Goal of K8S Security
Ensure a clear isolation between the container and the underlying host it runs on
Limit the ability of the container to negatively impact the infrastructure or other containers
Principle of Least Privilege - ensure components are only authorized to perform the actions they need, and limit the scop继续阅读 »
Native Docker Networking Status
Docker now supports both single-host and multi-host networking this means that both containers on the same Docker host and containers on different Docker hosts can connect with each other with native docker network support.
For multi-host networking support, docker is using overlay net继续阅读 »
Kubernetes笔记
more
导出现有的资源
bash
for n in $(kubectl get -o=name pvc,configmap,serviceaccount,secret,ingress,service,deployment,statefulset,hpa,job,cronjob)
do
mkdir -p $(dirname $n)
kubectl get -o=yaml --export $n > $n.yaml
done
热更新deploy
有时候我们修改了ConfigMap,但是代码不支持,肯定不能让程序停止,因此必须支持热更新。命令如下:
bash
kubectl patch继续阅读 »
一、Pod定义
官网文档对Pod的定义是:
A Pod is the basic building block of Kubernetes–the smallest and simplest unit in the Kubernetes object model that you create or deploy. A Pod represents a running process on your cluster.继续阅读 »