The TokenRequest API enables the creation of tokens that aren’t persisted in the Secrets API, that are targeted for specific audiences (such as external secret stores), have configurable expiries, and are bindable to specific pods.
When building systems, monitoring is extremely important to know the health of your system. Be it a car, with its basic engine light, a server that checks that a process is running, or a complicated distributed system that ensures things are happening within acceptable latencies.
The recommended way to run etcd for kubernetes is to have your etcd cluster outside of the kubernetes cluster. Great, good stuff. But you also run Prometheus via the Prometheus Operator to monitor everything about your cluster.
Using the Prometheus Operator, the general way we define what targets should be scraped is using a ServiceMonitor This works great for services that are running in your cluster and already have a service definition.
One nice use of name spaces is to split up development environments such as dev, qa, staging, production etc. However, you may still find yourself wanting more separation that just the name spaces.
In k8s 1.7 the deprecated kubelet flag of register-schedulable officially got removed. Which means in order to keep pods from being scheduled on your controllers you now need to use register with taints