EU Session
Here are the URLs and recommendations that people were posting on the slack channel during the call, thanks everyone for contributing these, I’m posting them in order of when they’re mentioned:
- Check your stuff! Runc and CVE-2019-5736 - Kubernetes
- https://github.com/kyma-incubator/service-catalog/blob/6bd26102d3465220297a7539d3d9f38f88154cb7/pkg/controller/controller.go#L136-L159
OPA discussion
- https://github.com/open-policy-agent/opa
- https://www.openpolicyagent.org/docs/kubernetes-admission-control.html
- https://youtu.be/xg19CD4TRC8
- https://www.openpolicyagent.org/
- Disable service type loadbalancer
Auth and RBAC
- https://banzaicloud.com/blog/k8s-rbac/
- https://github.com/dexidp/dex - Cool, our own @JoelSpeed is a maintainer now!
- https://github.com/vouch/vouch-proxy
- https://thenewstack.io/single-sign-on-for-kubernetes-dashboard-experience/
- https://github.com/dexidp/dex/blob/master/Documentation/connectors/oidc.md
- https://github.com/vouch/vouch-proxy/blob/db84bc6cfc1aacf0d92613e1bf34669c2e4af325/handlers/handlers.go#L584-L640
- https://auth0.com/
- https://www.keycloak.org/
Networking Discussion
- Today we learned Calico has it’s own slack: https://slack.projectcalico.org/ where you can ask questions, we’re not sure what the status of BGP support for windows containers in k8s is.
- New Cilium - https://cilium.io/blog/2019/02/12/cilium-14/
… and lastly: https://kubernetes.github.io/ingress-nginx/examples/rewrite/ appears to be broken, we need to find out how to report an issue. Discussion still happening in the channel.