joshgav

# envsubst invokes all shell substitutions in a file
# use by first sourcing this file, e.g. `source envsubst.sh` or `. envsubst.sh`, 
#   and then invoking `envsubst` on STDIN or a specific file
# it should only be invoked on trusted or scrubbed files to avoid injection attacks
function envsubst {
  local infile=${1}

  if [[ "${SUPPRESS_ENVSUBST_WARNING}" != "1" ]]; then
    >&2 echo "[WARNING] the envsubst function should only be used on trusted files because it is vulnerable to injection attacks"
  fi

joshgav

Clusters for all cloud tenants

A decision which faces many large organizations as they adopt cloud architecture is how to provide isolated spaces within the same environments and clusters for various teams and purposes. For example, marketing and sales applications may need to be isolated from an organization's customer-facing applications; and development teams building any app usually require extra spaces for tests and verification.

Namespace as unit of tenancy

To address this need, many organizations have started to use namespaces as units of isolation and tenancy, a pattern previously described by Google and Kubernetes contributors. But namespace-scoped isolation is often insufficient because some concerns are managed at cluster scope. In particular, installing new resource types (CRDs) is a cluster-scoped activity; and today independent te

joshgav

• https://github.com/kidd/org-gcal.el
• https://github.com/shiraily/gcal-sync
• https://github.com/eviallet/Tasks
• https://github.com/Davepar/gcalendarsync
• https://github.com/ahayworth/gcal-sync
• https://github.com/amancevice/terraform-aws-facebook-gcal-sync
• https://github.com/bergercookie/taskwarrior-syncall

joshgav

Appendix: Contributors

Thank you to the many members of CNCF WG Platforms who have contributed feedback and insights on this paper, in particular the following:

• Abby Bangser
• Abhinav Mishra
• Abi Noda
• Alex Chesser
• Brad Bazemore