For the past three months, I have been working on PKS observability features. Right now, it’s mostly about kubernetes logging.
hmm, logging? Collect logs, and send them to the log server. That looks quite straightforward. Simple and Common, isn’t it? Agree, but only partially. I have noticed some new challenges in the container logging, compared to VM or bare metal envs.
Here are the summary. Check it out! See how much it may apply to your kubernetes projects. (BTW, our PKS project is hiring)
I have been learning k8s for several months. Some scripts I have been using quite often.
Here comes the GitHub repo: kubernetes-scripts.
(Hint: Learn kubernetes by real scenarios? check challenges-kubernetes repo.)
Experience using bosh for Day-0 Deployment
Maintain least privilege: Incorrect or excessively permissive RBAC policies are a security threat in case of a compromised pod.
For Kubernetes workloads (pods, deployments, jobs, sets, etc.), they may be trusted at deployment time, but if they’re internet-facing there’s always a risk of later exploitation.
The Linux kernel has a number of overlapping security extensions (capabilities, SELinux, AppArmor, seccomp-bpf) that can be configured to provide least privilege to applications.
- Linux Security Features and PodSecurityPolicies; Network security