cross-posted from: https://lemmy.world/post/27407351

When combined with today’s other vulnerabilities, CVE-2025-1974 means that anything on the Pod network has a good chance of taking over your Kubernetes cluster, with no credentials or administrative access required.

We have free rundeck. And it is pretty lame. But the basic problem is we want to setup permission escalation. We write the scripts that do things, and control who can run them, and how they can run them. Also keep an audit trail of who ran what. rundeck does this, but the free version is pretty terrible. And the pay version is absurdly expensive.

One example would be some specific queries on the production databases to look up information that is okay for devs to look up. And which would be part of incident response. Another is some limited and very specific kubernetes actions on the prod cluster…

We have free rundeck. And it is pretty lame. But the basic problem is we want to setup permission escalation. We write the scripts that do things, and control who can run them, and how they can run them. Also keep an audit trail of who ran what. rundeck does this, but the free version is pretty terrible. And the pay version is absurdly expensive.

One example would be some specific queries on the production databases to look up information that is okay for devs to look up. And which would be part of incident response. Another is some limited and very specific kubernetes actions on the prod cluster...

cross-posted from: https://lemmy.world/post/2481800

tf-profile v0.4.0 Released!

tf-profile is a CLI tool to profile Terraform runs, written in Go.

Main features:

• Modern CLI (cobra-based) with autocomplete
• Read logs straight from your Terraform process (using pipe) or a log file
• Can generate global stats, resource-level stats or visualizations
• Provides many levels of granularity and aggregation and customizable outputs

Check it out, feedback much appreciated ❤️ https://github.com/datarootsio/tf-profile

Built with ❤️ by Quinten