4 Challenges In Kubernetes Log Transport

For the past three months, I have been working on PKS observability features. Right now, it’s mostly about kubernetes logging.

hmm, logging? Collect logs, and send them to the log server. That looks quite straightforward. Simple and Common, isn’t it? Agree, but only partially. I have noticed some new challenges in the container logging, compared to VM or bare metal envs.

Here are the summary. Check it out! See how much it may apply to your kubernetes projects. (BTW, our PKS project is hiring)

5 Challenges In Kubernetes Log Transport


5 Typical Kubernetes Security Scenarios

Maintain least privilege: Incorrect or excessively permissive RBAC policies are a security threat in case of a compromised pod.

For Kubernetes workloads (pods, deployments, jobs, sets, etc.), they may be trusted at deployment time, but if they’re internet-facing there’s always a risk of later exploitation.

The Linux kernel has a number of overlapping security extensions (capabilities, SELinux, AppArmor, seccomp-bpf) that can be configured to provide least privilege to applications.

TODO: diagram

  • Linux Security Features and PodSecurityPolicies; Network security
  • RABC

Kubernetes Security