Difference between revisions of "Kind: Pod"
Jump to navigation
Jump to search
(54 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
− | [[ | + | {{lowercase}} |
− | [[kind:]] Pod | + | |
+ | [[spec.]] | ||
+ | [[spec.containers]] | ||
+ | [[spec.volumes]] | ||
+ | [[spec.initContainers]] | ||
+ | [[spec.securityContext]] | ||
+ | [[spec.nodeSelector]] | ||
+ | [[spec.imagePullSecrets]] | ||
+ | |||
+ | === [[Nginx example]] === | ||
+ | {{kind pod nginx}} | ||
+ | |||
+ | |||
+ | Alpine container to access a PV: | ||
+ | {{alpine cp example}} | ||
+ | |||
+ | |||
+ | https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | ||
+ | |||
+ | {{kind pod resources}} | ||
+ | |||
+ | == [[initContainers]] == | ||
+ | https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use | ||
+ | apiVersion: v1 | ||
+ | kind: Pod | ||
metadata: | metadata: | ||
− | + | name: myapp-pod | |
− | + | labels: | |
− | + | app: myapp | |
spec: | spec: | ||
− | + | containers: | |
− | + | - name: myapp-container | |
− | + | image: busybox:1.28 | |
− | + | command: ['sh', '-c', 'echo The app is running! && sleep 3600'] | |
− | + | [[initContainers]]: | |
− | + | - name: init-myservice | |
+ | image: busybox:1.28 | ||
+ | command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] | ||
+ | - name: init-mydb | ||
+ | image: busybox:1.28 | ||
+ | command: ['sh', '-c', "until nslookup mydb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done"] | ||
+ | |||
+ | |||
+ | == [[securityContext]] == | ||
+ | {{kind_pod_securitycontext}} | ||
+ | |||
+ | == [[imagePullSecrets]] == | ||
+ | |||
+ | {{imagepullsecrets ex}} | ||
+ | |||
+ | == [[Sidecar]] container == | ||
+ | {{sidecar-container}} | ||
+ | == Related == | ||
+ | * <code>[[dnsPolicy:]]</code> | ||
+ | * [[Kubernetes init containers]] | ||
+ | * <code>[[autoScaler:]]</code> | ||
+ | * <code>[[envFrom:]]</code> | ||
+ | * <code>[[LivenessProbe]]</code> | ||
+ | * <code>[[lifecycle:]]</code> | ||
+ | * <code>[[ports:]]</code> | ||
+ | * [[Kubernetes, env:]] | ||
+ | * <code>[[nodeName]]</code> | ||
+ | * <code>[[NodeSelector]]</code> | ||
+ | * <code>[[kind: ReplicaSet]]</code> | ||
+ | * <code>[[kubectl run]]</code> | ||
+ | * [[Configure a Security Context for a Pod or Container]] | ||
+ | * [[Resource Management for Pods and Containers]] | ||
+ | * [[imagePullSecrets]] | ||
+ | * Kubernetes changelog: [[AppArmor]] profiles can now be configured through fields on the [[PodSecurityContext]] and container [[SecurityContext]] | ||
== See also == | == See also == | ||
− | * | + | * {{kind: Pod}} |
− | * {{ | + | * {{Pods}} |
[[Category:K8s]] | [[Category:K8s]] |
Latest revision as of 18:42, 27 October 2024
spec. spec.containers spec.volumes spec.initContainers spec.securityContext spec.nodeSelector spec.imagePullSecrets
Contents
Nginx example[edit]
apiVersion: v1 kind: Pod metadata: name: nginx labels: env: test spec: containers: - name: nginx image: nginx imagePullPolicy: IfNotPresent nodeSelector: disktype: ssd
Alpine container to access a PV:
apiVersion: v1 kind: Pod metadata: name: myalpinewithvolume spec: containers: - name: alpine image: alpine:latest command: ['ash'] tty: true stdin: true volumeMounts: - name: myvolume mountPath: /myvolume volumes: - name: myvolume persistentVolumeClaim: claimName: myPVCtoMount
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ --- apiVersion: v1 kind: Pod metadata: name: frontend spec: containers: - name: app image: images.my-company.example/app:v4 resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m" - name: log-aggregator image: images.my-company.example/log-aggregator:v6 resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m"
initContainers[edit]
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers: - name: myapp-container image: busybox:1.28 command: ['sh', '-c', 'echo The app is running! && sleep 3600'] initContainers: - name: init-myservice image: busybox:1.28 command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] - name: init-mydb image: busybox:1.28 command: ['sh', '-c', "until nslookup mydb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done"]
securityContext[edit]
apiVersion: v1 kind: Pod metadata: name: security-context-demo spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-demo image: busybox:1.28 command: [ "sh", "-c", "sleep 1h" ] volumeMounts: - name: sec-ctx-vol mountPath: /data/demo securityContext: allowPrivilegeEscalation: false
imagePullSecrets[edit]
apiVersion: v1 kind: Pod metadata: name: private-reg spec: containers: - name: private-reg-container image: <your-private-image> imagePullSecrets: - name: regcred
Sidecar container[edit]
apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: main-container image: busybox command: ["sh", "-c", "echo 'Main process running'; sleep 30"] - name: sidecar-container image: busybox command: ["sh", "-c", "while true; do sleep 3600; done"]
Related[edit]
dnsPolicy:
- Kubernetes init containers
autoScaler:
envFrom:
LivenessProbe
lifecycle:
ports:
- Kubernetes, env:
nodeName
NodeSelector
kind: ReplicaSet
kubectl run
- Configure a Security Context for a Pod or Container
- Resource Management for Pods and Containers
- imagePullSecrets
- Kubernetes changelog: AppArmor profiles can now be configured through fields on the PodSecurityContext and container SecurityContext
See also[edit]
Advertising: