Difference between revisions of "Kind: Pod"
Jump to navigation
Jump to search
(13 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
[[spec.]] | [[spec.]] | ||
[[spec.containers]] | [[spec.containers]] | ||
+ | [[spec.volumes]] | ||
[[spec.initContainers]] | [[spec.initContainers]] | ||
− | [[spec. | + | [[spec.securityContext]] |
[[spec.nodeSelector]] | [[spec.nodeSelector]] | ||
+ | [[spec.imagePullSecrets]] | ||
− | Nginx | + | === [[Nginx example]] === |
{{kind pod nginx}} | {{kind pod nginx}} | ||
Line 17: | Line 19: | ||
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | ||
− | + | {{kind pod resources}} | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== [[initContainers]] == | == [[initContainers]] == | ||
Line 64: | Line 41: | ||
image: busybox:1.28 | image: busybox:1.28 | ||
command: ['sh', '-c', "until nslookup mydb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done"] | command: ['sh', '-c', "until nslookup mydb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done"] | ||
+ | |||
+ | |||
+ | == [[securityContext]] == | ||
+ | {{kind_pod_securitycontext}} | ||
+ | |||
+ | == [[imagePullSecrets]] == | ||
+ | |||
+ | {{imagepullsecrets ex}} | ||
+ | |||
+ | == [[Sidecar]] container == | ||
+ | {{sidecar-container}} | ||
== Related == | == Related == | ||
Line 79: | Line 67: | ||
* <code>[[kubectl run]]</code> | * <code>[[kubectl run]]</code> | ||
* [[Configure a Security Context for a Pod or Container]] | * [[Configure a Security Context for a Pod or Container]] | ||
+ | * [[Resource Management for Pods and Containers]] | ||
+ | * [[imagePullSecrets]] | ||
+ | * Kubernetes changelog: [[AppArmor]] profiles can now be configured through fields on the [[PodSecurityContext]] and container [[SecurityContext]] | ||
== See also == | == See also == |
Latest revision as of 18:42, 27 October 2024
spec. spec.containers spec.volumes spec.initContainers spec.securityContext spec.nodeSelector spec.imagePullSecrets
Contents
Nginx example[edit]
apiVersion: v1 kind: Pod metadata: name: nginx labels: env: test spec: containers: - name: nginx image: nginx imagePullPolicy: IfNotPresent nodeSelector: disktype: ssd
Alpine container to access a PV:
apiVersion: v1 kind: Pod metadata: name: myalpinewithvolume spec: containers: - name: alpine image: alpine:latest command: ['ash'] tty: true stdin: true volumeMounts: - name: myvolume mountPath: /myvolume volumes: - name: myvolume persistentVolumeClaim: claimName: myPVCtoMount
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ --- apiVersion: v1 kind: Pod metadata: name: frontend spec: containers: - name: app image: images.my-company.example/app:v4 resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m" - name: log-aggregator image: images.my-company.example/log-aggregator:v6 resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m"
initContainers[edit]
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers: - name: myapp-container image: busybox:1.28 command: ['sh', '-c', 'echo The app is running! && sleep 3600'] initContainers: - name: init-myservice image: busybox:1.28 command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] - name: init-mydb image: busybox:1.28 command: ['sh', '-c', "until nslookup mydb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done"]
securityContext[edit]
apiVersion: v1 kind: Pod metadata: name: security-context-demo spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-demo image: busybox:1.28 command: [ "sh", "-c", "sleep 1h" ] volumeMounts: - name: sec-ctx-vol mountPath: /data/demo securityContext: allowPrivilegeEscalation: false
imagePullSecrets[edit]
apiVersion: v1 kind: Pod metadata: name: private-reg spec: containers: - name: private-reg-container image: <your-private-image> imagePullSecrets: - name: regcred
Sidecar container[edit]
apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: main-container image: busybox command: ["sh", "-c", "echo 'Main process running'; sleep 30"] - name: sidecar-container image: busybox command: ["sh", "-c", "while true; do sleep 3600; done"]
Related[edit]
dnsPolicy:
- Kubernetes init containers
autoScaler:
envFrom:
LivenessProbe
lifecycle:
ports:
- Kubernetes, env:
nodeName
NodeSelector
kind: ReplicaSet
kubectl run
- Configure a Security Context for a Pod or Container
- Resource Management for Pods and Containers
- imagePullSecrets
- Kubernetes changelog: AppArmor profiles can now be configured through fields on the PodSecurityContext and container SecurityContext
See also[edit]
Advertising: