Shakedown Social

"Musty Bits" McGeeGood overview of cgroups in the Kubernetes context with nice examples<a href="https://martinheinz.dev/blog/91" rel="nofollow noopener" translate="no" target="_blank">https://martinheinz.dev/blog/91</a><a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a>

"Musty Bits" McGeeInteresting article on measuring pressure instead of utilization for Kubernetes<a href="https://blog.zmalik.dev/p/from-utilization-to-psi-rethinking" rel="nofollow noopener" translate="no" target="_blank">https://blog.zmalik.dev/p/from-utilization-to-psi-rethinking</a><a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a>

"Musty Bits" McGeeOauth working for Kubernetes authentication and authorization.Very satisfying, if fiddly.<a href="https://eigenmagic.net/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#HomeLab</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/Oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#Oauth</a>

"Musty Bits" McGeeCool blog spotto<a href="https://blog.stonegarden.dev/" rel="nofollow noopener" translate="no" target="_blank">https://blog.stonegarden.dev/</a><a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/OIDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#OIDC</a> <a href="https://eigenmagic.net/tags/Oauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#Oauth</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/Proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Proxmox</a> <a href="https://eigenmagic.net/tags/Talos" class="mention hashtag" rel="nofollow noopener" target="_blank">#Talos</a> <a href="https://eigenmagic.net/tags/TalosLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#TalosLinux</a> <a href="https://eigenmagic.net/tags/ArgoCD" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArgoCD</a>

Shoshana 🏳️‍⚧️How do you pronounce kubectl?<a href="https://tech.lgbt/tags/kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#kubernetes</a> <a href="https://tech.lgbt/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a>

"Musty Bits" McGeeThe new Kubernetes mount-an-OCI-artifact feature got me thinking about backups, layers, data locality, and deduplication via CAS.Imagine using image layers as snapshots and pushing images as your application's data backup. Then by specifying latest* for the volume mount it would automatically come up with eagerly-cached, local data.I don't think CAS helps our case for storage here as a layer-snapshot mapping isn't granular enough. Of course it's not like you'd want to redesign your Postgres paging configuration entirely around a better mapping to image layers but there's something there...Registry-side you could do periodic compaction, archival, export etc.OCI image layers are already limited though last time I checked. Nix maps derivations (think packages) to layers and neither OCI nor the tooling were designed for that kind of blowout. Could be tackled though.*yes yes, anti pattern. Hold ur underwear a moment.<a href="https://eigenmagic.net/tags/OCI" class="mention hashtag" rel="nofollow noopener" target="_blank">#OCI</a> <a href="https://eigenmagic.net/tags/Containers" class="mention hashtag" rel="nofollow noopener" target="_blank">#Containers</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/PlatformEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#PlatformEngineering</a> <a href="https://eigenmagic.net/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevOps</a> <a href="https://eigenmagic.net/tags/Cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloud</a> <a href="https://eigenmagic.net/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a>

"Musty Bits" McGeeOh that's so cursed<a href="https://github.com/llmnetes/llmnetes" rel="nofollow noopener" translate="no" target="_blank">https://github.com/llmnetes/llmnetes</a><a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a>

"Musty Bits" McGee<a href="https://hachyderm.io/@seanhood" class="u-url mention" rel="nofollow noopener" target="_blank">@seanhood</a> there's a few key changes in my design 1. A full, functional programming language for inflating configuration into manifest files. We publish a versioned library of this as an OCI artifact, and any resources or changes the library doesn't support yet can be done by passing a closure/function to an escape hatch. 2. Kubernetes is THE control plane. Anything that would have been terraform is now Crossplane or ACK or whatever operator. No living in two worlds or picking the best-of-the-worst couplings between TF and K8s 3. The control plane desired stare should include any cross-resource dependencies. It's still GitOps but there should be no need for any write back or chore commits. This is where the custom operator comes in, though potentially Kro could work.<a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/KubernetesDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#KubernetesDev</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/k8sDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8sDev</a>

"Musty Bits" McGeeVolume mounts from OCI targetting v1.34 Ed. Might be 1.35<a href="https://github.com/kubernetes/enhancements/issues/4639" rel="nofollow noopener" translate="no" target="_blank">https://github.com/kubernetes/enhancements/issues/4639</a><a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a>

"Musty Bits" McGeeInteresting but what-you'd-expect container caching enhancement to Kubernetes architecture.Does make me wonder if you could do the caching at the content-addressed-storage layer with distributed s3 and data locality via redirects and maybe presigned URLs...<a href="https://www.youtube.com/watch?v=trFILyK6mPw" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=trFILyK6mPw</a><a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/KubernetesDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#KubernetesDev</a> <a href="https://eigenmagic.net/tags/k8sDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8sDev</a>

"Musty Bits" McGeeKwoK is hilarious to me. Like I *get* why it exists it's just funny to take the ONE, *absolutely* necessary program for a cluster and be like "naaah, we'll mock it" <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8sDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8sDev</a> <a href="https://eigenmagic.net/tags/KubernetesDev" class="mention hashtag" rel="nofollow noopener" target="_blank">#KubernetesDev</a>

"Musty Bits" McGee<a href="https://learnk8s.news/@learnk8s" class="u-url mention" rel="nofollow noopener" target="_blank">@learnk8s</a> Helm does what it set out to do quite well. I'm skeptical that v4 will be able to break free enough of the paradigm it's established to provide a novel enough solution to the challenges that have arisen since v2. <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#kubernetes</a>

"Musty Bits" McGeeWhat's that phenomenon where the mate withers and becomes a parasite on the other's body?<a href="https://eigenmagic.net/tags/etcd" class="mention hashtag" rel="nofollow noopener" target="_blank">#etcd</a><a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#kubernetes</a> <a href="https://eigenmagic.net/tags/kh8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#kh8s</a>

jbz｢ Docker is essentially a sandwich of disk images where you can shove absolutely anything, and then these images get executed by running whatever legacy software you’ve crammed in there, regardless of how horrific or inconsistent it might be, with zero behavioral controls ｣ <a href="https://indieweb.social/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://indieweb.social/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#docker</a> <a href="https://indieweb.social/tags/containers" class="mention hashtag" rel="nofollow noopener" target="_blank">#containers</a> <a href="https://andreafortuna.org/2025/06/20/unpopular-opinion-kubernetes-is-a-symptom-not-a-solution" rel="nofollow noopener" translate="no" target="_blank">https://andreafortuna.org/2025/06/20/unpopular-opinion-kubernetes-is-a-symptom-not-a-solution</a>

Not🐧A🐧Convicted🐧Felon<a href="https://mastodon.functional.computer/@samir" class="u-url mention" rel="nofollow noopener" target="_blank">@samir</a> Every single day a team of 25 people is kept busy running a <a href="https://hachyderm.io/tags/K8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#K8s</a> cluster with 1200 nodes, that actually could be replaced by less than ten 1U machines using a system design that actually solves the 10K problem, instead of one that struggles to handle even 10 req/s. This is the vicious cycle of technical debt. This week's problem: cluster-autoscaler has a bug that causes machines that start up to get stuck in a zombie state without successfully registering with the control plane. This causes all kinds of cluster scale up issues, especially with multi-AZ workloads.Every week is a new bug, a new edge case, a new issue with dependencies (K8s, helm, Rancher, Istio, etcd, ...) a new issue with AWS, it just goes on and on.I yearn for the days of simplicity of just running servers in racks and you're like "oh, had another hard drive failure in rack 04, have to go swap out a HDD cartridge and rebuild the RAID".

MikaMy <a href="https://sakurajima.social/tags/homelab" rel="nofollow noopener" target="_blank">#homelab</a> wiki is getting really complicated to organise and write for haha, but it's definitely getting more interesting topics like more <a href="https://sakurajima.social/tags/RaspberryPi" rel="nofollow noopener" target="_blank">#RaspberryPi</a> stuffs, <a href="https://sakurajima.social/tags/Docker" rel="nofollow noopener" target="_blank">#Docker</a>, and some cool stuffs like <a href="https://sakurajima.social/tags/OpenMediaVault" rel="nofollow noopener" target="_blank">#OpenMediaVault</a> and <a href="https://sakurajima.social/tags/HomeAssistant" rel="nofollow noopener" target="_blank">#HomeAssistant</a>. I'm taking my sweet time to update them 'properly' and hope it'll all link/piece together sensibly in the end. This is partially thanks to me embracing the fact that I just don't (yet) have the resources for a standalone 'mega' homelab (<a href="https://sakurajima.social/tags/Proxmox" rel="nofollow noopener" target="_blank">#Proxmox</a> & <a href="https://sakurajima.social/tags/Kubernetes" rel="nofollow noopener" target="_blank">#Kubernetes</a> based) server cluster that I could simply throw everything to it, hence supplementing that setup with tinier SBC-based servers. Gives me a bit of peace of mind too that things are now more 'spread out'. The most interesting bit will probably be when I manage to explore replicating a mini version of my <a href="https://sakurajima.social/tags/RKE2" rel="nofollow noopener" target="_blank">#RKE2</a> Kubernetes cluster, on a single (or at most, two) Raspberry Pi node - maybe based on <a href="https://sakurajima.social/tags/k3s" rel="nofollow noopener" target="_blank">#k3s</a>, assuming that's better. I'm just not there yet cos I'm kinda reluctant if using something like <a href="https://sakurajima.social/tags/k8s" rel="nofollow noopener" target="_blank">#k8s</a> on RPi makes much sense since I'm expecting a lot of resources will be wasted that way, when hosting on Docker alone (i.e. on <a href="https://sakurajima.social/tags/Portainer" rel="nofollow noopener" target="_blank">#Portainer</a>) should be leaner. 🔗 Anyway, if y'all wanna keep an eye on it: <a href="https://github.com/irfanhakim-as/homelab-wiki" rel="nofollow noopener" target="_blank">https://github.com/irfanhakim-as/homelab-wiki</a>

"Musty Bits" McGeeGod damn this ACK controller is fucking broken.It grabs a list of all endpoint services - just any of them, no need to filter or match on anything. What's that? You provided a unique primary key? BwahahahaThen it takes any fields off the first one listed as canon. No diffs, no looking at all the options, just "does this have not-nil? take it".Then it blats anything on your resource with those values, and calls it done. You literally cannot have more than one endpoint service per AWS region it's so broken.Oh and it's broken for adopting existing AWS resources too.Weh.<a href="https://github.com/aws-controllers-k8s/community/issues/2547" rel="nofollow noopener" translate="no" target="_blank">https://github.com/aws-controllers-k8s/community/issues/2547</a><a href="https://github.com/aws-controllers-k8s/ec2-controller/blob/09d198e3cc30ba644e6ead27513fbfaf48f67440/pkg/resource/vpc_endpoint_service_configuration/sdk.go#L93" rel="nofollow noopener" translate="no" target="_blank">https://github.com/aws-controllers-k8s/ec2-controller/blob/09d198e3cc30ba644e6ead27513fbfaf48f67440/pkg/resource/vpc_endpoint_service_configuration/sdk.go#L93</a><a href="https://eigenmagic.net/tags/AWS" class="mention hashtag" rel="nofollow noopener" target="_blank">#AWS</a> <a href="https://eigenmagic.net/tags/ACK" class="mention hashtag" rel="nofollow noopener" target="_blank">#ACK</a> <a href="https://eigenmagic.net/tags/AWSACK" class="mention hashtag" rel="nofollow noopener" target="_blank">#AWSACK</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a>

"Musty Bits" McGeeKubernetes curly: deployment with autoscaling, each pod depends on and occasionally writes-to an external database. To minimise database reads, an in-memory cache is implemented in the application.However, when a pod writes to the database it should invalidate that key in the cache for all pods. This works fine for the local cache, but how to distribute that invalidation?I suppose we could use a statefulset and then hit the service for each other running pod but that seems... messy.<a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/PlatformEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#PlatformEngineering</a>

"Musty Bits" McGeeAnyone know if `system:apiserver` user should be allowed `create` action on `nodes/proxy`?It's supposed to be the well-known user for the API server as a client to the kubelet (see source link) but it sure seems to be failing. I'd prefer not to just give system:masters<a href="https://github.com/kubernetes/kubernetes/blob/60a317eadfcb839692a68eab88b2096f4d708f4f/staging/src/k8s.io/apiserver/pkg/authentication/user/user.go#L78" rel="nofollow noopener" translate="no" target="_blank">https://github.com/kubernetes/kubernetes/blob/60a317eadfcb839692a68eab88b2096f4d708f4f/staging/src/k8s.io/apiserver/pkg/authentication/user/user.go#L78</a>`Internal error occurred: unable to upgrade connection: Forbidden (user=system:apiserver, verb=create, resource=nodes, subresource(s)=[proxy])`<a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a> <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/K8sAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#K8sAdmin</a> <a href="https://eigenmagic.net/tags/KubernetesAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#KubernetesAdmin</a>

"Musty Bits" McGeeThis is quite elegant actually. <a href="https://eigenmagic.net/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k8s</a> <a href="https://eigenmagic.net/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a><a href="https://mastodon.social/@lobsters/114704587910809347" rel="nofollow noopener" translate="no" target="_blank">https://mastodon.social/@lobsters/114704587910809347</a>

Recent searches

Search options

Administered by:

Server stats:

#k8s