K3s on Proxmox: Production-Ready Cluster from Scratch
Spin up a K3s v1.36.1 cluster on Proxmox VE 9 using dedicated VMs. Control plane, worker nodes, and the baseline configuration that actually holds up in production.
Kubernetes
15 articles tagged #kubernetes
Articles tagged Kubernetes
Kubernetes 1.33 EOL: 28 juni — uppgradera nu
Kubernetes 1.33 når end-of-life 28 juni 2026. Inga fler säkerhetspatchar. Kör du on-prem eller K3s utan extended support är det en hård deadline — tre uppgraderingshopp väntar.
Traefik v3.7.4: six bugfixes, two dependency security bumps
Traefik v3.7.4 (5 June 2026) fixes six bugs: axios security bump, Redis write-timeout, BackendTLSPolicy for Kubernetes Gateway API, and a TLS SNI keepalive bug.
Vault 2.0.2 drops cap_ipc_lock in containers
Vault 2.0.2 removes cap_ipc_lock from the binary at build time, reversing a change made in 2.0.1. Without action, vault mlock container workloads can no longer pin secrets in memory -- check your securityContext and Helm values before upgrading.
Docker Engine 29.5.3 fixes runAsNonRoot bypass
Docker Engine 29.5.3 patches CVE-2026-46680 via containerd 2.2.4 -- a flaw where containers with oversized USER IDs silently run as root despite runAsNonRoot: true.
Kubernetes 1.33 EOL: 27 days to upgrade
Kubernetes 1.33 reaches end of life on June 28. No more security patches after that date. If you're on 1.33 or older, you have 27 days to act.
Azure Linux 4.0: Microsoft Enters the Server OS Race
Azure Linux 4.0 is Microsoft's first Fedora-based general-purpose server distro, released into public preview on Azure VMs. Here's what it means for teams running Linux in production — and why Microsoft now wants to own the OS layer, not just host it.
Copy Fail: Root Any Linux Box in 732 Bytes
CVE-2026-31431 lets any local user escalate to root on Linux 4.14+ via a logic flaw in the AF_ALG crypto socket interface. A 732-byte Python script works every time, on every major distro. Here is how to check your exposure and apply the fix.
Migrating from ingress-nginx: a practical guide
ingress-nginx was archived on March 24, 2026. About half of cloud-native environments still run it. Here is what a real migration looks like: the options, the trade-offs, and the parts nobody tells you about upfront.
Kubernetes 1.36: Mixed Version Proxy is beta and on by default
Mixed Version Proxy is now beta and on by default in Kubernetes 1.36. It prevents silent 404s that can trigger GC during rolling control plane upgrades.
etcd 3.7 beta: RangeStream in, v2 store out for good
etcd 3.7 beta brings RangeStream for large key-range queries and permanently removes the v2 API. etcd 3.4 is EOL. What to test before the stable release.
CVE-2026-46680: containerd patched across all active branches
CVE-2026-46680 patched across all four active containerd branches on May 20. Pick up 2.3.1, 2.2.4, 2.0.9, or 1.7.32 depending on which branch you run.
ingress-nginx is EOL: half your clusters are unpatched
ingress-nginx went EOL in March 2026. No security patches, no CVE fixes. 50% of Kubernetes clusters still run it. Time to move to Gateway API.
Kubernetes 1.36 DRA: GPU scheduling is production-ready
Kubernetes 1.36 completes DRA's GA story for GPU workloads. We cover device taints, MIG partitioning, and what breaks before you ship this to prod.
K3s on Proxmox: what actually breaks in production
Running K3s inside Proxmox VMs exposed problems the quick-start skips. MTU mismatches, storage driver conflicts, node-pressure evictions — here is what broke.