Kubernetes

Can't delete kubernetes namespace (NamespaceDeletionDiscoveryFailure) Members Public

While trying to delete a namespace on a kubernetes cluster I learned that there is a resource type apiservice :-) This post shows how to unblock deletions due orphaned apiservice definitions.

Daniel Nachtrub
Daniel Nachtrub
Linux

Unexpected behavior of TUN devices in Kubernetes >= 1.31.3 Members Public

Sometimes, security improvements in one project can cause problems in places nobody ever expected. In this case, we had to deal with one of these improvements.

Felix Zimmermann
Kubernetes

Kubernetes, blockDevices & denied permissions Members Public

Mounting (block)devices on containers might result in permission errors (Permission denied) if pods have applied a securityContext. It's possible to configure this on containerd and get both of best worlds - fast device access and reduced permissions on containers.

Daniel Nachtrub
Daniel Nachtrub
Container

Multus - pod stuck in terminating state Members Public

Having multus in place, pods might be stuck in starting or terminating state if you made a mistake in the config.

Daniel Nachtrub
Daniel Nachtrub
Kubernetes

Get filesystem access using an ephemeral container in kubernetes Members Public

Sometimes you need to access a containers filesystem but the container itself is eventually distroless or does not offer any shell. Here's how to access the filesystem anyway using ephemeral containers!

Daniel Nachtrub
Daniel Nachtrub
Cloud

Using AKS kubectl (kubelogin) on headless systems or pipelines Members Public

Running kubectl on pipelines with interactive authentication is somewhat non-optimal :-) Let's make it better without using long-living tokens.

Daniel Nachtrub
Daniel Nachtrub
Azure

Choosing a postgres operator Members Public

This post describes my journey on the selection of the postgres operator that matches our demand.

Daniel Nachtrub
Daniel Nachtrub
Kubernetes

Why you should use rook ceph on kubernetes (onprem) Members Public

If you run kubernetes on your own, you need to provide a storage solution with it. We are using ceph (operated through rook). This article gives some short overview about it's benefits and some pro's and con's of it.

Daniel Nachtrub
Daniel Nachtrub
Cloud