|
|
|
|
|
|
by champtar
844 days ago
|
|
|
I agree that intra node encryption, if implemented by sidecars, is just wasting CPU cycles. Small note, unless it has changed recently, containerd default capabilities list includes CAP_NET_RAW, so hostNetwork=true pods can sniff all traffic. |
|
|