kind: Pod
Jump to navigation
Jump to search
spec. spec.containers spec.volumes spec.initContainers spec.securityContext spec.nodeSelector spec.imagePullSecrets
Contents
Nginx example[edit]
apiVersion: v1 kind: Pod metadata: name: nginx labels: env: test spec: containers: - name: nginx image: nginx imagePullPolicy: IfNotPresent nodeSelector: disktype: ssd
Alpine container to access a PV:
apiVersion: v1 kind: Pod metadata: name: myalpinewithvolume spec: containers: - name: alpine image: alpine:latest command: ['ash'] tty: true stdin: true volumeMounts: - name: myvolume mountPath: /myvolume volumes: - name: myvolume persistentVolumeClaim: claimName: myPVCtoMount
https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ --- apiVersion: v1 kind: Pod metadata: name: frontend spec: containers: - name: app image: images.my-company.example/app:v4 resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m" - name: log-aggregator image: images.my-company.example/log-aggregator:v6 resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m"
initContainers[edit]
https://kubernetes.io/docs/concepts/workloads/pods/init-containers/#init-containers-in-use
apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: app: myapp spec: containers: - name: myapp-container image: busybox:1.28 command: ['sh', '-c', 'echo The app is running! && sleep 3600'] initContainers: - name: init-myservice image: busybox:1.28 command: ['sh', '-c', "until nslookup myservice.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for myservice; sleep 2; done"] - name: init-mydb image: busybox:1.28 command: ['sh', '-c', "until nslookup mydb.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for mydb; sleep 2; done"]
securityContext[edit]
apiVersion: v1 kind: Pod metadata: name: security-context-demo spec: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 volumes: - name: sec-ctx-vol emptyDir: {} containers: - name: sec-ctx-demo image: busybox:1.28 command: [ "sh", "-c", "sleep 1h" ] volumeMounts: - name: sec-ctx-vol mountPath: /data/demo securityContext: allowPrivilegeEscalation: false
imagePullSecrets[edit]
apiVersion: v1 kind: Pod metadata: name: private-reg spec: containers: - name: private-reg-container image: <your-private-image> imagePullSecrets: - name: regcred
Sidecar container[edit]
apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: main-container image: busybox command: ["sh", "-c", "echo 'Main process running'; sleep 30"] - name: sidecar-container image: busybox command: ["sh", "-c", "while true; do sleep 3600; done"]
Related[edit]
dnsPolicy:
- Kubernetes init containers
autoScaler:
envFrom:
LivenessProbe
lifecycle:
ports:
- Kubernetes, env:
nodeName
NodeSelector
kind: ReplicaSet
kubectl run
- Configure a Security Context for a Pod or Container
- Resource Management for Pods and Containers
- imagePullSecrets
- Kubernetes changelog: AppArmor profiles can now be configured through fields on the PodSecurityContext and container SecurityContext
See also[edit]
Advertising: