Goal of K8S Security
Ensure a clear isolation between the container and the underlying host it runs on
Limit the ability of the container to negatively impact the infrastructure or other containers
Principle of Least Privilege - ensure components are only authorized to perform the actions they need, and limit the scop继续阅读 »
Configuring a remote for a fork
List the current configured remote repository for your fork.
$git remote -v
origin https://github.com/YOUR_USERNAME/YOUR_FORK.git (fetch)
origin https://github.com/YOUR_USERNAME/YOUR_FORK.git (push)继续阅读 »
Swarm on Mesos Overview
Swarm API gets REST API request, and then create a task and put it into message queue.
Swarm Cluster (registered as Mesos framework) gets offer from Mesos
Swarm Cluster picks up a task from message queue
Swarm Cluster calls Scheduler’s routine to gets target host
Swarm Cluster calls Mesos 继续阅读 »
Named namespaces in Google Code Style
Namespaces wrap the entire source file after includes, gflags definitions/declarations and forward declarations of classes from other namespaces.继续阅读 »
Solution & Estimations:
Current solution is to 1.) let Swarm launch tasks by Mesos 2.) for the other API, let Swarm send request to docker engine directly (red arrow)继续阅读 »
Native Docker Networking Status
Docker now supports both single-host and multi-host networking this means that both containers on the same Docker host and containers on different Docker hosts can connect with each other with native docker network support.
For multi-host networking support, docker is using overlay net继续阅读 »