Container
ingress-nginx 1.12 & allow-snippet-annotations Paid Members Public
If you need to use snippet annotations (why?) on ingress-nginx - you'll also need to adjust the annotation filtering.
multus - deadlock state on thick plugin Paid Members Public
Using Multus CNI's 'thick plugin' in Kubernetes can cause pod startup deadlocks due to circular dependencies between pods and the Multus daemon. Switching to the daemonless 'thin plugin' mode effectively resolves this initialization issue.
kubernetes, cgroups v2 and failing health probes Paid Members Public
Running Kubernetes on a systemd-based OS can lead to pods restarting endlessly due to health probe failures, caused by the systemd cgroup driver. Previously, this was fixed by modifying boot options, but a simpler approach is to switch the kubelet to use cgroupfs instead.
Helm's Hidden Quirks: Merging boolean values Paid Members Public
Helm is a powerful tool for manageing Kubernetes applications. Despite its ubiquity in the kubernetes-world, there are some nuances to consider when working with boolean values—especially when merging complex objects.
Can't delete kubernetes namespace (NamespaceDeletionDiscoveryFailure) Paid Members Public
While trying to delete a namespace on a kubernetes cluster I learned that there is a resource type apiservice :-) This post shows how to unblock deletions due orphaned apiservice definitions.
Unexpected behavior of TUN devices in Kubernetes >= 1.31.3 Paid Members Public
Sometimes, security improvements in one project can cause problems in places nobody ever expected. In this case, we had to deal with one of these improvements.
Ollama fails to utilize GPU after driver update (NVIDIA) Paid Members Public
Ollama can't make use of NVIDIA GPUs when using latest drivers - fix is easy: Downgrade and wait for the next release. :-)
Kubernetes, blockDevices & denied permissions Paid Members Public
Mounting (block)devices on containers might result in permission errors (Permission denied) if pods have applied a securityContext. It's possible to configure this on containerd and get both of best worlds - fast device access and reduced permissions on containers.
