托管Kubernetes提供者如何隐藏主节点? [英] How do managed Kubernetes providers hide the master nodes?

问题描述

如果我在GKE，EKS或DigitalOcean Kubernetes上运行kubectl get nodes，则只能看到工作程序节点.如何在网络或应用程序级别上设计这些系统，以在工作人员和主服务器之间建立这种隔离?

If I run kubectl get nodes on GKE, EKS, or DigitalOcean Kubernetes, I only see the worker nodes. How are these systems architected at the network or application level to create this separation between workers and masters?

推荐答案

您可以在Kubernetes外部运行Kubernetes控制平面，只要工作节点对控制平面具有网络访问权限即可.大多数托管的Kubernetes解决方案都使用这种方法.

You can run the Kubernetes control plane outside Kubernetes as long as the worker nodes have network access to the control plane. This approach is used on most managed Kubernetes solutions.

这篇关于托管Kubernetes提供者如何隐藏主节点?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！