DevOps Classroom notes 11/Jul/2026

Storage

  • Containers have inbuilt problem with read write layers which is solved by volumes
  • When we deal with k8s we are not dealing with single node
  • K8s gives options to have the volumes from external locations as well.
  • K8s has CSI which helps in dealing with External storages
Popular csi providers for k8s give me options in on-prem as well as popular cloud providers in a tabular form
  • K8s has two types of volumes
    • Volume
    • Persistent Volume (PV)
  • K8s Pod will create a claim (request) which is called as Persitent Volume Claim which interacts with CSI to deal with storage and creates a PV (Peristent Volume)
  • Steps involved:

    • Create a PVC with storage requests
    • Use this PVC in pod spec and mount the PV in the container
  • Killer coda specific
  • Create PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mysql-pvc
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: local-path
  resources:
    requests:
      storage: 1Gi
  • Now in the pod use pvc
---
apiVersion: v1
kind: Pod
metadata:
  name: mysql
spec:
  containers:
    - name: mysql
      image: mysql:8.4
      env:
        - name: MYSQL_ROOT_PASSWORD
          value: rootpassword
        - name: MYSQL_DATABASE
          value: appdb
      ports:
        - containerPort: 3306
      volumeMounts:
        - name: mysql-storage
          mountPath: /var/lib/mysql
  volumes:
    - name: mysql-storage
      persistentVolumeClaim:
        claimName: mysql-pvc
  • What if i want a cluster, when i create mysql cluster with 4 count
    • i need 4 pvs
    • each pod should get a consistent name
  • This is where stateful set is used and a headless service is associated.
    Preview

Identity and Access Management

  • How does k8s know who is calling and what permissions does he have.
  • To answer this lets do few experiments
  • We already have kubeconfig file where there was some server info and certificate information.
  • k8s has a certificate authority, when a user makes a request it verifies if the user is signned by CA
  • Try this How to create a user in kubernetes running in killercoda
  • For permissions
    • Role
    • RoleBinding
    • ClusterRole
    • ClusterRoleBinding

Questions

  • What is Certificate Authority
  • What is Trust with CA

Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube