Container

Kubernetes, blockDevices & denied permissions Members Public

Mounting (block)devices on containers might result in permission errors (Permission denied) if pods have applied a securityContext. It's possible to configure this on containerd and get both of best worlds - fast device access and reduced permissions on containers.

Daniel Nachtrub
Daniel Nachtrub
Container

Get filesystem access using an ephemeral container in kubernetes Members Public

Sometimes you need to access a containers filesystem but the container itself is eventually distroless or does not offer any shell. Here's how to access the filesystem anyway using ephemeral containers!

Daniel Nachtrub
Daniel Nachtrub
Cloud

Choosing a postgres operator Members Public

This post describes my journey on the selection of the postgres operator that matches our demand.

Daniel Nachtrub
Daniel Nachtrub
Kubernetes

postgres - database has no actual collation version, but a version was recorded Members Public

Upgrading a major postgres version using containers with different C libraries caused me some headaches because I go an error "database has no actual collation version, but a version was recorded" - and I did not fix it. At least I can give a hint on why it happend and how you could avoid it.

Daniel Nachtrub
Daniel Nachtrub
Container

postgres - upgrading postgres with timescaledb running in a container Members Public

Uprading postgres with timescaledb caused me some issues related to the collation. After some retries I've found a reliable way to doing the upgrade. This post describes the steps to be done.

Daniel Nachtrub
Daniel Nachtrub
Database

Why you should use rook ceph on kubernetes (onprem) Members Public

If you run kubernetes on your own, you need to provide a storage solution with it. We are using ceph (operated through rook). This article gives some short overview about it's benefits and some pro's and con's of it.

Daniel Nachtrub
Daniel Nachtrub
Cloud

Linux kernel keyrings, container isolation and maybe some kerberos Members Public

On a recent project I've been stumbling on the case that kerberos tickets have been inadvertently shared across containers on a node - which obviously caught my attention as I'm not keen on sharing such secrets across workloads. This post describes why this happens and what to do to prevent this.

Daniel Nachtrub
Daniel Nachtrub
Kubernetes

What happens if you ask kubernetes for 1254051 replicas Members Public

One of our playgrounds recently had an incident which caused control-plane to go out-of-memory. This article shows how to diagnose and especially how to fix or event prevent this.

Daniel Nachtrub
Daniel Nachtrub
Kubernetes