Attribute

发表于 | 分类于

Running User

This will make the container execute internally as the root user.

1
2
3
4
5
containers:
  - name:
    image:
    securityContext:
      runAsUser: 0

Kind

  • StatefulSet
  • Deployment

Command

1
2
3
4
5
6
7
8
9
10
11
12
13
apiVersion: v1
kind: Pod
metadata:
  name: command-demo
  labels:
    purpose: demonstrate-command
spec:
  containers:
  - name: command-demo-container
    image: debian
    command: ["printenv"]
    args: ["HOSTNAME", "KUBERNETES_PORT"]
  restartPolicy: OnFailure

Access Modes

  • ReadWriteOnce – the volume can be mounted as read-write by a single node
  • ReadOnlyMany – the volume can be mounted read-only by many nodes
  • ReadWriteMany – the volume can be mounted as read-write by many nodes

In the CLI, the access modes are abbreviated to:

  • RWO - ReadWriteOnce
  • ROX - ReadOnlyMany
  • RWX - ReadWriteMany

Ports

1
2
3
- protocol: TCP
  port: 80
  targetPort: 9376

SecurityContext

  • privileged: true

    min k8s version:v1.10.0
    equal to docker run –privileged

Volume

Env

1
2
3
4
5
6
7
8
9
10
11
- name: APP_NAME
  value: node-app
- name: POD_IP
  valueFrom:
    fieldRef:
      fieldPath: status.podIP
- name: PRIVATE_KEY
  valueFrom:
    secretKeyRef:
      name: key-secret
      key: PRIVATE_KEY

StatefulSet

应用场景

  • Stable, unique network identifiers.
  • Stable, persistent storage.
  • Ordered, graceful deployment and scaling.
  • Ordered, automated rolling updates.

updateStrategy

spec.updateStrategy.type

  • OnDelete:不会自动更新StatefulSet中的Pod,用户必须手动删除Pods以使控制器创建新的Pod。
  • RollingUpdate:删除并重新创建StatefulSet中的每个Pod。它将以与Pod终止相同的顺序进行(从最大的序数到最小的顺序)来更新每个Pod。

spe.updateStrategy.rollingUpdate.partition 金丝雀策略

volumeClaimTemplates

  • persistentVolume:用来向真正的存储服务器申请真正的存储资源的一个object,至于这个存储资源谁来用,那就是接下来说的pvc的职责所在。
  • persistentVolumeClaim:用来关联pv和pod的一个桥梁。

通过volumeClaimTemplates关联创建PV,volumeMounts使用PV

Refer

http://docs.kubernetes.org.cn/