
At work I’m using Digital Ocean and their managed Kubernetes offering - DOKS
The cluster is almost entirely managed via Helm charts - and even system components that are installed via the Digital Ocean “1 Click” installers are Helm charts really.
Recently we ran into a problem where we needed real IP addresses available to our application - but these were being lost to the load balancer - and I needed to configure Proxy Protocol to re-enable them.
Read more ...I’m running a service on Kubernetes that hosts multiple websites via different domains.
I had followed the default Helm Chart pattern and ended up with one TLS cert for all the sites.
This worked OK - except that I kept getting downtime when I needed to add a new domain.
So I refactored to have a different certificate for each site.
Read more ...
There is a fairly severe bug here Ingress-nginx CVE-2025-1974
My understanding is that it is a privilege escalation bug within Kubernetes - and given that I work for a very small team where actually I’m the only one with access - I don’t think I’m immediately vulnerable.
But my understanding is limited and I’m a fan of defence in depth so it’s time to upgrade.
Read more ...
My Laravel site was working just fine yesterday but after a code-only update today I was seeing 502 errors on some pages
upstream sent too big header while reading response header from upstream, client:
While the solution was hard to find it was easy to implement.
Read more ...