kfox1111

Yeah, looks very related to #1371. though that issue is much more generic. Having a plugin system would be great, but might take more work. If all the plugin api...

I think the answer depends partially on how much time we want to put into an implementation. Making it work with OPA's api is pretty trivial. Coming up with a...

I'm in the same boat.

in a canal based system, there is at least one interface per container. which causes a lot of responders. with just a couple of containers, I get this in the...

Like everything security related, "security" is not a boolean. its a journey and you decide how much of it to take. But on the journey, in order to increase security...

One more use case here.... I had a bunch of old bmc's that would crash/reboot randomly if they saw too many different arps in a given amount of time, so...

Both would be best. Cluster wide defaults for interface, but overridable at the node level. I have clusters where most of the nodes are the same, but with a few...

@danderson kubecon had an interesting keynote about thinking from an attackers perspective that's worth a watch: https://www.youtube.com/watch?v=3jGNjan6I3Y&list=PLj6h78yzYM2NDs-iu8WU5fMxINxHXlien&index=278&t=0s - Keynote: Hello From the Other Side: Dispatches From a Kubernetes Attacker -...

In our case, we're running everything through openvswitch interfaces so our naming is usually consistent. Node annotation would be cool though.

Chart: https://github.com/bitnami/charts/tree/master/bitnami/metallb template section: https://github.com/bitnami/charts/blob/master/bitnami/metallb/templates/speaker/daemonset.yaml#L63-L65