2
apiVersion: v1 - version (object dependent)
3
kind: <object-type> - Type of object
4
metadata: { name: '', ... } - Names, labels, etc.
5
spec: { ... } - Configuration
8
kind: DeploymentConfig - Schedules some kind of service (permanently running pod)
10
replicas: # - How many replicas we should run
11
selector: { label1: value1 } - ?
12
template: { ...pod specification... } - see bellow, but 'kind' and 'apiVersion' is not included inside
14
kind: DaemonSet - Allows to execute a POD service on all (or some) nodes in the cluster.
15
apiVersion: extensions/v1beta1 - This feature is still in beta
17
selector.matchLabels: { lab1: val1 } - Selects pods to run
18
template: { ... pod specification ... } - Should include corresponding labels in the 'metadata/labels' dictionary.
19
The 'nodeSelector' (if specified) limits nodes on which the Daemonset will be running.
21
kind: Job - Run the pod (or multiple replicas of the pod) until completion and finishes.
23
parallelism: # - Specyfying how many times the pod should be schedulled and successfuly completed to finish the job.
24
It executs just the replicas of the same pod. Defaults to value of 'completions' parameter.
25
completions: # - This inidcates how many replicas should run in parallel. Defaults to 1.
26
activeDeadlineSeconds: # - The job will be killed if not completed after specified number of seconds (counted after schedulling of the first pod replica)
27
template: { ... pod specification ... } - The 'restartPolicy' should be set to Never in the containers.
29
kind: ScheduledJob - Pereodically schedules the jobs
31
schedule: */1 * * * ? - cron format
32
jobTemplate: { spec: ... } - Job specifciation as described above
35
serviceAccount: default - Specifies SA to run the pod ('default' is used by default)
36
nodeSelector: {label1: value1, label2: value2} - the pods will be executed on the nodes with specified labels only
37
terminationGracePeriodSeconds: # - Time between scheduller sends SIGTERM and SIGKILL signals to pods to allow graceful shutdown
39
type: Recreate/Rolling/Custom - With 'Recreate' strategy, the pod is first destroyed and, then, recreated. The 'Rolling' first creates the new pod.
40
resources.limits: { cpu: "1m", memory: "1Mi" } - Restrict resources per pod. The pod will be recreated if the limit is reached
41
resources.requests: { cpu: "", memory: "" } - ? Request to allocate the specified resources?
43
serviceAccountName: "<sa_name>" - specifies which service account should be used to run the pods
44
restartPolicy: Always/Never - defines what should happend if container terminates (whatever successfully or not). It is restarted by default (Always).
45
dnsPolicy: ClusterFirst/? - defines which DNS service has prirotiy
46
volumes: [{ - defines list of volumes for pod which can be referenced from the specific containers by the name.
47
name: - volume name, just will be refered by volumeMounts in the 'containers' definition
48
<type>: { ...params... - Allows to mount OpenShift PVC/PV, Secrets/ConfigMaps, arbitrary path on the node running pod, and various network resources
49
-> persistentVolumeClaim {claimName} -> claimName specifies PVC referred by name. A single PVC can be connected multiple times.
50
-> configMap { name, items: [{key, path}] } -> Mount ConfigMap. Each key will be represented as individual file. By default the directory structure is plain and all files are in
51
the same directory. With 'items' it is possible to structure the directories. E.g. if configMap is mounted under '/etc/apache2' with
52
'items: [{key: katrin.conf, path: vhosts.d}]', the katrin.conf will be available under /etc/apache2/vhosts.d/katrin.conf
53
-> secret { secretName } -> Mount secrets (again each key is represented as file)
54
-> hostPath: { path } -> Mount path on the node running the pod
55
-> glusterfs: {endpoints, name, readOnly} -> Parameters are specifying 'ep' (which refers the members of GlusterFS cluster) and GlusterFS volume name (name) to mount
56
-> nfs: {server, path, readOnly} ->
59
types are: persistentVolumeClaim, glusterfs, nfs, hostPath, ... Then type-specific parameters are set.
62
command: ["cmd", "param1", "param2", ... ] - replaces default command to run in the container
63
image: centos/httpd-24-centos7:latest
64
imagePullPolicy: Always/Never/IfNotPresent - specifies if the newer images should be automatically pulled (yes / does not pull images automatically / only pulls once, no updates)
65
ports: [{ containerPort }] - specifies ports used by container
66
volumeMounts: [{ name, subPath, mountPath }] - refers volumes (by name) and optionally may specify subpath within volume to be mounted.
67
The same volume could be could be connected multiple times to different places (and with different subPath's)
68
env: [ { name, - Configures environment variables
69
value - Just sets the value directly or from template parameters referring them by '${PARAM}'
70
valueFrom: { - or alternatively the location where to get value is specified
71
<type>: { ... parameters ... }
72
-> configMapKeyRef: { name, key } - Gets the value from the specified key of the specified configMap
73
-> secretKeyRef: { name, key} - Or from the secret
75
livenessProbe: {<probe_spec> ... - probe to run to check if the pod is still alive (and kill it if not). Further restart is the subjected to its 'restart' policy.
76
readynessProbe: {<probe_spec> ... - If the readiness probe fails a container, the endpoints controller ensures the container has its IP address (temporarily?) removed from the
77
endpoints of all services.
78
initialDelaySeconds: # - How long to wait after the container starts to begin the probe.
79
timeoutSeconds: # - How long to wait for the probe to finish before considering it failed (default: 1)
80
<probe_type>: { ... parameters ... - probe types:
81
-> command: {[cmd, arg1, arg2]} -> Executed within container
83
-> httpGet: {port, path}
86
kind: PersistentVolume
88
capcity.storage: 1Gi - The space available (manadatory option)
89
<type>: { ... type-specific parameters ... } - Specifies volume type (nfs, ...) and parameters specific to this type
90
persistentVolumeReclaimPolicy: Retain/Recycle/Delete - Retain instructs OpenShift to preserve PV after PVC binded to it is destroyed
91
accessModes: [ReadOnlyMany/ReadWriteMany/ReadWriteOnce] - Is only used for matching by corresponding PVC definition (mandatory option)
92
claimRef: { namespace, name } - Only allow to the specified PVC to bind
94
kind: PersistentVolumeClaim - The PVC is binded to the volume selected based on the specified requirements. Only a sinlge PVC could be mapped to PV, but PVC can be
95
referred as many times as required in the pod specifications.
97
accessModes: [ ReadWriteMany, ... ] - Actually list of arbitrary lables which will be matched at corresponding PV definition (mandatory option)
98
resources.requests.storage: 1Gi - The space requested on the storage, this information is used to match proper pvc (mandatory option)
99
volumeName: <name> - Requires exactly specific volume
105
host: <FQDN> - Specifies the name to be exposed, like katrin.kit.edu (should not necessarily be from OpenShift subdomain, but FQDN is mandatory!)
106
wildcardPolicy: Subdomain - Instructs OpenShift that all subdomains of 'host' should be forwarded to the service as well
107
path: "/adei" - Defines service for the specified subpath only (optional)
108
to: { kind: Service, name: <svc_name> } - Specifies the service to link
110
targetPort: http - Should be exposed if SVC defines multiple ports (otherwise all ports will be served in round-robin fashion), name or number may be used
111
tls: - By default, service is only registered on port 80. This enables also encrypted HTTPS service on port 443 in parallel or instead of http.
112
termination: passthrough/edge/reencrypt - Selects operation mode. In edge mode, the router decrypts data from client and forwards unencrypted data to simple http service,
113
in 'reencrypt' mode it does the same, but re-encrypts before sending to internal https service. See more details in network.txt.
114
insecureEdgeTerminationPolicy: Allow/Redirect - The service is only served on HTTPS port unless this option is specified. 'Allow' enables both HTTP/HTTPS in parallel and 'Redirect'
115
just redirects HTTP requests to HTTPS.
116
certificate: |- - Configures X509 certificate for the service (optional, OpenShift certificate will be used if not specifierd)
117
-----BEGIN CERTIFICATE-----
118
-----END CERTIFICATE-----
119
caCertificate: |- - Configures CA X509 certificate (optional)
120
key: |- - Configures private key for the service (optional, OpenShift key will be used if not specifierd)
121
destinationCaCertificate: |- - For communication with internal OpenShift nodes