Containers
Definition
# application container in application workload
applicationContainer:
spec:
ports:
- containerPort: 80
protocol: TCP
name: http
# application workload init containers
initContainers:
migration2:
order: 2
image:
repository: my-migration-image
version: 1.0.0
spec:
imagePullPolicy: Always
migration1:
order: 1
image:
repository: my-migration-image
version: 1.0.0
spec:
imagePullPolicy: Always
# application workload sidecars
sidecars:
jsreport:
image:
registry: docker.io
repository: jsreport/jsreport
version: 4.7.0
cronjobs:
cleanup:
spec:
schedule: 0 6 * * *
jobTemplate:
spec:
template:
metadata:
labels:
custom-label: "custom label"
annotations:
custom-annotation: "custom annotation"
# cronjob containers
containers:
main:
spec:
args:
- "tag"
- "delete"
- "--registry"
# cronjob init containers
initContainers:
"cleanup-init":
image:
repository: cicd-sample/cleanup-init
version: 1.0.0
# cronjob volumes
volumes:
volume2:
spec:
emptyDir:
sizeLimit: 300Mi
mounts:
main: /some-data
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
app.kubernetes.io/component: cicd-sample
app.kubernetes.io/instance: docs
app.kubernetes.io/managed-by: helm
app.kubernetes.io/name: cicd-sample
app.kubernetes.io/part-of: cicd
app.kubernetes.io/version: 1.0.0
exordis/application: cicd-sample
exordis/application-instance: docs
exordis/application-type: service
exordis/application-workload: "true"
exordis/environment: test
exordis/product: Some Product
exordis/subsystem: cicd
helm.sh/chart: cicd-subsystem-application-0.1.0
name: cicd-sample-docs
namespace: cicd-test
spec:
replicas: 3
revisionHistoryLimit: 2
selector:
matchLabels:
exordis/application: cicd-sample
exordis/application-instance: docs
exordis/application-workload: "true"
exordis/environment: test
exordis/subsystem: cicd
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
checksum/configMap.config-map-with-containers: 48b7e320feb03b105aa89ed415344c030af90d34a34c66f56146d9f0fd2da3e3
checksum/configMap.config-map-without-containers: 1dbfa263d171e565d412b904c69bdf60fc6bc8db2fcb31e13049242a8bbdecac
checksum/configMap.envs: 7804c1a2bc6fb98bc7b87c036f6bdb678f897e534204c2e4efd7d881bf5b2924
checksum/configMap.external-secret-template: f921d5d8c41b9909941321f0d31975eb7ca6d83cba279a6fa91b5f035c9c3f56
checksum/secret.secret-with-containers: 8e0836f50407f40dc36bf200910416c00f82b8bf5284ab96e908b1d709eb65e3
checksum/secret.secret-without-containers: 2e931d517cebd760f5460ea95663a82d8df2673e2c075918c21b33c96bfd6686
custom-annotation: custom annotation
labels:
app.kubernetes.io/component: cicd-sample
app.kubernetes.io/instance: docs
app.kubernetes.io/managed-by: helm
app.kubernetes.io/name: cicd-sample
app.kubernetes.io/part-of: cicd
app.kubernetes.io/version: 1.0.0
custom-label: custom label
exordis/application: cicd-sample
exordis/application-instance: docs
exordis/application-type: service
exordis/application-workload: "true"
exordis/environment: test
exordis/product: Some Product
exordis/subsystem: cicd
helm.sh/chart: cicd-subsystem-application-0.1.0
spec:
containers:
- envFrom:
- secretRef:
name: cicd-sample-docs-external-full
- secretRef:
name: cicd-sample-docs-secret-without-containers
- secretRef:
name: cicd-sample-docs-secret-with-containers
- configMapRef:
name: cicd-sample-docs-envs
- configMapRef:
name: cicd-sample-docs-config-map-without-containers
- configMapRef:
name: cicd-sample-docs-config-map-with-containers
image: registry.gitlab.com/cicd-unittests:1.0.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 30
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 80
timeoutSeconds: 3
name: application
ports:
- containerPort: 80
name: http
protocol: TCP
readinessProbe:
failureThreshold: 30
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 80
timeoutSeconds: 3
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 64Mi
startupProbe:
failureThreshold: 30
periodSeconds: 5
successThreshold: 1
tcpSocket:
port: 80
timeoutSeconds: 3
volumeMounts:
- mountPath: /some-data
name: volume1
- mountPath: /pvc-data
name: mypvc
- envFrom:
- secretRef:
name: cicd-sample-docs-external-full
- secretRef:
name: cicd-sample-docs-secret-without-containers
- configMapRef:
name: cicd-sample-docs-envs
- configMapRef:
name: cicd-sample-docs-config-map-without-containers
image: docker.io/jsreport/jsreport:4.7.0
imagePullPolicy: IfNotPresent
name: jsreport
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts:
- mountPath: /some-another-data-but-same-as-for-application
name: volume1
initContainers:
- envFrom:
- secretRef:
name: cicd-sample-docs-external-full
- secretRef:
name: cicd-sample-docs-secret-without-containers
- configMapRef:
name: cicd-sample-docs-envs
- configMapRef:
name: cicd-sample-docs-config-map-without-containers
image: registry.gitlab.com/my-migration-image:1.0.0
imagePullPolicy: Always
name: migration1
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts: []
- envFrom:
- secretRef:
name: cicd-sample-docs-external-full
- secretRef:
name: cicd-sample-docs-secret-without-containers
- configMapRef:
name: cicd-sample-docs-envs
- configMapRef:
name: cicd-sample-docs-config-map-without-containers
image: registry.gitlab.com/my-migration-image:1.0.0
imagePullPolicy: Always
name: migration2
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts: []
serviceAccountName: cicd-sample-docs-workload
terminationGracePeriodSeconds: 60
volumes:
- name: mypvc
persistentVolumeClaim:
claimName: cicd-sample-docs-mypvc
- emptyDir:
sizeLimit: 100Mi
name: volume1
apiVersion: batch/v1
kind: CronJob
metadata:
annotations: {}
labels:
app.kubernetes.io/component: cicd-sample
app.kubernetes.io/instance: docs
app.kubernetes.io/managed-by: helm
app.kubernetes.io/name: cicd-sample
app.kubernetes.io/part-of: cicd
app.kubernetes.io/version: 1.0.0
exordis/application: cicd-sample
exordis/application-instance: docs
exordis/application-type: service
exordis/environment: test
exordis/product: Some Product
exordis/subsystem: cicd
helm.sh/chart: cicd-subsystem-application-0.1.0
name: cicd-sample-docs-cleanup
namespace: cicd-test
spec:
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
metadata:
annotations:
custom-annotation: custom annotation
labels:
app.kubernetes.io/component: cicd-sample
app.kubernetes.io/instance: docs
app.kubernetes.io/managed-by: helm
app.kubernetes.io/name: cicd-sample
app.kubernetes.io/part-of: cicd
app.kubernetes.io/version: 1.0.0
custom-label: custom label
exordis/application: cicd-sample
exordis/application-instance: docs
exordis/application-type: service
exordis/environment: test
exordis/product: Some Product
exordis/subsystem: cicd
helm.sh/chart: cicd-subsystem-application-0.1.0
spec:
containers:
- args:
- tag
- delete
- --registry
envFrom:
- secretRef:
name: cicd-sample-docs-external-full
- secretRef:
name: cicd-sample-docs-secret-without-containers
- secretRef:
name: cicd-sample-docs-secret-with-containers
- configMapRef:
name: cicd-sample-docs-envs
- configMapRef:
name: cicd-sample-docs-config-map-without-containers
image: registry.gitlab.com/cicd-unittests:1.0.0
imagePullPolicy: IfNotPresent
name: main
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts:
- mountPath: /some-data
name: volume2
initContainers:
- envFrom:
- secretRef:
name: cicd-sample-docs-external-full
- secretRef:
name: cicd-sample-docs-secret-without-containers
- configMapRef:
name: cicd-sample-docs-envs
- configMapRef:
name: cicd-sample-docs-config-map-without-containers
image: registry.gitlab.com/cicd-sample/cleanup-init:1.0.0
imagePullPolicy: IfNotPresent
name: cleanup-init
resources:
limits:
cpu: 200m
memory: 256Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts: []
restartPolicy: Never
serviceAccountName: default
volumes:
- emptyDir:
sizeLimit: 300Mi
name: volume2
ttlSecondsAfterFinished: 86400
schedule: 0 6 * * *
image-
Docker image to use for container
registry-
registry to load image from
default:
Values.registrywith fallback todocker.io repository-
repository of the image
default:
Values.repository version-
version (tag) of the image
default:
Values.version
spec-
Container spec
default:
envFrom: [] volumeMounts: [] imagePullPolicy: IfNotPresent resources: limits: cpu: 200m memory: 256Mi requests: cpu: 50m memory: 64Mifor application container default
specis extended with default probesstartupProbe: failureThreshold: 30 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 tcpSocket: port: 80 # first exposed TCP port livenessProbe: failureThreshold: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 tcpSocket: port: 80 # first exposed TCP port readinessProbe: failureThreshold: 30 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 tcpSocket: port: 80 # first exposed TCP porttcpSocketis added only if container has exposed ports with protocolTCP(otherwise default default probe is generated without probe type and has no effect) , actual port number is populated as number of first exposed port. order-
Applicable only for init containers - order of execution (init containers are sorted by
order,namein workload manifest). Default 1000.
Validations
- Container
idis unique with respect toapplicationcontainer, init containers and sidecars in scope of same workload
Overrides
metadata.name-
nameis generated from id (assumed to beapplicationfor application container) by convention spec.image-
is generated from container
.image.repository,.image.registryand.image.version
Manifests Generation
spec.envFromis with references to application defined ConfigMaps if config map is in the same namespacespec.envFromis with references to application defined Secrets if secret is in the same namespacespec.envFromis with references to application defined External Secrets if secret is in the same namespacespec.volumeMountsis extended as per Volume- Application container spec is added to workload manifest
containersif workload is not set tonone - Sidecar container specs are added to workload manifest
containersif workload is not set tonone - Init containers specs is added to workload manifest
initContainersif workload is not set tonone