med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

347
active users

#kubernetes

11 posts9 participants0 posts today

Trying to work out if it's possible to configure Containerd to set (or the equivalent of) the `--init` flag on container run so `tini` hosts PID 1 and signal handling works properly.

It looks like `--init` does some magic - I can see runc has some PID/FD parameters, but it loooks like CRI doesn't have an escape hatch for any say, arbitrary arguments - even if I did work out the magic.

github.com/kubernetes/cri-api/

Containerd config is even more sparse on the CRI (or at least, the man page is)
github.com/containerd/containe

I really don't want to have to insist that every damn Dockerfile bundles `tini` and sets `ENTRYPOINT`.

Container Runtime Interface (CRI) – a plugin interface which enables kubelet to use a wide variety of container runtimes. - kubernetes/cri-api
GitHubcri-api/pkg/apis/runtime/v1/api.proto at 15d088979b4574be15436b5b9772f934874a27ad · kubernetes/cri-apiContainer Runtime Interface (CRI) – a plugin interface which enables kubelet to use a wide variety of container runtimes. - kubernetes/cri-api
#Containers#CRI#OCI

Ok rough todo when I get back

* Get Netbird functional
* Finish setting up firewalls (there is a very stupid issue with this)
* Write ipv6 blog post (I wrote an outline)
* Fix blog (related to above lmao)
* Wireguard IPv6
* BGP ipv6 LB?
* Setup Proxmox Talos outpost node (requires learning new terraform module)
* Setup hetzner Talos outpost (idk the issue with this yet)
* Decide on a new GitHub username instead of deadnamelastname
* Learn kustomize
* Start on network policies in k8s
* Decide how to run home assistant on parents server (remote standalone k8s? Podman?)
* Learn alertmanager for some key metrics
* Dashboards?
* Fix VPN issues on android (timeouts??)
* Will probably add to this before I return
#Homelab #Kubernetes #SelfHosted

Einen eigenen #Matrix Homeserver einsetzen ist immer noch so ein wenig "pain in the *ss" (zig Möglichkeiten, aber keine, die wirklich zu 100% Standard wäre) - mittlerweile gibt es aber einen Full Stack, der mal eben auf #Kubernetes (#k3s) aufbaut, aber wirklich alles wie PostgreSQL, #Synapse, MAS, Element Web und #Element Call mitbringt.

element.io/server-suite/commun

Wirkt erst einmal heavy, läuft aber mit zwei Kernen und 4 GB RAM problemlos. Sollte es das endlich sein? 😁😱🤔

element.ioElement Server Suite CommunityElement’s official open source distribution for non-commercial Matrix deployments. It is intended for non-professional use, evaluations, 
and small to mid-sized deployments (1–100 users).

I'm looking for work!

I'm a high-level infra and devops engineer and team lead.

I've previously run my own team, and previously worked at Mozilla and Facebook. I'm looking for infra/devops lead or senior infra/devops engineer positions.

I'm not looking for pure development positions, but writing scripts, glue, and things like CI - as demanded by infra/devops - are totally fine. I just don't want to be developing the product.

The one thing I can't budge on is that I am exclusively looking for 100% remote positions, due to physical disability. I am based in the UK but I'm happy working with companies anywhere in the world, and capable of shifting my circadian rhythm around to match yours.

My CV is available at cv.dave.io. I am available to start immediately. The CV is a Notion page and can be cloned directly into your workspace if you use Notion. I'm more than happy to answer any questions, and all leads are graciously appreciated. Drop me a public or private mention, or use the other contact details listed on my CV.

My email address is gated behind a humanity check (don't worry, it's automated) at dave.io.

You are very welcome to boost this post, with my thanks.

Obligatory hashtags: #GetFediHired #FediJobs #Kubernetes #DevOps #Infra #Infrastructure #Engineer #Engineering #TeamLead

Cat tax supplied.

I bought tons of memory and maxed out all the workstations in my homelab, back when memory was really cheap.

But now that I'm losing my job… time to shutdown the big iron.

Going from a Proxmox cluster with 1.5TB of RAM, to a Proxmox standalone with 96GB of RAM.

Also… time to focus on learning containers and container orchestration.

Got #kubernetes anyone?? 🤣

What kinds of things do you need to learn about #k8s to be passable for a job that uses it?

I've been stuck in VM land for aaaaaages!

Most of the orgs I've been with have deliberately *avoided* ever touching anything that came remotely close to Kubernetes… so it's hurting me in my search.

Would love to get #Fedihired.

New Course Release! The Kubernetes Course by Nigel Poulton

This course is based on the 2025 edition of the best-selling Kubernetes book, that has been fully updated for the latest versions of Kubernetes and the latest industry trends. You won't find a better and more up-to-date book-based course on Kubernetes. Hand-crafted over the past 8 years by best-selling author Nigel Poulton.

Find it on Leanpub!

Link: leanpub.com/c/thekubernetescou

Uff, that one hurts: theregister.com/2025/10/01/cri

#OpenShift AI installed a role that allowed creating arbitrary Jobs in arbitrary namespaces. Granting full access to the cluster's control-plane.

bugzilla.redhat.com/show_bug.c

Time to check your OpenShift Clusters...

And if you want to check your clusters in general for similar issues:

kubectl get clusterrolebindings.rbac.authorization.k8s.io -o json | jq '.items[] | select(.subjects[]?.name == "system:authenticated")'

You're welcome :)

The Register · 'Delightful' root-access bug in Red Hat OpenShift AI allows full cluster takeoverBy Jessica Lyons

hey fedi 👋 I’m Jason Hill (he/him). Ex-911 dispatcher & Army medic → cybersecurity student. Accidentally nuked my old instance. Working on my first AWS app, tending a noisy homelab, and tinkering with K8s/Docker/forensics. Into OSS, automation, leatherworking, and games. Down to collaborate on cyber/AI tools. More: linkedin.com/in/jasondenson
#Intro #Cybersecurity #Homelab #AWS #Kubernetes #Docker #OpenSource #Infosec #Automation #AI #Law #Gaming #Leatherworking #Texas #Reintroduction #Tech

Any thoughts on #ZFS as the filesystem for a #Kubernetes node? My very unscientific initial sandbox impression is that it really squeezes the maximum performance out of the #Hetzner auction servers, which usually features a lot of slow rotating storage with a couple of #NVMe sticks thrown in to sweeten the deal. When the latter are used for caching, the throughput seems almost bearable. I'll do some more practical testing over the next weeks, but I'm quite optimistic. Maybe this will solve the disk saturation issues we're seeing, without breaking the budget.

One interesting thing I didn't realize until today, because I never had to do this before: 2 node Kubernetes cluster is "not reliable" (I've only done 1 or 3 so far). If I reboot the node that is holding the API VIP, I lose access to the working node because etcd refuses to assume it can "steal" it.

Unsure if it's a general Kubernetes problem, or a specific Talos quirkiness, but the only way to recover it is to drop the etcd ephemeral partition, and reboot the node for it to "rebuild itself".

Most likely I will drop the older node from the cluster. Very unlikely I will bring up a third one just to deal with this kind of issue. Both nodes are very underutilized, no need for a third one wasting power.

@homelab #HomeLab #TalosLinux #Kubernetes