- Separate etcd CA
- Separate etcd peer CA
- network isolation of etcd to only talk to api servers
- enable secret encryption (experimental feature)
- secure Kubernetes cluster via pod tolerations / node selectors / pod security policies as appropriate
- don't get tiller more access than it needs
Last active
October 19, 2017 17:56
-
-
Save venezia/29b2f51997ac36ed81fadf449fa8c13c to your computer and use it in GitHub Desktop.
secure etcd
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment