Rory McCune
Rory McCune
It actually is, but as `become=yes` is specified it's going into root's home directory regardless. Can we specify an override for `become=no` at the task level?
@mikestef9 does EKS support a signer name of `kubernetes.io/kube-apiserver-client` for standard Kubernetes API server client certs? Looking through docs / forums/GH I can't see anything definitive, but I've noticed that...
@mikestef9 is there a docs page which mentions which signers are supported? I checked `kubernetes.io/kube-apiserver-client` on a 1.22 cluster but I'm still seeing approved but non-issued certs. What I'm not...
@mikestef9 so in upstream Kubernetes there are a number of in-built signers as detailed [here](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers) I'm looking at one of these `kubernetes.io/kube-apiserver-client` and what I'm seeing is that certificate requests...
I've run into this too. Looking at the code it seems that `$selected_app.data_directory` is a hash not a string so the call to `sub` as a method fails (NoMethodError). I've...
Another possibly useful resource on this one is this [list of container breakout vulns](https://www.container-security.site/attackers/container_breakout_vulnerabilities.html)
I've started a Hackmd [note](https://hackmd.io/viQwq28URseBDb7b0YC6Rw) that I thought could be a good venue to gather ideas on this one. I think @lumjjb 's idea of a blog series would work...
I'm still happy to work on this one once we've got a suitable venue/format :)
Hi @ashutosh-narkar sure. For the CNCF blog, do you know if they have any writing style guides that we should be following when drafting things up?
hi, no update at this precise moment in time, I've hit a busy patch so have less availability for this, I do plan to return to it though.