Skip to content

Commit 72a9b90

Browse files
rubenfiszelrubenfiszel
committed
add kubernetes to run docker container section
1 parent 518e4a1 commit 72a9b90

File tree

1 file changed

+65
-0
lines changed

1 file changed

+65
-0
lines changed

docs/advanced/7_docker/index.mdx

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,3 +121,68 @@ Status: Downloaded newer image for alpine:latest
121121
Hello
122122
+ exit 0
123123
```
124+
125+
## Kubernetes
126+
127+
If you use kubernetes and would like to run your docker file directly on the kubernetes host, use the following script:
128+
129+
```
130+
# shellcheck shell=bash
131+
# Bash script that calls docker as a client to the host daemon
132+
# See documentation: https://www.windmill.dev/docs/advanced/docker
133+
msg="${1:-world}"
134+
135+
IMAGE="docker/whalesay:latest"
136+
COMMAND=(sh -c "cowsay $msg")
137+
138+
APISERVER=https://kubernetes.default.svc
139+
SERVICEACCOUNT=/var/run/secrets/kubernetes.io/serviceaccount
140+
NAMESPACE=$(cat ${SERVICEACCOUNT}/namespace)
141+
TOKEN=$(cat ${SERVICEACCOUNT}/token)
142+
CACERT=${SERVICEACCOUNT}/ca.crt
143+
144+
kubectl config set-cluster local --server="${APISERVER}" --certificate-authority="${CACERT}"
145+
kubectl config set-credentials local --token="${TOKEN}"
146+
kubectl config set-context local --cluster=local --user=local --namespace="${NAMESPACE}"
147+
kubectl config use-context local
148+
149+
kubectl run task -it --rm --restart=Never --image="$IMAGE" -- "${COMMAND[@]}"
150+
```
151+
152+
and use the following additional privileges
153+
154+
```yaml
155+
---
156+
apiVersion: rbac.authorization.k8s.io/v1
157+
kind: Role
158+
metadata:
159+
namespace: windmill
160+
name: pod-management
161+
rules:
162+
- apiGroups: ['']
163+
resources: ['pods']
164+
verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']
165+
- apiGroups: ['']
166+
resources: ['pods/log']
167+
verbs: ['get', 'list', 'watch']
168+
- apiGroups: ['']
169+
resources: ['pods/attach']
170+
verbs: ['get', 'list', 'watch', 'create', 'update', 'patch', 'delete']
171+
- apiGroups: ['']
172+
resources: ['events']
173+
verbs: ['get', 'list', 'watch']
174+
---
175+
apiVersion: rbac.authorization.k8s.io/v1
176+
kind: RoleBinding
177+
metadata:
178+
name: pod-management
179+
namespace: windmill
180+
subjects:
181+
- kind: ServiceAccount
182+
name: windmill-chart
183+
namespace: windmill
184+
roleRef:
185+
kind: Role
186+
name: pod-management
187+
apiGroup: rbac.authorization.k8s.io
188+
```

0 commit comments

Comments
 (0)