Pod Settings

When you create Deployments, StatefulSets or DaemonSets, you need to specify a Pod. At the same time, KubeSphere provides users with various options to customize workload configurations, such as health check probes, environment variables and start commands. This page illustrates detailed explanations of different properties in Pod Settings.

Tip

You can enable Edit YAML in the upper-right corner to see corresponding values in the manifest file (YAML format) of properties on the dashboard.

Pod Settings

Pod Replicas

Set the number of replicated Pods by clicking Pod Settings - 图1 or Pod Settings - 图2, indicated by the .spec.replicas field in the manifest file. This option is not available for DaemonSets.

If you create Deployments in a multi-cluster project, select a replica scheduling mode under Replica Scheduling Mode:

  • Specify Replicas: select clusters and set the number of Pod replicas in each cluster.
  • Specify Weights: select clusters, set the total number of Pod replicas in Total Replicas, and specify a weight for each cluster. The Pod replicas will be proportionally scheduled to the clusters according to the weights. To change weights after a Deployment is created, click the name of the Deployment to go to its details page and change weights under Weights on the Resource Status tab.

If you create StatefulSets in a multi-cluster project, select clusters and set the number of Pod replicas in each cluster under Pod Replicas.

Add Container

Click Add Container to add a container.

You can click Pod Settings - 图3 on the right to select an image from the list or enter an image name to search it. KubeSphere provides Docker Hub images and your private image repository. If you want to use your private image repository, you need to create an Image Registry Secret first in Secrets under Configuration.

Note

Remember to press Enter on your keyboard after you enter an image name in the search box.

Image Tag

You can enter a tag like imagename:tag. If you do not specify it, it will default to the latest version.

Container Name

The container name is automatically created by KubeSphere, which is indicated by .spec.containers.name.

Container Type

If you choose Init container, it means the init container will be created for the workload. For more information about init containers, please visit Init Containers.

Resource Request

The resource quota reserved by the container includes both CPU and memory resources. It means the container monopolizes the resource, preventing other services or processes from competing for resources due to insufficient resources, causing the application to become unavailable.

  • The CPU request is indicated by .spec.containers[].resources.requests.cpu in the manifest file. The CPU request can be exceeded.
  • The memory request is indicated by .spec.containers[].resources.requests.memory in the manifest file. The memory request can be exceeded but the container may clear up when node memory is insufficient.

Resource Limit

You can specify the upper limit of the resources that the application can use, including CPU, memory, and GPU, to prevent excessive resources from being occupied.

  • The CPU limit is indicated by .spec.containers[].resources.limits.cpu in the manifest file. The CPU limit can be exceeded for a short time, and the container will not be stopped.
  • The memory limit is indicated by .spec.containers[].resources.limits.memory in the manifest file. The memory limit cannot be exceeded. If it exceeds, the container may be stopped or scheduled to another machine with sufficient resources.

Note

The CPU resource is measured in CPU units, or Core in KubeSphere. The memory resource is measured in bytes, or MiB in KubeSphere.

To set GPU Type, select a GPU type from the drop-down list, which defaults to nvidia.com/gpu. GPU Limit defaults to no limit.

Port Settings

You need to set the access protocol for the container as well as port information. To use the default setting, click Use Default Ports.

Image Pull Policy

This value is indicated by the imagePullPolicy field. On the dashboard, you can choose one of the following three options from the drop-down list.

  • Use Local Image First: It means that the image is pulled only if it does not exist locally.

  • Pull Image Always: It means that the image is pulled whenever the pod starts.

  • Use Local Image Only: It means that the image is not pulled no matter the image exists or not.

Tip

  • The default value is Use Local Image First, but the value of images tagged with :latest is Pull Image Always by default.
  • Docker will check it when pulling the image. If MD5 has not changed, it will not pull.
  • The :latest tag should be avoided as much as possible in the production environment, and the latest image can be automatically pulled by the :latest tag in the development environment.

Health Check

Support liveness check, readiness check, and startup check.

  • Liveness Check: Liveness probes are used to know whether a container is running, indicated by livenessProbe.

  • Readiness Check: Readiness probes are used to know whether a container is ready to serve requests, indicated by readinessProbe.

  • Startup Check: Startup probes are used to know whether a container application has started, indicated by startupProbe.

Liveness, Readiness and Startup Check include the configurations below:

  • HTTP Request: Perform an HTTP Get request on the specified port and path on the IP address of the container. If the response status code is greater than or equal to 200 and less than 400, the diagnosis is considered successful. The supported parameters include:

    • Path: HTTP or HTTPS, specified by scheme, the path to access the HTTP server, specified by path, the access port or port name is exposed by the container. The port number must be between 1 and 65535. The value is specified by port.
    • Initial Delay (s): The number of seconds after the container has started before liveness probes are initiated, specified by initialDelaySeconds. It defaults to 0.
    • Check Interval (s): The probe frequency (in seconds), specified by periodSeconds. It defaults to 10. The minimum value is 1.
    • Timeout (s): The number of seconds after which the probe times out, specified by timeoutSeconds. It defaults to 1. The minimum value is 1.
    • Success Threshold: The minimum consecutive successes for the probe to be considered successful after having failed, specified by successThreshold. It defaults to 1 and must be 1 for liveness and startup. The minimum value is 1.
    • Failure Threshold: The minimum consecutive failures for the probe to be considered failed after having succeeded, specified by failureThreshold. It defaults to 3. The minimum value is 1.
  • TCP Port: Perform a TCP check on the specified port on the IP address of the container. If the port is open, the diagnosis is considered successful. The supported parameters include:

    • Port: The access port or port name is exposed by the container. The port number must be between 1 and 65535. The value is specified by port.
    • Initial Delay (s): The number of seconds after the container has started before liveness probes are initiated, specified by initialDelaySeconds. It defaults to 0.
    • Check Interval (s): The probe frequency (in seconds), specified by periodSeconds. It defaults to 10. The minimum value is 1.
    • Timeouts: The number of seconds after which the probe times out, specified by timeoutSeconds. It defaults to 1. The minimum value is 1.
    • Success Threshold: The minimum consecutive successes for the probe to be considered successful after having failed, specified by successThreshold. It defaults to 1 and must be 1 for liveness and startup. The minimum value is 1.
    • Failure Threshold: The minimum consecutive failures for the probe to be considered failed after having succeeded, specified by failureThreshold. It defaults to 3. The minimum value is 1.
  • Command: Execute the specified command in the container. If the return code is 0 when the command exits, the diagnosis is considered successful. The supported parameters include:

    • Command: A detection command used to detect the health of the container, specified by exec.command.
    • Initial Delay (s): The number of seconds after the container has started before liveness probes are initiated, specified by initialDelaySeconds. It defaults to 0.
    • Check Interval (s): The probe frequency (in seconds), specified by periodSeconds. It defaults to 10. The minimum value is 1.
    • Timeouts: The number of seconds after which the probe times out, specified by timeoutSeconds. It defaults to 1. The minimum value is 1.
    • Success Threshold: The minimum consecutive successes for the probe to be considered successful after having failed, specified by successThreshold. It defaults to 1 and must be 1 for liveness and startup. The minimum value is 1.
    • Failure Threshold: The minimum consecutive failures for the probe to be considered failed after having succeeded, specified by failureThreshold. It defaults to 3. The minimum value is 1.

For more information about health checks, please visit Container Probes.

Start Command

By default, a container runs the default image command.

  • Command refers to the command field of containers in the manifest file.
  • Parameters refers to the args field of containers in the manifest file.

For more information about the command, please visit Define a Command and Arguments for a Container.

Environment Variables

Configure environment variables for Pods in the form of key-value pairs.

  • name: The name of the environment variable, specified by env.name.
  • value: The value of the variable referenced, specified by env.value.
  • Click Use ConfigMap or Secret to use an existing ConfigMap or Secret.

For more information about the command, please visit Pod variable.

Container Security Context

A security context defines privilege and access control settings for a Pod or Container. For more information about the security context, please visit Pod Security Policies.

Synchronize Host Timezone

The time zone of the container will be consistent with that of the host after synchronization.

Update Strategy

Pod Update

Update strategies are different for different workloads.

The .spec.strategy field specifies the strategy used to replace old Pods with new ones. .spec.strategy.type can be Recreate or Rolling Update. Rolling Update is the default value.

  • Rolling Update (recommended)

    A rolling update means the instance of the old version will be gradually replaced with new ones. During the upgrade process, the traffic will be load balanced and distributed to the old and new instances simultaneously, so the service will not be interrupted.

  • Simultaneous Update

    All existing Pods will be killed before new ones are created. Please note that the service will be interrupted during the update process.

For more information about update strategies, please visit Strategy in Deployments.

The drop-down menu under Update Strategy is indicated by the .spec.updateStrategy field of a StatefulSet in the manifest file. It allows you to handle updates of Pod containers, tags, resource requests or limits, and annotations. There are two strategies:

  • Rolling Update (recommended)

    If .spec.template is updated, the Pods in the StatefulSet will be automatically deleted with new pods created as replacements. Pods are updated in reverse ordinal order, sequentially deleted and created. A new Pod update will not begin until the previous Pod becomes up and running after it is updated.

  • Update on Deletion

    If .spec.template is updated, the Pods in the StatefulSet will not be automatically updated. You need to manually delete old Pods so that the controller can create new Pods.

For more information about update strategies, please visit StatefulSet Update Strategies.

The drop-down menu under Update Strategy is indicated by the .spec.updateStrategy field of a DaemonSet in the manifest file. It allows you to handle updates of Pod containers, tags, resource requests or limits, and annotations. There are two strategies:

  • Rolling Update (recommended)

    If .spec.template is updated, old DaemonSet pods will be killed with new pods created automatically in a controlled fashion. At most one pod of the DaemonSet will be running on each node during the whole update process.

  • Update on Deletion

    If .spec.template is updated, new DaemonSet pods will only be created when you manually delete old DaemonSet pods. This is the same behavior of DaemonSets in Kubernetes version 1.5 or before.

For more information about update strategies, please visit DaemonSet Update Strategy.

Rolling Update Settings

Rolling Update Settings in a Deployment is different from that of a StatefulSet.

  • Maximum Unavailable Pods: The maximum number of Pods that can be unavailable during the update, specified by maxUnavailable. The default value is 25%.
  • Maximum Extra Pods: The maximum number of Pods that can be scheduled above the desired number of Pods, specified by maxSurge. The default value is 25%.

Ordinal for Dividing Pod Replicas: When you partition an update, all Pods with an ordinal greater than or equal to the value you set in Partition are updated when you update the StatefulSet’s Pod specification. This field is specified by .spec.updateStrategy.rollingUpdate.partition, whose default value is 0. For more information about partitions, please visit Partitions.

Rolling Update Settings in a DaemonSet is different from that of a StatefulSet.

  • Maximum Unavailable Pods: The maximum number of pods that can be unavailable during the update, specified by maxUnavailable. The default value is 20%.
  • Minimum Running Time for Pod Readiness (s): The minimum number of seconds before a newly created Pod of DaemonSet is treated as available, specified by minReadySeconds. The default value is 0.

Pod Security Context

A security context defines privilege and access control settings for a Pod or Container. For more information about Pod Security Policies, please visit Pod Security Policies.

Pod Scheduling Rules

You can select different deployment modes to switch between inter-pod affinity and inter-pod anti-affinity. In Kubernetes, inter-pod affinity is specified as field podAffinity of field affinity while inter-pod anti-affinity is specified as field podAntiAffinity of field affinity. In KubeSphere, both podAffinity and podAntiAffinity are set to preferredDuringSchedulingIgnoredDuringExecution. You can enable Edit YAML in the upper-right corner to see field details.

  • Decentralized Scheduling represents anti-affinity.
  • Centralized Scheduling represents affinity.
  • Custom Rules is to add custom scheduling rules based on your needs.

For more information about affinity and anti-affinity, please visit Pod affinity.