Kubernetes Pod Manifest: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 70: Line 70:
       # See [[Kubernetes_Container_Probes#Probe_Template|Probe Template]]
       # See [[Kubernetes_Container_Probes#Probe_Template|Probe Template]]
     [[#command|command]]: ['sh', '-c', 'while true; do echo .; sleep 2; done;']
     [[#command|command]]: ['sh', '-c', 'while true; do echo .; sleep 2; done;']
    securityContext:
   [[#initContainers|initContainers]]:
   [[#initContainers|initContainers]]:
   - [[#name|name]]: init-container1
   - [[#name|name]]: init-container1

Revision as of 08:05, 2 January 2021

External

Internal

Overview

Example

apiVersion: v1
kind: Pod
metadata:
  name: loop
  labels:
    color: blue
  annotations:
    ...
spec:  
  restartPolicy: Always
  schedulerName: default-scheduler
  terminationGracePeriodSeconds: 120
  serviceAccountName: 'testServiceAccount'
  dnsPolicy: ClusterFirst
  imagePullSecrets:
    - name: myPullSecret1
    - name: myPullSecret2
    ...
  containers:
  - name: loop-container
    image: docker.io/ovidiufeodorov/loop:latest
    imagePullPolicy: Always
    lifecycle: [...]
    resources:
      requests:
        memory: '1024Mi'
        cpu: '500m'
      limits:
        memory: '4096Mi'
        cpu: '1000m'
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    command: ...
    ports:
    - containerPort: 8080
      protocol: TCP
      name: 'http'
    - containerPort: 8787
      protocol: TCP
    - containerPort: ...
      hostPort: ....
    env:
    - name: SOMETHING
      value: 'something else'
    volumeMounts:
    - name: 'mount-0'
      mountPath: '/red'
      # 'orange' must exist in the root of the volume identified by 'mount-0'; the content of that
      # directory will be exposed in the container under the '/red' directory.
      subPath: 'orange' 
    readinessProbe:
      # See Probe Template
    livenessProbe:
      # See Probe Template
    command: ['sh', '-c', 'while true; do echo .; sleep 2; done;']
    securityContext: 
  initContainers:
  - name: init-container1
    image: busybox
    command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;']
  volumes:
  - name: mount-0
    hostPath:
      # '/yellow' must contain an 'orange' sub-directory
      path: '/yellow'
  - name: mount-1
    persistentVolumeClaim:
     claimName: pvc1

.spec Elements

https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.14/#podspec-v1-core

hostname

Optional field. If not specified, the hostname exposed to the processes running inside the pod will be the name of the pod.

restartPolicy

Optional field. See:

Container Restart Policy

serviceAccountName

The name of this pod's service account. Note that "serviceAccount" configuration element also exists, but it is deprecated. If not specified, defaults to the pod's namespace default service account.

dnsPolicy

Name Resolution inside a Pod

imagePullSecrets

"imagePullSecrets" contains an optional list of secret names in the same namespace to use for pulling any of the images used by this pod. If specified, these secrets will be passed to individual puller implementations for them to use. In the case of docker, only DockerConfig type secrets are honored. Also see:

Kubernetes Cluster Configuration Concepts | imagePullSecrets

containers

https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#container-v1-core

name

image

imagePullPolicy

https://kubernetes.io/docs/concepts/containers/images/
Kubernetes Container Image Pull Concepts

lifecycle

https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#lifecycle-v1-core

volumeMounts

https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#volumemount-v1-core

Specifies how the volumes declared in the volumes section of the manifest are to be mounted into the container's filesystem.

Also see:

Mounting a Volume in a Pod

name

The identifier of the volume. Must match the name the volume specification was declared under, in the volumes section of the specification.

If we need to use the same volume for multiple mount points, those mount points should refer the same volume name.

mountPath

Specifies the path within the container where the volume will be mounted. Must not contain ':'.

The mount will succeed even if some or all intermediate path elements of the "mountPath" does not exist as directories in the container's file system - they will be created as necessary.

subPath

Specifies the relative path within the external volume, relative to the root of the external volume, whose content will be mounted as container's volume. If the path does not exist on the external volume, it will be created. If not specified, defaults to "" (external volume's root). subPath value must be a relative, the metadata will cause a deployment error if "/" or a path that starts with "/" is used.

Specifying:

  subPath: ''

is a noop - the metadata will be accepted as correct, and the external volume's root will be mounted.

subPathExpr

Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to subPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). subPathExpr and subPath are mutually exclusive.

readOnly

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

Use Cases

ports

Contains an array specifying the ports exposed by the containers in this pod.

containerPort

protocol

name

An optional name given to the container port. If declared, it must be a IANA_SVC_NAME and unique within the pod. It can be used in the manifest of the associated service to designate the service's target port.

hostPort

Binds the container port to a host port.

readinessProbe, livenessProbe

Probe Template

command

https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

Optional field. If not present, the docker image's ENTRYPOINT is used. If present, represents the entrypoint array of the container. Not executed within a shell, so if a shell is required, must be specified as below. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not.

Example:

  ...
  command: ['sh', '-c', 'while true; do echo .; sleep 1; done']

Each array element is a string, and in the above case, the array element that follows the '-c' element is passed as one string to the shell to be executed.

Alternative syntax:

  ...
  command:
  - /bin/sh
  - -c
  - 'i=0; echo $i'

The single quotes are optional, the content that follows "-" will be interpreted as a single string:

  ...
  command:
  - /bin/sh
  - -c
  - i=0; echo $i

Also see:

Dockerfile ENTRYPOINT and CMD

args

TODO

Also see:

Dockerfile ENTRYPOINT and CMD

resources

requests

limits

initContainers

The 'initContainers' section has the same schema as the containers section, described above. For more details about init containers, see:

init Containers

volumes

List of volumes that can be mounted by containers belonging to the pod. Volumes can be of several types: persistent volume claim, host path, etc.

TODO