Container bind mount pitfalls: DNS

It's not DNS. There's no way it's DNS. It was DNS. Story time? Story time. I had this very old deployment of Clojure app around, orchestrating quite many Docker containers and their data volumes. It was set up to connect to a PostgreSQL database and Redis running on the container host, implying no magical DNS solutions nor any convenience at all (manual /24 subnet configuration and firewalling). 1

It's 2021: nftables still does not integrate

You probably have seen it around somewhere already, for example Debian trying hard to replace iptables with it. Debian 10 (buster) shipped with it already, Arch Linux wiki provided (usable) examples for the adventurous back in 2014 etc. (nftables is quite promising, don’t get me wrong - I quite like it, because how much easier it is to use and integrate. This is rather a rant towards other projects.) HOWEVER, integrating it into existing solutions turns out to be VERY painful:

An adventure of getting Docker on NixOS running only with cgroups v2

After discovering Linux’s wonderful Pressure Stall Information (PSI for short) subsystem, I’ve been trying to set up monitoring on Docker containers where I run very memory, CPU and I/O hungry game servers (not hard to guess - it’s Minecraft). Since I monitor pretty much everything using Prometheus, then finding Cloudflare’s psi_exporter project made my life a lot easier - I didn’t have to write an exporter myself. Why do cgroups v2 matter?