Joshua Mühlfort
Joshua Mühlfort
**What this PR does / why we need it**: Enabling cert-manager to authenticate against Vault using TLS client certificate authentication, by adding another auth method. This helps a lot in...
Hi there! I stumbled across an inconsistency between the spelling of priviledge/privilege. This PR should fix that.
Documentation for https://github.com/cert-manager/cert-manager/pull/4330 Things I was not sure about whether to do: - Add a block with an example `kubernetes.io/tls` Secret - Include other optional fields `mountPath` and `name` in...
Addresses https://github.com/SovereignCloudStack/issues/issues/227 Signed-off-by: Joshua Mühlfort
In #212, discussion came up what "SCS compliance" could mean in the context of container image registries. It was concluded to proceed with that topic in the "SIG Standardization/Certification" instead...
Signed-off-by: Joshua Mühlfort
While having not worked extensively with any of the mentioned options yet (and possibly misunderstanding some details), I tried to give a brief assessment of possible options for machine (and...
It should be ensured that the container images which are used in SCS, ... - are up to date - do not contain software with known vulnerabilities - do meet...
K8s supports providing identity to Pods via ServiceAccounts. A JWT is provided to the workload Pod which may be used to access the apiserver, but also may be used outside...
The deployment of some services should be possible on multiple "layers" of SCS infrastructure. E. g. deploying Prometheus on "top level" payload K8s clusters, but also on "low level" infrastructure...