Kubernetes安全求生指南Best Practices ©2019 VMware, Inc. 7 關閉公開存取 (Disable public access) 實施角色型存取權控管 (Implement role-based access control) 將 Kubernetes密鑰加密 (Encrypt secrets at rest) 設置 Kubernetes 的許可控制器 (Configure Network Security g. Auditing h. Authentication and Authorization i. Compliance j. File System Permissions k. User Account Management 所有強化在發佈前都經過測試驗證 您不再需要每回合升級都從頭來過 若發現CVE漏洞官方立刻提供修補 •The following0 码力 | 23 页 | 2.14 MB | 1 年前3
k8s操作手册 2.3criSocket: /var/run/dockershim.sock name: k8s-master1 taints: - effect: NoSchedule key: node-role.kubernetes.io/master --- apiServer: �meoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta2 #查看master结 点的污点 # kubectl taint nodes --all node-role.kubernetes.io/control-plane- # kubectl taint nodes --all node-role.kubernetes.io/master- 要用到的镜像: quay.io/�gera/operator:v1.30.4 criSocket: /var/run/dockershim.sock name: k8s-master1 taints: - effect: NoSchedule key: node-role.kubernetes.io/master --- apiServer: �meoutForControlPlane: 4m0s apiVersion: kubeadm.k8s.io/v1beta20 码力 | 126 页 | 4.33 MB | 1 年前3- 多租户Kubernetes VM Solutions for Multi-Tenant ApplicationsVirtlet Architecture Daemonset Pod Virtlet Deploying Objects DaemonSet ConfigMap ClusterRole/Role Service Account virtlet solution Virtlet Pros define VM as Pod supports using multiple interfaces0 码力 | 33 页 | 3.34 MB | 1 年前3
- 全球架构师峰会2019北京/大数据/Kubernetes 运行大数据工作负载的探索和实践&mdash“2019-11-27T09:33:19Z” labels: spark-app-selector:spark- 6cc54577d7254b2d84924500375112f7 spark-role: driver name: job-1574739729783-driver namespace: default resourceVersion: “12093805” selfLink:0 码力 | 25 页 | 3.84 MB | 1 年前3
- Kubernetes开源书 - 周立中指定的key。如果要投影Secret中的所有key,那么所有 key都必须列在 items 字段中。 所有列出的key必须存在于相应的Secret中。否则,Volume不会被创建。 Secret files permissions (Secret⽂件权限) 你也可以指定⼀个Secret的权限模式位。如不指定,默认使⽤ 0644 。可指定整个Secret Volume的默认模式,并根据 需要覆盖每个key。 例如,你可以指定⼀个像这样的默认模式: octal notation, so use the value 256 for 0400 permissions. If you use yaml instead of json for the pod, you can use octal notation to specify permissions in a more natural way. You can also use mapping0 码力 | 135 页 | 21.02 MB | 1 年前3
- Amazon Elastic Kubernetes Service (EKS) 初探秘EKS Region: Paris, London, Mumbai - CNI v1.5.0 - New Regions: Hong Kong 即将发布 - Service linked role for Amazon EKS - EKS Support for K8s version 1.13 + ECR AWS PrivateLink - EKS-optimized AMI metadata0 码力 | 39 页 | 1.83 MB | 1 年前3
- K8S安装部署开放服务com/kevincaptain/p/10655721.html Step0: 打 label kubectl label nodes {k8s-node2,k8s-node3,k8s-node4} ceph-role=osd kubectl label nodes {k8s-node2,k8s-node3,k8s-node4} ceph-mon=enabled kubectl label nodes {k8s-node20 码力 | 54 页 | 1.23 MB | 1 年前3
共 7 条
- 1