Naadir Jeewa

icon indicating a website link https://www.vmware.com icon indicating an email [email protected]

icon company @vmware icon location London, United Kingdom icon location Kubernetes Engineer @ VMware by Broadcom

Results 249 comments of Naadir Jeewa

caCertsExtraVolumePaths should point to the correct distro paths

Additionally, all of these distros do have `/etc/ssl/certs`. it's just that they're symlinked in different ways, sometimes multiply so. For Fedora derivatives, for example, `/etc/ssl/certs` will resolve to `/etc/pki/tls/certs`. This...

caCertsExtraVolumePaths should point to the correct distro paths

Nope. A compromise of say kube-controller-manager by some mechanism shouldn't grant an attacker access to the private keys for a colocated haproxy load balancer, which it might be if `/etc/pki`...

Stop using system-level certificates directories (i.e. /etc/pki, /etc/ssl/certs, and /etc/ca-certificates directories)

If we do this, we'll start being in the business of managing root certificates for the controller-manager cloud provider client code. Is that something kubeadm or the kubernetes project wants...

Operating system and Container cache should live on different VMDKs

This is supported in VM Operator mode. Is this needed in non-supervisor mode?

Failure Domain network configuration should support similar fields of VMTemplate network config

@lubronzhan can you take a look at the doc above ^

Add the ability to define a DNS alias

Defer to MachineLoadBalancer proposal which will potentially cover this use case. /close

:sparkles: content library support proposal

/assign @vrabbi /assign @randomvariable

:sparkles: content library support proposal

/assign @rikatz

:sparkles: content library support proposal

/lgtm cancel

Migrate to vm-operator v1alpha2 APIs

/lifecycle frozen