Linux
Why you should use rook ceph on kubernetes (onprem) Paid Members Public
If you run kubernetes on your own, you need to provide a storage solution with it. We are using ceph (operated through rook). This article gives some short overview about it's benefits and some pro's and con's of it.
Linux kernel keyrings, container isolation and maybe some kerberos Paid Members Public
On a recent project I've been stumbling on the case that kerberos tickets have been inadvertently shared across containers on a node - which obviously caught my attention as I'm not keen on sharing such secrets across workloads. This post describes why this happens and what to do to prevent this.
openvpn 2.6.0 released Paid Members Public
The new openvpn 2.6.0 has some very nice and shiny features you might want to starting using soon. This post highlights some of them.
What happens if you ask kubernetes for 1254051 replicas Paid Members Public
One of our playgrounds recently had an incident which caused control-plane to go out-of-memory. This article shows how to diagnose and especially how to fix or event prevent this.
Kubernetes Cluster & self-hosted Registry: Trusting the CA Paid Members Public
You build your OnPremise Kubernetes Cluster and set up your self-hosted private registry. To make it pretty you used your own CA to sign the certificate for the registry. Everything is fine and now you are ready to deploy your own services to your Kubernetes Cluster and develop some awesome
Running postgres in kubernetes with hugepages Paid Members Public
To run postgres in a container on nodes with huge pages enabled requires you to configure the container accordingly. This post shows how to do this on kubernetes/openshift.
Use openssl to verify certificates Paid Members Public
Certificates are essential for todays security needs. Sometimes it's required to revoke them, maybe because they are no longer needed or because they got even compromised. But how do you test manually if a certificate has been revoked?
pfsense - CRL has expired in openvpn server Paid Members Public
A few days ago we ran into an issue where pfsense appliances started to refuse openvpn connections by showing "CRL has expired" error messages. As it shows the reason is an overflow a date.