Ariadne Conill 🐰
definitely not going to remind people that kubelet defaults to full access including remote execution to anonymous users and that shodan has hundreds of kubelet hits (query "kubelet port:10250") on it, no sir
this type of arrogance (creating orchestration software with basically ZERO security considerations, because "who would ever run their control plane exposed to the Internet?") is what i started edera to fix, and we will eventually fix this problem too
cloud native is a layer cake, i am just asking for a layer cake that is actually delicious and not made of poison
Arch 
@ariadne i'm going to go bury my servers in the backyard. can't hack my cloud when it's... not
it's always upsetting when I realise how many of these things are just out in the open, it's so easy to lock down with some firewall rules. but then, I guess most of these are on a managed service or something?
Kevin Karhan 
@kkarhan well, really "cloud native" has nothing to do with clouds, it is just about containers in general
@ariadne the inflationary use of #cloud, #containers, #memenetes aka. #kubernetes etc. very, very rarely merits itself and more often than not only exists as a means to funnel money ticsome big corporation...
weberc2 ☕️@kkarhan @ariadne Honestly I use Kubernetes bc it gives me a lot of what I need out of the box. There is a well documented happy path & a large pipeline of engineers who understand it. This is in contrast to cobbling together my own system from disparate tools that have their own distinct conventions & configuration syntaxes & so on. I’ve never really been in an organization that has done that successfully, esp not where dev teams can operate their own systems.