zoukankan      html  css  js  c++  java

  • kubernetes 编排详解 挂载

    ##kube挂载本地磁盘
    apiVersion: v1
kind: Pod
metadata:
  name: redis
spec:
  containers:
  - name: redis
    image: redis
    volumeMounts:
    - name: redis-storage
      mountPath: /data/redis
  volumes:
  - name: redis-storage
    emptyDir: {}  #本地磁盘存储emptyDir

      

    ##创建PersistentVolume   pv
kind: PersistentVolume
apiVersion: v1
metadata:
  name: task-pv-volume
  labels:
    type: local
spec:
  storageClassName: manual
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/data"

##创建PersistentVolumeClaim  pvc
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: task-pv-claim
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi

##使用pvc 
kind: Pod
apiVersion: v1
metadata:
  name: task-pv-pod
spec:
  volumes:
    - name: task-pv-storage
      persistentVolumeClaim:
       claimName: task-pv-claim
  containers:
    - name: task-pv-container
      image: nginx
      ports:
        - containerPort: 80
          name: "http-server"
      volumeMounts:
        - mountPath: "/usr/share/nginx/html"
          name: task-pv-storage

      

    ##挂载时使用密码和账号
##从本地文件创建用户名和密码密钥
apiVersion: v1
kind: Pod
metadata:
  name: test-projected-volume
spec:
  containers:
  - name: test-projected-volume
    image: busybox
    args:
    - sleep
    - "86400"
    volumeMounts:
    - name: all-in-one
      mountPath: "/projected-volume"
      readOnly: true
  volumes:
  - name: all-in-one
    projected:
      sources:
      - secret:
          name: user   #账号
      - secret:
          name: pass   #密码

#创造密码账号
echo -n "admin" > ./username.txt
echo -n "1f2d1e2e67df" > ./password.txt
kubectl create secret generic user --from-file=./username.txt
kubectl create secret generic pass --from-file=./password.txt

      

    ##设置Pod的安全上下文
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo
spec:
  securityContext:
    runAsUser: 1000
    fsGroup: 2000
  volumes:
  - name: sec-ctx-vol
    emptyDir: {}
  containers:
  - name: sec-ctx-demo
    image: gcr.io/google-samples/node-hello:1.0
    volumeMounts:
    - name: sec-ctx-vol
      mountPath: /data/demo
    securityContext:
      allowPrivilegeEscalation: false
#该runAsUser字段指定对于Pod中的任何Container,第一个进程使用用户ID 1000运行。该fsGroup字段指定组ID 
    #2000与Pod中的所有Container关联。组ID 2000还与在该卷中/data/demo创建的任何文件一起安装的卷关联

##设置Container的安全上下文
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-2
spec:
  securityContext:
    runAsUser: 1000
  containers:
  - name: sec-ctx-demo-2
    image: gcr.io/google-samples/node-hello:1.0
    securityContext:
      runAsUser: 2000
      allowPrivilegeEscalation: false
#输出显示进程正在以用户2000身份运行。这是runAsUser为Container指定的值。它会覆盖为Pod指定的值1000。

      
  • 相关阅读:
    c++/c语言中如何调用DLL
    fortran出现stack overflow的原因及解决办法
    iOS: ARC和非ARC下使用Block属性的问题
    Objective-C Autorelease Pool 的实现原理
    class-dump 复制到/usr/bin目录不可写,Operation not permitted 解决办法
    Auto Layout 使用心得
    iOS-关于微信支付
    IOS应用安全(五):高级Runtime分析和操作
    Objective-C Runtime 运行时之六:拾遗
    Objective-C Runtime 运行时之五:协议与分类
  • 原文地址:https://www.cnblogs.com/kuku0223/p/9342109.html
Copyright © 2011-2022 走看看