碼上快樂

相關內容    簡體    繁體

kubernetes 編排詳解 掛載

本文轉載自   查看原文   2018-07-20 16:17   845    kubernetes 
##kube掛載本地磁盤
apiVersion: v1
kind: Pod
metadata:
  name: redis
spec:
  containers:
  - name: redis
    image: redis
    volumeMounts:
    - name: redis-storage
      mountPath: /data/redis
  volumes:
  - name: redis-storage
    emptyDir: {}  #本地磁盤存儲emptyDir

  

##創建PersistentVolume   pv
kind: PersistentVolume
apiVersion: v1
metadata:
  name: task-pv-volume
  labels:
    type: local
spec:
  storageClassName: manual
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/data"

##創建PersistentVolumeClaim  pvc
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: task-pv-claim
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi

##使用pvc 
kind: Pod
apiVersion: v1
metadata:
  name: task-pv-pod
spec:
  volumes:
    - name: task-pv-storage
      persistentVolumeClaim:
       claimName: task-pv-claim
  containers:
    - name: task-pv-container
      image: nginx
      ports:
        - containerPort: 80
          name: "http-server"
      volumeMounts:
        - mountPath: "/usr/share/nginx/html"
          name: task-pv-storage

  

##掛載時使用密碼和賬號
##從本地文件創建用戶名和密碼密鑰
apiVersion: v1
kind: Pod
metadata:
  name: test-projected-volume
spec:
  containers:
  - name: test-projected-volume
    image: busybox
    args:
    - sleep
    - "86400"
    volumeMounts:
    - name: all-in-one
      mountPath: "/projected-volume"
      readOnly: true
  volumes:
  - name: all-in-one
    projected:
      sources:
      - secret:
          name: user   #賬號
      - secret:
          name: pass   #密碼

#創造密碼賬號
echo -n "admin" > ./username.txt
echo -n "1f2d1e2e67df" > ./password.txt
kubectl create secret generic user --from-file=./username.txt
kubectl create secret generic pass --from-file=./password.txt

  

##設置Pod的安全上下文
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    fsGroup: 2000
  volumes:
  - name: sec-ctx-vol
    emptyDir: {}
  containers:
  - name: sec-ctx-demo
    image: gcr.io/google-samples/node-hello:1.0
    volumeMounts:
    - name: sec-ctx-vol
      mountPath: /data/demo
    securityContext:
      allowPrivilegeEscalation: false
#該runAsUser字段指定對於Pod中的任何Container,第一個進程使用用戶ID 1000運行。該fsGroup字段指定組ID 
#2000與Pod中的所有Container關聯。組ID 2000還與在該卷中/data/demo創建的任何文件一起安裝的卷關聯

##設置Container的安全上下文
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-2
spec:
  securityContext:
    runAsUser: 1000
  containers:
  - name: sec-ctx-demo-2
    image: gcr.io/google-samples/node-hello:1.0
    securityContext:
      runAsUser: 2000
      allowPrivilegeEscalation: false
#輸出顯示進程正在以用戶2000身份運行。這是runAsUser為Container指定的值。它會覆蓋為Pod指定的值1000。

  

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 容器編排技術 -- Kubernetes kubectl run 命令詳解 容器編排技術 -- Kubernetes kubectl expose命令詳解 Kubernetes 編排系統 Kubernetes(二):編排介紹 Kubernetes 編排神器之 Helm [Kubernetes]編排其實很簡單 Kubernetes基礎:編排調度的那些Controllers kubernetes容器編排系統介紹 Kubernetes之二workload資源編排 Helm - Kubernetes服務編排的利器
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM