Cluster architecture
⏱ ~3-min readAceMark GuideWhat this topic is really about
Kubernetes RBAC uses Roles and ClusterRoles to define permissions, which are then assigned to subjects using RoleBindings and ClusterRoleBindings. This allows fine-grained authorization across namespaces or the entire cluster. Using just usernames is incorrect because usernames alone only identify a subject but do not define or bind permissions.
etcd is a distributed, consistent key-value store used as Kubernetes' backing store for all cluster data. It does not store heavy assets like container images, which are kept in a container registry, or application logs, which are typically managed by external logging agents.
See the mechanism
A Kubernetes node is a worker machine, which can be either a virtual or physical machine, responsible for running containerized applications grouped into pods. A diagram for this topic isn't available yet — the worked example below walks the same reasoning step by step.
An exam-style question, fully explained
A Kubernetes node is:
- Identify what the question tests: A Kubernetes node is:.
- A Kubernetes node is a worker machine, which can be either a virtual or physical machine, responsible for running containerized applications grouped into pods.
- It is not a pod itself, nor is it a container image or a storage volume, which are distinct Kubernetes resources.
Traps the examiner sets
- Option A is misleading; it would show user pods only if you queried a user namespace, not the system namespace.
- Using just usernames is incorrect because usernames alone only identify a subject but do not define or bind permissions.
Test your recall
Answer each from memory — you'll see instantly whether you're right and why.
Run a focused 10-question mini-mock on Cluster architecture and see it stick.
Practice more of this topic →