Hacker News new | past | comments | ask | show | jobs | submit login

One note on the security side of things -- if you're interested in seeing what a truly hardened k8s/GKE configuration looks like, check out the Vault examples:

https://learn.hashicorp.com/vault/kubernetes/k8s-reference-a...

https://github.com/sethvargo/vault-on-gke

In summary, for your security-critical workloads you're going to want to put them in their own cluster; treat k8s in this case as an API for updating the code that's running on your VMs. (Except your VMs can run a stripped-down read-only OS like Container-OS or CoreOS).




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: