-
Notifications
You must be signed in to change notification settings - Fork 1
Competitor: Kubernetes
Kyle Kamperschroer edited this page Jan 26, 2016
·
3 revisions
An abstraction layer and toolchain for deploying "pods" (the atomic unit for your service) which consist of containers. Includes a reconciliation (health manager) loop that attempts to take a step towards making the current state of the world into the desired state of the world.
Pods are built of containers that make no sense apart. For example, an nginx container and a git sync container for the static content used by nginx.
Secrets are fairly transparent, and dropped into pods at deploy time. To enable access to a secret in a pod you:
- Create a secret file for that one secret, giving it a name, some metadata, the actual data, etc.
- In the pod description file add the name of the secret as a requirement.
- Access the secrets from a mounted secrets directory in the pod.
- Integration with the rest of the Kubernetes infrastructure. You can define and register a secret.
- Ease of use for access. Just reading a file.
- No auditing
- Bad code allowing remote code execution exposes the secrets
- Rolling secrets requires full deployment