Securing the cluster with Role-Based Access Control (RBAC) In Kubernetes version 1.8.0, the RBAC authorization plugin graduated to GA (General Availability) and is now enabled by default on many clusters. RBAC prevents unauthorized users from viewing or modifying the cluster state. The default Service-Account…
About the API server The Kubernetes API server is the central component used by all other components and by clients, like kubectl. It provides a CRUD (Create, Read, Update, Delete) interface for querying and modifying the cluster state over a RESTful API. It stores…
Kubernetes Pod Networking Traditional Docker networking allows all containers on a host to reach one another over private IP addresses on a virtual bridge on each host. Port forwarding can also be configured on the host to provide external access to containers on an…
Regarding networking, Kubernetes impose only three simple but powerful rules: 1. All nodes in the cluster must be able to talk to each other. 2. All pods on the network can communicate with each other without NAT. 3. Every…
During the last ten years, the IT infrastructure market has gone through a tectonic shift. First, it was Infrastructure as a Service (IaaS) that revolutionized the way compute, storage and network resources were provisioned and consumed by businesses. The second half of the last…