/avatar.jpeg

Jan-Otto Kröpke

Principal Cloud Architect

Welcome to my personal blog! Here I share my thoughts, experiences, and insights on various topics related to technology, programming, and life.

Handling Large Files and CRDs in Helm and the 1MB Release Limit

Helm is a fantastic packaging and lifecycle tool—until you hit one of its hardest limits:

Error: create: failed to create: Secret "sh.helm.release.v1.my-release.v1" is invalid: 
data: Too long: must have at most 1048576 bytes

Helm stores release state in a Kubernetes object, and Kubernetes objects have a hard 1 MiB size limit. If your chart grows large (hello, “monster CRDs”), you can end up in a situation where helm install/upgrade fails even though nothing is “wrong” with your Kubernetes cluster.

The False Security of Pinned GitHub Actions Commit Hashes

Many developers use GitHub Actions. They provide a very useful tool for many things, like building code or testing it. Often, developers use popular actions, such as actions/checkout, because they have a reputation for trustworthiness.

But could someone change a trusted action without anyone knowing?

In this post, a problem with how GitHub forks work will be shown. This problem lets a bad person put their own code into a trusted action, even if they lack permission to change the action.

DNS Hijacking in Kubernetes

Kubernetes DNS provides a streamlined way for pods to discover one another using short, user-friendly names, keeping complex IP addresses out of sight. Yet, this very convenience can mask a significant security flaw. Without a thorough grasp of Kubernetes DNS behavior, an opening for attackers might unknowingly be created. Consider this: the ability to create namespaces and services allows an attacker to reroute traffic intended to leave a cluster, diverting it for their own purposes.