These components have no direct access to the cluster. They can only access it through APIs, externally visible URLs, and exposed services. These components are treated just like any external user. Often, cluster components will just use external services, which pose no security issue. For example, in my previous job we had a Kubernetes cluster that reported exceptions to a third-party service (https://sentry.io/welcome/). It was one-way communication from the Kubernetes cluster to the third-party service.
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Preface
- Understanding Kubernetes Architecture
- Creating Kubernetes Clusters
- Monitoring, Logging, and Troubleshooting
- High Availability and Reliability
- High-availability concepts
- High-availability best practices
- Live cluster upgrades
- Large-cluster performance, cost, and design trade-offs
- Summary
- Configuring Kubernetes Security, Limits, and Accounts
- Using Critical Kubernetes Resources
- Handling Kubernetes Storage
- Persistent volumes walk-through
- Public storage volume types – GCE, AWS, and Azure
- GlusterFS and Ceph volumes in Kubernetes
- Flocker as a clustered container data volume manager
- Integrating enterprise storage into Kubernetes
- Projecting volumes
- Using out-of-tree volume plugins with FlexVolume
- The Container Storage Interface
- Summary
- Running Stateful Applications with Kubernetes
- Stateful versus stateless applications in Kubernetes
- Shared environment variables versus DNS records for discovery
- Running a Cassandra cluster in Kubernetes
- Summary
- Rolling Updates, Scalability, and Quotas
- Horizontal pod autoscaling
- Performing rolling updates with autoscaling
- Handling scarce resources with limits and quotas
- Choosing and managing the cluster capacity
- Pushing the envelope with Kubernetes
- Summary
- Advanced Kubernetes Networking
- Understanding the Kubernetes networking model
- Kubernetes networking solutions
- Using network policies effectively
- Load balancing options
- Træfic
- Writing your own CNI plugin
- Summary
- Running Kubernetes on Multiple Clouds and Cluster Federation
- Understanding cluster federation
- Important use cases for cluster federation
- The federation control plane
- Federated resources
- The hard parts
- Managing a Kubernetes cluster federation
- Setting up cluster federation from the ground up
- Initial setup
- Using the official Hyperkube image
- Running the federation control plane
- Registering Kubernetes clusters with the federation
- Updating KubeDNS
- Shutting down the federation
- Setting up cluster federation with Kubefed
- Running federated workloads
- Summary
- Understanding cluster federation
- Customizing Kubernetes – API and Plugins
- Working with the Kubernetes API
- Extending the Kubernetes API
- Writing Kubernetes plugins
- Employing access control webhooks
- Summary
- Handling the Kubernetes Package Manager
- The Future of Kubernetes
- Other Books You May Enjoy
Outside-the-cluster-network components
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.