Professional Documents
Culture Documents
○
VS.
Cattle Storage
GLOBAL Persistent Volume (PV123) Persistent Volume (PV456)
BOB SALLY
POD
POD POD
CLAIM REFERENCE
CLAIM REFERENCE PERSISTENT VOLUME
CLAIM REFERENCE
CLAIM (PVC002)
PERSISTENT VOLUME PERSISTENT VOLUME
CLAIM (PVC001) CLAIM (PVC003)
Available Provisioners:
kind: PersistentVolumeClaim
apiVersion: v1
OpenStack Cinder
metadata:
kubernetes.io/cinder
name: dyn-prov-claim
annotations:
AWS Elastic Block Store (EBS)
volume.alpha.kubernetes.io/storage-class: aws-ebs kubernetes.io/aws-ebs
spec:
accessModes: GCE Persistent Disk (gcePD)
- ReadWriteOnce kubernetes.io/gce-pd
resources:
requests:
storage: 3Gi
volume cannot mount
CrashBackLoop
FAILURE
CLAIM
PROVISION: DELETED
● MANUAL RELEASED
BOUND
● DYNAMIC PENDING PV + PVC =
PV + PVC =
AVAILABLE POD
CLAIM
REQUEST
RETAIN PV
(default policy)
volume cannot mount
CrashBackLoop
FAILURE
POD
PROVISION: DELETED
● MANUAL RELEASED
BOUND
● DYNAMIC PENDING PV + PVC =
PV + PVC =
AVAILABLE POD
CLAIM
REQUEST
POD
CLAIM
Timing / vague state
REQUEST
FAILURE
RETAIN PV
Pod Security Policy (Upstream) Security Context Constraints (SCC) (OpenShift)
● PSP provides an interface for the security SCCs are objects that define a set of conditions that a pod
must run with in order to be accepted into the system. They
types but enforcement doesn’t exist today
allow an administrator to control the following:
● No admission controller 1. Running of privileged containers.
2. Capabilities a container can request to be added.
3. Use of host directories as volumes.
4. The SELinux context of the container.
5. The user ID.
6. The use of host namespaces and networking.
7. Allocating an FSGroup that owns the pod’s volumes
8. Configuring allowable supplemental groups