Jump to navigation Jump to search
- "An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object, but after the request is authenticated and authorized....compiled into the kube-apiserver binary, and may only be configured by the cluster administrator."
- "It's useful to note that there has been a lot of back-and-forth on PID namespace sharing. Reaping zombies is only done by the pause container if you have PID namespace sharing enabled, and currently it is only available in Kubernetes 1.7+."
- "The explicit goal of the service mesh is to move service communication out of the realm of the invisible, implied infrastructure, and into the role of a first-class member of the ecosystem—where it can be monitored, managed and controlled."
- "There is no easy way to see network namespaces, as Kubernetes and Docker don’t register them (“ip netns” won’t work with Kubernetes and Docker). "
3rd party setup
- CNI hostport mapping does not work. CNI doesn't account for it and w/ CNI docker obv cannot fulfill.
- i.e. calico for policy + flannel