Persistent Volumes->

It is a piece of storage in a cluster that is provisioned by the administrator or allocated dynamically using Storage Classes. Persistent volume are the volume plugin.

Persistent Volume Claim->

A persistent volume claim is a request for storage by user. It is like pods, Pod consumes Node's resources and PVC consumes PV resources. Pods requests specific level of resource but PVC, claims specific size & modes of resources(ReadOnlyMany, ReadWriteMany, or ReadWriteOncePod etc.).

Storage Classes->

This is the way of administrator to describe the classes of storage that varies in quality of services, backup policies, arbitrary policies determined by cluster admin.

Role based access control(RBAC)->

It is the method of regulating access of the resources based on the roles and responsibilities of a user in an organization.

RBAC authorization uses the rbac.authorization.k8s.io API group to provide authorization decision that allows us to perform dynamically configuration of policies through the Kubernetes API.

Pod Security Policies->

Pod security Policies has been removed from 1.25 v.

Pod Security Admission-> This standard let us define how we want to decide the restriction behavior of pods in clear and consistent manner.

Secrets->

The secret can created independently of the Pods that use them, so the risk of the Secret(sensitive data like passwords) being exposed during the workflow of creation, view, and editing in pods. Running application in our cluster can be more secured with Secrets by avoid writing sensitive data.

Transport Layer Security (TLS)->

TLS in K8S is necessary for secure communication between components, services and clients within k8s cluster. And it is necessary to ensure that the data is encrypted during transportation and that communicating parties are authenticated.

Few key aspects of TLS->

1. Securing the K8S API Server: It is the central component of the control panel. All the communication in the cluster goes through it so all the communication should be secured using TLS. The API server required a valid TLS certificate, that automatically issued by Certificate Authority.

2. Inter-components Communication: Each components has it's own TLS certificates and keys for the secure communication.

3. Securing service communication: Service in the cluster can be configured to use TLS to secure the communication between pods. Service that using Mutual TLS ensures that the both clients are verified and authorized to each other.

4. Kubernetes Secrets: TLS certificate and private keys are store as Kubernetes Secrets. These secret are mounted into pods to enable them to use the TLS secure communication.

Kubernetes Storage & Kubernetes Security