WHAT IS KUBERNETES PT2 Flashcards
STORAGE, LIMITATIONS, NAMESPACES, CONFIG MAPS, SECRETS
What was the primary storage mechanism in Kubernetes initially, and what were its limitations?
Volumes were the initial storage mechanism, directly accessible by pods. However, they were ephemeral, tied to a pod’s lifecycle, and local to a pod, limiting their usefulness for persistent storage needs.
What is a persistent volume in Kubernetes, and how does it differ from a regular volume?
A persistent volume is pod-independent storage defined at the cluster level by an administrator. Unlike regular volumes, it exists independently of any individual pod and can be provisioned and managed separately.
How does a pod request storage from a persistent volume in Kubernetes?
A pod uses a Persistent Volume Claim (PVC) to request storage from the available persistent volumes in the cluster. The PVC decouples the pod from the underlying storage, providing flexibility.
From which sources can Kubernetes pods mount storage?
Pods can mount storage from local storage, remote network storage, or cloud storage services.
How does Kubernetes manage storage backends, and who typically handles the storage backend?
Kubernetes provides the framework for managing storage, but the actual storage backend is handled by various solutions, such as cloud providers or on-premise storage systems.
Why is database storage often handled outside of Kubernetes?
Many organizations prefer using managed database services provided by cloud providers or maintaining their databases on dedicated infrastructure for reliability and performance reasons.
What is the default type of storage in Kubernetes, and how can it be configured for stateful applications?
The default storage in Kubernetes is ephemeral, and useful for temporary data. It can be configured as persistent for stateful applications that require data to be preserved.
While Kubernetes offers a powerful platform for container orchestration, it does have some limitations.
What are those limitations?
- Native code building and deployment: Kubernetes does not natively support code building or deployment processes.
- Node configuration management: Offers limited options for granular node configuration management compared to dedicated enterprise solutions.
What is the primary purpose of namespaces in Kubernetes?
Namespaces divide cluster resources into logical partitions, providing organization and isolation of resources, particularly in large clusters with multiple teams or users.
How do namespaces help prevent resource name conflicts in Kubernetes?
Namespaces create boundaries for resource names, ensuring names are unique within a namespace but can be reused across different namespaces.
Are all resources in Kubernetes tied to namespaces? Give examples
No, some resources, such as Persistent Volumes, nodes, and StorageClasses, are cluster-wide and not tied to a specific namespace.
Can namespaces in Kubernetes be nested or shared by multiple resources?
No, namespaces cannot be nested, and a given resource can only belong to one namespace at a time.
Kubernetes clusters have a default namespace.
can you give examples of some commands for interacting with namespaces:
○View all namespaces: kubectl get ns (where “ns” is shorthand for “namespace”).
○Get pods within a specific namespace: kubectl get pod -n kube-system (the “-n” flag is used to specify the namespace).
○Create a new namespace: kubectl create ns <namespace_name>.</namespace_name>
○Filter namespaces with specific words: kubectl get ns | grep app1.
○Deploy a pod in a specific namespace: kubectl apply -f nginx.yaml -n app1namespace.
What is a ConfigMap in Kubernetes, and
What is the primary benefit of using ConfigMaps in Kubernetes?
A ConfigMap is a mechanism for storing non-confidential configuration data in key-value pairs.
ConfigMaps separate configuration data from application code, making it easier to manage and update settings without modifying the application itself.
What types of settings can be stored in a ConfigMap?
A ConfigMap can store settings such as database URLs, user-preferred languages, and port numbers.
What is the size limit for a ConfigMap in Kubernetes?
The size limit for a ConfigMap is 1 MiB.
What are the three main ways to pass ConfigMap data into pods?
Command-line arguments: Suitable for testing but not ideal for production.
Environment variables: Convenient but doesn’t support automatic updates.
Config files on a storage volume: Supports automatic updates, making it the most robust approach.
Can a pod access a ConfigMap in a different namespace?
No, a pod can only access a ConfigMap if they are in the same namespace.
Give an example of a config map with an environmental variable
This example defines an environment variable named PORT that will be populated with the value of the port key from the app1-config ConfigMap
Give an example of a config map mounted as a volume
you can mount the ConfigMap as a volume in your pod
In this example, the ConfigMap myconfigmap is mounted as a read-only volume at the path /etc/configmap1 within the pod. This allows scripts or code within the pod to access the ConfigMap data by reading files from that directory.
What is the primary purpose of secrets in Kubernetes?
Secrets store sensitive information, like passwords, certificates, and SSH keys, separately from application code to enhance security.
This enhances security by preventing sensitive data from being directly embedded in container images or configuration files.
How are secrets stored in Kubernetes, and what level of protection does this provide?
Secrets are Base64 encoded and stored in the etcd cluster store, providing basic protection against casual inspection but not encryption.
What are the different types of secrets in Kubernetes?
TLS secrets: Store TLS certificates for authentication and secure connections.
Opaque secrets: A generic type for storing any sensitive data.
Dockercfg secrets: Store Docker-related information, such as private registry credentials.
SSH secrets: Store private keys for SSH authentication.
How can secrets be accessed by containers in Kubernetes?
As command-line arguments.
As files on mounted volumes.
As environment variables extracted from the cluster’s secret store.
What is the purpose of making secrets immutable in Kubernetes?
Making secrets immutable protects them from accidental modification, adding an extra layer of security.
