What should not be run in kubernetes?

@

@chistya2021-11-24 11:50:04

Devops

@chistya, 2021-11-24 11:50:04

What should not be run in kubernetes?
For example, in one cluster, but in different namespaces, the registry, prometheus, gitlab, our combat application, etc. will be launched.
It doesn't look like much. What risks does it carry? And how to implement it better?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

P

paran0id, 2021-11-24
@paran0id

Assign resource quotas to namespaces and apps. If kubernetes is on pieces of iron, consider also the load on the disks. Cover yourself with cloudflare. Hang basic authorization on everything. And if possible, I would separate the prod from the infrastructure physically, so that they would not crawl through the hole on the prod.

B

bankinobi, 2021-11-24
@bankinobi

Move all infrastructure applications (gitlab, registry, prometheus, graylog) to a separate cluster. if this is not possible, then allocate a separate node for them, protect their priority classes, resource quota.
Well, make backup copies, so that there is something to restore the cluster from.

S

Stanislav Bodrov, 2021-11-24
@jenki

What should not be run in kubernetes?

There is more of a question - "Who should not be allowed in?"