Oliver Gould
Oliver Gould
@mikebell90 I'm sympathetic to the pains around authorizing probes. I think it's dangerous, however, to have implicit/"magical" authorization policies. For authorizations to be auditable & debuggable, we really want to...
@mikebell90 Yeah, those are good points. In any case, the fully automated solutions is probably out of scope for 2.12.0; but we'll look more closely at a better solution as...
Last week's edge release (or the prior week's?) included the ability to explicitly set per-route authorization policies on inbound traffic. The upcoming edge release will include automatic authorizations for probe...
note from their repo: > This repository generally follows Semantic Versioning. However, the API client in prometheus/client_golang/api/… is still considered experimental. Breaking changes of the API client will not trigger...
It looks like https://github.com/k3s-io/k3s/issues/284 & https://github.com/k3s-io/k3s/issues/2123 are resolved now. @iwilltry42 If I understand correctly, it should now be possible to configure k3s to use an IPv6 pod network in k3d?
> Does the whole cluster (i.e. also the nodes) have to run in ipv6 only mode? (that's the only part that would affect k3d). I don't *think* this is required...
This CVE is going to cause a flurry of unnecessary emergency response work across the ecosystem--even for use cases that are totally un-impacted by the bug. Every application that depends...
@dkulchinsky It will be in the future path. In 2.13 we've begun to change the discovery system away from ServiceProfiles. I think we're unlikely to invest more in "external service...
@Anthony-Bible Thanks for trying a recent version. You may also want to try with an edge release, as there are some CNI/proxy-init related changes that have not yet made it...
After some further rumination... * All clients perform some form of service discovery (DNS or otherwise) to identify server addresses to connect to. * Per Tim's above-referenced social media post,...