#moc 

## To Consume

[[What Have Namespaces Done for You Lately qm]]

# Notes

- [[Containers]]
	- [[User Space and Kernel Space]]
	- [[Containerized applications can do syscalls directly to the Linux Kernel]]
	- [[Linux Kernel also has namespaces for isolation]]
	- [[Container Isolation]]
	- [[Podman and docker commands are exactly the same]]
- [[Networking]]
	- [[Network Policies]]
	- [[Generating TLS certificate for testing on Kubernetes]]
- [[Certificates]]
	- [[Kubernetes users are simply holders of TLS Certificates]]
- [[RBAC]]
	- [[There are no Deny rules in Kubernetes RBAC]]
	- [[ClusterRoles can be applied to one or more namespaces]]
	- [[RBAC permissions are additive]]
	- [[Users do not live in the cluster as resources]]
	- [[Service Accounts]]
		- [[ServiceAccounts are only used by non-humans]]
		- [[Service Account Tokens & Mounting]]
		
- [[Admission Controller]]
	- [[NodeRestriction]]
- [[AppArmor]]


- [[CKS Scenarios to repeat]]
- [[CKS Killer.sh notes]]

[[Post exam notes]]

## Other

[[CKS Tips from Sander]]

## Content Generated

[[I'm better at Network Policies than I thought]]


Links:

202307250907

[[Kubernetes]]

[[certification goals]]