Explore in-use protection mechanisms for Kubernetes resources in this 44-minute conference talk. Dive into the implementation of Role-Based Access Control (RBAC) and finalizers to prevent accidental resource deletion. Learn about the background of new features, including issues with Azure File driver volume deletion. Examine the Secret Protection proposal (KEP-2639) and understand the concept of in-use protection using liens. Watch demonstrations showcasing the behavior of in-use protection and Secret Protection when used by pods. Discover potential use cases for liens, such as allowing deletion only through parent resources. Gain valuable insights into enhancing resource management and security in Kubernetes environments.
In-use Protection for Kubernetes Resources: PV, PVC, Secret, and Beyond
Overview
Syllabus
Intro
1 RBAC (Role-Based Access Control)
2 Finalizer • A feature to block resource deletion to complete
1Background for New Features • An issue of failure in deleting a volume with Azure File driver found out to be a non-driver specific
2 Secret Protection (First Proposal of KEP-2639) HITACH! • Secret Protection: A feature to block deletion of Secret while it is used
2-7 In-use Protection (With Concept of Lien) • In-use Protection: A feature to block deletion request of resource while it
Demo • 1. Behavior of In-use Protection itself
3.1 Behavior of In-use Protection itself
3.2.1 Behavior of Secret Protection (Used by Pod) HITACHI
2 Q2. Any Other Use Cases for Lien? • A2. A feature to only allow deletion via parent resource
Taught by
Linux Foundation
