Linux
Unexpected behavior of TUN devices in Kubernetes >= 1.31.3
Sometimes, security improvements in one project can cause problems in places nobody ever expected. In this case, we had to deal with one of these improvements.
Ansible - pretty print output
Sometimes you want to print more or extensive information on ansible output (in this case a terraform plan). This can easily be realised using an stdout callback.
Kubernetes, blockDevices & denied permissions
Mounting (block)devices on containers might result in permission errors (Permission denied) if pods have applied a securityContext. It's possible to configure this on containerd and get both of best worlds - fast device access and reduced permissions on containers.
Enable SR-IOV on Broadcom NICs and configure VF count
Running broadcom network cards using SR-IOV might require configuration of the cards firmware. This also applies for example if you want to adjust the total number of virtual functions.
Get filesystem access using an ephemeral container in kubernetes
Sometimes you need to access a containers filesystem but the container itself is eventually distroless or does not offer any shell. Here's how to access the filesystem anyway using ephemeral containers!
Using AKS kubectl (kubelogin) on headless systems or pipelines
Running kubectl on pipelines with interactive authentication is somewhat non-optimal :-) Let's make it better without using long-living tokens.
When fstrim stalls your I/O subsystem
On one of our systems we had issues that - once a week - the I/O subsystem stalled and causes issues on database operations.
postgres - database has no actual collation version, but a version was recorded
Upgrading a major postgres version using containers with different C libraries caused me some headaches because I go an error "database has no actual collation version, but a version was recorded" - and I did not fix it. At least I can give a hint on why it happend and how you could avoid it.
