Storage
-
Containers have inbuilt problem with read write layers which is solved by volumes
-
When we deal with k8s we are not dealing with single node
- K8s gives options to have the volumes from external locations as well.
- K8s has CSI which helps in dealing with External storages
Popular csi providers for k8s give me options in on-prem as well as popular cloud providers in a tabular form
- K8s has two types of volumes
- Volume
- Persistent Volume (PV)
-
K8s Pod will create a claim (request) which is called as Persitent Volume Claim which interacts with CSI to deal with storage and creates a PV (Peristent Volume)
-
Steps involved:
- Create a PVC with storage requests
- Use this PVC in pod spec and mount the PV in the container
-
Killer coda specific
- Create PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-path
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Pod
metadata:
name: mysql
spec:
containers:
- name: mysql
image: mysql:8.4
env:
- name: MYSQL_ROOT_PASSWORD
value: rootpassword
- name: MYSQL_DATABASE
value: appdb
ports:
- containerPort: 3306
volumeMounts:
- name: mysql-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-storage
persistentVolumeClaim:
claimName: mysql-pvc
- What if i want a cluster, when i create mysql cluster with 4 count
- i need 4 pvs
- each pod should get a consistent name
- This is where stateful set is used and a headless service is associated.

Identity and Access Management
-
How does k8s know who is calling and what permissions does he have.
-
To answer this lets do few experiments
-
We already have kubeconfig file where there was some server info and certificate information.
-
k8s has a certificate authority, when a user makes a request it verifies if the user is signned by CA
- Try this How to create a user in kubernetes running in killercoda
- For permissions
- Role
- RoleBinding
- ClusterRole
- ClusterRoleBinding
Questions
- What is Certificate Authority
- What is Trust with CA