Kubernetes:执行容器之前的策略检查 [英] Kubernetes: Policy check before container execution
问题描述
我是Kubernetes的新手,我想看看是否有可能在编排流程中加入容器执行生命周期事件,以便我可以调用API来传递容器的详细信息,并查看其是否允许在给定的环境,位置等条件下执行此容器.
I am new to Kubernetes, I am looking to see if its possible to hook into the container execution life cycle events in the orchestration process so that I can call an API to pass the details of the container and see if its allowed to execute this container in the given environment, location etc.
检查的示例可能是:容器只能在欧洲或美国的数据中心中运行.因此,在某人尝试执行此容器之前,不应在该区域数据中心之外执行该容器.
An example check could be: container can only be run in a Europe or US data centers. so before someone tries to execute this container, outside this region data centers, it should not be allowed.
有人可以建议我,如果可能的话,什么是实现这一目标的最佳方法.
Can someone please suggest me if this is possible and what is the best way to achieve this.
关于, 基兰
推荐答案
如果您不想从头开始...这里有一个Cloud Native Computing Foundation(正在孵化)项目- Kubernetes 似乎可以提供您想要的东西. (我不隶属于该项目)
If you don't want to start from scratch...there is a Cloud Native Computing Foundation (incubating) project - Open Policy Agent with support for Kubernetes that seems to offer what you want. (I am not affiliated with the project)
这篇关于Kubernetes:执行容器之前的策略检查的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
