You've successfully subscribed to Nuvotex Blog
Great! Next, complete checkout for full access to Nuvotex Blog
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Container

Linux kernel keyrings, container isolation and maybe some kerberos

Linux kernel keyrings, container isolation and maybe some kerberos

On a recent project I've been stumbling on the case that kerberos tickets have been inadvertently shared across containers on a node - which obviously caught my attention as I'm not keen on sharing such secrets across workloads. This post describes why this happens and what to do to prevent this.

Daniel Nachtrub
Daniel Nachtrub
Kubernetes
What happens if you ask kubernetes for 1254051 replicas

What happens if you ask kubernetes for 1254051 replicas

One of our playgrounds recently had an incident which caused control-plane to go out-of-memory. This article shows how to diagnose and especially how to fix or event prevent this.

Daniel Nachtrub
Daniel Nachtrub
Kubernetes
Kubernetes Cluster & self-hosted Registry: Trusting the CA

Kubernetes Cluster & self-hosted Registry: Trusting the CA

You build your OnPremise Kubernetes Cluster and set up your self-hosted private registry. To make it pretty you used your own CA to sign the certificate for the registry. Everything is fine and now you are ready to deploy your own services to your Kubernetes Cluster and develop some awesome

Sebastian Augustin
Sebastian Augustin
Kubernetes
Running postgres in kubernetes with hugepages

Running postgres in kubernetes with hugepages

To run postgres in a container on nodes with huge pages enabled requires you to configure the container accordingly. This post shows how to do this on kubernetes/openshift.

Daniel Nachtrub
Daniel Nachtrub
Container
microk8s - change location of hostpath storage

microk8s - change location of hostpath storage

Adjusting the hostpath storage location on microk8s requires you to adjust parameters in the associated deployment. This easy change is shown in this post.

Daniel Nachtrub
Daniel Nachtrub
Container
nginx ingress controller cannot load default-ssl-certificate

nginx ingress controller cannot load default-ssl-certificate

nginx ingress controller supports scoping to namespaces. This can be an issue with the default-tls-certificate in case this is not part of the scoped namespaces.

Daniel Nachtrub
Daniel Nachtrub
Container
Service accounts in kubernetes 1.24

Service accounts in kubernetes 1.24

Kubernetes 1.24 changed the way serviceaccounttokens are presented by default on the cluster itself. If you need to retrieve the token, you mostly use a secret for this. This guide shows how to do this in kubernetes >= 1.24.

Daniel Nachtrub
Daniel Nachtrub
Container
Rocketchat fails after upgrade with index error

Rocketchat fails after upgrade with index error

Upgrading rocketchat to version 5.0 resulted in some minor issues that prevented the system from starting - both are related to the database and can easily be fixed.

Daniel Nachtrub
Daniel Nachtrub
Container

Authors →

Daniel Nachtrub

Kind of likes computers. Linux foundation certified: LFCS / CKA / CKAD / CKS. Microsoft certified: Cybersecurity Architect Expert & Azure Solutions Architect Expert.

Sebastian Augustin

Lorenz Maier