Answer the question
In order to leave comments, you need to log in
@
@
@chistya2021-11-24 11:50:04
@chistya, 2021-11-24 11:50:04
What should not be run in kubernetes?
What should not be run in kubernetes?
For example, in one cluster, but in different namespaces, the registry, prometheus, gitlab, our combat application, etc. will be launched.
It doesn't look like much. What risks does it carry? And how to implement it better?
3 answer(s)
@paran0id
@bankinobi
@jenki
P
paran0id, 2021-11-24 @paran0id
Assign resource quotas to namespaces and apps. If kubernetes is on pieces of iron, consider also the load on the disks. Cover yourself with cloudflare. Hang basic authorization on everything. And if possible, I would separate the prod from the infrastructure physically, so that they would not crawl through the hole on the prod.
B
bankinobi, 2021-11-24 @bankinobi
Move all infrastructure applications (gitlab, registry, prometheus, graylog) to a separate cluster. if this is not possible, then allocate a separate node for them, protect their priority classes, resource quota.
Well, make backup copies, so that there is something to restore the cluster from.
S
Stanislav Bodrov, 2021-11-24 @jenki
What should not be run in kubernetes?There is more of a question - "Who should not be allowed in?"
Similar questions
V
D
D
A
M
Max2018-01-17 14:00:28
How to properly organize flow release with docker, spring-boot, angular?
2Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question