kubernetes集群上的单独应用程序
[英]separate applications on kubernetes cluster
问题描述
i'm thinking of creating a kubernetes cluster on my 5 servers to provide a platform for all the teams in our company. 
我正在考虑在我的5台服务器上创建一个kubernetes集群,以便为公司中的所有团队提供一个平台。
but how can i separate different applications (multiple services) from each other. 但是我如何才能将不同的应用程序(多种服务)彼此分开。 i mean, if team1 wants to deploy an web-application (1 nginx, 1 java-applicationserver, 1 mongodb). 我的意思是,如果team1要部署Web应用程序(1个Nginx,1个Java应用程序服务器,1个mongodb)。 and team2 a completely other web-application (1 nginx, 1 php, 1 mysql). 和team2一个完全其他的Web应用程序(1个nginx,1个php,1个mysql)。
how can i achieve that for example team2-php-pod is not able to access team1-mongodb in kubernetes? 我如何才能实现例如team2-php-pod无法访问kubernetes中的team1-mongodb? i tried to get this information from kubernetes-doc, but i couldn't figure it out. 我试图从kubernetes-doc获得此信息,但我不知道。
2 个解决方案
解决方案1
1 2016-01-13 22:38:13
You can use namespaces to separate different applications. 您可以使用名称空间来分隔不同的应用程序。 Or simply append a team-name to all your pods/services. 或者只是将团队名称附加到您的所有pod /服务中。
Of course, that only prevents pods from talking to the wrong DB/backend, but that does not take care of 'securing' the DB. 当然,这只能防止Pod与错误的数据库/后端进行通信,但是并不能保证数据库的“安全”。 If you need to make sure one team does not have actual access to another team's DB, you would need to setup authentication / permissions on the DB. 如果需要确保一个团队对另一团队的数据库没有实际访问权限,则需要在数据库上设置身份验证/权限。
解决方案2
0 2016-01-13 19:23:34
Kubernetes is a single tenanted solution, meaning it's designed to run applications belonging to a single user. Kubernetes是一个单一租户解决方案,这意味着它旨在运行属于单个用户的应用程序。
Hypernetes is a project designed to make Kubernetes operate in a multi-tenanted manner (users sharing the same underlying hardware). Hypernetes是一个旨在使Kubernetes以多租户方式运行的项目(用户共享相同的基础硬件)。 It is obviously more complicated to setup. 设置起来显然要复杂得多。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.