This is a YAML definition file for a Kubernetes Pod. The Pod contains one container, which runs the bitnami/kubectl
. Save this content in file kubectl-pod.yaml
and apply using oc apply -f kubectl-pod.yaml
.
apiVersion: v1
kind: Pod
metadata:
name: kubectl
spec:
serviceAccountName: kubectl
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
containers:
- name: kubectl
image: bitnami/kubectl:latest
command: ["/bin/sh"]
args: ["-c", "while true; do echo hello; sleep 10;done"]
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
dnsPolicy: ClusterFirst
restartPolicy: Always
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubectl
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pod-kubectl
rules:
- apiGroups: [""]
resources: ["pods", "configmaps"]
verbs: ["create", "get", "update", "delete", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: pod-kubectl-rolebinding
subjects:
- kind: ServiceAccount
name: kubectl
namespace: default
roleRef:
kind: ClusterRole
name: pod-kubectl
apiGroup: rbac.authorization.k8s.io
Note: If you want to schedule this pod in specific node add,
spec.nodeName: <your-specific-nodename>
in above pod definition.
Once the Pod is up and running, you should able to connect to the pods using the following command,
oc exec -it kubectl -- bash //OR
oc rsh kubectl
Top comments (0)