Software Archaeologist is a user on oldbytes.space. You can follow them or interact with them if you have an account anywhere in the fediverse.
If you don't, you can sign up here.
That's the part of the containers way I just can't accept:
https://github.com/kubernetes/ingress/blob/master/controllers/nginx/rootfs/Dockerfile
1. Your ingress controller is a Google managed nginx image you have no guarantee on.
2. It downloads and run a binary from Github.
No hashs, no signatures; Google, GitHub, tini's owner and anyone pwning them could get a root shell in your setup and MITM everything without anyone noticing for some time.
I don't believe Google will ever do that or be pwnd, but I'm not so confident in GitHub's security for instance, and much less in tini's owner.
How many servers can you own with a single GitHub account? Correct answer is "what the fuck".
Software Archaeologist
@dashie
@CobaltVelvet google pwned no, but the account used to push containers to the registry may...
