kubernets挑战实验一（| pvc | pod | services | rolebinding | context）

参考：
https://kubernetes.io/zh-cn/docs/tasks/access-application-cluster/configure-access-multiple-clusters/

Deploy the given architecture diagram for implementing a Jekyll SSG.

1、创建pvc使用,以下条件限制
Storage Request: 1Gi

Access modes: ReadWriteMany

pvc name = jekyll-site, namespace = development

‘jekyll-site’ PVC should be bound to the PersistentVolume called ‘jekyll-site’.

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: jekyll-site
  namespace: development
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
  volumeName: jekyll-site

2、根据以下要求完成配置

• pod: ‘jekyll’ has an initContainer, name: ‘copy-jekyll-site’, image: ‘kodekloud/jekyll’

• initContainer: ‘copy-jekyll-site’, command: [ “jekyll”, “new”, “/site” ] (command to run: jekyll new /site)

• pod: ‘jekyll’, initContainer: ‘copy-jekyll-site’, mountPath = ‘/site’

• pod: ‘jekyll’, initContainer: ‘copy-jekyll-site’, volume name = ‘site’

• pod: ‘jekyll’, container: ‘jekyll’, volume name = ‘site’

• pod: ‘jekyll’, container: ‘jekyll’, mountPath = ‘/site’

• pod: ‘jekyll’, container: ‘jekyll’, image =‘kodekloud/jekyll-serve’

• pod: ‘jekyll’, uses volume called ‘site’ with pvc = ‘jekyll-site’

• pod: ‘jekyll’ uses label ‘run=jekyll’

apiVersion: v1
kind: Pod
metadata:
  name: jekyll
  namespace: development
  labels:
    run: jekyll
spec:
  initContainers:
 - name: copy-jekyll-site
    image: kodekloud/jekyll
    command: [ 'jekyll', 'new', '/site' ]
    volumeMounts:
    - name: site
      mountPath: /site
  containers:
 - name: jekyll
    image: kodekloud/jekyll-serve
    volumeMounts:
    - name: site
      mountPath: /site
  volumes:
 - name: site
    persistentVolumeClaim:
      claimName: jekyll-site

3、根据要求创建service

• Service ‘jekyll’ uses targetPort: ‘4000’, namespace: ‘development’
• Service ‘jekyll’ uses Port: ‘8080’, namespace: ‘development’
• Service ‘jekyll’ uses NodePort: ‘30097’, namespace: ‘development’

apiVersion: v1
kind: Service
metadata:
  name: jekyll
spec:
  type: NodePort
  selector:
    app.kubernetes.io/name: jekyll
  ports:
    - protocol: TCP
      port: 8080
      targetPort: 4000
      nodePort: 30097

4、

• Build user information for martin in the default kubeconfig file:User = martin , client-key = /root/martin.key and client-certificate= /root/martin.crt (Ensure don’t embed within the kubeconfig file)
• Create a new context called ‘developer’ in the default kubeconfig file with ‘user = martin’ and ‘cluster = kubernetes’

a.Open the default kubeconfig file located at ~/.kube/config using a text editor.

b.Add the following YAML code under the users section to define the user ‘martin’ and specify the paths to the client-key and client-certificate:

users:
- name: martin
  user:
    client-key: /root/martin.key
    client-certificate: /root/martin.crt

c.Save the kubeconfig file.
in the same time,open the default kubeconfig file located at ~/.kube/config using a text editor.Add the following YAML code .

contexts:
 - name: developer
   context:
    cluster: kubernetes
    user: martin

5、

• ‘developer-role’, should have all(*) permissions for services in development namespace
• ‘developer-role’, should have all permissions(*) for persistentvolumeclaims in development namespace
• ‘developer-role’, should have all(*) permissions for pods in development namespace

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: developer-role
  namespace: development
rules:
 - apiGroups: [""]
  resources: ["services"]
  verbs: ["*"]
 - apiGroups: [""]
  resources: ["persistentvolumeclaims"]
  verbs: ["*"]
 - apiGroups: [""] 
  resources: ["pods"]
  verbs: ["*"]

6、

• create rolebinding = developer-rolebinding, role= ‘developer-role’, namespace = development
• rolebinding = developer-rolebinding associated with user = ‘martin’

kubectl create rolebinding developer-rolebinding --role=developer-role --user=martin --namespace=development

7、set context ‘developer’ with user = ‘martin’ and cluster = ‘kubernetes’ as the current context.

kubectl config use-context developer --user=martin --cluster=kubernetes

8、

• Service ‘jekyll’ uses targetPort: ‘4000’, namespace: ‘development’
• Service ‘jekyll’ uses Port: ‘8080’, namespace: ‘development’
• Service ‘jekyll’ uses NodePort: ‘30097’, namespace: ‘development’

apiVersion: v1
kind: Service
metadata:
  name: jekyll
  namespace: development
spec:
  type: NodePort
  selector:
    app.kubernetes.io/name: jekyll
  ports:
    - protocol: TCP
      port: 8080
      targetPort: 4000
      nodePort: 30097