New flags --disable-user-data & --disable-sensitive-metadata #137
Conversation
README.md
Outdated
| @@ -515,6 +515,8 @@ Usage of ./build/bin/darwin/kube2iam: | |||
| --base-role-arn string Base role ARN | |||
| --debug Enable debug features | |||
| --default-role string Fallback role to use when annotation is not set | |||
There was a problem hiding this comment.
I am a 👍 on the PR in general but I am wondering if there are more informative names we could use here to outline their meaning.
Not sure if it's "better" but the following seem a bit more clear about their purpose to me. What do you think?
--disable-sensitive-metadata--disable-iam-userdata
There was a problem hiding this comment.
These names seem a lot more clear to me at first glance.
There was a problem hiding this comment.
@mabartosz Any thoughts here?
There was a problem hiding this comment.
People are alive! Thanks for the suggestion. I will update the PR soon.
|
It looks like this just needs to be re-based and have the option updated. @mabartosz do you have bandwidth for this at the moment ? |
mabartosz
force-pushed
the
security
branch
2 times, most recently
from
b497b7d
to
b5d4d02
Compare
mabartosz
changed the title
|
sorry for the delay. the last version of patch was used in my prod cluster for several months. |
|
Thanks, we'll test this out and report back in a few days. |
|
Just an update, we've now been using this in production without any problems. It'd be great if this was merged into a released version of kube2iam. |
|
@jtblin , @jrnt30 , @mwhittington21 : Anything further you need to get this over the line and merged in? |
|
Howdy! Any word on this getting merged and released?? |
|
@jtblin @mwhittington21 @jrnt30 Please add this feature. I tested on many clusters with custom-built images - and it is working perfectly. |
userdata and some metadata paths return more than a pod needs and contents can be safely blanked.
This patch under public domain or BSD license as preferred.