RSInfoMinds

  etcd is a "strongly consistent , distributed key-value store". Why etcd? 1. Consistency : Since the API server is the central coordination point of the entire cluster; strong consistency is essential. It would be a disaster if, say, two nodes tried to attach the same persistent volume over iSCSI because the API server told them both that it was available. 2. Availability: API downtime means that the entire Kubernetes control plane comes to a halt, which is undesirable for production clusters. The  CAP theorem  says that 100% availability is impossible with strong consistency, but minimizing downtime is still a critical goal. 3. Consistent Performance: The API server for a busy Kubernetes cluster receives a fair amount of read and write traffic. The secret behind etcd's balance of strong consistency and high availability is the  Raft algorithm . Raft solves a particular problem: how can multiple independent processes decide on a single value for somethin...

  In the previous blog we saw about role and role binding. In this post, we will see how to create a user and group. Technically, there is no concept called "User" and "Group" in K8s.   But, K8s provides ways to authenticate an external user/group with K8s. In this blog, we will see how to use certificate based authentication. Below are steps to onboard a user: 1) Create a private key. 2) Create a certificate signing request (CSR) using the above private key. 3) Generate a CSR request. 4) Approve the CSR request. 5) Extract the approved CRT file from the approved CSR request. 6) Build the config file. When we create a CSR, we mention the USERNAME and GROUPNAME . Let's see practically. Generating a private key. I am going to create a user called " demouser ". Now, we have the private key. Using that we are going to create a CSR. Note the highlighted portion, which is the subject where CN(Common Name) refers to username and O(Organization) refers to grou...