Keith Mattix II
Keith Mattix II
Note: Make sure the logic from the [rotation design doc](https://docs.google.com/document/d/1QF7wL1su4CUzwo3Yo2_vFL90XG2d-wUhBU6uifNrkws/edit#heading=h.r5r6bqgddlfx) is include (especially the finalizer).
Still valid
> I'd rather we drop the UI from the demo and make it a purely terminal experience so that the documented demo is testable on the CI as well. +1...
(emphasis mine) > mTLS is supported with Egress, though the **TLS origination for external traffic must happen within the application code**. I think we can do better than this. Automatic...
Why do we need to provision user certificates? If the user provisions OSM with an intermediate CA, wouldn't sibling CAs (i.e. certs derived from the same root as the intermediate)...
@shashankram I see what you're saying; self-signed Tresor certificates wouldn't work, but the cert-manager or Vault provider pointing to an intermediate CA should. That way, all the service certs would...
Keep open
The OS patch [just dropped](https://www.alpinelinux.org/posts/Alpine-3.16.1-released.html); the new image should be imminent
[3.16.1](https://hub.docker.com/layers/alpine/library/alpine/3.16.1/images/sha256-9b2a28eb47540823042a2ba401386845089bb7b62a9637d55816132c4c3c36eb?context=explore) is available on DockerHub
@sshuklao That's a separate vuln. Compare the 3.16.0 [snyk report](https://snyk.io/test/docker/alpine:3.16.0) with the 3.16.1 [snyk report](https://snyk.io/test/docker/alpine:3.16.1)