Of course,

Yaml files are strictly dedicated to kubernetes object definition and
deployment (like deployment.yaml for service on docker). They are not to be
included in docker container.

In fact the better is to create a folder "k8s" and move them into .

In order to create the container/pod on kubernetes you have to launch :

kubectl create -f 389-ds-container/kube/* with all yaml files in kube folder

In interactive mode :

kubectl run -d --name 389-ds-container --image=r
egistry.opensuse.org/home/firstyear/containers/389-ds-container:latest
<http://registry.opensuse.org/home/firstyear/containers/389-ds-container:latest>
--port=3389


389-ds-container/

├── Dockerfile

├── other files/floders required for Docker image creation

└── k8s

   ├── 389-ds-container.yaml

   ├── secrets.yaml

   ├── service.yaml

   └── storage.yaml

389-ds-container => (i made a mistake the name should be
389-ds-container.yaml) is the kubernetes pod declaration on k8s. It defines
what volume, environment variables, resources limit and more required to
start the container on the kube cluster. This file will use the image
created and pushed on the registry of your choice

services.yaml => create a kube service which will allow external access to
 the pod (container). On kubernetes you can not access to you container/pod
directly. You have to implement a service. In my case I created a ClusterIP
which means that the service in only available inside kubernetes cluster
(Can be changed) . Other modes are NodePort or LoadBalancer (available only
when your k8s cluster is hosted on a CloudProvider). Service allow
loadbalancing natively if you have many pods up (ie with MMR) .

Secrets.yaml => all stuff like passwords or certificates that can be
defined like variable but are mounted in the pod/container and can be used
like files or variables. It’s an equivalent of secret in Docker. In defined
there my own fake certificate in order to inject them with certutil in the
pods instead of the self-signed one

Storage.yaml => Are the definition of my volume in k8s world. I created a
pv (Persistent volume)  which use a physical storage type as filesystem in
my case but can be another kind of storage (NFS,gluster,iscsi,FC…) the user
has to provide a pv with the same name whatever the kind of storage.

Then PVC (PersistentVolumeClaim) , which wil bind the volume defined with
the name and the size required.


> A better idea may be to have dscontainer take a set of PEM files and then
load them to your certificate store on startup instead rather than the
current method of certificate handling.

Yes i agree but if you want to read them at startup you have to provide
them somewhere accessible from the container. The better i think is the
secret.


Le jeu. 13 juin 2019 à 16:15, William Brown <wbr...@suse.de> a écrit :

> Most of those look pretty reasonable. Can you describe to be the work flow
> and how those yaml files interacte with k8s and how they are associated to
> the container? Do they need to be in the docker file? Or something else?
>
> Thanks!
>
>
> > On 13 Jun 2019, at 15:21, Olivier JUDITH <gnu...@gmail.com> wrote:
> >
> > _______________________________________________
>
> —
> Sincerely,
>
> William Brown
>
> Senior Software Engineer, 389 Directory Server
> SUSE Labs
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

Reply via email to