All of Google’s operations (including their data centres) are 100% sourced from renewable energy: https://environment.google/projects/announcement-100/
Therefore, the maths here in terms of CO2 footprint is probably significantly off.
The package is signed using a PGP key that belongs to an “identity”. That identity is either a keybase.io username or the full HTTPS URL of a public PGP key. That identity remains the same for future versions (even if the public key located on keybase is rotated, etc.).
If you use a Google Container Engine node pool that’s marked as preemptible, the underlying managed instance group will automatically recreate the preemptible instance. You can then use node selectors in the Kubernetes deployment to ensure that pods that died when the instance was killed will be rescheduled back onto the preemptible VM again when it’s recreated.
Ultimately we did end up moving to the Nginx ingress controller so that we had support for client certificates. However, that still requires a TCP load balancer (for which you are charged the minimum service charge) to route to the Nginx controller, so it’s still more cost effective to combine resources into one project.