参考:
https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/configure-access-multiple-clusters/
Deploy the given architecture diagram for implementing a Jekyll SSG.
1、创建pvc使用,以下条件限制
Storage Request: 1Gi
Access modes: ReadWriteMany
pvc name = jekyll-site, namespace = development
‘jekyll-site’ PVC should be bound to the PersistentVolume called ‘jekyll-site’.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: jekyll-sitenamespace: development
spec:accessModes:- ReadWriteManyresources:requests:storage: 1GivolumeName: jekyll-site
2、根据以下要求完成配置
-
pod: ‘jekyll’ has an initContainer, name: ‘copy-jekyll-site’, image: ‘kodekloud/jekyll’
-
initContainer: ‘copy-jekyll-site’, command: [ “jekyll”, “new”, “/site” ] (command to run: jekyll new /site)
-
pod: ‘jekyll’, initContainer: ‘copy-jekyll-site’, mountPath = ‘/site’
-
pod: ‘jekyll’, initContainer: ‘copy-jekyll-site’, volume name = ‘site’
-
pod: ‘jekyll’, container: ‘jekyll’, volume name = ‘site’
-
pod: ‘jekyll’, container: ‘jekyll’, mountPath = ‘/site’
-
pod: ‘jekyll’, container: ‘jekyll’, image =‘kodekloud/jekyll-serve’
-
pod: ‘jekyll’, uses volume called ‘site’ with pvc = ‘jekyll-site’
-
pod: ‘jekyll’ uses label ‘run=jekyll’
apiVersion: v1
kind: Pod
metadata:name: jekyllnamespace: developmentlabels:run: jekyll
spec:initContainers:- name: copy-jekyll-siteimage: kodekloud/jekyllcommand: [ 'jekyll', 'new', '/site' ]volumeMounts:- name: sitemountPath: /sitecontainers:- name: jekyllimage: kodekloud/jekyll-servevolumeMounts:- name: sitemountPath: /sitevolumes:- name: sitepersistentVolumeClaim:claimName: jekyll-site
3、根据要求创建service
- Service ‘jekyll’ uses targetPort: ‘4000’, namespace: ‘development’
- Service ‘jekyll’ uses Port: ‘8080’, namespace: ‘development’
- Service ‘jekyll’ uses NodePort: ‘30097’, namespace: ‘development’
4、
- Build user information for martin in the default kubeconfig file:User = martin , client-key = /root/martin.key and client-certificate= /root/martin.crt (Ensure don’t embed within the kubeconfig file)
- Create a new context called ‘developer’ in the default kubeconfig file with ‘user = martin’ and ‘cluster = kubernetes’
a.Open the default kubeconfig file located at ~/.kube/config using a text editor.
b.Add the following YAML code under the users section to define the user ‘martin’ and specify the paths to the client-key and client-certificate:
users:
- name: martinuser:client-key: /root/martin.keyclient-certificate: /root/martin.crt
c.Save the kubeconfig file.
in the same time,open the default kubeconfig file located at ~/.kube/config using a text editor.Add the following YAML code .
contexts:- name: developercontext:cluster: kubernetesuser: martin
5、
- ‘developer-role’, should have all(*) permissions for services in development namespace
- ‘developer-role’, should have all permissions(*) for persistentvolumeclaims in development namespace
- ‘developer-role’, should have all(*) permissions for pods in development namespace
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:name: developer-rolenamespace: development
rules:- apiGroups: [""]resources: ["services"]verbs: ["*"]- apiGroups: [""]resources: ["persistentvolumeclaims"]verbs: ["*"]- apiGroups: [""] resources: ["pods"]verbs: ["*"]
6、
- create rolebinding = developer-rolebinding, role= ‘developer-role’, namespace = development
- rolebinding = developer-rolebinding associated with user = ‘martin’
kubectl create rolebinding developer-rolebinding --role=developer-role --user=martin --namespace=development
7、set context ‘developer’ with user = ‘martin’ and cluster = ‘kubernetes’ as the current context.
kubectl config use-context developer --user=martin --cluster=kubernetes
8、
- Service ‘jekyll’ uses targetPort: ‘4000’, namespace: ‘development’
- Service ‘jekyll’ uses Port: ‘8080’, namespace: ‘development’
- Service ‘jekyll’ uses NodePort: ‘30097’, namespace: ‘development’
apiVersion: v1
kind: Service
metadata:name: jekyllnamespace: development
spec:type: NodePortselector:app.kubernetes.io/name: jekyllports:- protocol: TCPport: 8080targetPort: 4000nodePort: 30097
】 10.29学习)
)
)
