Graeme Lawes

Has there been any progress on this?

`helm init --client-only` doesn't work under helm 3

Ahh, it looks like the `kubeletVolumePluginPath` may not have made it into their CRDs for v3.24.0. I see it in `master` (permalinks to the current master commit): https://github.com/projectcalico/calico/blob/0e8541c9b6397f74c2f4a4471e6cff4892dc44af/charts/tigera-operator/crds/operator.tigera.io_installations_crd.yaml#L4245 https://github.com/projectcalico/calico/blob/0e8541c9b6397f74c2f4a4471e6cff4892dc44af/charts/tigera-operator/crds/operator.tigera.io_installations_crd.yaml#L10397 But...

Opened: https://github.com/projectcalico/calico/issues/6620

Any chance of someone looking at this?

Seems like the developer preview w/ support for Apple Silicon has been removed from VirtualBox downloads: https://www.virtualbox.org/wiki/Downloads https://youtube.com/watch?v=obo1ksQleZo

Just to bump this up a bit, CAA records (and specifically the [RFC 8657 ACME-CAA](https://www.rfc-editor.org/rfc/rfc8657) extension) have come up in relation to a rather well publicized traffic interception attack: https://notes.valdikss.org.ru/jabber.ru-mitm/...

Could the use of OCI registry be a possible mitigation to this? https://github.com/bridgecrewio/checkov/issues/5286 https://medium.com/boostsecurity/erosion-of-trust-unmasking-supply-chain-vulnerabilities-in-the-terraform-registry-2af48a7eb2

> My personal primary intent behind this feature request was a lot more mundane than leveraging it for SCC - the use of OCI registries as a sort-of "registry for...

FYI, this is regular k3s on a set of Raspberry Pi 4s, not k3d (in docker). But it could be a k3s issue. I can try to test w/ kubespray...