azure's NVads_A10_v5 GPU VMs. Then we hit an unexpected challenge. The target region did not offer NVads_A10_v5 instances. What looked like a simple deployment exercise became a deep dive into Azure GPU virtual machine families, GPU architectures, VM naming conventions, and workload characteristics. This article shares what I learned in the hope that it helps others who find themselves evaluating Azure GPU SKUs for AI inference workloads. I am relatively new to the world of MLOps, Model deployments, GPU Workloads etc and equally interested and excited to learn more on this front. The Workload Before discussing VM selection, let's understand the workload characteristics: Model Type : PyTorch Model Size : less than 200 MB (.pth) Image Resolution : ~2000 x 2000 Expected Throughput : 5-7 requests/sec Platform : AKS (Kubernetes) Workload Type : Inference only This is important because GPU sizing should always start from the workload and not from the VM catalog. Step 1: Understanding Azure GPU VM Families Many engineers first encounter Azure GPU machines through names like: NV12s_v3 NV6ads_A10_v5 NC4as_T4_v3 ND96isr_H100_v5 The naming can be intimidating. The first breakthrough was understanding that Azure organizes GPU VMs into three primary families: N-Series ├── NV ├── NC └── ND NV Series – Visualization and Graphics NV-series VMs are designe
AI 资讯
I Built Free Browser-Based Validators for YAML, Kubernetes and Terraform (No Upload, No Signup)
Every DevOps engineer has done this dance: you've got a chunk of YAML or a Terraform file that looks right, something's rejecting it, and you want a fast sanity check. So you paste it into some random online validator — and a small voice asks, wait, where did that config just go? That config often has structure, comments, sometimes internal hostnames or resource names in it. Pasting infrastructure definitions into an unknown server is a habit worth breaking. So I built a set of validators that never send your config anywhere — they run entirely in your browser. What they are Free, browser-based validators for the formats DevOps folks paste-and-pray most: YAML — catches the indentation and structure errors that make Kubernetes and CI configs fail with cryptic messages Kubernetes manifests — schema-aware checks beyond "is it valid YAML," so you catch the wrong apiVersion or a misplaced field before kubectl apply does Terraform / HCL — structural validation for the syntax slips that terraform validate flags only after you've context-switched away The one design decision that matters 100% client-side. No upload, no signup, no server round-trip. Your config is parsed by JavaScript running in your own tab — it never leaves your machine. You can literally open dev-tools, watch the network panel, and see nothing go out. Turn off your wifi and they still work. This isn't a privacy gimmick — it's the correct architecture for a tool that handles infrastructure definitions. A validator has no business seeing your config on a server it doesn't need to. Why I bother Two reasons, honestly. One: I kept wanting this exact thing and kept not trusting the options. The nth time I hesitated before pasting a manifest into a stranger's website, I decided to just build the version I'd trust. Two: fast feedback loops are the whole game in this job. The gap between "save the file" and "find out it's malformed" is pure friction — and the tighter that loop, the less of your working memory it b
AI 资讯
Uber’s product chief on hotels, robotaxis, and why the company doesn’t want to be “everything for everyone”
Uber Chief Product Officer Sachin Kansal walks TechCrunch through the company's financial-services ambitions, its increasingly complicated relationship with Waymo, its new AV Labs data operation, and how AI is starting to show up in ways riders and drivers will actually notice.
创业投融资
Uber’s robotaxi lobbying effort puts it on a collision course with Waymo
Washington D.C. has become a battleground for Uber and Waymo's competing views.
AI 资讯
Architecting Kubernetes Deployments with Python
Python is an excellent language for automating cloud infrastructure, but the official Kubernetes Python client leaves developers with an important architectural decision: Where should Kubernetes manifests live? Should they be constructed directly with Python objects? Embedded as multiline strings? Or stored as external files and rendered at runtime? Each approach works, but they have very different implications for readability, maintainability, and long-term operational cost. The key is recognizing that deployment logic and platform configuration evolve on different lifecycles. Your deployment code, the part that authenticates to Kubernetes, renders templates, and applies resources, may remain unchanged for months. Your manifests, however, often change weekly as applications evolve, resource limits are tuned, cloud-provider annotations are added, or networking requirements change. When those two concerns are tightly coupled, even a configuration, only change forces you to modify, test, and redeploy the delivery or application code itself. Over time, this increases maintenance costs, slows platform changes, and makes configuration drift and production mistakes more likely. This is a familiar software engineering principle: separate concerns that evolve independently. The same thinking that keeps application configuration separate from executable code also applies to Kubernetes manifests. Treating manifests as first-class configuration artifacts allows them to evolve independently from the Python code that delivers them. In this article we'll compare three ways of deploying Kubernetes resources with the official kubernetes-python-client , ranging from tightly coupled implementations to a design that cleanly separates deployment logic from platform configuration. The Landscape at a Glance The comparison below assumes a common application deployment scenario, where the desired state is largely known ahead of time. Controllers and Operators have fundamentally different r
AI 资讯
TechCrunch Mobility: A robotaxi ultimatum
Welcome back to TechCrunch Mobility, your hub for the future of transportation and now, more than ever, how AI is playing a part.
AI 资讯
After the ingress-NGINX retirement, what your migration plan owes production
The status of the controller As of March 2026, the Kubernetes SIG Network stopped maintaining ingress-nginx. That is the controller a lot of clusters have been running for years. A CNCF blog post published July 9 walks operators through the state of play. The headline for anyone still on it is short: unpatched CVEs, and no more feature work. The post names two operational risks explicitly. New security issues will not receive upstream fixes. Feature updates and community support have stopped. If your ingress plane is a piece of infrastructure you have not touched in a while, this is the reason to pull it up in this quarter's planning doc. What it means at 3am An ingress controller sits between the internet and your services. When it drops a request, you find out from your users. When it takes a CVE and no one is patching, you find out from a scanner or from a report. Neither is a good discovery path. The controller also carries the exact set of annotations, TLS defaults and rewrite rules your workloads rely on. Nothing about a retirement changes the version you have in production today, so the immediate blast radius is zero. The risk is on the calendar, not on the pager. That is the kind of risk teams reliably defer until a scanner flags an unpatched CVE. The two paths CNCF lays out The post frames the choice as a fork. Path A is a lateral swap to another Ingress controller. The example named is Contour, described in the post as Envoy-based. This keeps you on the Ingress API and mostly moves the problem of who is patching. Path B is modernization to the Gateway API, described in the post as the upstream-backed successor to Ingress. The CNCF post points at ingress2gateway to automate the translation, and recommends an incremental rollout: run the new plane in parallel and move non-critical workloads first. The stopgap version is a mix. Adopt Contour to buy time on maintained code, then schedule the Gateway API move on your own calendar rather than under duress. What
开发者
How Open Source Enables Collaboration in Creating a Platform
A platform is a collaboration system: platform teams depend on application teams, and both need shared standards. Engineers trust a platform through its predictable behavior, not its features. Being an engineer is about problem-solving and being passionate about it. And being an engineer means sharing your passion for problem-solving. By Ben Linders
AI 资讯
The Kubernetes Approach to AI-Assisted Maintainership Prioritises Human Accountability
The Kubernetes community has introduced a framework for integrating AI into open-source maintainership, emphasising human accountability in code quality and oversight. AI tools may streamline workflows, but ultimate responsibility lies with human maintainers. The framework requires disclosure of AI usage in contributions and prohibits AI-generated commit messages. By Olimpiu Pop
AI 资讯
Part 1 — Container hoá app & chạy trong Kubernetes local
Bạn sẽ học gì Sau bài này, bạn sẽ tự tay đưa một app từ số 0 (một thư mục trống) đến chạy được bên trong một cluster Kubernetes chạy trên máy của bạn . Cụ thể: Viết một app Todo API nhỏ bằng Node.js + Express. Đóng gói (container hoá) nó thành một Docker image. Tạo một cluster Kubernetes local bằng kind . Deploy app bằng file YAML "thật" (không dùng lệnh tắt) để hiểu Kubernetes vận hành thế nào. Truy cập app đang chạy trong cluster từ máy của bạn. Đây là Part 1 trong series "DevOps 101 — Học K8s, Helm, ArgoCD từ số 0" . Cả series dùng chung một app tên todo-ops , các part sau sẽ xây tiếp lên nền này (thêm database, config, ingress, Helm, GitOps với ArgoCD). Điều kiện tiên quyết Docker (hoặc Docker Desktop / OrbStack) — đang chạy. kind — công cụ tạo cluster Kubernetes trong Docker. kubectl — CLI để nói chuyện với Kubernetes. Node.js 20+ và npm — để chạy thử app local. git — để quản lý mã nguồn. Cài đặt Chọn theo hệ điều hành của bạn. macOS (dùng Homebrew — nếu chưa có, cài trước): # Cài Homebrew (bỏ qua nếu đã có) /bin/bash -c " $( curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh ) " # Docker Desktop (hoặc OrbStack: brew install --cask orbstack) brew install --cask docker # Các CLI còn lại brew install kind kubectl node git Sau khi cài xong, mở Docker Desktop (hoặc OrbStack) và chờ nó báo Running trước khi chạy tiếp. Linux (Ubuntu/Debian): # Docker Engine curl -fsSL https://get.docker.com | sh sudo usermod -aG docker " $USER " # cho phép chạy docker không cần sudo (đăng xuất/đăng nhập lại để có hiệu lực) # kubectl curl -LO "https://dl.k8s.io/release/ $( curl -Ls https://dl.k8s.io/release/stable.txt ) /bin/linux/amd64/kubectl" sudo install -m 0755 kubectl /usr/local/bin/kubectl && rm kubectl # kind curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64 sudo install -m 0755 kind /usr/local/bin/kind && rm kind # Node.js 20 (qua NodeSource) + git curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - sudo apt-get insta
AI 资讯
How I Organized Over 180,000 SVG Files into Searchable Collections
Developers love building things. Sometimes the hardest part isn't writing code—it's organizing data. Over the past few months, I've been building a large SVG library containing more than 180,000 vector files. At first, I assumed collecting the files would be the biggest challenge. I was wrong. The real challenge was organizing them. The Duplicate Problem Once a collection reaches hundreds of thousands of files, duplicates become unavoidable. Different sources often contain identical icons with different filenames. For example: facebook.svg facebook-logo.svg facebook-icon.svg facebook-black.svg facebook-circle.svg Some of these are genuine variations. Others are simply duplicates from different icon packs. Automatically detecting the difference isn't always easy. Collections Instead of Files Instead of treating every SVG as an individual page, I decided to build everything around collections. Examples include: Facebook Docker Kubernetes Payment Icons Weather Icons Medical Icons Programming Languages Each collection groups similar SVGs together, making browsing much easier than searching individual files. Keeping Search Engines Happy One interesting problem appeared during development. Should every individual SVG page be indexed? After experimenting with different structures, I chose a different approach. Only complete, content-rich collections are indexed. Individual SVG pages remain accessible but are excluded from search engine indexes. This avoids creating hundreds of thousands of thin pages while allowing search engines to focus on pages that actually provide value. Automation Managing thousands of collections manually isn't realistic. Several background scripts now automate most repetitive tasks: Collection descriptions Meta titles Meta descriptions FAQ generation Sitemap updates Controlled indexing This allows the library to continue growing without requiring manual editing for every collection. Data Cleanup One task I underestimated was cleanup. Large datasets
AI 资讯
Helm 4 Migration Guide: What Breaks and How to Fix It Before EOL
Originally published on DevToolHub . Helm 4 shipped in November 2025. Eight months later, most teams are still running Helm 3 in production CI/CD because it works. But Helm 3's final feature release lands September 9, 2026, and security patches stop completely on February 10, 2027. This helm 4 migration is simpler than it looks. Your charts don't need rewriting — Helm 3 Chart API v2 charts are fully compatible with Helm 4. But the automation around Helm has four real breaking points that fail silently if you don't know where to look. [IMAGE: articles/images/2026-07-05-helm-4-migration-guide-featured.png | alt: "helm 4 migration flow from Helm 3 to Helm 4 upgrade path"] Why This Helm 4 Migration Matters Now The EOL timeline has three stages, and they matter differently based on your situation: September 9, 2026 — Final Helm 3 feature release (limited to Kubernetes client library updates only after this date) February 10, 2027 — All security patches stop If your organization runs regulated workloads with requirements around supported software, February 2027 is your hard deadline. But waiting until then means doing this migration under pressure, after 14 months of Helm 4 fixes shipped without you tracking them. The better path: upgrade now, before September, so you're on supported software when new Kubernetes releases land and need updated client libraries. What Actually Broke: The Four Real Changes 1. Post-renderers require plugin registration In Helm 3, you could pass any executable directly to --post-renderer : helm install myapp ./chart --post-renderer ./scripts/mutate.sh Helm 4 drops this. Post-renderers must now be registered as named Helm plugins and referenced by plugin name: helm install myapp ./chart --post-renderer my-post-renderer If your pipeline calls --post-renderer ./path/to/script.sh , it fails on Helm 4. The error message doesn't say "plugin required," so this is easy to miss in a quick smoke test. To wrap an existing script as a plugin, create a plug
开源项目
Uber’s European expansion plans may have hit a speed bump
Back in February, Uber announced ambitious plans to launch in seven new European markets in 2026 — but now five of those launches are reportedly on hold.
AI 资讯
Docker vs Kubernetes: Do You Actually Need an Orchestrator Yet?
"Docker vs Kubernetes" is one of those framings that quietly sends people down the wrong road. It sounds like a choice between two competing tools, so teams treat it like a bake-off. It isn't. Docker builds and runs containers. Kubernetes orchestrates a fleet of them. You can happily use one without the other, and most teams should — at least for a while. The question that actually matters is hiding underneath: do I need an orchestrator yet? That's the one worth thinking about carefully, because the cost of answering "yes" too early is real, and it mostly shows up later, on a Saturday, when you're the one holding the pager. What each tool actually does Let me separate the two cleanly, because the confusion causes most of the bad decisions. Docker (or any OCI-compatible runtime — Podman, containerd, and friends) does two jobs: it builds an image from a Dockerfile , and it runs that image as a container on a host. That's the unit of packaging. When you type this: docker build -t registry.example.com/myapp:1.4.2 . docker run -d -p 8080:8080 registry.example.com/myapp:1.4.2 you've packaged your app and started it on one machine . If that machine dies, your app dies with it. If you need three copies, you start three by hand. If you push a bad image, you roll it back by hand. Kubernetes doesn't build or run containers itself — it schedules them across a set of machines and keeps them in the state you declared. You tell it "I want three replicas of myapp:1.4.2 , behind a stable network name, and if a node dies, reschedule them." Kubernetes then spends its life making reality match that declaration. So they're not competitors. Kubernetes runs your Docker-built images. The real comparison isn't "Docker vs Kubernetes" — it's "a couple of containers on a host I manage" versus "a control plane that manages containers for me." A small, honest comparison Concern Plain Docker (or Compose) Kubernetes Where it runs One host you manage A cluster of nodes If a node dies You notice and
AI 资讯
From Docker Compose to Kubernetes: What Actually Changes
If you're comfortable with docker compose up , you already understand more of Kubernetes than you think. Compose taught you to describe an application declaratively — services, their images, their config, how they talk to each other — instead of running containers by hand. Kubernetes is the same instinct, scaled out across a cluster, with more moving parts because it's solving a harder problem: keeping that application running when machines fail. The good news is the mental model transfers. The honest news is that the operational surface grows, and it's worth knowing exactly what changes before you commit. Let me map the concepts you already know onto their Kubernetes equivalents, show the YAML side by side, and be straight about the parts that get harder. First, the thing that doesn't change: your images This trips people up, so let's clear it early. The Docker images you already build run on Kubernetes unmodified. Kubernetes doesn't use the Docker daemon to run them — most clusters use containerd or CRI-O — but every one of those runtimes runs standard OCI images. That's the whole point of the OCI standard: the image you built with docker build is the same artifact the cluster pulls and runs. docker build -t registry.example.com/myapp:1.4.2 . docker push registry.example.com/myapp:1.4.2 That image works identically whether docker run starts it or a Kubernetes node's containerd does. So the packaging is settled. What changes is everything around the container. The concept map Here's the translation table I'd keep next to you while you learn: Docker Compose Kubernetes What changed service Deployment + Service Running vs. reachable are now two objects image: spec.containers[].image Same OCI image ports: Service (+ Ingress for external) Networking is explicit and named depends_on: probes / initContainers Ordering becomes health, not sequence environment: / .env ConfigMap / Secret Config decoupled from the pod volumes: PersistentVolume / PVC Storage is claimed, not jus
开发者
The Helm Chart Is a Platform Contract — Not a Template
Early in building our cloud infrastructure, we had a problem nobody talks about — because it happens so slowly you almost don't notice it. We had eight separate Helm charts. One for services that needed KEDA scaling. One for standard HPA. One for backends that exposed HTTP. One for workers that didn't. One for Azure Functions. One for frontends. Eight charts, all living in the same repository, all drifting apart from each other. The charts started as copies of each other. Over time each one picked up its own fixes, its own conventions, its own slightly-different take on security contexts and ServiceAccount annotations and rolling update strategy. Nobody made a decision to diverge. It just happened. Every time we fixed something in one chart — say, wiring up Azure Workload Identity to every ServiceAccount — we had to remember to propagate that fix to seven others. Sometimes we did. Sometimes we didn't. We'd find out when something broke in an unexpected way six weeks later. Helm chart drift is more dangerous than dependency drift. At least with a dependency, you know what version you're on. With eight loosely related charts, you just don't know what you don't know. This is the story of how we replaced all eight with a single versioned chart, published to an OCI registry, and consumed by 70+ services through ArgoCD multi-source Applications — and what that structure forced us to think clearly about. The Two-Questions Framework The first thing we had to do was figure out why we had eight charts in the first place. What was actually different between services that justified a different chart? We landed on two questions: Does it expose HTTP? — This determines whether it needs an ingress, a Service, liveness/readiness probes on an HTTP path. What drives its scaling? — Standard CPU/memory HPA, or event-driven scaling via KEDA (Azure Service Bus, Event Hubs)? That's it. Everything else — security contexts, Workload Identity, pod anti-affinity, rolling update strategy, how s
AI 资讯
kubeadm init fails with "the number of available CPUs 1 is less than the required 2" on an Azure B1s VM — how I fixed it
While setting up a self-managed Kubernetes cluster on Azure VMs, I hit this error when running sudo kubeadm init on a Standard_B1s VM (1 vCPU / 1 GB RAM): [ERROR NumCPU]: the number of available CPUs 1 is less than the required 2 After checking Stack Overflow and the official Kubernetes documentation ("Before you begin"), I confirmed that kubeadm requires at least 2 CPUs to install the control plane. The fix: I stopped the VM and resized it from Standard_B1s to Standard_B2s (2 vCPU / 4 GB RAM) from the Azure portal, then ran kubeadm init again — the preflight checks passed and the control plane initialized successfully. Posting this in case it helps someone hitting the same issue on a low-tier cloud VM. Thanks to the community for the answers that pointed me in the right direction!
开发者
The Terraform Awakens: Infrastructure as Code Quest
The Quest Begins (The "Why") Honestly, I was tired of playing “guess the state” every time I spun up a new environment. One day I clicked “Apply” in the AWS console, watched a handful of EC2 instances, S3 buckets, and IAM roles appear, and then realized I had no idea how to recreate that exact setup six months later when the team needed a staging copy. It felt like trying to rebuild the Death Star from memory after a single glance at the blueprints—frustrating, error‑prone, and definitely not the heroic saga I signed up for. That moment was my “aha!”: I needed a repeatable, version‑controlled way to describe infrastructure. Enter Infrastructure as Code (IaC). I’d heard the buzz, but the real question was which tool to wield—Terraform or CloudFormation? Both promised declarative provisioning, but they spoke different dialects. I decided to embark on a quest to learn both, slay the configuration drift dragon, and come out with a reusable spellbook I could share with anyone on the team. The Revelation (The Insight) The breakthrough came when I stopped thinking of IaC as “just another config file” and started seeing it as a storytelling language . Every resource block is a character, every variable a plot twist, and the state file the ever‑growing script that remembers what happened in previous chapters. When I wrote my first Terraform module, it felt like Neo realizing he could bend the spoon—suddenly the impossible became trivial. I could define a VPC, subnets, security groups, and an RDS instance in a few dozen lines, run terraform init , terraform plan , and watch the plan show exactly what would change before any resources touched the cloud. No more surprise “you created a public‑facing DB!” moments. CloudFormation, on the other hand, felt like the loyal sidekick that already lives in the AWS universe. Its JSON/YAML templates are native to AWS, so there’s no extra provider to install, and drift detection is built‑in. The trade‑off? A bit more verbosity and a steepe
AI 资讯
Cutting Idle Agent Costs by 90% with Agent Substrate
Cost is everything. In just about every agentic conversation, the three things that come up for enterprises implementing AI workloads are: Cost Observability Security and as AI continues to throw everyone for a loop when it comes to cost management (e.g - Uber running out of the yearly token budget in one quarter), the ability to shrink resource (like hardware) usage will be crucial moving forward. In this blog post, you will learn how to cust costs by 90% using Agent Susbtrate in comparison to Agents running in k8s Deployments/Pods. The Cost Comparison Agents need a place to run. The "place to run" needs to be a platform that's easily managed, orchestrated, and has the ability to cluster resources. Resources like CPU, GPU, and memory need to be able to scale and expand. Without this, it's a matter of manually managing servers that Agents are running on and clients to interact with said server. That's why so many organizations choose Kubernetes to run Agentic. When running Agents per Pod, however, that can get costly very quick in terms of hardware (GPU, CPU, memory) and performance (can your cluster scale up and down quickly based on resource needs when it comes to Agents coming up and going down per use?). The tests in this blog post show: Always-on Agents running in k8s. Actors running in Workers via Agent Substrate And the comparison will be 50 always-on Pods in comparison to 50 Actors across 5-7 Workers (Pods). If there are 50 Agents running per Pod and 50 Agents running per Worker with 5-10 Actors per Pod, you can already imagine the hardware resource savings that can be accomplished. Right now, the majority of organizations start off with the "one Agent per Pod" approach as that's the fastest way to show value and get up and running. For the future, however, Agents in Actors via Agent Substrate will be how organizations deploy when they care about efficiency, optimization, and managing cost. Let's dive in from a hands-on perspective. Prerequisites To follow a
AI 资讯
🚦 Meet Kueue: Smart Job Queueing for Kubernetes 🧠⚙️
Hey everyone 👋 If you run batch jobs, data pipelines, or any kind of AI and ML training on Kubernetes, you have probably hit this wall. Kubernetes is fantastic at deciding WHERE a pod should run, but it is surprisingly clueless about WHEN a job should start. 😅 You submit ten jobs, the cluster fills up, and the rest just sit there as Pending. No real queue, no priority, no fairness between teams. One noisy team can eat all your expensive nodes while everyone else waits. 🥲 That is exactly the gap Kueue fills, and today I want to walk you through it with a pile of hands on examples you can run on any cluster, even your homelab. 🏡 👉 Key takeaway up front: Kueue is a job level manager that holds your jobs in a real queue and only admits them when there is enough quota to actually run them. 🧪 Everything in this guide was tested against Kueue v0.18.1 using the v1beta2 API. I pinned every command and manifest to that version so you do not get surprised by API drift. 📋 What we will cover ✅ Why Kubernetes needs a queue ✅ The building blocks in plain language ✅ Installing Kueue ✅ Setting up quota with a ResourceFlavor, a ClusterQueue, and a LocalQueue ✅ Submitting a Job and watching it get queued and admitted ✅ Priority based admission ✅ Partial admission and elastic jobs ✅ Multiple resource flavors for x86 and arm ✅ Fair sharing between teams with cohorts ✅ Dedicated quota with a shared fallback ✅ Queueing a plain Pod ✅ Why this matters a lot for GPUs and your cloud bill 🤔 Why Kubernetes needs a queue Native Kubernetes scheduling is pod centric. The scheduler looks at one pod at a time and tries to place it. That works great for long running services. Batch workloads are different. They have a beginning and an end, they often need a fixed chunk of capacity, and they compete with other teams for the same nodes. Without a queueing layer you get: ✅ Jobs that fail or stay Pending when resources are tight ✅ No quota governance, so one team can starve the others ✅ No admission prio