Change statefulset spec without downtime
Altering statefulsets on kubernetes can be tricky - as statefulsets are very common used for persistent applications like databases recreation is no option. This guide shows a path around some of these limitations.
Linux kernel keyrings, container isolation and maybe some kerberos
On a recent project I've been stumbling on the case that kerberos tickets have been inadvertently shared across containers on a node - which obviously caught my attention as I'm not keen on sharing such secrets across workloads. This post describes why this happens and what to do to prevent this.
What happens if you ask kubernetes for 1254051 replicas
One of our playgrounds recently had an incident which caused control-plane to go out-of-memory. This article shows how to diagnose and especially how to fix or event prevent this.
Running postgres in kubernetes with hugepages
To run postgres in a container on nodes with huge pages enabled requires you to configure the container accordingly. This post shows how to do this on kubernetes/openshift.