Professional Documents
Culture Documents
Ckad Labs: Configmaps and Persistent Volume
Ckad Labs: Configmaps and Persistent Volume
April
2020
Agenda
2
Kubernetes YAML
kind: [Service/Pod/Deployment/Secret/ReplicationController]
apiVersion: [v1, apps/v1]
metadata:
name:
labels:
Basic Details on Kubernetes YAML file
spec:
3
CLUSTER
ConfigMap ConfigMap
Key1: Value1
How to create and Use Config Map Key2: Value2
4
SECRET
• Secrets are another form of Configs those are stored as encoded
values
• Secretes are used to store secret information such as password, token
and ssh-key
• Like ConfigMaps seccrets also could be created from Literals, File
Why and How to use Secrets and EnvFile
• Any POD, Deployment could use the secrets
apiVersion: v1 • Secretes could be consumed by containers as whole secret object or
kind: Pod selected keys from the secret
metadata:
name: secret-env-pod
spec:
containers:
- name: mycontainer
image: redis
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD 5
valueFrom:
Service Accounts
How to create and Use Service Account
6
Security Context apiVersion: v1
How to create and Use Security Context kind: Pod
metadata:
name: security-context-demo-2
spec:
• Security Contexts are privileges and access controls granted
securityContext:
to Pods and Containers
runAsUser: 1000
• The security context added at Pod level is overridden by
context added at container level containers:
• runAsUser – all processes run by specific user - name: sec-ctx-demo-2
image: gcr.io/google-samples/node-hello:1.0
• runAsGroup – all files and processes owned by group
securityContext:
• fsGroup – supplementary group
runAsUser: 2000
allowPrivilegeEscalation: false
7
Resource Requirements
How to use Computing Resources
8
Persistent Volumes
How to create and Use Persistent Volumes
pv-volume.yaml
• Persistent Volumes persists beyond the life cycle of a pod
• Persistent Volumes could be accessed across the cluster
• Persistent Volume support different type storages including
public cloud based storages
• The access to a Persistent Volume is managed in 3 modes -:
ReadWriteOnce, ReadWriteMany and ReadOnlyMany
9
CLUSTER
POD2
NODE
10
Persistence
Volume
THANK YOU!