Certificate based Authentication in k8s-Vishal
Limited Time Offer!
For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!
How certificate based Authentication works? explain in kubernetes context
A: User/administrator generates a certificate signing request (CSR). Administrator approves the request and signs it with their CA. Administrator provides the resulting certificate back to the user. User presents their key and certificate pair to prove their identity.
Admin creates private key –> which is later converts into csr–> Admin later take this csr file and create .crt file.
.crt file can be downloaded by user using csr api to confirm identity.
What is Block Storage?
Block storage is a storage scheme in which each volume acts as a separate hard drive, configured by the storage administrator. Data is stored in fixed-size blocks. A unique address serves as the metadata describing each block.
How volume plugins in kubernetes works?
Volumes offer storage shared between all containers in a Pod. This allows you to reliably use the same mounted file system with multiple services running in the same Pod. As long as the Pod is active, the volume is there, too. However, when you restart the Pod, the volume gets reset.
Create pv.yaml, pvc.yaml (to claim volume), pod.yaml
What is StorageClass? and How to work with it with sample StorageClass, PV, PVC, POD.ymal
A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes. It is a resource in the cluster just like a node is a cluster resource. PVs are volume plugins like Volumes, but have a lifecycle independent of any individual Pod that uses the PV. This API object captures the details of the implementation of the storage, be that NFS, iSCSI, or a cloud-provider-specific storage system.
Ex.
- awsElasticBlockStore - AWS Elastic Block Store (EBS)
- azureDisk - Azure Disk
- azureFile - Azure File
- cephfs - CephFS volume
- cinder - Cinder (OpenStack block storage) (deprecated)
- csi - Container Storage Interface (CSI)
- fc - Fibre Channel (FC) storage
- flexVolume - FlexVolume
- flocker - Flocker storage
- gcePersistentDisk - GCE Persistent Disk
- glusterfs - Glusterfs volume
- hostPath - HostPath volume (for single node testing only; WILL NOT WORK in a multi-node cluster; consider using local volume instead)
- iscsi - iSCSI (SCSI over IP) storage
- local - local storage devices mounted on nodes.
- nfs - Network File System (NFS) storage
- photonPersistentDisk - Photon controller persistent disk. (This volume type no longer works since the removal of the corresponding - cloud provider.)
- portworxVolume - Portworx volume
- quobyte - Quobyte volume
- rbd - Rados Block Device (RBD) volume
- scaleIO - ScaleIO volume (deprecated)
- storageos - StorageOS volume
- vsphereVolume - vSphere VMDK volume