Search.setIndex({docnames:["chapters/appendix-a","chapters/chapter01","chapters/chapter02","chapters/chapter03","chapters/chapter04","chapters/chapter05","chapters/chapter06","chapters/chapter07","index"],envversion:{"sphinx.domains.c":2,"sphinx.domains.changeset":1,"sphinx.domains.citation":1,"sphinx.domains.cpp":4,"sphinx.domains.index":1,"sphinx.domains.javascript":2,"sphinx.domains.math":2,"sphinx.domains.python":3,"sphinx.domains.rst":2,"sphinx.domains.std":2,"sphinx.ext.intersphinx":1,sphinx:56},filenames:["chapters/appendix-a.rst","chapters/chapter01.rst","chapters/chapter02.rst","chapters/chapter03.rst","chapters/chapter04.rst","chapters/chapter05.rst","chapters/chapter06.rst","chapters/chapter07.rst","index.rst"],objects:{},objnames:{},objtypes:{},terms:{"0":[1,3,4,6,8],"00":[2,7],"001":[1,2,4],"002":[2,3,4,7],"003":[2,3,4],"004":[2,3,4,7],"005":[2,4,7],"006":[2,3,4,7],"007":[2,4,7],"008":[2,4,7],"009":[2,4],"01":[2,3,4,8],"010":[2,4],"011":[2,4],"012":[2,4],"013":[2,4],"014":[2,4],"015":[2,4],"016":[2,4],"017":[2,4],"018":[2,3,4],"019":[2,4],"02":[2,4,8],"020":[2,4],"021":[2,4],"022":4,"023":4,"024":4,"025":4,"026":4,"027":4,"028":4,"029":4,"03":[2,3,4,7,8],"030":4,"031":4,"032":[2,4],"033":4,"034":4,"035":4,"036":4,"037":4,"038":4,"039":4,"04":[2,3,4,8],"040":4,"041":4,"042":4,"043":4,"044":4,"045":4,"05":[2,3,4,8],"06":[1,2,3,4,8],"07":[2,3,4,8],"08":[2,3,4],"09":[2,3],"1":[1,2,3,4,5,6,8],"10":[2,3,4],"100":[2,6],"1000":6,"10250":[5,6],"10257":5,"10259":5,"1048576kib":4,"10gbp":4,"10th":8,"11":[1,2],"12":2,"123":[2,3],"1234":3,"123456789":3,"125":2,"13":[2,3],"14":[2,4],"140":5,"14th":8,"15":2,"150":[2,6],"15th":8,"16":[1,2,4],"16tb":2,"17":[2,4],"17763":4,"18":[2,4],"1809":4,"1gi":4,"1st":8,"2":[2,3,4,5,8],"20":[2,4],"200":2,"2000":4,"2012":2,"2013":2,"2018":1,"2019":1,"2020":8,"2021":8,"2022":8,"2048kib":4,"204a":5,"204b":5,"21":[3,6,7],"23":8,"2379":5,"2380":5,"24":4,"25":2,"250":2,"25gbp":4,"25th":8,"27":2,"27001":2,"27002":2,"27031":2,"27032":2,"27035":2,"29th":8,"2mi":4,"3":[2,3,4,8],"30":2,"300":2,"30000":5,"32":2,"320":2,"320gb":4,"32767":5,"32gb":4,"3306":3,"3402":2,"3456":3,"4":[2,3,4,8],"40":2,"400":2,"4th":8,"5":[2,3,4,8],"50":2,"500":2,"509":2,"5gb":4,"6":[2,4,8],"60":[2,4],"600":2,"64":4,"6443":5,"7":[2,3,4,5,8],"75":2,"8":[2,4,5,8],"800":[2,5],"9":[2,4],"999":4,"abstract":[2,3],"break":6,"case":[0,2,3,4,7],"class":[3,4,6],"default":[0,2,3,4,5,6],"do":[0,3,4,5],"final":[1,7],"function":[1,2,4,5,6,7],"import":[3,4,5],"int":[2,4],"long":3,"new":[3,4,5,6],"public":[0,1,2,5],"return":3,"static":[2,3,4,6],"switch":[1,3],"transient":2,"true":4,"try":7,"var":[4,6],"while":[1,3,5,7],A:[2,3,4,5,6,8],AND:6,As:[3,5,7],At:2,By:[0,3,5],For:[1,2,3,4,5,7,8],IT:5,If:[0,1,2,3,4,5,7],In:[0,1,2,3,4,5],It:[1,2,3,5,6],NOT:[2,6],No:[2,3,4],Not:[2,3],On:[2,3],One:3,Such:[3,5],The:[0,1,2,3,4,5,6,7],There:[1,2,3,5],These:[1,3,4,5],To:[0,1,2,3,4,5],With:[1,2],abc:7,abil:[2,7],abl:[2,3,4,6,7],abnorm:3,abov:[2,3,4,7],acc:[2,4],acceler:[2,4,6],accept:[2,5],access:[0,1,2,3,4,7],accord:4,accordingli:2,account:[2,3,4,5],accur:3,achiev:[1,3,5],across:[0,3,4,7],act:6,action:[2,5],activ:[1,2,3,5],actor:2,actual:3,ad:[3,4,5,7],adapt:[3,6],add:[0,1,3,4,5],addit:[1,2,3,5],addition:3,address:[2,3,4,6,7],adequ:7,adjac:3,admin:[0,5],administ:[4,7],administr:[0,2,3,4,5],admiss:6,admissionregistr:6,adopt:[1,5],adress:7,advanc:5,advantag:[2,3,4,5],advertis:[3,4],affect:[2,3,4,5],affin:[0,3,6],after:[2,4,5,6],against:[2,5,6,7],agent:[4,6],aggreg:[3,5],agre:3,alarm:2,alert:[0,2,3,5],algorithm:3,alibaba:7,align:[1,2,3,4],aliv:6,all:[0,2,3,4,5,6],alloc:[0,2,3,4,5,6],allocat:[3,4],allow:[0,1,2,3,4,5,6,7],along:[1,2,3],alpha:[3,4,6,7,8],alreadi:[1,3,4],also:[1,2,3,4,5,7],altern:[0,1,3,4,7],although:6,alwai:[1,3,5,6],among:[2,3],amount:0,an:[0,1,2,3,4,5,6,7],analys:[2,6],analysi:[2,3,5],analyz:2,ani:[0,2,3,4,5,7],annot:[3,4],announc:3,annual:7,anomal:[2,5],anomali:[2,5],anoth:[3,5],answer:[3,6],anuket:[1,3,4,6],anywher:3,apart:4,api:[0,1,2,3,4,7,8],apiextens:6,apiregistr:6,apiserv:[3,4,6],apivers:3,app:[2,3,4],appendix:8,appli:[0,2,3,4,5],applic:[1,2,5,7,8],approach:[3,4,5],appropri:[2,3],approv:[1,2,5],ar:[0,1,2,3,4,5,6,7],arch:2,architectur:[1,5,7],area:[2,4],aren:3,art:1,artefact:3,artifact:[2,4,7],asd:4,asp:2,aspect:[0,5],assert:2,assess:2,assessor:2,asset:5,assign:[0,2,3,5,6],assist:1,associ:[1,2,3,4,5],assur:2,astructur:2,attach:[2,3,4],attack:[2,4,5],attempt:2,attest:2,attribut:[3,4,5,6],audit:[2,5],auth:5,authent:[2,6],author:[2,5,6],auto:[2,3],autom:[0,1,2,3,4,5],automat:[4,5,6],automountserviceaccounttoken:4,autosc:6,autoscal:4,avail:[1,2,3,4,5,6,7],avl:[2,4],avoid:[1,4,5],awar:[2,3,4,5],b:[3,8],back:[2,3,5,6],backend:[3,4],backup:3,backward:[2,4],balanc:[3,7],baldi:8,bandwidth:2,baraqu:8,bare:[2,3,4],baremet:[0,3],base:[0,1,2,4,5,6],baselin:[2,4,7],basic:[1,2,3,4,6],batch:6,becaus:[3,4,5],becom:2,been:[1,2,3,4,5,7],befor:[1,2,3,5],behav:4,behavior:[2,3],behaviour:[2,4,5],behind:[5,7],being:[0,1,2,3,4,5,7],belong:0,below:[2,3,4],benchmark:5,benefici:3,benefit:4,best:[0,2,3,5],beta:[3,4,6],better:3,between:[0,2,3,4,5,6,7],beyond:[3,4,7],bgp:3,bi:7,bigger:4,bill:2,bind:5,bio:4,blast:0,bld:2,block:[2,3,5],blue:3,bold:2,boot:2,bootstraptoken:6,both:[1,2,3,4,5,6,7],bottleneck:1,boundari:[0,3],boundserviceaccounttokenvolum:6,bpf:3,breach:[0,5],bronz:2,buggi:6,build:[0,1,2,3,5],burden:7,busi:2,bypass:5,ca:2,cac:2,cach:[2,3],calico:4,call:[3,5],can:[0,1,2,3,4,5,6,7],cannot:[1,3,6],cap:[2,3,4],capabl:[1,3,4,7],capac:[0,2,3,4],captur:3,card:[2,4],care:[3,7],carefulli:[3,7],cascad:7,catalogu:[2,3],categor:7,categori:[2,3],categoris:[2,3],cater:4,caus:[2,3,5],cd:5,center:[2,5],centr:3,central:[2,3,7],centralis:[3,4],certain:[0,1,3],certif:[2,5,6],certifi:[2,5],cfg:[2,3,4,7],cgroup:3,ch:[2,4],challeng:7,chang:[1,2,3,4,6,7],channel:[2,5],chapter:[1,2,3,4,6,7,8],characterist:3,charg:7,chart:4,cheat:2,check:[5,6],choic:1,choos:[2,3,7],chose:7,chosen:[3,4],ci:[2,4,5,7],cicd:0,cidr:4,cinder:[3,4],cisecur:2,claim:3,clair:2,clean:2,clear:[1,2],clearli:[2,4],client:[1,3,5,6],clone:2,close:3,cloud:[0,3,5],cloudsecurityalli:2,cluster:[1,2,4,7],cncf:[1,2,3,4,6,7],cnf:[0,1,3,4,5,7],cni:[0,3,4,7],cnivers:3,cnt:[2,4],co:[3,5],coalesc:1,code:[2,3,5],collect:[2,3],coloc:4,com:[2,4,7],combin:[1,3],come:5,command:[2,3,5,6],comment:2,commentari:4,commerci:5,committe:1,common:[1,2,3,7],commonli:7,commun:[1,2,3,4,5,6,7],compani:7,compar:5,comparison:[3,5],compat:[0,1,2,4],compil:2,complet:[1,2,3,4,6,8],complex:3,compli:[2,3,4],complianc:[2,3,4,5],compliant:[2,4,7],compon:[1,2,3,5,6],composit:2,comprehens:3,comprehensivenamespacedrain:6,compress:2,compris:2,compromis:5,comput:[0,1,2,4],concept:3,concern:[4,5],concis:1,conclus:5,concret:4,condit:5,confidenti:2,config:[3,4],configmap:4,configur:[0,1,2,4,5,6,7],conflict:7,conform:[1,2,3,4,6],connect:[2,3,4,5,6,7],consid:[1,3,5,7],consider:[2,3],consist:[1,2,3,4,5],consolid:2,constraint:[1,2,3],consum:[0,2,3,4],consumpt:[2,4],contain:[0,1,2,6],containerd:[3,4],containeris:[1,2,3],containerport:3,content:2,context:1,continu:[2,3,4],contrast:2,contribut:6,contributor:1,control:[0,1,2,3,4,6],controversi:1,coordin:[2,3,6],copi:[3,4],coprocessor:2,core:[2,3,4,5,6],correct:[2,3],correctli:5,corrupt:4,cost:1,could:[0,4,7],countri:2,coupl:1,cover:[2,4],cpu:[0,2,4],cpumanag:4,cpuset:3,crd:3,creat:[0,1,2,3,4,6],creation:[1,2,3,4,5,6],credenti:[2,5,6],cri:[3,4,7],crio:4,critic:[2,5],cronjob:3,cross:[4,6],crossnamespacepodaffin:6,crt:[2,4],crucial:5,crypto:2,cryptocurr:5,cryptograph:2,csa:2,csi:[0,3,4],csidriverregistri:4,csiinlinevolum:4,csinodeinfo:4,csipersistentvolum:4,current:[1,2,3,7],custom:[0,4,6],customis:[1,3],cve:2,cvss:2,cybersecur:2,cycl:[2,3,7],daemon:[3,4,6],daemonset:[3,6],daemonsetupdatesurg:6,danm:[3,7],dast:2,data:[2,3,4,5,7],databas:5,dataplan:3,date:[1,2,8],dc:3,de:3,deb:4,debug:5,decis:[0,1],declar:[1,2,3,4],decoupl:3,decreas:4,dedic:[2,3,4,5],deep:3,defacto:3,defenc:[2,5],defend:5,defens:2,defin:[0,1,2,3,4,6],definit:[0,1,3,4,5],del:2,delet:[1,3,4,6],deliv:[2,3,4],deliveri:2,demand:[3,5,7],democrat:1,demonstr:7,depend:[1,3,4,5,7],depict:3,deploi:[1,2,3,4,5,7],deploy:[0,1,2,3,4,5,7],deprovis:2,describ:[1,2,3,4,6,7],descript:[1,2,3,6,7],descriptor:[3,4],design:[0,2,3,5],desir:[0,3],destin:[2,4],destroi:3,detail:[1,2,3,4,7],detect:[2,3,5],determin:[1,3,4],dev:5,develop:[1,2,3,5,8],devic:[1,2,4,6],deviceplugin:4,di:3,diagram:3,diamet:[2,3],die:3,differ:[0,2,3,4,5,6,7],differenti:3,digit:[2,5],ding:4,direct:2,directli:[0,2,3,4,5],directori:[3,4,5],disabl:[2,4,5,6],discov:[2,3],discoveri:[4,5,6],discuss:7,disk:5,dispos:4,disrupt:6,distinct:[3,5],distribut:[3,4,5],divid:3,divis:3,dn:[2,4,6],doc:3,docker:[4,5],document:[1,2,3,4,5],doe:[0,2,3,4,7],doesn:[3,4],domain:[0,2,4],don:5,done:[2,3,5,7],door:2,down:2,downgrad:4,download:2,downsid:1,downstream:3,downward:6,downwardapihugepag:6,dpdk:[2,3,4],dragon:2,drain:4,drive:[1,4],driven:2,driver:[2,3,4],drop:[2,3,6],dual:[2,3,4,6],due:[1,2,3,4],duplic:4,dure:[2,3,5],duti:[2,5,7],dynam:[1,2,3,5],e:[0,1,2,3,4,5,6,7],each:[0,1,3,4,5,7],easi:[3,5],easier:[5,6],easili:[4,5],east:3,eb:[3,4],ecmp:[2,3],ecosystem:[1,5],edit:2,effect:[2,5],effici:2,effort:[3,7],eg:3,egress:[3,5,7],eight:4,either:[0,1,2,3,4,5,6,7],elasticsearch:6,elbru:8,element:[1,2,7],els:4,embed:5,embrac:2,empow:1,emptydir:4,emul:1,en:2,enabl:[0,1,2,3,4,6],encapsul:[2,3],encrypt:[2,3,4],end:[3,5,6],endpoint:[3,5,6],endpointslic:3,energi:2,enforc:[2,6,7],engag:2,engin:[1,2],enhanc:[2,3,5],enough:[1,3],ensur:[0,2,3,4,5],entir:[0,3,5],entiti:2,entri:2,env:6,environ:[1,2,3,5],environment:2,ephemer:[3,4,6],ephemeralstorag:6,equal:2,equip:4,equival:[2,5],error:[4,6,7],escal:[2,3,4,5],especi:[5,6],essenti:[3,5],etc:[0,2,3,4,5,7],etcd:[3,4],eth0:3,ethernet:3,etsi:4,evalu:7,even:[2,3,4,5,7],event:[2,5,6],everi:[3,5],everyon:1,everyth:6,evict:6,evid:1,evolv:1,examin:7,exampl:[1,2,3,5,6,7],exc:1,exce:2,except:5,exclus:3,execut:[3,4,5],exemplifi:1,exercis:2,exist:[1,2,3,4,5,6,7],exit:6,expand:[1,2],expandinusepersistentvolum:6,expect:[1,3,5],experimentalresourceusagetrack:6,expir:6,explain:1,explicitli:[2,3,6],exploit:5,expos:[2,3,4,5,7],exposur:2,extend:[3,4],extens:[0,1,2,3],extern:[2,3,4,6],externalnam:[2,4],extra:[4,5],fabric:[2,3],facilit:1,facto:3,factor:5,failur:[2,3,5,7],fairli:5,fals:4,famili:4,familiar:5,fast:6,fault:[2,4,7],fc:3,featur:[1,2,4,5,7,8],feder:3,feed:3,feedback:8,field:[2,6],figur:[1,3,4],file:[2,3,4],filesystem:[3,4],fill:1,filter:2,find:[5,7],finish:6,fip:5,firewal:[2,3,5],firmwar:3,first:[4,5],five:4,fix:[2,3,5],flag:[4,5],flavour:2,flaw:5,flexibl:[1,3],flexvolum:6,flood:2,flowcontrol:6,focu:[0,2,3],focus:2,focuss:4,follow:[1,2,3,4,5,6],forbidden:6,form:[1,2,3],formal:[3,5],foster:1,found:[3,4],foundat:[1,3],four:[3,4],fpga:[2,3,4],framework:[1,4,5],free:[2,3],frequent:1,freshli:5,from:[0,1,2,3,4,5,6,7],front:3,fsgroup:6,fulfil:[3,4],full:[1,3,4,5],fulli:[2,5],fundament:5,further:7,fuzz:2,fuzzer:2,g:[0,2,3,4,5,7],ga:[4,6],gain:5,gap:[1,2,3,8],gate:[4,5],gatewai:[3,7],gb:2,gbp:2,gen3:4,gen:[2,4],gener:[1,2,3],genev:[2,3],geograph:2,geoloc:2,gib:3,github:1,gitlab:2,give:[3,7],given:3,gkelocalssd:6,glossari:1,goal:1,good:5,govern:5,gp:2,gpu:[2,3,6],gpudeviceplugin:6,gpuupgrad:6,grade:7,grant:5,greater:4,green:3,group:[0,1,2,3,4],grow:[1,7],grpc:3,guarante:[3,4],guest:[2,3],gui:2,guid:[1,2],guidanc:[1,2,8],guidelin:2,h:2,ha:[1,3,4,5,6,7],hack:5,had:5,hand:3,handl:[1,2,3,4,5,6],handler:6,happen:[0,6],hard:[5,7],hardcod:4,harden:2,hardwar:[1,4,5],hardwareprofil:3,have:[0,1,2,3,4,5,6,7],hdd:2,header:[2,4],heal:4,healthcar:2,helm:[1,2,3,4],help:[3,5],henc:[4,5],here:[0,1,3,4,6],hibern:2,high:[1,2,4,5,8],higher:[2,3,4],highli:[4,5],highlight:7,hint:3,hog:4,hold:5,home:3,horizont:[2,3,4],host:[0,2,3,4],hostipc:4,hostnam:4,hostnetwork:4,hostpath:[3,4],hostpid:4,hous:4,how:[1,3,4,5],howev:[0,2,3,7],hpa:4,http:[2,3,5],huge:[2,4,6],hugepag:[4,6],hw:[2,3,4],hybrid:[1,2],hypervisor:[2,3],i:[1,2,3,4,6],iaa:[2,3,7],iast:2,icmp:2,ict:2,id:[2,4,7],id_token:5,ideal:5,ident:[2,3,4,5],identifi:[0,2,3,4,5,7],iec:2,illeg:2,imag:[0,2,3,4,5],img:2,immateri:2,immut:[1,2,4],impact:[0,1,2,5],impair:3,imperson:5,implement:[0,1,2,3,4,5,7],impli:5,implic:1,improv:2,inbound:3,incid:2,incl:0,includ:[0,1,2,3,4,5,6,7],incompat:1,inconsist:7,increas:[0,4,7],independ:[2,3,4,7],index:[4,6],indexedjob:6,indic:[2,4,6],indirectli:2,individu:[1,4,7],industri:[1,3,7],inf:[2,3,4,7],infiniband:3,influenc:3,inform:[2,3,4,5],infr:2,infra:[2,3,4],infrastructu:2,infrastructur:[0,1,4,5,7],ingress:[2,3,4,5,6,7],ingressclass:6,inher:5,initi:[2,3,4],initialis:3,innov:[1,8],input:[2,3,4],insecur:5,insid:[3,4],insight:3,inspect:2,instal:[2,3,4,5],instanc:[3,4,5,6],instanti:[2,3,4],instead:[3,5],instruct:3,integ:[3,4],integr:[2,3,4,5,7],intend:3,intens:[3,4],intent:1,interact:[1,2,3],interest:[1,2,3],interfac:[1,3,4,5],interfer:[2,3],intern:[2,3,5,6],internet:[2,5,6],interpret:[2,3],interwork:7,intra:6,introduc:7,invalid:2,invas:1,inventori:2,invest:3,involv:[2,3],io:[1,2,3,4,6],iop:[2,3],iov:[1,2,3,4],ip:[2,3,4],ipam:[3,4],ipc:4,iperf2:6,ipsec:2,iptabl:3,ipv4:[2,3,4,6],ipv6:[2,3,4,6],ipv6dualstack:[4,6],ipvlan:[2,3,4],irreconcili:0,isa:2,iscsi:[3,4],ismss:2,iso:2,isol:[2,3,4,8],isolcpu:3,issu:[2,3,4,5],istio:5,item:[1,5],iti:2,its:[0,2,3,4,5],itself:[1,3,5,6],jan:8,januari:8,job:[3,6],jul:8,jump:2,jun:8,june:1,just:[3,5,7],k8:[2,3,4,6,7],kali:8,kcm:[2,4],keep:[3,5],kei:[1,2,3,5,6],kernel:[0,3,4,5,7],kibana:6,kind:3,knid:3,know:[2,3],knowledg:3,known:[2,3,5],kube:[3,4,5,6],kubeadm:4,kubectl:5,kubelet:[3,4,6],kubemci:6,kubenet:4,kubeproxi:3,kubeproxydaemonsetmigr:6,kubeproxydaemonsetupgrad:6,kubernet:1,kubevirt:7,l2:[2,3],l3:7,l3aa:3,l3vpn:7,l7:2,l:2,la:2,label:[0,3,4,5,6],labl:4,lack:[2,5,7],lakels:8,lan:5,lane:[2,4],larg:1,latenc:[3,4,7],later:[1,4],latest:[2,4],launch:6,law:2,layer:[1,2,3,4],lbaa:3,lcm:[0,1,2,3,4],ldap:[3,5],lead:[0,5],lean:2,least:[1,2,4,5,7],led:5,left:5,less:[3,4,5],level:[0,1,2,5,6,8],leverag:[1,2,3],li:7,librari:[1,3],libvirt:2,life:[2,3,7],lifecycl:[1,2,4,5,7],lightweight:5,like:[2,3,5,7],limit:[0,1,2,3,4,5,6],line:[1,2],linkerd:5,lint:4,linux:[0,2,3,4,5],list:[1,2,3,4,6,7],listen:[3,5],live:[1,3,4,6],livenessprob:[4,6],load:[3,5,7],loadbalanc:[2,4],local:[2,3,4,5,6],localstoragecapacityisol:6,locat:[2,3],log:[0,2,3,6],logic:[0,2,3],login:2,longer:5,loop:3,loos:[1,4],loss:4,lot:8,low:[2,3],lower:3,m:7,machin:[0,1,2,4,5],macvlan:[3,4],made:[3,5,6],mai:[0,1,2,3,4,5,6,7,8],main:[3,6],mainli:0,mainstream:6,maintain:[1,2,3,6,7],major:5,make:[1,2,3,5,6,7],malform:2,malici:[2,5],malwar:[2,5],man:[2,7],manag:[0,1],mandat:[2,3],mandatori:[2,3,6],mani:[1,3,5,7],manifest:[0,2,3,4],manner:2,manual:[2,3,7],map:[1,3,4,6],mark:[4,6],mask:4,massiv:7,master:[4,5,6,7],match:[4,6],matchlabel:3,materi:2,matur:[1,2],max:2,maxim:1,maximum:6,mb:2,mciop:4,mean:[0,3,4],measur:2,mechan:[0,2,3,4,5,7],medium:2,meet:[1,3,4,7],memori:[0,2,4,7],mesh:[0,1,2,3],messag:2,met:[1,2],meta:[3,4],metadata:[2,3,6],metal:[2,3,4],method:[2,3,5],methodolog:2,metric:[3,6],mgmt:2,mib:3,micro:5,microservic:[1,5],might:[0,1,2,3],migrat:[1,2,6],mine:5,minim:1,minimalist:2,minimum:2,minor:3,miss:[2,3,7],mitig:5,mix:5,mode:[4,5,7],model:[1,3,4,5,6,7],modern:1,modifi:5,modul:[2,5],modular:3,mon:2,monitor:[0,2,3,6],more:[0,1,2,3,4,6,7],mosel:8,most:[0,3,4,5],mount:[2,3,4,5],move:3,mplsoudp:2,ms:4,much:[1,3],multi:[0,1,2,4,5],multipl:[0,2,4,5],multiplex:[3,4,7],multiprocess:2,multiten:[7,8],multithread:2,multitud:7,multu:[1,3,7],must:[0,2,3,4,7],mutual:5,my:3,n100:2,n125:2,n150:2,n1:2,n200:2,n20:2,n250:2,n25:2,n2:2,n300:2,n30:2,n3:2,n400:2,n40:2,n4:2,n500:2,n50:2,n5:2,n600:2,n60:2,n6:2,n75:2,n:[2,4],nac:2,name:[1,2,3,4],namespac:[3,4,6],namespaceselector:6,nanosecond:2,nat:3,nativ:[2,3,4,5,7],natless:[2,4],natur:3,necessari:5,necessarili:3,need:[0,1,2,3,4,5,7],neg:6,neither:4,net0:3,net:[2,3,4],netconf:7,network:[0,1],networkattachmentdefinit:3,networkpolici:[0,4,6],neutral:1,never:2,newli:2,nf:[3,4],nfd:[3,4],nfvi:3,nic:[1,2,3,4],nist:[2,5],nn10:2,nn50:2,node:[0,1,2],nodeauthent:6,nodeauthor:6,nodefeatur:6,nodeport:[2,4,5],non:[1,2,4,5,6,7],none:[3,4,6,7],nor:[4,7],north:3,nosnat:6,note:[1,2,3,4,5,7,8],notfound:6,noth:4,notifi:2,notreadi:6,npu:2,nsm:3,ntp:2,ntw:[2,3,4,7],numa:[2,3,4],number:[1,2,3,5,6,7],nvidia:6,o:[1,2,3,4,7],object:[0,2,3,4,6],observ:[1,4],occur:4,oci:[3,4],ocss:2,off:3,offer:[3,4,5,6],offload:2,often:[3,5],oidc:5,onap:4,onc:[3,6],one:[2,3,4,5,7],ones:3,ongo:7,onli:[0,1,2,3,4,5,6,7],ons:[0,3,4],onto:[3,6,7],open:[1,2,3,4,5,7],openid:5,openli:2,opensourc:5,openstack:1,openva:5,oper:[0,1,2,5,6,7],operatorhub:3,oppos:3,optimis:[2,3],option:[1,2,3,4],orchestr:[1,2],order:[0,3,4,5],ordin:3,ordinarili:4,org:2,organ:[1,7],organis:[3,5],orient:2,origin:2,os:[2,3,4,5],oss:2,ost:[2,4],other:[2,3,4,5,7],otherwis:3,out:[1,2,3,4,5],outcom:4,outlin:3,outsid:[1,2,3,5],over:[1,2,4,5],overal:[2,3,6],overbook:2,overcom:5,overhead:[0,4,7],overlai:[2,3],overlap:3,overrid:6,oversight:1,overview:[2,8],ow:2,owasp:2,own:[0,2,3],owner:[2,5],ownership:6,paa:2,packag:[1,2,5],packet:[2,3],page:[2,4,6],pages:6,pair:[2,5,6],paradigm:[1,7],paramet:[2,3,4],part:[0,1,2,3,4,5],parti:5,partial:1,particular:[1,3],partit:2,partli:1,pass:[2,3,4,6],passthrough:1,password:[2,5],patch:[2,3],pattern:[1,2,4],paus:3,payment:2,pci:[1,2],pcie:[2,4],peer:3,penetr:2,per:[2,3,4,5,6,7],perform:[1,2,3,4,5,6],performancedn:6,period:[1,2],permiss:[2,3,5,6],persist:[2,3,4,7],persistentvolumeclaim:4,perspect:0,phy:2,physic:[1,2,3,4,5],pictur:[3,5],pilot:3,pin:[2,4],pipelin:5,pkg:[2,4],place:[1,3],placement:[2,3],plan:5,plane:[0,3,4,5,6],platform:[0,1,2,3,4,6,7],pleas:[1,3],pluggabl:3,plugin:[2,4,6,7],plumb:3,pm:2,pod:[0,2,4,5,6],podgarbagecollector:6,podprior:6,podreadinessg:6,podsecuritypolici:[5,6],podtempl:4,point:[2,3,4],polici:[0,1,2,3,4,7],pool:[2,3,4,5],poor:1,poorli:5,port:[2,3,4,6],portabl:[1,3,5],posit:4,possibl:[1,2,3,4,5,7],postur:3,potenti:[0,2,3,5],power:5,practic:[0,2,5],pre:[2,6],predefin:0,predict:1,prefer:3,prem:5,presenc:2,present:[3,4,6,7],preserv:[2,4],prevent:[0,2,4,5,6],previou:6,primari:[3,5],principl:[2,3],prior:2,prioriti:6,privat:[0,1,2],privileg:[2,3,4,5,7],proactiv:2,probe:[4,6],probeterminationgraceperiod:6,problem:[0,7],process:[1,2,3,4,5],produc:[3,7],product:[1,2,3,4,5,7],profil:[3,4],program:2,programm:[2,3],prohibit:[2,5],project:[1,2,3,7],prometheu:4,promin:7,prone:7,proper:[3,7],properli:5,proport:2,propos:7,protect:[2,5],protocol:[2,3,4,5],provid:[0,1,2,3,4,5,6,7],provis:[0,2,3,4,7],proxi:[2,3,4,5,6],pt:2,publish:[2,4],pull:[2,3,5],purpos:[1,3,5],push:2,put:7,pv:[3,4],pvc:3,qo:[2,3],qualiti:3,quantiti:4,quarterli:5,queri:6,quota:0,ra1:1,ra2:[1,2,4,6,7],ra:[1,3,8],radiu:0,ram:[2,4],random:[2,7],randomis:7,rang:[2,4,5],rapidli:1,rasp:2,rate:2,rather:4,ratio:[2,4],rational:1,razor:1,rbac:[0,5,6],rc2:6,re:[2,7],reach:3,reachabl:3,read:[2,4,5],readi:[2,4,6],readinessprob:4,readonlyrootfilesystem:4,real:1,realist:2,reason:[5,7],receiv:3,recent:5,recommend:[0,2,3,4,5],recoveri:3,recreat:6,red:3,reduc:[0,1,4,5,7],redund:2,ref:[1,4],refer:[1,3,4,5,6,7],referenc:[2,3],regard:[2,4],registri:[2,4],regularli:2,regularresourceusagetrack:6,reject:[5,6],rel:4,relat:[1,2,3,4,7],relationship:[2,3],relax:2,releas:[0,1,3,5],relev:[1,2,3],reli:[2,4],reliabl:[3,4,5],remain:[1,4],remedi:2,remot:2,remov:[1,2,3,5],renew:2,reorder:3,repeatedli:3,replac:5,replai:2,replic:2,replica:3,replicaset:3,repo:2,report:3,repositori:[0,1,2,3,5],repres:[3,5],represent:0,req:[1,3,4,7],request:[1,2,3,4,5,6],requir:[0,3,5,7],reschedul:4,reserv:[0,3,4],resili:[1,2,4,7],resolut:7,resourc:[0,2,4,5,6],resourcequota:6,respons:[2,3,7],rest:[2,4,5],restart:[2,3,6],restrict:[2,3,6],result:[0,1,3,6,7],retri:3,reus:2,revers:5,review:[2,5],revoc:2,rfc2119:2,ri2:4,ri:3,risk:[2,5,7],rm:[1,2,3,7],roadmap:1,robust:1,role:[0,2,5,7],rolebind:0,roll:4,rollingupd:6,root:[2,4,5],rout:3,routabl:4,router:[3,7],rpm:4,rsl:[2,4],rule:[0,3],run:[0,1,2,3,4,6],runasgroup:4,runasus:[4,6],runc:3,runtim:[2,5,7],runtimeclass:6,runtimehandl:6,s:[1,2,3,4,5,6,7,8],saa:2,sai:1,same:[0,1,2,4,5,7],saml:5,samm:2,sast:2,satisfi:2,sbom:2,sca:2,scalabl:[1,2,3,4],scale:[1,2,3,4,7],scan:[2,5],scanner:5,scenario:[2,3],schedu:4,schedul:[0,2,4,5],schema:[2,3],scl:2,scope:[0,2,3,4,5,6,7],scopeselector:6,score:2,script:5,sctp:6,sctpconnect:6,sd:4,sdn:[2,3,7],seamless:3,search:5,sec:[2,4,7],seccomp:5,second:6,secondari:[3,4],secret:[0,2,4,6],section:[1,2,3,4],secur:[0,3,4,7,8],securitycontext:4,see:[1,3,4],seek:[1,7],seen:4,segment:[3,5],segreg:[0,2,5,7],select:[2,3,4,5],selector:[3,6],self:2,selinux:2,send:[2,5,6],sens:1,sensit:[2,3],sent:3,sep:8,separ:[0,2,3,4,7],seri:[2,3],serv:3,server:[1,2,3,4,5,6],servic:[0,1,2,6,7],serviceaccount:[5,6],servicetyp:[2,4],session:5,set:[1,3,4,5,6,7],setup:[0,3],seven:4,sever:[2,3,5],sfc:2,shall:[1,2],share:[0,2,3,4,5,6,7],sheet:2,should:[0,2,3,4,5,6,7],show:[3,4,5],shown:[1,3],side:[3,4],siem:5,sign:[2,5],signal:[2,3,7],signatur:2,similar:[1,3,7],simplest:3,simpli:[1,3],simultan:[2,6],simultaneo:4,sinc:3,singl:[0,2,3,4,7],sip:[2,3],site:7,situat:7,size:[3,4],sla:2,slot:[2,4],smartnic:[2,3],smartswitch:3,sme:8,smp:[2,3],smt:[2,3,4],snat:6,snezka:8,snmpv3:2,so:[0,3,4,5],sock:4,socket:[2,3,4],softwar:[3,4,5,7],softwareprofil:3,sol0001:4,sold:4,solut:[2,3,7],some:[3,5],somehow:7,someth:[1,4],sometim:[3,5],somewhat:1,sourc:[1,2,3,4,5,7],south:3,southbound:[3,7],sp:[2,5],space:[2,3,7],spec:[3,4,6],special:[0,3],specif:[0,1,3,4,7],specifi:[2,3,4,5],speed:[2,4],sr:[1,2,3,4],ssae16:2,ssae:2,ssd:[2,4],ssh:[2,5],ssl:[3,5],stabil:[4,6],stabl:[2,4,6],stack:[2,3,4,6],stackdriv:6,stackdriveracceleratormonitor:6,stackdrivercustommetr:6,stackdriverexternalmetr:6,stackdrivermetadataag:6,stackdrivermonitor:6,staff:2,stage:[2,6],stale:5,standard:[1,2,3,4,5],start:[1,2,3,4,6],startup:4,starv:2,starvat:4,state:[1,2,3,4,5,6,7],statefulset:[3,6],statefulupgrad:6,statement:0,statu:2,std:2,step:[3,5],stg:[2,4],still:[0,1,2,3,7],stolen:5,storag:[2,7],storageversionapi:6,store:[2,3,4,5],strategi:[6,7],stress:4,strict:5,strictli:2,strive:[1,2],strong:[2,5,7],strongli:5,structur:4,studi:7,sub:[1,2,3],subcompon:4,subject:[2,6],submit:[3,5],subsequ:[1,4],subsystem:3,success:[2,3,4],suffici:[1,3],suit:[1,2],suitabl:3,sum:4,support:[1,2,3,4,5,6,7],suppos:5,sure:5,surfac:4,surg:6,survei:7,suscept:5,suspend:[2,6],suspendjob:6,sustain:1,sw:[3,5],sy:[2,7],symmetr:2,symmetri:[2,3],sync:[3,6],synchron:2,synchronis:2,sysctl:6,syslog:2,system:[0,1,2,3,5,7],t:[2,3,4,5],tab:6,tabl:[2,3,4],tag:[2,4],taint:[0,3],taintevict:6,take:[1,2,3,4,5,7],taken:[1,3,7],tamper:5,target:[2,7],task:[3,5],tbc:3,tbd:[1,4],tcp:[3,5],team:5,tear:2,tec:1,technic:1,techniqu:[1,2,5,7],technolog:[2,3,5],telco:[1,2,3],telecom:[1,2],telecommun:3,telemetri:5,templat:[2,3],ten:2,tenanc:5,tenant:[2,3,5,7],term:[3,4,5],termin:[3,6,7],tesla:5,test:[1,2,3,4,5,8],testsuit:4,tf:3,than:[0,1,2,3,4,6],thei:[0,1,3,4,5],them:[1,2,3,4,5],themselv:[1,3,5],therefor:[3,4,7],thi:[0,1,2,3,4,5,6,7,8],thing:3,third:5,those:[1,2,3,4,6,7],threa:4,thread:[2,4],threat:[2,5],three:[3,4],threshold:2,throttl:3,through:[1,2,3,4,5,6],throughout:3,throughput:[2,3],thu:[1,5],ti:3,tightli:3,tiller:[3,4],time:[1,2,3,4],timeout:6,timeoutgraceperiodsecond:6,tl:[2,5],toc:1,todai:7,todo:4,togeth:[1,3,5,7],toil:1,token:[5,6],toler:3,too:7,tool:[1,2,3,4,5],top:[2,3],topolog:4,topologymanag:4,total:2,toward:1,trace:[0,2,4],traceabl:[2,3,6],track:6,tradit:3,traffic:[0,2,3,4,5,6,7],transact:5,transcod:2,transit:[1,2,5],translat:2,transport:[2,4],treat:6,tree:[3,4],tri:[3,7],trigger:[2,5],troubleshoot:5,trunk:7,trust:[0,2],ttl:6,ttlafterfinish:6,tug:1,tune:3,tungsten:3,tunnel:[3,5],turn:[5,6],tutori:5,twitter:7,two:[0,2,3,4,5],type:[1,2,3,4,5,7],typic:[2,3,7],uid:7,unauthent:5,unauthor:2,unauthoris:5,unavail:2,under:7,underlai:[2,3],underli:[2,3,5,7],underpin:3,understand:1,undesir:7,unexpect:2,unfortun:5,uninstal:3,uniqu:[4,5],unless:5,unnecessari:[2,5],unpack:[3,4],unprotect:5,unpublish:2,unreach:6,unsaf:[5,6],unsecur:5,until:[1,2,3,4],untrust:[2,7],unus:5,unwant:5,up:[2,3,4,5],updat:[1,2,3,4,5,6],upgrad:[1,3,6,7],upon:6,upstream:[3,7],uptim:5,url:3,us:[0,1,2,3,4,6,7],usa:7,usabl:1,usag:[2,3],user:[0,1,2,3,4,5,6],usual:[3,5],util:2,utilis:2,v1:[1,2,3,4,6,7],v1alpha1:6,v1beta1:6,v1beta2:6,v2:[2,3,6],v2beta1:6,v2beta2:6,v3:[2,3],v4:3,v6:3,valid:[1,2,4,5,6],valu:[2,4,5,6],vanilla:1,variou:[0,2,3,4,5,7],vault:5,vcpu:[2,3,4],vendor:[1,3,4,5,7,8],veri:5,verif:[1,2,3],verifi:[2,5,6],version:[1,2,3,4,6,7],vertic:3,vertis:4,vet:2,vf:[2,3,4],via:[2,3,4,5,7],view:[0,3],vir:[2,3],virtio1:2,virtio:2,virtual:[0,1,4,7],virtualis:[2,3],viru:2,virus:5,visibl:3,vlan:[3,7],vm:[1,2,3,4],vnf:[1,2,3],vnfm:1,vnic:2,volum:[2,3,4,6],volumesnapshotdatasourc:6,vpn:[3,5,7],vpp:4,vrf:3,vs:[3,7],vsphere:6,vswitch:2,vulner:2,vxlan:[2,3],w:2,wa:[6,7],wai:[0,3,7],waiv:1,watch:3,we:[1,7],web:2,webapp:5,well:[0,3,5,6],west:3,what:[1,3,5],when:[0,1,2,3,4,5,6,7],whenev:[1,2],where:[0,2,3,4,5,7],wherev:1,whether:[2,3,4],which:[0,1,2,3,4,5,7],whilst:[1,7],whitelist:5,who:[1,5],whole:[2,3],wholli:1,whose:3,wide:[1,2,3,5],wider:1,window:[4,6],within:[0,1,2,3,4,7],without:[2,3,4,5,6,7],wl:[2,7],word:[2,5],work:[1,3,6,7],worker:[2,3,4,5],workload:[1,2,3,8],world:1,would:[1,3,4],write:[2,5,6],written:[5,6],www:2,x:[2,4,6],xxxx:1,xxxxxxx:1,xyz:7,y:2,yaml:3,yet:2,you:[5,7],your:[5,6],z:4,zalando:7,zap:2,zed:2,zero:[2,3],zon:4,zone:[2,4,5,7],zookeep:6},titles:["8. Appendix A - Guidance For workload isolation (Multitenancy) with Kubernetes for application vendors","1. Overview","2. Architecture Requirements","3. High Level Architecture","4. Component Level Architecture","5. Security Guidance","6. API and Feature Testing requirements","7. Gaps, Innovation, and Development","Kubernetes based Reference Architecture"],titleterms:{"function":3,"import":8,A:0,For:0,acceler:3,access:5,addit:4,advanc:3,analysi:7,api:[5,6],app:6,appendix:0,applic:[0,3,4],approach:1,architectur:[2,3,4,8],area:0,assess:5,auth:6,authent:5,authoris:5,awar:7,base:[3,7,8],boundari:5,built:3,bundl:8,caa:3,capabl:2,cloud:[1,2],cluster:[0,3,5,6],compon:[4,8],comput:3,configur:3,contain:[3,4,5,7],content:[5,8],control:[5,7],cpu:3,creat:5,custom:3,dashboard:5,dedic:0,defin:5,definit:2,develop:7,devic:3,direct:5,discoveri:3,dynam:7,edg:2,effici:7,enabl:5,encrypt:5,establish:5,etcd:5,except:1,featur:[3,6],framework:3,gap:7,gate:6,group:6,guidanc:[0,5],hard:0,harden:5,hardwar:[2,3],high:3,histori:8,host:5,huge:[3,7],hw:7,inform:8,infrastructur:[2,3],innov:7,instrument:6,interest:6,interfac:[2,7],interoper:7,introduct:[1,2,3,4,5,6,7],isol:[0,5,7],kubelet:5,kubernet:[0,2,3,4,5,6,7,8],latest:5,layer:5,level:[3,4],lifecycl:[3,6],log:5,machin:3,machineri:6,manag:[2,3,4,5,7],memori:3,mesh:[4,5],metadata:5,model:[0,2],monitor:5,most:8,multi:7,multipl:[3,7],multiten:0,namespac:[0,5,7],nativ:1,network:[2,3,4,5,6,7],nfvi:7,node:[3,4,5,6],non:3,oper:[3,4],orchestr:[5,7],overal:8,overview:[0,1],packag:[3,4],page:[3,7],patch:5,pattern:3,per:0,perimet:5,plane:7,platform:5,plugin:3,pod:[3,7],polici:[5,6],port:5,principl:[1,5],profil:2,refer:[2,8],registri:5,releas:8,requir:[1,2,4,6,8],resili:3,resourc:[3,7],restrict:5,run:[5,7],runtim:[3,4],schedul:[3,6],scope:1,secret:5,secur:[2,5],semant:3,sensit:5,separ:5,servic:[3,4,5],soft:0,softwar:2,solut:[0,4],special:6,specif:2,statu:8,storag:[3,4,6],system:4,tabl:8,technolog:1,templat:7,tenanc:7,tenant:0,terminolog:1,test:6,time:[5,7],topolog:[3,7],toward:7,transport:5,trust:5,us:5,user:7,vendor:0,version:[5,8],virtual:[2,3],vm:[5,7],vnf:7,vs:5,vulner:5,within:5,workload:[0,4,5,7]}})