Alexandre Pauwels

Hey @data-race that's correct. A CronJob resource runs in k8s to trigger the rotation and copies the new creds to an appropriate place in vault. That's the only thing it...

@kenske We have one, single, standard, accepted path for bringing secrets from vault into the cluster. This ensures that we always know the identity fetching secrets, how it's fetching them,...

Looks like it's in the "researching" phase as of early november so might be hearing good news soon! Hopefully it could apply to ECS as well as I don't believe...

> ECR does not support ipv6, so probably ECS is unable to pull the containers from the registry in an ipv6 only scenario. Maybe it works with external registries with...

> > With DNS64 and NAT64, EKS could pull containers from ECR even if ECR does not have a AAAA record. > > Yes, possible, but NAT64 is a technology...

Sorry for the late follow-up on this but @cpu is totally right. The `tls.crt` field contains the entire chain, from the leaf cert to the intermediate cert (not the root...