bureaucraten, interfacemoderatoren, Beheerders (Semantic MediaWiki), Curatoren (Semantic MediaWiki), Redacteuren (Semantic MediaWiki), toezichthouders, beheerders
205
bewerkingen
(→To do) |
|||
Regel 482: | Regel 482: | ||
= To do = | = To do = | ||
* Kubectl set image for rolling release? | * Kubectl set image for rolling release? | ||
* Kubernetes Dashboard | * Kubernetes Dashboard | ||
Regel 494: | Regel 488: | ||
* Play with Statefulset / Daemonset | * Play with Statefulset / Daemonset | ||
* Security Contexts | * Security Contexts | ||
* Refuse pods with host networking | |||
* Refuse pods with hostpath mounts | |||
* Allow K8s API communication from a pod, but only to receive information about itself | |||
* Basically: Make it impossible to root a node even with "broad" privileges on the Kubernetes API server | |||
* Limiting pods in memory, CPU, I/O | * Limiting pods in memory, CPU, I/O | ||
* Limiting pods in network communication | * Limiting pods in network communication |