参考：
https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/configure-access-multiple-clusters/

Deploy the given architecture diagram for implementing a Jekyll SSG.

1、创建pvc使用,以下条件限制
Storage Request: 1Gi

Access modes: ReadWriteMany

pvc name = jekyll-site, namespace = development

‘jekyll-site’ PVC should be bound to the PersistentVolume called ‘jekyll-site’.

apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: jekyll-sitenamespace: development
spec:accessModes:- ReadWriteManyresources:requests:storage: 1GivolumeName: jekyll-site

2、根据以下要求完成配置

• pod: ‘jekyll’ has an initContainer, name: ‘copy-jekyll-site’, image: ‘kodekloud/jekyll’

• initContainer: ‘copy-jekyll-site’, command: [ “jekyll”, “new”, “/site” ] (command to run: jekyll new /site)

• pod: ‘jekyll’, initContainer: ‘copy-jekyll-site’, mountPath = ‘/site’

• pod: ‘jekyll’, initContainer: ‘copy-jekyll-site’, volume name = ‘site’

• pod: ‘jekyll’, container: ‘jekyll’, volume name = ‘site’

• pod: ‘jekyll’, container: ‘jekyll’, mountPath = ‘/site’

• pod: ‘jekyll’, container: ‘jekyll’, image =‘kodekloud/jekyll-serve’

• pod: ‘jekyll’, uses volume called ‘site’ with pvc = ‘jekyll-site’

• pod: ‘jekyll’ uses label ‘run=jekyll’

apiVersion: v1
kind: Pod
metadata:name: jekyllnamespace: developmentlabels:run: jekyll
spec:initContainers:- name: copy-jekyll-siteimage: kodekloud/jekyllcommand: [ 'jekyll', 'new', '/site' ]volumeMounts:- name: sitemountPath: /sitecontainers:- name: jekyllimage: kodekloud/jekyll-servevolumeMounts:- name: sitemountPath: /sitevolumes:- name: sitepersistentVolumeClaim:claimName: jekyll-site

3、根据要求创建service

• Service ‘jekyll’ uses targetPort: ‘4000’, namespace: ‘development’
• Service ‘jekyll’ uses Port: ‘8080’, namespace: ‘development’
• Service ‘jekyll’ uses NodePort: ‘30097’, namespace: ‘development’

4、

• Build user information for martin in the default kubeconfig file:User = martin , client-key = /root/martin.key and client-certificate= /root/martin.crt (Ensure don’t embed within the kubeconfig file)
• Create a new context called ‘developer’ in the default kubeconfig file with ‘user = martin’ and ‘cluster = kubernetes’

a.Open the default kubeconfig file located at ~/.kube/config using a text editor.

b.Add the following YAML code under the users section to define the user ‘martin’ and specify the paths to the client-key and client-certificate:

users:
- name: martinuser:client-key: /root/martin.keyclient-certificate: /root/martin.crt

c.Save the kubeconfig file.
in the same time,open the default kubeconfig file located at ~/.kube/config using a text editor.Add the following YAML code .

contexts:- name: developercontext:cluster: kubernetesuser: martin

5、

• ‘developer-role’, should have all(*) permissions for services in development namespace
• ‘developer-role’, should have all permissions(*) for persistentvolumeclaims in development namespace
• ‘developer-role’, should have all(*) permissions for pods in development namespace

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:name: developer-rolenamespace: development
rules:- apiGroups: [""]resources: ["services"]verbs: ["*"]- apiGroups: [""]resources: ["persistentvolumeclaims"]verbs: ["*"]- apiGroups: [""] resources: ["pods"]verbs: ["*"]

6、

• create rolebinding = developer-rolebinding, role= ‘developer-role’, namespace = development
• rolebinding = developer-rolebinding associated with user = ‘martin’

kubectl create rolebinding developer-rolebinding --role=developer-role --user=martin --namespace=development

7、set context ‘developer’ with user = ‘martin’ and cluster = ‘kubernetes’ as the current context.

kubectl config use-context developer --user=martin --cluster=kubernetes

8、

• Service ‘jekyll’ uses targetPort: ‘4000’, namespace: ‘development’
• Service ‘jekyll’ uses Port: ‘8080’, namespace: ‘development’
• Service ‘jekyll’ uses NodePort: ‘30097’, namespace: ‘development’

apiVersion: v1
kind: Service
metadata:name: jekyllnamespace: development
spec:type: NodePortselector:app.kubernetes.io/name: jekyllports:- protocol: TCPport: 8080targetPort: 4000nodePort: 30097