Okteto Cloud gives you access to a vanilla Kubernetes namespace in a multi-tenant environment. Okteto uses a combination of RBAC, pod security policies, resource quotas, network policies, admission controllers and custom code to ensure that Okteto Cloud namespaces are isolated, secure and easy to use for everyone.
This document explain the limitations and restrictions most likely to affect your applications in Okteto Cloud.
LoadBalancer services are not supported in Okteto Cloud. Okteto Cloud lets you expose your services to the public using ingress rules. More information is available here.
Okteto Cloud configures pod security policies to limit the privileges of your applications. The following options are not allowed:
hostIPC. Mounting volume host paths is also not allowed.
The following resource quotas are associated to every namespace created in Okteto Cloud:
|Persistent Volume Claims||15|
Okteto Cloud configures network policies for each namespace. Only traffic between the pods running in the same namespace is allowed, as well as external traffic to the internet.
Okteto Cloud uses RBAC rules to limit the access to the Kubernetes API. The supported endpoints are: