Noel Georgi

@justnance Any plans to move this forward, using a new environmental variable? I have been using the ruby SDK and it seems the `credential_source=Environment` is not at all supported, I...

I don't think that's entirely true (maybe we're missing some specific scsi controller drivers), but if it's a virtualised host scsi mode needs to be set correctly so that kernel...

one more thing to refer https://kubernetes.io/docs/concepts/security/api-server-bypass-risks/

another one: https://raesene.github.io/blog/2022/10/01/PCI-Kubernetes-Section1-Authentication/

https://kubernetes.io/blog/2022/10/05/current-state-2019-third-party-audit/ another one to check and see if we can do something better on the Talos side

the link mentions the kubelet cmdline argument, but this should go in the kubelet config file https://kubernetes.io/docs/reference/config-api/kubelet-config.v1beta1/

| Can I run the upgrade-k8s with the actual version ? yes, you can do `talosctl upgrade-k8s --to=` This will pick up the k8s related changes in the manifest and...

I'm not sure of the use case, but usually with ceph, the extra disks are left out of the talos machine config and let ceph handle them completely.

Could you explain a bit more, are you mentioning about the talos machineconfig?

assuming that the linkerd pod runs with `CAP_NET_ADMIN` it could directly do a `nsenter` from the pod itself to other other pods network ns, removing the need for `nsenter` to...