At work I’m using Digital Ocean and their managed Kubernetes offering - DOKS
The cluster is almost entirely managed via Helm charts - and even system components that are installed via the Digital Ocean “1 Click” installers are Helm charts really.
Recently we ran into a problem where we needed real IP addresses available to our application - but these were being lost to the load balancer - and I needed to configure Proxy Protocol to re-enable them.
I’m running a service on Kubernetes that hosts multiple websites via different domains.
I had followed the default Helm Chart pattern and ended up with one TLS cert for all the sites.
This worked OK - except that I kept getting downtime when I needed to add a new domain.
So I refactored to have a different certificate for each site.
Read more ...
There is a fairly severe bug here Ingress-nginx CVE-2025-1974
My understanding is that it is a privilege escalation bug within Kubernetes - and given that I work for a very small team where actually I’m the only one with access - I don’t think I’m immediately vulnerable.
But my understanding is limited and I’m a fan of defence in depth so it’s time to upgrade.
Today while doing a deploy my kubectl command were failing with
Error: Failed to fetch credentials for cluster "some-id" Unable to authenticate you
This was because by doctl token had expired
Read more ...
Kubernetes provides a wide variety of methods for formatting output
The custom columns output lets you print multiple values defined using jsonpath expressions in a tabular output
While outputting scalar values is reasonably intuitive, I couldn’t see in the docs where is says what the format for defining custom-columns is.
My Laravel site was working just fine yesterday but after a code-only update today I was seeing 502 errors on some pages
upstream sent too big header while reading response header from upstream, client:
While the solution was hard to find it was easy to implement.
Yesterday I thought I’d fixed my https links on Laravel running in Kubernetes - but I had a nagging feeling that I’d just followed some random blog posts and missed something …
Unfortunately what I had looked for was force laravel to use https
When what I really needed was Configuring Trusted Proxies
Read Laravel HTTPS Behind a Proxy instead
The post below is wrong
This doesn’t seem to be well documented - I cant find anything about it in the official docs.
Thanks to Md Obydullah at shouts.dev
My Laravel site runs in kubernetes where TLS encryption happens in a proxy layer and I need Laravel to server content with https links.
Read more ...
So far on my Kubernetes journey I’ve only ever had one container per pod.
But I needed to run php-fpm fronted by nginx - with static assets served direct by nginx.
A lot of online examples skip this complexity by serving both php and static assets via Apache.
While it seemed complex at first - like a lot of Kubernetes it’s fairly straightforward once you have made the leap.
I am working on a Next.js project that has 9 websites with different content and themes but the exact same structure.
We want one codebase and one server to reduce costs (and the carbon footprint of our cloud) and also to streamline the process of releasing new features.
So we’re using middleware to detect which host the incoming request is for and add that as a parameter - which worked fine in development but I had some problems moving to our production system which is in Kubernetes.
Read more ...