bureaucraten, interfacemoderatoren, Beheerders (Semantic MediaWiki), Curatoren (Semantic MediaWiki), Redacteuren (Semantic MediaWiki), toezichthouders, beheerders
205
bewerkingen
Projects:Kubernetes: verschil tussen versies
Naar navigatie springen
Naar zoeken springen
→To do
(→To do) |
(→To do) |
||
| Regel 486: | Regel 486: | ||
* Attempt Kubernetes upgrade from 1.13 to 1.14 | * Attempt Kubernetes upgrade from 1.13 to 1.14 | ||
* Try getting information on a pod from inside it using the Kubernetes API | * Try getting information on a pod from inside it using the Kubernetes API | ||
* Play with native cronjobs | |||
* Play with Statefulset / Daemonset | * Play with Statefulset / Daemonset | ||
* Security Contexts | * Security Contexts | ||
** Refuse pods with host networking | |||
** Refuse pods with hostpath mounts | |||
** Allow K8s API communication from a pod, but only to receive information about itself | |||
** Basically: Make it impossible to root a node even with "broad" privileges on the Kubernetes API server | |||
* Limiting pods in memory, CPU, I/O | * Limiting pods in memory, CPU, I/O | ||
* Limiting pods in network communication | * Limiting pods in network communication | ||