Attribute

Running User

This will make the container execute internally as the root user.

1
2
3
4
5
containers:
- name:
image:
securityContext:
runAsUser: 0

Kind

  • StatefulSet
  • Deployment

Command

1
2
3
4
5
6
7
8
9
10
11
12
13
apiVersion: v1
kind: Pod
metadata:
name: command-demo
labels:
purpose: demonstrate-command
spec:
containers:
- name: command-demo-container
image: debian
command: ["printenv"]
args: ["HOSTNAME", "KUBERNETES_PORT"]
restartPolicy: OnFailure

Access Modes

  • ReadWriteOnce – the volume can be mounted as read-write by a single node
  • ReadOnlyMany – the volume can be mounted read-only by many nodes
  • ReadWriteMany – the volume can be mounted as read-write by many nodes

In the CLI, the access modes are abbreviated to:

  • RWO - ReadWriteOnce
  • ROX - ReadOnlyMany
  • RWX - ReadWriteMany

Ports

1
2
3
- protocol: TCP
port: 80
targetPort: 9376

SecurityContext

  • privileged: true

    min k8s version:v1.10.0
    equal to docker run –privileged


Volume


Env

1
2
3
4
5
6
7
8
9
10
11
- name: APP_NAME
value: node-app
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: PRIVATE_KEY
valueFrom:
secretKeyRef:
name: key-secret
key: PRIVATE_KEY

StatefulSet

应用场景

  • Stable, unique network identifiers.
  • Stable, persistent storage.
  • Ordered, graceful deployment and scaling.
  • Ordered, automated rolling updates.

updateStrategy

spec.updateStrategy.type

  • OnDelete:不会自动更新StatefulSet中的Pod,用户必须手动删除Pods以使控制器创建新的Pod。
  • RollingUpdate:删除并重新创建StatefulSet中的每个Pod。它将以与Pod终止相同的顺序进行(从最大的序数到最小的顺序)来更新每个Pod。

spe.updateStrategy.rollingUpdate.partition 金丝雀策略

volumeClaimTemplates

  • persistentVolume:用来向真正的存储服务器申请真正的存储资源的一个object,至于这个存储资源谁来用,那就是接下来说的pvc的职责所在。
  • persistentVolumeClaim:用来关联pv和pod的一个桥梁。

通过volumeClaimTemplates关联创建PV,volumeMounts使用PV

Refer

http://docs.kubernetes.org.cn/