accessing each pod in a cluster over the api

Multi tool use
up vote
1
down vote
favorite
I have a deployment layout where there would be various pods (each pod dedicated for each user has a service listens on a particular port). I need to give customer access to their pod directly without revealing the specific port and other secure stuff like cluster certificate details to the user of each pod. Should I go about over vs the other or would it even work?
a) How can I do that over the api server ?
b) Can I create a custom pod access service with a custom certificate to handle all pod access requests.
c) Or do I need a CNI plugin to assign each pod a public ip hosting everything on a cloud vpc?

add a comment |
up vote
1
down vote
favorite
I have a deployment layout where there would be various pods (each pod dedicated for each user has a service listens on a particular port). I need to give customer access to their pod directly without revealing the specific port and other secure stuff like cluster certificate details to the user of each pod. Should I go about over vs the other or would it even work?
a) How can I do that over the api server ?
b) Can I create a custom pod access service with a custom certificate to handle all pod access requests.
c) Or do I need a CNI plugin to assign each pod a public ip hosting everything on a cloud vpc?

If you provide a direct access to the pod then what would stop the user from getting information about cluster ip/port and certificates? You have to limit the access to a user or an area, maybe a jail.
– Crou
19 hours ago
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have a deployment layout where there would be various pods (each pod dedicated for each user has a service listens on a particular port). I need to give customer access to their pod directly without revealing the specific port and other secure stuff like cluster certificate details to the user of each pod. Should I go about over vs the other or would it even work?
a) How can I do that over the api server ?
b) Can I create a custom pod access service with a custom certificate to handle all pod access requests.
c) Or do I need a CNI plugin to assign each pod a public ip hosting everything on a cloud vpc?

I have a deployment layout where there would be various pods (each pod dedicated for each user has a service listens on a particular port). I need to give customer access to their pod directly without revealing the specific port and other secure stuff like cluster certificate details to the user of each pod. Should I go about over vs the other or would it even work?
a) How can I do that over the api server ?
b) Can I create a custom pod access service with a custom certificate to handle all pod access requests.
c) Or do I need a CNI plugin to assign each pod a public ip hosting everything on a cloud vpc?


asked Nov 10 at 14:38
kahmed
462
462
If you provide a direct access to the pod then what would stop the user from getting information about cluster ip/port and certificates? You have to limit the access to a user or an area, maybe a jail.
– Crou
19 hours ago
add a comment |
If you provide a direct access to the pod then what would stop the user from getting information about cluster ip/port and certificates? You have to limit the access to a user or an area, maybe a jail.
– Crou
19 hours ago
If you provide a direct access to the pod then what would stop the user from getting information about cluster ip/port and certificates? You have to limit the access to a user or an area, maybe a jail.
– Crou
19 hours ago
If you provide a direct access to the pod then what would stop the user from getting information about cluster ip/port and certificates? You have to limit the access to a user or an area, maybe a jail.
– Crou
19 hours ago
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53240008%2faccessing-each-pod-in-a-cluster-over-the-api%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
CsTxOvsYJ7BiJ Dq w3
If you provide a direct access to the pod then what would stop the user from getting information about cluster ip/port and certificates? You have to limit the access to a user or an area, maybe a jail.
– Crou
19 hours ago