-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathshared-vol.sh
68 lines (53 loc) · 6.11 KB
/
shared-vol.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
# SA to obtain pods
kubectl create serviceaccount cp-api-explorer
kubectl create clusterrole ns-reader --verb=get,list,watch --resource=namespaces,pods
kubectl create clusterrolebinding ns-reader --clusterrole ns-reader --serviceaccount default:cp-api-explorer
# RO access to pods in default ns
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods"]
verbs: ["get", "watch", "list"]
EOF
# bind role to SA
# kubectl create rolebinding api-explorer:pod-reader --role pod-reader --serviceaccount default:cp-api-explorer
# if needed to recreate
kubectl delete pod two-containers
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
name: two-containers
labels:
environment: production
app: nginx
spec:
serviceAccountName: cp-api-explorer
volumes:
- name: shared-data
emptyDir: {}
containers:
- name: first
image: nginx
volumeMounts:
- name: shared-data
mountPath: /usr/share/nginx/html
- name: second
image: ubuntu
volumeMounts:
- name: shared-data
mountPath: /pod-data
command: ["/bin/bash"]
args:
- "-c"
- "echo 'YXB0IHVwZGF0ZTsgYXB0IGluc3RhbGwgLXkgY3VybCBqcSB1dWlkLXJ1bnRpbWU7Cgp3aGlsZSB0cnVlOyBkbwogICAgZGF0ZSA+PiAvcG9kLWRhdGEvaW5kZXguaHRtbDsKICAgIGVjaG8gSGVsbG8gZnJvbSB0aGUgc2Vjb25kIGNvbnRhaW5lciA+PiAvcG9kLWRhdGEvaW5kZXguaHRtbDsKICAgIGVjaG8gIjxicj4iID4+IC9wb2QtZGF0YS9pbmRleC5odG1sOwogICAgCiAgICAjZmluZCAvcnVuL3NlY3JldHMva3ViZXJuZXRlcy5pby8KICAgIAogICAgVE9LRU49JChjYXQgL3J1bi9zZWNyZXRzL2t1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvdG9rZW4pCiAgIAogICAgI2VjaG8gIkF1dGhvcml6YXRpb246IEJlYXJlciAkKGNhdCAvcnVuL3NlY3JldHMva3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC90b2tlbikiCiAgICAjY2F0ICAvcnVuL3NlY3JldHMva3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9jYS5jcnQKICAgIAogICAgI2VjaG8gIm5hbWVzcGFjZXMiCiAgICAjY3VybCAtcyAiaHR0cHM6Ly9rdWJlcm5ldGVzL2FwaS92MS9uYW1lc3BhY2VzIiAgLS1oZWFkZXIgIkF1dGhvcml6YXRpb246IEJlYXJlciAkKGNhdCAvcnVuL3NlY3JldHMva3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC90b2tlbikiIC0tY2FjZXJ0IC9ydW4vc2VjcmV0cy9rdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L2NhLmNydAogICAgCiAgICAjY3VybCAtcyAiaHR0cHM6Ly9rdWJlcm5ldGVzL2FwaS92MS9uYW1lc3BhY2VzL2RlZmF1bHQvcG9kcyIgIC0taGVhZGVyICJBdXRob3JpemF0aW9uOiBCZWFyZXIgJFRPS0VOIiAtLWNhY2VydCAvcnVuL3NlY3JldHMva3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9jYS5jcnQKICAgIAogICAgI2VjaG8gImluc2VjdXJlIgogICAgI2N1cmwgLXMgImh0dHBzOi8va3ViZXJuZXRlcy9hcGkvdjEvbmFtZXNwYWNlcy9kZWZhdWx0L3BvZHMiICAtLWhlYWRlciAiQXV0aG9yaXphdGlvbjogQmVhcmVyICRUT0tFTiIgLS1pbnNlY3VyZQogICAgCiAgICAjZWNobyAicHJ2bmkgSlEiCiAgICAjY3VybCAtcyAiaHR0cHM6Ly9rdWJlcm5ldGVzL2FwaS92MS9uYW1lc3BhY2VzL2RlZmF1bHQvcG9kcyIgIC0taGVhZGVyICJBdXRob3JpemF0aW9uOiBCZWFyZXIgJFRPS0VOIiAtLWNhY2VydCAvcnVuL3NlY3JldHMva3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9jYS5jcnQgfCBqcSAtYyAtciAnLml0ZW1zW10gfCAuc3RhdHVzLnBvZElQc1tdJwogICAgI2VjaG8gImNlbGUgSlEiCiAgICBjdXJsIC1zICJodHRwczovL2t1YmVybmV0ZXMvYXBpL3YxL25hbWVzcGFjZXMvZGVmYXVsdC9wb2RzIiAgLS1oZWFkZXIgIkF1dGhvcml6YXRpb246IEJlYXJlciAkVE9LRU4iIC0tY2FjZXJ0IC9ydW4vc2VjcmV0cy9rdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L2NhLmNydCBcCiAgICB8IGpxIC1jIC1yICcuaXRlbXNbXSB8IC5zdGF0dXMucG9kSVBzW10gJyBcCiAgICB8IGpxIC0tc2x1cnAgJ21hcCguaXApIGFzICRpcHMgfCB7CiAgICAgICAgICAgICAgICAidmVyc2lvbiI6ICIxLjAiLAogICAgICAgICAgICAgICAgImRlc2NyaXB0aW9uIjogIkdlbmVyaWMgRGF0YSBDZW50ZXIgZnJvbSBLdWJlcm5ldGVzIEFQSSIsCiAgICAgICAgICAgICAgICAib2JqZWN0cyI6IFsgewogICAgICAgICAgICAgICAgICAgbmFtZTogIlBvZHMgaW4gZGVmYXVsdCBOUyIsCiAgICAgICAgICAgICAgICAgICBpZDogIkFBQ0UyRTNDLTVFMUMtNEM3Ri04RkE4LTVGQUE4RTBFMDZDQiIsCiAgICAgICAgICAgICAgICAgICAiZGVzY3JpcHRpb24iOiAiRXhhbXBsZSBmb3IgSVB2NCBhZGRyZXNzZXMgY29sbGVjdGVkIGZyb20gSzhTIG5hbWVzcGFjZSBwb2RzIiwKICAgICAgICAgICAgICAgICAgIHJhbmdlczogJGlwcwogICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgICAgICJuYW1lIjogIlBvZHMgc3RhdGljIGRlbW8iLAogICAgICAgICAgICAgICAgICAgICAgICAiaWQiOiAiQUFDRTJFM0MtNUUxQy00QzdGLThGQTgtNUZBQThFMEUwNkNDIiwKICAgICAgICAgICAgICAgICAgICAgICAgImRlc2NyaXB0aW9uIjogIlBhdmVsIGRlbW8iLAogICAgICAgICAgICAgICAgICAgICJyYW5nZXMiOiBbIjguMjQ0LjEuNiJdCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgXQogICAgfScgPiAvcG9kLWRhdGEvZGMuanNvbgoKICAgIGVjaG8gImNyZWF0ZWQgL3BvZC1kYXRhL2RjLmpzb24iCiAgICBjYXQgL3BvZC1kYXRhL2RjLmpzb24KICAgIGVjaG8KICAgIAogICAgTkFNRVNQQUNFUz0kKGN1cmwgLXMgImh0dHBzOi8va3ViZXJuZXRlcy9hcGkvdjEvbmFtZXNwYWNlcyIgIC0taGVhZGVyICJBdXRob3JpemF0aW9uOiBCZWFyZXIgJChjYXQgL3J1bi9zZWNyZXRzL2t1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvdG9rZW4pIiAtLWNhY2VydCAvcnVuL3NlY3JldHMva3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9jYS5jcnQgfCBqcSAtciAnLml0ZW1zW10ubWV0YWRhdGEubmFtZScpCiAgICBmb3IgTkFNRVNQQUNFIGluICROQU1FU1BBQ0VTOyBkbyAKICAgICAgICBjdXJsIC1zICJodHRwczovL2t1YmVybmV0ZXMvYXBpL3YxL25hbWVzcGFjZXMvJE5BTUVTUEFDRS9wb2RzIiAgXAogICAgICAgICAgICAtLWhlYWRlciAiQXV0aG9yaXphdGlvbjogQmVhcmVyICRUT0tFTiIgXAogICAgICAgICAgICAtLWNhY2VydCAvcnVuL3NlY3JldHMva3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9jYS5jcnQgfCBcCiAgICAgICAgICAgIGpxIC1jIC1yICcuaXRlbXNbXSB8IC5zdGF0dXMucG9kSVBzW10nIHwgXAogICAgICAgICAgICBqcSAtYyAtciAtLXNsdXJwIC0tYXJnIG5zICIkTkFNRVNQQUNFIiAne25hbWVzcGFjZTogJG5zLCBpcHM6IFsuW10gfCAuaXAgXX0nIHwgXAogICAgICAgICAgICBqcSAtYyAtLWFyZyB1dWlkICIkKHV1aWRnZW4pIiAnewogICAgICAgICAgICAgICAgICAgIG5hbWU6ICJpcHMtXCgubmFtZXNwYWNlKSIsIAogICAgICAgICAgICAgICAgICAgIGRlc2NyaXB0aW9uOiAiSVBzIGluIG5hbWVzcGFjZSBcKC5uYW1lc3BhY2UpIiwKICAgICAgICAgICAgICAgICAgICB1aWQ6ICR1dWlkLAogICAgICAgICAgICAgICAgICAgIGlkOiAiaWQtXCgubmFtZXNwYWNlKSIsCiAgICAgICAgICAgICAgICAgICAgcmFuZ2VzOiAuaXBzIHwgdW5pcXVlLCAKICAgICAgICAgICAgICAgICAgICB9JyAKICAgIGRvbmUgfCBqcSAtYyAnc2VsZWN0KCgucmFuZ2VzfGxlbmd0aCk+MCknIHwganEgLS1zbHVycCAgJyB7CiAgICAgICAgICAgICAgICAidmVyc2lvbiI6ICIxLjAiLAogICAgICAgICAgICAgICAgImRlc2NyaXB0aW9uIjogIkdlbmVyaWMgRGF0YSBDZW50ZXIgZnJvbSBLdWJlcm5ldGVzIEFQSSIsCiAgICAgICAgICAgICAgICAib2JqZWN0cyI6ICAuIAogICAgICAgICAgICAgICAgfScgPiAvcG9kLWRhdGEvYWxsLW5zLmpzb24KCiAgICBlY2hvICJjcmVhdGVkIC9wb2QtZGF0YS9hbGwtbnMuanNvbiIKICAgIGNhdCAvcG9kLWRhdGEvYWxsLW5zLmpzb24KICAgIGVjaG8gCgogICAgc2xlZXAgNTsKCmRvbmUK' | base64 -d | bash - "
EOF
kubectl expose pod two-containers --type=NodePort --port=80
# minikube service --url two-containers
# kubectl exec two-containers -c second -i -t -- bash