Twitter | Search | |
Tim Allclair
Kubernetes Security
70
Tweets
453
Following
788
Followers
Tweets
Tim Allclair retweeted
Kubernetes Oct 10
Day 3️⃣ of our *5 Days of * series is now live, covering "Kubernetes v1.12: Introducing RuntimeClass" from 🔗
Reply Retweet Like
Tim Allclair Oct 12
Replying to @sszuecs @kubernetesio
I'm not sure. I think that could be implemented independently of RuntimeClass.
Reply Retweet Like
Tim Allclair Oct 1
Are you excited about security? Do you think container isolation is awesome? We're hiring!
Reply Retweet Like
Tim Allclair retweeted
Tim Pepper Sep 27
Busy day, but this happened Great work from a great open source community!
Reply Retweet Like
Tim Allclair Sep 26
I'll be speaking about "Recent Advancements in Container Isolation" at Seattle! DM me with topics you'd like to see covered.
Reply Retweet Like
Tim Allclair Sep 25
Take 2: I wrote a bookmarklet to navigate from a package on github to its godoc
Reply Retweet Like
Tim Allclair Sep 25
Replying to @ahmetb
Oh yeah, thanks for pointing that out. No code snippet functionality on twitter :(
Reply Retweet Like
Tim Allclair Sep 11
Replying to @riskybusiness
Cloud native ecosystem security, "serverless", and challenges of the hosted open source model.
Reply Retweet Like
Tim Allclair Sep 11
This looks oddly familiar...
Reply Retweet Like
Tim Allclair Jul 24
I'm excited to see long-term vision taking shape. So much awesome stuff is now built a layer up, with portability across clouds AND on-premise deployments.
Reply Retweet Like
Tim Allclair Jul 9
Woohoo! Inbox 0 for incoming PRs for the first time in waaay too long (sorry if you were blocked on me!)
Reply Retweet Like
Tim Allclair Jul 5
Nice list of GitHub organization hardening advice in 's postmortem. 2fa is a must if GitHub is in your supply chain!
Reply Retweet Like
Tim Allclair Jun 1
Replying to @rektide
Nothing wrong with attaching a git repo to a container, I just don't think gitRepo volumes are the right way to do it.
Reply Retweet Like
Tim Allclair Jun 1
Replying to @rektide
1) Kubelet calls git as root in the host namespaces, so lots of vulnerabilities. 2) InitContainers are basically designed for initializing volumes, we don't need a special volume type to copy in data.
Reply Retweet Like
Tim Allclair May 30
Another reminder to avoid GitRepo volumes in :
Reply Retweet Like
Tim Allclair May 29
Nice breakdown of the the Spectre mitigations in chrome.
Reply Retweet Like
Tim Allclair May 23
We need sandboxes in before someone's kubeflow deployment becomes sentient.
Reply Retweet Like
Tim Allclair May 22
Really exciting to see the momentum building around . Congrats on the 1.0 launch!
Reply Retweet Like
Tim Allclair May 18
I just published a big update on attack surfaces to my Sandboxes doc. If you caught my KubeCon talk, you might recognize a lot of the content.
Reply Retweet Like
Tim Allclair May 11
The question "Is secure enough for me?" is a complicated one. We took a stab at answering it with this blog post.
Reply Retweet Like