Principles and practices for good Secret management for cluster administrators and application developers.

This document describes the concept of VolumeSnapshotClass in Kubernetes. Familiarity with volume snapshots and storage classes is suggested. Introduction Just like StorageClass provides a way for administrators to describe the "classes" of storage they offer when provisioning a volume, VolumeSnapshotClass provides a way to describe the "classes" of storage when provisioning a volume snapshot. The VolumeSnapshotClass Resource Each VolumeSnapshotClass contains the fields driver, deletionPolicy, and parameters, which are used when a VolumeSnapshot belonging to the class needs to be dynamically provisioned.

This page provides an storage overview specific to the Windows operating system. Persistent storage Windows has a layered filesystem driver to mount container layers and create a copy filesystem based on NTFS. All file paths in the container are resolved only within the context of that container. With Docker, volume mounts can only target a directory in the container, and not an individual file. This limitation does not apply to containerd.

This document describes the concept of cloning existing CSI Volumes in Kubernetes. Familiarity with Volumes is suggested. Introduction The CSI Volume Cloning feature adds support for specifying existing PVCs in the dataSource field to indicate a user would like to clone a Volume. A Clone is defined as a duplicate of an existing Kubernetes Volume that can be consumed as any standard Volume would be. The only difference is that upon provisioning, rather than creating a "new" empty Volume, the back end device creates an exact duplicate of the specified Volume.

Gateway API is a family of API kinds that provide dynamic infrastructure provisioning and advanced traffic routing.

Concepts for keeping your cloud-native workload secure.

An overview of the Pod Security Admission Controller, which can enforce the Pod Security Standards.

A DaemonSet defines Pods that provide node-local facilities. These might be fundamental to the operation of your cluster, such as a networking helper tool, or be part of an add-on.

Concepts for keeping your cloud-native workload secure.

Learn about ServiceAccount objects in Kubernetes.