govindkailas/nginx-pvc.yaml

## nginx-pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc-vol-nginx
  namespace: gkr-dev #change this accordigly
  annotations:
    volume.beta.kubernetes.io/storage-class: default
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
  namespace: gkr-dev
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      securityContext:
        runAsUser: 1001  #run as non-root user
        fsGroup: 1001 #this would allow you to write to the pvc by changing the fsgroup from root(default) to whatever group id mentioned
      initContainers:
      - name: init-overwrite-pvc
        image: busybox:1.28
        command: ["/bin/sh", "-c", "echo '<h1>Hello !! </h1>I am loaded from <b>nginx-pvc</b> <br>Pod name: <b>\'$HOSTNAME\'' > /app/index.html && echo 'done' && exit "]
        securityContext:
          allowPrivilegeEscalation: false #drop privilage escalation
          privileged: false #run as non-privilaged container
        volumeMounts:
        - mountPath: /app
          name: nginx-pvc
      containers:
      - image: bitnami/nginx
        name: nginx
        securityContext:
          allowPrivilegeEscalation: false #drop privilage escalation
          privileged: false #run as non-privilaged container
        resources:
          requests:
            memory: "128Mi"
            cpu: "100m"
          limits:
            memory: "256Mi"
            cpu: "300m"
        volumeMounts:
        - mountPath: /app
          name: nginx-pvc
      volumes:
      - name: nginx-pvc
        persistentVolumeClaim:
          claimName: pvc-vol-nginx
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-svc
  namespace: gkr-dev
spec:
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8080
---
# this is optional, if its not relevant for you just create the servie as LoadBalancer in the above block.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    enable-tls: "true"
  name: nginx-ing
  namespace: gkr-dev
spec:
  rules:
  - host: nginx-pvc-ing.example.com #whatever is applicable for your domain
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: nginx-svc
            port:
              number: 80
	kind: PersistentVolumeClaim
	apiVersion: v1
	metadata:
	name: pvc-vol-nginx
	namespace: gkr-dev #change this accordigly
	annotations:
	volume.beta.kubernetes.io/storage-class: default
	spec:
	accessModes:
	- ReadWriteMany
	resources:
	requests:
	storage: 1Gi
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: nginx
	name: nginx
	namespace: gkr-dev
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: nginx
	template:
	metadata:
	labels:
	app: nginx
	spec:
	securityContext:
	runAsUser: 1001 #run as non-root user
	fsGroup: 1001 #this would allow you to write to the pvc by changing the fsgroup from root(default) to whatever group id mentioned
	initContainers:
	- name: init-overwrite-pvc
	image: busybox:1.28
	command: ["/bin/sh", "-c", "echo '<h1>Hello !! </h1>I am loaded from <b>nginx-pvc</b> <br>Pod name: <b>\'$HOSTNAME\'' > /app/index.html && echo 'done' && exit "]
	securityContext:
	allowPrivilegeEscalation: false #drop privilage escalation
	privileged: false #run as non-privilaged container
	volumeMounts:
	- mountPath: /app
	name: nginx-pvc
	containers:
	- image: bitnami/nginx
	name: nginx
	securityContext:
	allowPrivilegeEscalation: false #drop privilage escalation
	privileged: false #run as non-privilaged container
	resources:
	requests:
	memory: "128Mi"
	cpu: "100m"
	limits:
	memory: "256Mi"
	cpu: "300m"
	volumeMounts:
	- mountPath: /app
	name: nginx-pvc
	volumes:
	- name: nginx-pvc
	persistentVolumeClaim:
	claimName: pvc-vol-nginx
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: nginx-svc
	namespace: gkr-dev
	spec:
	selector:
	app: nginx
	ports:
	- protocol: TCP
	port: 80
	targetPort: 8080
	---
	# this is optional, if its not relevant for you just create the servie as LoadBalancer in the above block.
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	annotations:
	enable-tls: "true"
	name: nginx-ing
	namespace: gkr-dev
	spec:
	rules:
	- host: nginx-pvc-ing.example.com #whatever is applicable for your domain
	http:
	paths:
	- path: /
	pathType: Prefix
	backend:
	service:
	name: nginx-svc
	port:
	number: 80