Roxane Fischer
@roxanefis.bsky.social
Tracking the latest news in DevOps and cloud infra
Building your new on-call engineer @ http://anyshift.io
Building your new on-call engineer @ http://anyshift.io
• Risk only for clients trusting Fina CA (mainly Microsoft’s root store)
• All certs revoked, but one rogue CA = global risk
• Cloudflare missed alerts on its own infra; tightening CT, monitoring, and DNS client coverage
• All certs revoked, but one rogue CA = global risk
• Cloudflare missed alerts on its own infra; tightening CT, monitoring, and DNS client coverage
September 10, 2025 at 10:43 AM
• Risk only for clients trusting Fina CA (mainly Microsoft’s root store)
• All certs revoked, but one rogue CA = global risk
• Cloudflare missed alerts on its own infra; tightening CT, monitoring, and DNS client coverage
• All certs revoked, but one rogue CA = global risk
• Cloudflare missed alerts on its own infra; tightening CT, monitoring, and DNS client coverage
4️⃣ Containers transition from Waiting➡️Running; kubelet monitors health probes (liveness/readiness).
5️⃣ Pod phase tracked: Pending → Running → Succeeded/Failed/Unknown.
6️⃣ On stop: Kubernetes sends SIGTERM, then SIGKILL if needed, to the containers.
7️⃣ Clean-up: Resources freed, pod info wiped from etcd
5️⃣ Pod phase tracked: Pending → Running → Succeeded/Failed/Unknown.
6️⃣ On stop: Kubernetes sends SIGTERM, then SIGKILL if needed, to the containers.
7️⃣ Clean-up: Resources freed, pod info wiped from etcd
September 1, 2025 at 1:29 PM
4️⃣ Containers transition from Waiting➡️Running; kubelet monitors health probes (liveness/readiness).
5️⃣ Pod phase tracked: Pending → Running → Succeeded/Failed/Unknown.
6️⃣ On stop: Kubernetes sends SIGTERM, then SIGKILL if needed, to the containers.
7️⃣ Clean-up: Resources freed, pod info wiped from etcd
5️⃣ Pod phase tracked: Pending → Running → Succeeded/Failed/Unknown.
6️⃣ On stop: Kubernetes sends SIGTERM, then SIGKILL if needed, to the containers.
7️⃣ Clean-up: Resources freed, pod info wiped from etcd
1️⃣ Pod manifest hits the API server, lands in etcd.
2️⃣ Scheduler finds a node based on resources, affinity, and binds the Pod.
3️⃣ Kubelet preps: sets up network namespace, assigns IP, pulls images, mounts volumes.
2️⃣ Scheduler finds a node based on resources, affinity, and binds the Pod.
3️⃣ Kubelet preps: sets up network namespace, assigns IP, pulls images, mounts volumes.
September 1, 2025 at 1:28 PM
1️⃣ Pod manifest hits the API server, lands in etcd.
2️⃣ Scheduler finds a node based on resources, affinity, and binds the Pod.
3️⃣ Kubelet preps: sets up network namespace, assigns IP, pulls images, mounts volumes.
2️⃣ Scheduler finds a node based on resources, affinity, and binds the Pod.
3️⃣ Kubelet preps: sets up network namespace, assigns IP, pulls images, mounts volumes.
