a lot of the ops issues come from things external to spicedb that don't have just one answer in kube: spicedb should run with tls, but you might not manage certs with cert-manager. you have to route traffic to spicedb, but you have your pick of ingress, and they all have tradeoffs. one thing that's nice about spicedb at the moment is that it's simple to run with basic kubernetes constructs (deployment + service). it's not as obvious (yet) how best to support these other ops concerns, when there are so many user / environment choices at play