If you need multiple manual approvals to get kubectl access or a change to YAML takes 10-15 minutes to rollout, the problem isn't kubernetes. Your security model is making the wrong assumptions and slowing you down without adding security (and probably less secure then you think)

"Eventual consistency is a lie" - Ancient Cloud Native Sith Saying

Wow, RIP to the Kubernetes Dashboard and much love to the maintainers. Headlamp is great! The next version of OpenUnison will bundle Headlamp directly and is going to be released in the next few weeks! https://groups.google.com/g/kubernetes-sig-ui/c/vpYIRDMysek/m/wd2iedUKDwAJ?utm_medium=email&utm_source=footer&pli=1

Yes, I am using headlamp on my pixel fold running on EKS with hardware MFA and no, headlamp's ServiceAccount doesn't have any permissions.

Let's learn about Argo CD in a multi-tenant platform!
https://youtube.com/live/ibkZizwJjiw?feature=share

Rewrote the websockets layer to be simpler, now Head Lamp with impersonation is working great for logs and terminals! Next release will default to Head Lamp instead of the Kubernetes dashboard. Will also remove the need for a second chart.

Pretty cool got headlamp working with OpenUnison for OIDC. Bug in headlamp's refresh token handling and TLS but I've got that fixed locally. Need to submit a PR. Next up is getting impersonation working. Looking forward to making headlamp the default with OpenUnison instead of the dashboard.

Join us as we deploy a tenant across dev&prod, creating a GitOps infrastructure for our app team! Hope to see you there!
https://youtube.com/live/LyB94i_egNA?feature=share

This is pretty cool. Customer asked if they could use our STS to authenticate to vault without using a static service account but still validating the source pod is active. Blog post coming!

Come hang out at noon EST today! we're going to integrate 3 Talos clusters with Vault, Argo CD, "Active Directory", Harbor, and OpenUnison using Pulumi. Hope to see you there! https://youtube.com/live/cqaFTrUQD4s?feature=share