GKE3 Istio ambient mode https://istio.io/latest/docs/ambient/overview/ OverviewAn overview of Istio's ambient data plane mode.istio.iohttps://istio.io/latest/blog/2024/ambient-reaches-ga/ Fast, Secure, and Simple: Istio’s Ambient Mode Reaches General Availability in v1.24Our latest release signals ambient mode – service mesh without sidecars – is ready for everyone.istio.io # 앰비언트 모드-> 사이드카 모드(기존의 사이드카 프록시를 사용하는 방식)와 달.. 2025. 1. 4. GKE workload identity # Grant gcp permissions to pods using workload identity -> Rather than granting a gcp service account to individual nodes or the entire cluster, a k8s service account is created, and the k8s service account is set to assume the gcp service account role, thereby granting gcp specific service permissions only to the pod. https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity?hl=k.. 2023. 7. 1. Kubernetes Secrets Store CSI Driver Kubernetes Secrets Store CSI Driver -> k8s CSI(Container Storage Interface) 볼륨을 통해 secrets stores 와 k8s 를 통합하는 플러그인 -> secrets stores 의 시크릿을 k8s secret 으로 동기화도 가능(반드시 파드에 볼륨으로 마운트를 해줘야 sercet 리소스가 생성됨) # gcp secret manager 와 gke 클러스터를 통합하여 사용 가능 https://cloud.google.com/secret-manager/docs/using-other-products#google-kubernetes-engine # 설치 https://secrets-store-csi-driver.sigs.k8s.io/getting-sta.. 2023. 3. 7. 이전 1 다음
