This document provides a trivialized example of running a multi-container pod in Kubernetes, with git-sync pulling data and an HTTP server serving it.
apiVersion: apps/v1
kind: Deployment
metadata:
name: git-sync-example
spec:
replicas: 1
selector:
matchLabels:
app: git-sync-example
template:
metadata:
labels:
app: git-sync-example
spec:
securityContext:
# Set this to any valid GID, and two things happen:
# 1) The volume "content-from-git" is group-owned by this GID.
# 2) This GID is added to each container.
fsGroup: 101
volumes:
- name: content-from-git
emptyDir: {}
containers:
- name: git-sync
# This container pulls git data and publishes it into volume
# "content-from-git". In that volume you will find a symlink
# "current" (see -dest below) which points to a checked-out copy of
# the master branch (see -branch) of the repo (see -repo).
# NOTE: git-sync already runs as non-root.
image: registry.k8s.io/git-sync/git-sync:v4.0.0
args:
- --repo=https://github.com/kubernetes/git-sync
- --depth=1
- --period=60s
- --link=current
- --root=/git
volumeMounts:
- name: content-from-git
mountPath: /git
- name: server
# This container serves the data pulled from git, via the volume
# "content-from-git".
# NOTE: apache runs as root to expose port 80, and there's not a
# trivial flag to change that. Real servers should not run as root
# when possible.
image: httpd:alpine
volumeMounts:
- name: content-from-git
mountPath: /usr/local/apache2/htdocs/
readOnly: true # no need to ever write to the volume