Sheogorath

In what perspective would this prove security? Helm uses secrets to store its state and it creates secrets to hold that information. From a Kubernetes point of view it doesn't...

> - adding mysql to the image, but I think we should create two separate image, to keep the image the slimest possible (but I do not know if this...

Todos: - [ ] Enable or disable basic services by environment variables - [ ] allow configuration of - [ ] server protocol - [ ] seed - [ ]...

I don't think it should have that impact, it's just updates for good measure. But you can validate it the impact on your cluster, if you want. All you need...

You can run blocky with PSS restrict. PSS restricted allows to add `NET_BIND_SERVICE`. This is how I run blocky in a Namespace with PSS restricted version v1.26: https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/blob/37b991bc0f7f4955773bce1df3ef5a0b6ce6cd0f/apps/k8s01/dns/dns.yaml

We could encode all dependencies base64 and live happily ever after. Throwing a zip down doesn't seem really useful to me as one suddenly needs to unzip it before the...

If the token is too large, it maybe makes sense to switch to envelope encryption? Generate a secret, encrypt the token with it, and store the key in the keyring....

Just hit this after upgrading to Talos 1.8.0

I think we should integrate gvisor debug with the general gvisor extension and just add them as additional runtimes. They remain unusable unless someone configured a runtimeclass for debugging and...

I'm quite sure it's a containerd vs gvisor-shim problem. Given how many breaking changes containerd v2 introduced in that space: https://github.com/containerd/containerd/blob/main/docs/containerd-2.0.md#whats-breaking ~~It's probably broken from here: https://github.com/google/gvisor/blob/abe38d82ac3634264608259d1c60003cdd53658a/shim/cli/cli.go#L27~~ ~~As it's called...