or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Syncing
xxxxxxxxxx-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
Subscribe你的 EKS 安全嗎?由安全性角度切入探討 Kubernetes on AWS - 徐維澤
歡迎來到 Kubernetes Summit'20 共筆
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →共筆入口:https://hackmd.io/@k8ssummit/20
手機版請點選上方 按鈕展開議程列表。
user太多還要一個一個加太麻煩 ==> 用IAM role取代IAM user
避免使用service account token
service account 應該為 app 訂製,保持最小權限原則。
避免用 root 執行 docker image,避免提權攻擊。
customize minimum image.
Don't put any secure in imagr
Don't put docker in docker
限制掛在目錄路徑。
Pod Security Policy(PSP)
QoS 到底要不要設
Multi Tenancy
EKS Encryption in transit
k8s network policy
Host security
monitoring
Incident response
Conclusion
tags:
k8ssummit20k8s