Kubernetes
-
A PodDisruptionBudget that actually protects you
minAvailable as a percentage, matched to a workload that has more than one replica.
-
GitOps with Flux vs Argo on a small team
After a year on Flux and a quarter on Argo, here is a practical comparison from a four-person platform team
-
CRD design mistakes I made early on
A collection of the mistakes I made designing custom resource definitions, and the patterns that emerged after a few painful migrations
-
Kubernetes webhook: skip a namespace with one selector
The namespaceSelector pattern that saved me from an admission-webhook outage.
-
Four kubectl plugins I keep coming back to
Small kubectl plugins I wrote over the past year that punch above their weight in daily workflows
-
Debugging DNS in a kind cluster
CoreDNS inside a kind cluster could resolve cluster names but not external ones, and the problem was in the host's resolver, not k8s
-
Nomad vs k8s for a homelab in 2024
I ran a small Nomad cluster next to my k3s for a month to compare, and I have unsurprising opinions
-
ndots:5 and the DNS tax in Kubernetes
Every non-cluster DNS lookup in our pods was paying for five failed attempts first, and lowering ndots cut tail latency significantly
-
An admission webhook that crashed my cluster
A validating webhook with a cycle of dependencies prevented its own webhook pods from being rescheduled, and the cluster froze
-
Debugging a crashloop pod the way I always do it
The kubectl commands I run, in order, when a pod is in CrashLoopBackOff — from describe to previous logs to fix.
-
An operator reconcile loop that wouldn't quit
An operator kept thrashing at 300 reconciles per second, and the bug was a single annotation I was setting on the managed resource
-
Three days of debugging a cgroup memory accounting bug
A service kept getting OOM-killed with plenty of memory headroom, and the trail led into the cgroup v2 memory controller and its file-backed accounting