-
-
Notifications
You must be signed in to change notification settings - Fork 259
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider securing etcd #6
Comments
Taking into account that Isn't kubernetes master a SPOF anyway? (All the components talk to Only advantage I can think of is data resiliency, but assuming master gets completly destroyed, you'd still loose
As seen above, this is very misleading - I think this issue should be linked somewhere in that section, and possibly that full sentece be removed completely. |
Started working on it: https://github.com/hobby-kube/provisioning/pull/39/files |
@Informatic I don't like the idea of having an unclustered etcd running. |
@Informatic just wanted to add that all your points are valid. Will consider your input moving forward 👍🏻 |
Are there any updates regarding this? |
The relevant GH issue was closed. This updates this section to a general "avoid converting the same string to byte slices repeatedly" recommendation. To justify the recommendation, I've included the relative performance of the two cases in the output.
Compromised containers could access and leak important data stored in etcd.
Related comment on Hacker News: https://news.ycombinator.com/item?id=14291817
The text was updated successfully, but these errors were encountered: