Native Docker Networking Status
Docker now supports both single-host and multi-host networking this means that both containers on the same Docker host and containers on different Docker hosts can connect with each other with native docker network support.
For multi-host networking support, docker is using overlay net继续阅读 »
Goal of K8S Security
Ensure a clear isolation between the container and the underlying host it runs on
Limit the ability of the container to negatively impact the infrastructure or other containers
Principle of Least Privilege - ensure components are only authorized to perform the actions they need, and limit the scop继续阅读 »
Floats, absolutely positioned elements, block containers (such as inline-blocks, table-cells, and table-captions) that are not block boxes, and block boxes with 'overflow' other than 'visible' (except when that value has been propagated to the viewport) establish new block formatting contexts for their contents.继续阅读 »