Containers – Curated SQL

Secrets Management in Kubernetes

Published 2025-08-25 by Kevin Feasel

Anshika Varshney takes us through some secrets management:

Secret management is a critical part of working with Kubernetes. When working with Kubernetes, you’ll often need to store and use sensitive information — like database passwords, API keys, and certificates. That’s where Kubernetes Secrets come in. But here’s the thing: while Kubernetes provides a way to store secrets, using them incorrectly can still expose your sensitive data.

This blog will walk you through:

What Kubernetes Secrets are

How they work

Common mistakes (the wrong way)

Best practices (the right way)

Real-life examples and configurations

Read on for the full article. I do want to iterate what I consider the most important of Anshika’s points: these things should never go into source control. The problem is, source control history is a lot more permanent than people customarily think about, so if you accidentally checked in a password in a config file somewhere, then got rid of the line with the password in it, a bad person with access to your source control can still look at history and find that password. The mechanism to rewrite Git history to remove a line’s existence is purposefully difficult, so a lot of developers don’t even know that it’s possible. But even then, if you’re hosting on someplace like GitHub and forks are enabled, rewriting history in your fork doesn’t rewrite it in somebody else’s fork, so again, a bad person with a fork from the right time frame could still see your exposed password.

The only fix is to cycle credentials if you ever do accidentally expose a password or key in source control files.

Securing PostgreSQL Containers

Published 2025-08-15 by Kevin Feasel

Mercy Bassey grabs a certificate:

Running Postgres in Docker is great for a quick test but what if you want it to behave like a proper, production-style setup with SSL encryption, certificate-based authentication, persistent volumes, and custom configurations? In this article, we’ll find out how, tackling the various tasks involved such as:

Generating and using self-signed SSL certificates with Postgres.

Setting up a PostgreSQL Docker container that uses those certs for encrypted client connections.

Configuring authentication for both automated services and human users.

Controling the behavior of your Postgres instance using mounted config files.

Read on to see how.

Deploying SQL Server to Kubernetes via SQL Server

Published 2025-08-04 by Kevin Feasel

Andrew Pruski puts on the mad scientist lab coat:

In all honesty, this is just a bit of fun, I’m just playing around with the sp_invoke_external_rest_endpoint stored procedure, I don’t expect anyone to actually do this in a live environment. Anyway…let’s run through how this works.

Even so, read on to see how you can do this.

Comments closed

Accessing the Kubernetes API from SQL Server 2025

Published 2025-08-01 by Kevin Feasel

Andrew Pruski hits a REST API:

The sp_invoke_external_rest_endpoint stored procedure that’s available in 2025 allows for SQL Server to hit external rest endpoints…which opens up quite a few interesting options.

I was thinking about this the other day and it occurred to me that Kubernetes has a REST API

But it’s not going to be trivial to hit, so click through for the steps.

Comments closed

First Thoughts on Rancher Desktop

Published 2025-06-17 by Kevin Feasel

Steve Jones tries something new:

I’ve been very happy with Docker Desktop for years, running it on both laptop and desktop. However, a corporate decision was made to move to Rancher Desktop, so I now have an unexpected “opportunity” to learn something new.

Here’s a short post on how things went on the desktop and laptop.

I’m guessing corporate made the switch because of Docker for Desktop’s licensing costs. It is kind of funny how, in the Windows and even MacOS world, “Docker” is synonymous with “container,” whereas in the Linux world, that’s not at all the case.

Comments closed

Creating a SQL Server 2025 Container

Published 2025-06-02 by Kevin Feasel

Vlad Drumea tries out SQL Server 2025:

This post covers creating SQL Server 2025 containers in Podman, Qnap Container Station, and sqlcmd, and restoring a sample database to test the new version.

One important thing to remember is that all SQL Server 2025 containers are based on the Linux build of SQL Server. For 90% of tasks (give or take), that won’t matter, and you’ll still have a good time trying out the new version of SQL Server and make sure things still work in your databases the way you expect them to. But some functionality (e.g., merge replication) is not available in Linux and other functionality (like PolyBase or Machine Learning Services) has a very different installation process.

Comments closed

Online Vertical Scaling of SQL Server in Kubernetes

Published 2025-05-23 by Kevin Feasel

Andrew Pruski controls the horizontal. Andrew Pruski controls the vertical:

One of the new features in Kubernetes v1.33 is the ability to resize CPU and memory resources for containers online, aka without having to recreate the pod the container is running in. In the past, when adjusting a pod’s resources, Kubernetes would delete the existing pod and create a new one via a controller.

Not a problem for applications that can have multiple replicas running, but for SQL Server this would cause a disruption as we (generally) only have one pod running SQL Server in a statefulset. Let’s see this in action.

Click through to see an example of normal behavior, followed by how it differs in the latest version of Kubernetes.

Comments closed

The Overhead Cost of Kubernetes

Published 2025-04-01 by Kevin Feasel

Steve Jones shares some thoughts:

A report of cloud Kubernetes usage shows that these resources are being under-utiliized, over-provisioned, and costing more than necessary for many organizations. From the previous year, average CPU declined from 13% to 10%, and memory is used at only around 23%. Companies are over-provisioning their clusters, which is understandable. No one wants to have systems overloaded and users complaining about performance.

Steve goes on to list some of the challenges of running an orchestrator like Kubernetes (or OpenShift or whatever). There’s a lot of code and process behind them, and that can be challenging if you don’t have administrators who know what they’re doing. Even hosting in Azure Kubernetes Service or Amazon Elastic Kubernetes Service only removes some of the systems management pain. That said, there is a certain level of comfort in knowing that my applications will automatically restart if a problem occurs, so the pain is usually worth it.

Comments closed

Kafka Deployment in a KRaft World

Published 2025-03-26 by Kevin Feasel

Sven Loesekann deploys Apache Kafka 4.0:

With KRaft for Kafka ZooKeeper is no longer needed. KRaft is a protocol to select a leader among several server instances. That makes the Kafka setup much easier.

The new configuration is shown on the example of the MovieManager project.

Click through to see how you can install and configure Kafka without taking a dependency on ZooKeeper.

Comments closed

Cleaning up Azure Container Registries

Published 2025-03-07 by Kevin Feasel

Jess Pomfret does a bit of cleanup work:

Azure Container Registries can easily become cluttered with many versions of images. Did you know that each ACR sku comes with a certain amount of storage included, and when you go over that, you’ll pay overage charges. Let’s look at how to check your current storage, keep your registry nice and tidy with an ACR clean-up task, and monitor the storage levels so you’ll never pay extra again!

It’s easy to run up the disk space usage with a container registry, especially if you have automated builds running.

Comments closed

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Category: Containers