Giriş
Çeşitli volume tipleri var.
1. emptyDir
2. PersistentVolume
gibi
emptyDir
Şu cümleler önemli
emptyDir are volumes that get created empty when a Pod is created.Deleting a Pod deletes all its emptyDirs.emptyDir are meant for temporary working disk space.
Örnek
Şöyle yaparız
apiVersion: apps/v1kind: Deploymentmetadata:name: dune-quote-servicespec:replicas: 1selector:matchLabels:app: dune-quote-servicetemplate:metadata:labels:app: dune-quote-servicespec:containers:- image: gamussa/reactive-quote-service:0.0.3imagePullPolicy: Alwaysname: dune-quote-serviceports:- containerPort: 9001env:...- name: GRPC_SERVER_SECURITY_CERTIFICATECHAINvalue: "file:/mnt/grpc-cert-chain/server.crt"- name: GRPC_SERVER_SECURITY_PRIVATEKEYvalue: "file:/mnt/grpc-pk/server.key"volumeMounts:- mountPath: /mnt/grpc-cert-chainname: grpc-cert-chain- mountPath: /mnt/grpc-pkname: grpc-pkvolumes:- name: grpc-cert-chainsecret:secretName: grpc-cert-chain- name: grpc-pksecret:secretName: grpc-pk
Örnek - sadece tmp Dizini Hakkı
Açıklaması şöyle
Applications running in a containerized environment seldom write data, as that practically goes against the logic of having an immutable system. However, at times, it may be needed for caching or temporary swapping/processing of files. Hence, to provide this functionality to the developer, we can mount an emptyDir as an ephemeral volume which is lost once the container is killed.With this in place, we can also add another security context attribute called “readOnlyRootFilesystem” and set it as true, since the application running inside the container no longer needs to write anywhere on the file-system other than the ‘tmp’ directory.
Şöyle yaparız
apiVersion: apps/v1kind: Deploymentmetadata:labels:app: springbootmavenname: springbootmavennamespace: bootspec:replicas: 1selector:matchLabels:app: springbootmaventemplate:metadata:labels:app: springbootmavenspec:securityContext:fsGroup: 1337runAsNonRoot: truerunAsUser: 1337containers:- image: salecharohit/springbootmavenname: springbootmavenports:- containerPort: 8080securityContext:allowPrivilegeEscalation: falsereadOnlyRootFilesystem: trueprivileged: falserunAsUser: 1337capabilities:drop: ["SETUID", "SETGID"]volumeMounts:- mountPath: /tmpname: tmpserviceAccountName: ""automountServiceAccountToken: falsevolumes:- emptyDir: {}name: tmp
Hiç yorum yok:
Yorum Gönder