Linux kernel keyrings, container isolation and maybe some kerberos
On a recent project I've been stumbling on the case that kerberos tickets have been inadvertently shared across containers on a node - which obviously caught my attention as I'm not keen on sharing such secrets across workloads. This post describes why this happens and what to do to prevent this.
What happens if you ask kubernetes for 1254051 replicas
One of our playgrounds recently had an incident which caused control-plane to go out-of-memory. This article shows how to diagnose and especially how to fix or event prevent this.
Kubernetes Cluster & self-hosted Registry: Trusting the CA
You build your OnPremise Kubernetes Cluster and set up your self-hosted private registry. To make it pretty you used your own CA to sign the certificate for the registry. Everything is fine and now you are ready to deploy your own services to your Kubernetes Cluster and develop some awesome
Running postgres in kubernetes with hugepages
To run postgres in a container on nodes with huge pages enabled requires you to configure the container accordingly. This post shows how to do this on kubernetes/openshift.
microk8s - change location of hostpath storage
Adjusting the hostpath storage location on microk8s requires you to adjust parameters in the associated deployment. This easy change is shown in this post.
nginx ingress controller cannot load default-ssl-certificate
nginx ingress controller supports scoping to namespaces. This can be an issue with the default-tls-certificate in case this is not part of the scoped namespaces.
Service accounts in kubernetes 1.24
Kubernetes 1.24 changed the way serviceaccounttokens are presented by default on the cluster itself. If you need to retrieve the token, you mostly use a secret for this. This guide shows how to do this in kubernetes >= 1.24.
Rocketchat fails after upgrade with index error
Upgrading rocketchat to version 5.0 resulted in some minor issues that prevented the system from starting - both are related to the database and can easily be fixed.