我想在部署中设置 sysctl。
它在下面的 yaml 中起作用。
apiVersion: v1
kind: Pod
metadata:
name: sysctl-example
spec:
securityContext:
sysctls:
- name: kernel.sem
value: "1000 1000 32000 1000"
containers:
- name: dummy-pod
image: ubuntu
restartPolicy: Never
但是,我不知道如何在部署中配置它。
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
securityContext:
sysctls:
- name: kernel.sem
value: "1000 32000 1000 1000"
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
它打印出一个错误。
错误:将 YAML 转换为 JSON 时出错:yaml:第 20 行:未找到预期的密钥
答案1
在部署 apiVersion extensions/v1beta1 中,deployment.spec.template.spec.containers 在其字段中具有 securityContext,而不是 Pod,其中它是 deploy.spec。
$ kubectl explain deployment.spec.template.spec.containers
KIND: Deployment
VERSION: extensions/v1beta1
RESOURCE: containers <[]Object>
...
securityContext <Object>
Security options the pod should run with. More info:
https://kubernetes.io/docs/concepts/policy/security-context/ More info:
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
...