maxSkew: 1 on a topologySpreadConstraints config looks like the obviously correct choice — maximum spread, tightest guarantee. We ran it that way in production until it caused a partial outage. Turns out maxSkew: 2 is almost always the safer default, and the difference only shows up in the failure case.
The phantom domain problem
With topologyKey: kubernetes.io/hostname and whenUnsatisfiable: DoNotSchedule, the Kubernetes scheduler counts every node registered in the API as a topology domain — including nodes that exist but can’t accept pods. A node that’s resource-exhausted but not tainted, or registered but not yet Ready, still participates in the skew calculation. Its count is 0.
I’ve hit this problem twice now. At MetaCPAN, we were looking at using S3 as a sync target for rsync from upstream CPAN — conceptually simple, except rsync wants a filesystem and S3 very much isn’t one. More recently, I wanted to mount an S3 bucket as an image cache for Buildah. Same wall. You end up writing glue code, or reaching for a FUSE driver that may or may not be production-ready, or just redesigning around the limitation.
I use Granted for per-terminal AWS credential assumptions — it’s great for switching between the multiple work accounts I juggle throughout the day. But I have SSO configured across more than one organization, and every morning I was logging into each one manually, one at a time, like a chump.
Turns out aws sso login has a --sso-session flag that targets a named session block from ~/.aws/config. So logging into multiple orgs is just two commands:
On a recent trip I kept getting connection failures that needed retrying — pages half-loading, API calls timing out, the usual DNS-smells-wrong experience. It was intermittent enough to be annoying but consistent enough that I knew something was actually broken.
I narrowed it down to DNS pretty quickly. My GL.iNet MT-3000 travel router was dropping queries or returning nothing for some domains.
The culprit turned out to be obvious in retrospect: before leaving I had shut down my Pi-hole servers at home. Those Pi-holes live on my Tailscale network, and my travel router connects back to that network. Somewhere, something was still trying to use them for DNS.
A coworker dropped /copy in our work Slack yesterday and I had to try it immediately. It’s a Claude Code slash command that copies Claude’s last response straight to your clipboard as markdown.
Before finding this, my workflow for grabbing a generated code snippet or shell command was embarrassingly manual — select text in the terminal, hope I got the boundaries right, paste it somewhere. Now I just type:
/copy And the whole response lands in my clipboard, formatting intact — including code blocks. This is especially useful when Claude generates something multi-part, like a function plus its tests or a sequence of shell commands, where careful selection across scroll boundaries used to be the only option.