DevOps Classroomnotes 06/May/2023

Agenda

Namespace is logical/virtual cluster within k8s cluster
K8s resources will be of two categories by scope
- Namespace resources: They belong to a namespace.
- Cluster resources: They belong to a cluster
Creating namespace: kubctl create ns <name>

Refer Here for official docs
Lets create a dummy config map. Refer Here for the changes
Create the config map
Lets configure a pod to use this config map. Refer Here
There are four different ways that you can use a ConfigMap to configure a container inside a Pod:
- Inside a container command and args
- Environment variables for a container
- Add a file in read-only volume, for the application to read
- Write code to run inside the Pod that uses the Kubernetes API to read a ConfigMap
Load config map data as Environment variables. Refer Here for pod spec which loads the config map as environmental variables
Experiments:
- change the config map add one more key and
  - cross check with existing pod for new values. Environmental variables are not updated
Activity: Create a mysql config map with values for username, password and root password. Use that in mysql-pod/rs/statefulset. Refer Here for the changes
Refer Here for using config maps as files from pod
To deal with confidential data k8s has secrets

Create a private registry (acr or ecr)
Google to findout how to configure all nodes in k8s cluster to use your private registry
- Create a secret based on registry credentials
- container image details in manifest will have extra field about the above created secret.
Create a dockerfile

FROM alpine
label author=khaja

We have create a replica set with image from private registry. Pod status is pending as image is not found
Traditional approach: Refer Here

Authorization in K8s Refer Here
Authentication in k8s Refer Here
Attaching Authorization to identity using Bindings
- RoleBinding
- ClusterRoleBinding
Refer Here for creating users and setting permissions