Hacker News new | past | comments | ask | show | jobs | submit login

One note on the security side of things -- if you're interested in seeing what a truly hardened k8s/GKE configuration looks like, check out the Vault examples:



In summary, for your security-critical workloads you're going to want to put them in their own cluster; treat k8s in this case as an API for updating the code that's running on your VMs. (Except your VMs can run a stripped-down read-only OS like Container-OS or CoreOS).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact