Central Components

Short Descriptions of the Central Components of the Kubernetes Cluster to understand the Layout

Cilium

As the Container Network Interface (CNI) in Kubernetes, we use Cilium. This component manages the network connections between services, pods, and the external world. It is also responsible for our Firewall service and determines the routing of packets leaving the cluster.

Istio

Istio is another central component we are using. It serves us as both an ingress and egress gateway for routing HTTP(S) traffic in and out of the cluster. Additionally, it functions as a service mesh, allowing us to implement features like multi-cluster setups and mutual TLS.

Gatekeeper

To enforce security policies within Kubernetes, we utilize Gatekeeper. Through policies, we restrict certain resources and can enforce the setting of specific fields, such as resource limits. We also use Gatekeeper to modify resources upon creation in order to enforce certain defaults.

Creating erroneous resources results in error messages during creation. For resources like pods that should be automatically generated from ReplicaSets, these error messages can be found in the events.