[kwlug-disc] Paranoid network as selling point for kubernetes
Mikalai Birukou
mb at 3nsoft.com
Wed Sep 15 17:58:16 EDT 2021
> If I read this
> https://kubernetes.io/docs/concepts/services-networking/network-policies/
> correctly,
>
> NetworkPolicy kind descriptor is the way to say what pods (running
> process?) is allowed to connect to, and how in/out/port, all based on
> human readable labels.
>
> It is way longer than network description in docker swarm/compose, but
> level of control is greater. From a paranoid point of view, I am sold
> on kubernetes. Make some auto-generation of these policies as part of
> ci pipeline, and it flows by itself after that.
Not that many places need several running instance of P of a classic
LAMP. But with kubernetes you can easily define a bolted down config. It
may use some local persistent host folders (say zfs backed) for M and
Ps. Sure, config files will be bigger than docker compose form, but
control of bolting down is greater.
Yes, hyper scale and auto scale sounds buzz-wordy, but this is a simple
mandane packaging that is nice here with kubes. Add to it an ability to
control resources allocated to each process, and a fact that admin
artifacts (kuby yaml files) can be understood almost everywhere now --
all this starts to look like a good way to pack things together. And
then you have tooling like lens and nice charts.
More information about the kwlug-disc
mailing list