Difference between revisions of "Kind: Pod"
Jump to navigation
Jump to search
Tags: Mobile web edit, Mobile edit |
|||
(10 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
[[spec.containers]] | [[spec.containers]] | ||
[[spec.initContainers]] | [[spec.initContainers]] | ||
+ | [[spec.securityContext]] | ||
[[spec.volumes]] | [[spec.volumes]] | ||
[[spec.nodeSelector]] | [[spec.nodeSelector]] | ||
+ | [[spec.imagePullSecrets]] | ||
− | Nginx | + | === Nginx example === |
{{kind pod nginx}} | {{kind pod nginx}} | ||
Line 17: | Line 19: | ||
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | ||
− | + | {{kind pod resources}} | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
Line 64: | Line 42: | ||
image: busybox:1.28 | image: busybox:1.28 | ||
command: ['sh', '-c', "until nslookup mydb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done"] | command: ['sh', '-c', "until nslookup mydb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done"] | ||
+ | |||
+ | |||
+ | == [[securityContext]] == | ||
+ | {{kind_pod_securitycontext}} | ||
+ | |||
+ | == [[imagePullSecrets]] == | ||
+ | |||
+ | {{imagepullsecrets ex}} | ||
== Related == | == Related == | ||
Line 77: | Line 63: | ||
* <code>[[NodeSelector]]</code> | * <code>[[NodeSelector]]</code> | ||
* <code>[[kind: ReplicaSet]]</code> | * <code>[[kind: ReplicaSet]]</code> | ||
− | * [[kubectl run]] | + | * <code>[[kubectl run]]</code> |
+ | * [[Configure a Security Context for a Pod or Container]] | ||
+ | * [[Resource Management for Pods and Containers]] | ||
+ | * [[imagePullSecrets]] | ||
== See also == | == See also == |
Revision as of 05:06, 18 July 2024
spec. spec.containers spec.initContainers spec.securityContext spec.volumes spec.nodeSelector spec.imagePullSecrets
Nginx example
apiVersion: v1 kind: Pod metadata: name: nginx labels: env: test spec: containers: - name: nginx image: nginx imagePullPolicy: IfNotPresent nodeSelector: disktype: ssd
Alpine container to access a PV:
apiVersion: v1 kind: Pod metadata: name: myalpinewithvolume spec: containers: - name: alpine image: alpine:latest command: ['ash'] tty: true stdin: true volumeMounts: - name: myvolume mountPath: /myvolume volumes: - name: myvolume persistentVolumeClaim: claimName: myPVCtoMount
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ --- apiVersion: v1 kind: Pod metadata: name: frontend spec: containers: - name: app image: images.my-company.example/app:v4 resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m" - name: log-aggregator image: images.my-company.example/log-aggregator:v6 resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m"
initContainers
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers: - name: myapp-container image: busybox:1.28 command: ['sh', '-c', 'echo The app is running! && sleep 3600'] initContainers: - name: init-myservice image: busybox:1.28 command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] - name: init-mydb image: busybox:1.28 command: ['sh', '-c', "until nslookup mydb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done"]
securityContext
apiVersion: v1 kind: Pod metadata: name: security-context-demo spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-demo image: busybox:1.28 command: [ "sh", "-c", "sleep 1h" ] volumeMounts: - name: sec-ctx-vol mountPath: /data/demo securityContext: allowPrivilegeEscalation: false
imagePullSecrets
apiVersion: v1 kind: Pod metadata: name: private-reg spec: containers: - name: private-reg-container image: <your-private-image> imagePullSecrets: - name: regcred
Related
dnsPolicy:
- Kubernetes init containers
autoScaler:
envFrom:
LivenessProbe
lifecycle:
ports:
- Kubernetes, env:
nodeName
NodeSelector
kind: ReplicaSet
kubectl run
- Configure a Security Context for a Pod or Container
- Resource Management for Pods and Containers
- imagePullSecrets
See also
Advertising: