|
|
|
|
|
|
by zachdev1
23 days ago
|
|
|
kube api gives you auditing, events, rbac, across pretty much all layers of the infra stack. if the agent does something in a VM you have to figure out what happened. if it does something on the control plane, it’s obvious what happened. i agree with you that security is any issue either way (especially based on recent events) but doing it under the kube umbrella makes it easier to manage at scale |
|
|
If you can't audit what users are doing on a Linux system you have no business pretending you can run a k8s cluster.
(k8s was a ZIRP-fueled evolutionary mistake for most of the industry.)