kfox1111

Go to here: https://external-secrets.io/v0.5.8/guides-getting-started/ Both option 1 and option 2 have the flag commented out: ``` # --set installCRDs=true ``` But doesn't say what to do if you don't have...

Having written some PSP's and now looking at migration, the tricky thing I don't really see off the bat is how Gatekeeper plays with RBAC. While it was tricky to...

How do you then write a policy that restricts what features a pod can have, since like you said, a lot of k8s objects are indirectly created by users. Do...

> @maxsmythe @ritazh Is there a way we can tweak the https://github.com/open-policy-agent/gatekeeper-library/blob/master/library/pod-security-policy/users/template.yaml to exclude istio-init containers from the rule evaluation? > > I've been breaking my head around this as...

Does it still run as root if your using the cni driver? I know it at least runs unprivileged that way.

I don't know much about eks. The istio instructions mention needing cni enabled in eks. Maybe this doc might help: https://docs.aws.amazon.com/eks/latest/userguide/cni-custom-network.html If you use cni, then it doesn't need privilege,...

Maybe related to #47

Yeah. Maybe a chart that includes all the ConstraintTemplate's and then maybe some default disabled but easily enable-able default restricted buckets like those? That way its easy to load the...

Maybe useful to https://github.com/kubernetes/community/tree/master/wg-multitenancy as well.

They let you per namespace: set a default set of tolerations / nodeSelectors to always add to pods if not already there. This lets you easily target pods automatically to...