https://wiki.quizz.vn/ 2026-04-15T18:17:16+00:00 https://wiki.quizz.vn/ https://wiki.quizz.vn/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2025-12-28T07:22:13+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:containers:eks:cluster&rev=1766906533&do=diff EKS Cluster What it is: The Kubernetes control plane managed by AWS plus cluster configuration. What it’s for: * Provide Kubernetes API server and control components. * Manage scheduling and cluster state. Key ideas: * Worker nodes (node groups) run your pods; control plane manages them. text/html 2025-12-28T08:06:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:containers:eks:irsa&rev=1766909202&do=diff IRSA (IAM Roles for Service Accounts) What it is: A mechanism that allows Kubernetes service accounts to assume IAM roles. What it’s for: * Give pods AWS permissions using least privilege. * Avoid using node instance roles for all pods (which is too broad). text/html 2025-12-28T07:52:12+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:containers:eks:nodegroup&rev=1766908332&do=diff EKS Node Group What it is: A managed group of worker nodes (EC2 instances) for an EKS cluster. What it’s for: * Provide compute capacity where pods run. * Scale nodes automatically (managed node groups). Key ideas: * Nodes live in subnets (often across multiple AZs). text/html 2025-12-28T07:23:12+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:containers:eks:oidc&rev=1766906592&do=diff OIDC Provider (OpenID Connect) What it is: An identity provider integration that allows EKS to issue identities for service accounts. What it’s for: * Let AWS STS trust Kubernetes service account tokens. * Enable IRSA securely. Key ideas: text/html 2025-12-28T08:03:12+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:containers:eks:pod&rev=1766908992&do=diff EKS Pod (Kubernetes Pod) What it is: The smallest deployable unit in Kubernetes. A Pod runs one or more containers that share the same network namespace and storage volumes. What it’s for: * Run your application containers (microservices) on EKS. text/html 2025-12-28T07:57:56+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:containers:eks:rbac-vs-iam&rev=1766908676&do=diff EKS: RBAC vs IAM Permissions What it is: The difference between Kubernetes RBAC and AWS IAM permissions. What it’s for: * Avoid confusing “Kubernetes permissions” with “AWS service permissions”. RBAC (role-based access control in Kubernetes) controls: text/html 2025-12-28T07:22:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://wiki.quizz.vn/doku.php?id=aws:containers:eks:service-account&rev=1766906562&do=diff Kubernetes Service Account What it is: An identity for processes running in a pod in Kubernetes. What it’s for: * Provide pod-level identity inside Kubernetes. * When combined with IRSA, map pods to AWS IAM roles. Key ideas: * Not the same as IAM user/role, but can be mapped to them (IRSA).