Kubernetes Pod Manifest: Difference between revisions
No edit summary |
|||
Line 161: | Line 161: | ||
Also see: {{Internal|Dockerfile#ENTRYPOINT_and_CMD|Dockerfile ENTRYPOINT and CMD}} | Also see: {{Internal|Dockerfile#ENTRYPOINT_and_CMD|Dockerfile ENTRYPOINT and CMD}} | ||
===serviceAccountName=== | |||
The name of the service account to use to run this pod. Note that "serviceAccount" configuration element also exists, but it is deprecated. | |||
==initContainers== | ==initContainers== |
Revision as of 00:15, 10 August 2020
External
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#pod-v1-core
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#pod-v1-core
- https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#pod-v1-core
Internal
Overview
Example
apiVersion: v1 kind: Pod metadata: name: loop labels: color: blue spec: dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler terminationGracePeriodSeconds: 120 containers: - name: loop-container image: docker.io/ovidiufeodorov/loop:latest imagePullPolicy: Always resources: limits: memory: '4096Mi' cpu: '1000m' terminationMessagePath: /dev/termination-log terminationMessagePolicy: File command: ... ports: - containerPort: 8080 protocol: TCP - containerPort: 8787 protocol: TCP env: - name: SOMETHING value: 'something else' volumeMounts: - name: 'mount-0' mountPath: '/red' # 'orange' must exist in the root of the volume identified by 'mount-0'; the content of that # directory will be exposed in the container under the '/red' directory. subPath: 'orange' readinessProbe: # See Probe Template livenessProbe: # See Probe Template command: ['sh', '-c', 'while true; do echo .; sleep 2; done;'] serviceAccountName: 'testServiceAccount' initContainers: - name: init-container1 image: busybox command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] volumes: - name: mount-0 hostPath: # '/yellow' must contain an 'orange' sub-directory path: '/yellow' - name: mount-1 persistentVolumeClaim: claimName: pvc1
.spec Elements
hostname
Optional field. If not specified, the hostname exposed to the processes running inside the pod will be the name of the pod.
restartPolicy
Optional field. See:
containers
name
image
imagePullPolicy
This is configuration that tells the container runtime how to pull the container image prior to starting the container There are three possible values:
- Always
- IfNotPresent - pull the image if it does not already exist on the node.
- Never
This attribute is optional, and if it is not specified, it is inferred based on the image tag. The default is "Always" if ":latest" tag is specified, or "IfNotPresent" otherwise.
volumeMounts
Specifies how the volumes declared in the volumes section of the manifest are to be mounted into the container's filesystem.
name
The identifier of the volume. Must match the name the volume specification was declared under, in the volumes section of the specification.
If we need to use the same volume for multiple mount points, those mount points should refer the same volume name.
mountPath
Specifies the path within the container where the volume will be mounted. Must not contain ':'.
The mount will succeed even if some or all intermediate path elements of the "mountPath" does not exist as directories in the container's file system - they will be created as necessary.
subPath
Specifies the path within the volume (it needs to exist inside the external volume) from which the container's volume should be mounted. Defaults to "" (volume's root).
readOnly
Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.
Use Cases
- Storage
- Secrets projected as files
readinessProbe, livenessProbe
command
Optional field. If not present, the docker image's ENTRYPOINT is used. If present, represents the entrypoint array of the container. Not executed within a shell, so if a shell is required, must be specified as below. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.
Example:
...
command: ['sh', '-c', 'while true; do echo .; sleep 1; done']
Each array element is a string, and in the above case, the array element that follows the '-c' element is passed as one string to the shell to be executed.
Alternative syntax:
...
command:
- /bin/sh
- -c
- 'i=0; echo $i'
The single quotes are optional, the content that follows "-" will be interpreted as a single string:
...
command:
- /bin/sh
- -c
- i=0; echo $i
Also see:
serviceAccountName
The name of the service account to use to run this pod. Note that "serviceAccount" configuration element also exists, but it is deprecated.
initContainers
The 'initContainers' section has the same schema as the containers section, described above. For more details about init containers, see:
volumes
List of volumes that can be mounted by containers belonging to the pod. Volumes can be of several types: persistent volume claim, host path, etc.
TODO
- Deplete OpenShift Pod Definition