1f91cd1ee0
Add Usage Examples sections. Create KubeVirt Architecture section. Fix minor editorial issues. Fix grammar and formatting issues. Story: 2010931 Task: 50286 Change-Id: I6118d0af848d07f3764eeae5ea8467864c65fceb Signed-off-by: Elisamara Aoki Goncalves <elisamaraaoki.goncalves@windriver.com>
2.2 KiB
2.2 KiB
VM Using Service Account as Filesystem
A serviceaccount volume references a Kubernetes
serviceaccount. A serviceaccount can be
presented to the as disk or as a filesystem.
The disk method does not support dynamic change propagation and the filesystem method does not support live migration. Therefore, depending on the use-case, one or the other may be more suitable.
By using filesystem, serviceaccounts are shared through
virtiofs. In contrast with using disk for sharing
serviceaccounts, filesystem allows you to dynamically
propagate changes on serviceaccounts to (i.e. the does not
need to be rebooted).
Limitation
Currently, cannot be live migrated since virtiofs does
not support live migration.
Example of a creation using default service account:
apiVersion: kubevirt.io/v1
kind: VirtualMachineInstance
metadata:
labels:
special: vmi-fedora-sa
name: vmi-fedora
spec:
domain:
devices:
filesystems:
- name: serviceaccount-fs
virtiofs: {}
disks:
- disk:
bus: virtio
name: containerdisk
machine:
type: ""
resources:
requests:
memory: 1024M
terminationGracePeriodSeconds: 0
volumes:
- name: containerdisk
containerDisk:
image: quay.io/containerdisks/fedora:latest
- cloudInitNoCloud:
userData: |-
#cloud-config
chpasswd:
expire: false
password: fedora
user: fedora
bootcmd:
# mount the ConfigMap
- "sudo mkdir /mnt/serviceaccount"
- "sudo mount -t virtiofs serviceaccount-fs /mnt/serviceaccount"
name: cloudinitdisk
- name: serviceaccount-fs
serviceAccount:
serviceAccountName: default