Dan Constantinescu

> use pod-topology-spread-constraints to ensure that pods are spread across There is no problem spreading PODs evenly across AZ's with the current anti-affinity rules in the chart. The issue is...

> The pod/binding event looked promising. Have you tried that? Couldn't find any "pod/binding" resource in the API reference. The [implementation of binding a pod to machine](https://github.com/kubernetes/kubernetes/blob/master/pkg/registry/core/pod/storage/storage.go#L162) doesn't look like...

@kd7lxl , there are couple of issues with putting the env vars in a config map: - different Zone values ask for multiple config maps - config maps need to...

NVM, I replied my own question: the mutate admission applies to the object kind in the request, in this case "kind": "Binding", so it would not patch the pod here.

Any solution that entails setting the tenant header at the client end introduces a security flaw: all it takes is knowing the tenant header, then you can impersonate that tenant...

> Any solution that entails setting the tenant header at the client end introduces a security flaw: all it takes is knowing the tenant header, then you can impersonate that...

I replied with more details in https://github.com/cortexproject/cortex/issues/4427#issuecomment-973058351 Until kubernetes adds support for client TLS http-get probes, I don't see any other option to probe Cortex containers with mTLS enabled.

still needed

You'd need to identify the cause of compactor crash, in my case this was caused by OOMKilled when pod reached its memory limit. Increasing the memory limit is not practical,...

Also this might be another settings to look at: https://cortexmetrics.io/docs/blocks-storage/production-tips/#ensure-deletion-marks-migration-is-disabled-after-first-run