• kubernetes 编排详解 挂载

    ##kube挂载本地磁盘
    apiVersion: v1
kind: Pod
metadata:
  name: redis
spec:
  containers:
  - name: redis
    image: redis
    volumeMounts:
    - name: redis-storage
      mountPath: /data/redis
  volumes:
  - name: redis-storage
    emptyDir: {}  #本地磁盘存储emptyDir

      

    ##创建PersistentVolume   pv
kind: PersistentVolume
apiVersion: v1
metadata:
  name: task-pv-volume
  labels:
    type: local
spec:
  storageClassName: manual
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/data"

##创建PersistentVolumeClaim  pvc
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: task-pv-claim
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi

##使用pvc 
kind: Pod
apiVersion: v1
metadata:
  name: task-pv-pod
spec:
  volumes:
    - name: task-pv-storage
      persistentVolumeClaim:
       claimName: task-pv-claim
  containers:
    - name: task-pv-container
      image: nginx
      ports:
        - containerPort: 80
          name: "http-server"
      volumeMounts:
        - mountPath: "/usr/share/nginx/html"
          name: task-pv-storage

      

    ##挂载时使用密码和账号
##从本地文件创建用户名和密码密钥
apiVersion: v1
kind: Pod
metadata:
  name: test-projected-volume
spec:
  containers:
  - name: test-projected-volume
    image: busybox
    args:
    - sleep
    - "86400"
    volumeMounts:
    - name: all-in-one
      mountPath: "/projected-volume"
      readOnly: true
  volumes:
  - name: all-in-one
    projected:
      sources:
      - secret:
          name: user   #账号
      - secret:
          name: pass   #密码

#创造密码账号
echo -n "admin" > ./username.txt
echo -n "1f2d1e2e67df" > ./password.txt
kubectl create secret generic user --from-file=./username.txt
kubectl create secret generic pass --from-file=./password.txt

      

    ##设置Pod的安全上下文
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    fsGroup: 2000
  volumes:
  - name: sec-ctx-vol
    emptyDir: {}
  containers:
  - name: sec-ctx-demo
    image: gcr.io/google-samples/node-hello:1.0
    volumeMounts:
    - name: sec-ctx-vol
      mountPath: /data/demo
    securityContext:
      allowPrivilegeEscalation: false
#该runAsUser字段指定对于Pod中的任何Container,第一个进程使用用户ID 1000运行。该fsGroup字段指定组ID 
    #2000与Pod中的所有Container关联。组ID 2000还与在该卷中/data/demo创建的任何文件一起安装的卷关联

##设置Container的安全上下文
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-2
spec:
  securityContext:
    runAsUser: 1000
  containers:
  - name: sec-ctx-demo-2
    image: gcr.io/google-samples/node-hello:1.0
    securityContext:
      runAsUser: 2000
      allowPrivilegeEscalation: false
#输出显示进程正在以用户2000身份运行。这是runAsUser为Container指定的值。它会覆盖为Pod指定的值1000。

      
  • 相关阅读:
    Azure Pipelines —— 资料合集
    training —— Applying Functional(函数式编程) Principles in C# 6 (overview)
    Mongodb 学习路线
    training_ Refactoring from Anemic Domain Model Towards a Rich One (Introducing an Anemic Domain Model)
    快速访问电脑软件的 辅助app—— PowerToys
    NoSQL
    AWS
    training —— Refactoring from Anemic Domain Model Towards a Rich One (overview)
    病毒查杀 clamav —— 资料合集 & windows上安装 & .net项目中引入
    docker for windows 收费
  • 原文地址:https://www.cnblogs.com/kuku0223/p/9342109.html
Copyright © 2020-2023  润新知