Patrick W. Healy
Patrick W. Healy
That got included accidentally when I did a batch pull of some relevant files - I've removed kubeconfig from the collected files list.
@kaovd Azure Defender should no longer be alerting on this - can you please confirm?
This is an AKS issue, not a cloud-provider-azure issue - please see https://github.com/Azure/AKS/issues/1940 for more details. I'll be posting an update there.
To clarify David's post a bit - envoy can route traffic differently based on ALPN header and it's a good way to identify traffic or route connections without needing extra...
This has a lot of the same potential cases as being able to set [server_name in the tls_config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#tls_config), though that can also be used for cert validation.
> How is it different than setting enable_http2: false? Setting http2 to false will change the ALPN header from something like "h2c,h2,http1.1" to just "http1.1". This PR instead lets us...
@roidelapluie Here's a graphic that might make the idea clearer. The basic use case is traffic routing when you're not terminating TLS, based on something other than SNI. We have...
@alexeldeib would this be in your area?
I think that ideally we'd just implement using [AzureCliCredential](https://learn.microsoft.com/en-us/dotnet/api/azure.identity.azureclicredential?view=azure-dotnet) to get the token any time GCM needs one and rely on regular Git caching.
This doesn't make any difference for our default configuration due to the lack of any other time source, as discussed in [this reply](https://www.mail-archive.com/[email protected]/msg03774.html). However, it would be worthwhile to pull...