참고 블로그: https://overcast.blog/24-kubernetes-mastersconfigurations-29235c65b337
Advanced Workload Management
- Affinity and Anti-Affinity
- Taints and Tolerations
- Pod Disruption Budgets (PDB)
- Using Init Containers for Setup Scripts
- Pod Topology Spread Constraints
- Custom Scheduler
Resource Optimization & Efficiency
- Horizontal Pod Autoscaler (HPA) Based on Custom Metrics
- Volume Snapshotting for Stateful Applications
Security Enhancements
- Network Policies for Enhanced Pod Communication Control
- Pod Security Policies (PSP)
- Network Policies for Egress Control
- Seccomp Profiles for Syscall Filtering
Efficient Cluster Management
- Read-Only Root Filesystems
- Kubernetes Secrets for Sensitive Data
Efficient Cluster Management
- Resource Quotas and Limit Ranges
- Node Affinity
- Auto-scaling Nodes with Cluster Autoscaler
- Quota Management for Namespaces
- Proactive Node Maintenance with Node Problem Detector
- PriorityClass for Workload Precedence
- CronJobs for Regular Tasks
Networking & Service Discovery
- Ingress for External Access
- Service Mesh with Istio
- ExternalDNS for Dynamic DNS Management
Best Practices:
- Securely manage credentials for your DNS provider, potentially using Kubernetes Secrets.
- Monitor ExternalDNS logs and metrics to ensure DNS records are updated as expected and troubleshoot any issues.
- Limit the –domain-filter to specific domains under your management to prevent accidental modifications to unrelated DNS records.