Change statefulset spec without downtime
Altering statefulsets on kubernetes can be tricky - as statefulsets are very common used for persistent applications like databases recreation is no option. This guide shows a path around some of these limitations.
Linux kernel keyrings, container isolation and maybe some kerberos
On a recent project I've been stumbling on the case that kerberos tickets have been inadvertently shared across containers on a node - which obviously caught my attention as I'm not keen on sharing such secrets across workloads. This post describes why this happens and what to do to prevent this.
nginx ingress controller cannot load default-ssl-certificate
nginx ingress controller supports scoping to namespaces. This can be an issue with the default-tls-certificate in case this is not part of the scoped namespaces.
Terraform - transform values of a map
If you're developer, you might wonder about control structures in terraforms declarative language. Some things need to think about the corner, some things are more straight forward than expected. Second applies to using for loops to map values.
Service accounts in kubernetes 1.24
Kubernetes 1.24 changed the way serviceaccounttokens are presented by default on the cluster itself. If you need to retrieve the token, you mostly use a secret for this. This guide shows how to do this in kubernetes >= 1.24.
terraform - use nullable in variables for default values
Writing terraform makes it easy to split code into modules. To avoid setting default values on each layer of the stack, use nullable to provide a way to fallback to the module's own default value.