Sylvain Rabot
Sylvain Rabot
Hi @carlisia 👋 ! Could I have your input about this ? Thank you.
It's been deployed and tested in my corporate setup.
Yes I think it is still needed.
This patch allows to use IRSA sessions which are tied to the AWS account the k8s cluster is in to assume a role in another account so that you can...
I've rebased against main. I've been using this in production for a year now. I would appreciate if a maintainer could review/merge this. Cheers.
Could someone take a look ? @cRui861 ?
For those using terraform to manage the OIDC provider in AWS: ```hcl data "tls_certificate" "github" { url = "https://token.actions.githubusercontent.com/.well-known/openid-configuration" } resource "aws_iam_openid_connect_provider" "github" { url = "https://token.actions.githubusercontent.com" thumbprint_list = [data.tls_certificate.github.certificates[0].sha1_fingerprint]...
> Is there recommended course of action for mitigation? Spent an hours thinking I broke something until I found this thread. No, I don't think there is. The trust chain...
> Small adjustment to the terraform snippet provided earlier... This will use all the certificates instead of only the 0-index... > > ```hcl > data "tls_certificate" "github" { > url...
Don't use bustable instances if you care about bandwidth. The more data you proxy via tailscale, the more CPU you'll need and tX instances will degrade quite rapidly.