mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-25 05:44:06 -06:00
52 lines
1.1 KiB
Markdown
52 lines
1.1 KiB
Markdown
#moc
|
|
|
|
## To Consume
|
|
|
|
[[What Have Namespaces Done for You Lately?]]
|
|
|
|
# Notes
|
|
|
|
- [[Containers]]
|
|
- [[User Space and Kernel Space]]
|
|
- [[Containerized applications can do syscalls directly to the Linux Kernel]]
|
|
- [[Linux Kernel also has namespaces for isolation]]
|
|
- [[Container Isolation]]
|
|
- [[Podman and docker commands are exactly the same]]
|
|
- [[Networking]]
|
|
- [[Network Policies]]
|
|
- [[Generating TLS certificate for testing on Kubernetes]]
|
|
- [[Certificates]]
|
|
- [[Kubernetes users are simply holders of TLS Certificates]]
|
|
- [[RBAC]]
|
|
- [[There are no Deny rules in Kubernetes RBAC]]
|
|
- [[ClusterRoles can be applied to one or more namespaces]]
|
|
- [[RBAC permissions are additive]]
|
|
- [[Users do not live in the cluster as resources]]
|
|
|
|
- [[Service Accounts]]
|
|
- [[ServiceAccounts are only used by non-humans]]
|
|
- [[Service Account Tokens & Mounting]]
|
|
|
|
- [[Admission Controller]]
|
|
- [[NodeRestriction]]
|
|
- [[AppArmor]]
|
|
|
|
|
|
- [[CKS Scenarios to repeat]]
|
|
## Other
|
|
|
|
[[CKS Tips from Sander]]
|
|
|
|
## Content Generated
|
|
|
|
[[I'm better at Network Policies than I thought]]
|
|
|
|
|
|
Links:
|
|
|
|
202307250907
|
|
|
|
[[Kubernetes]]
|
|
|
|
[[certification goals]]
|