Configuration Best Practices

from Configuration Best Practices


Managing Compute Resources for Containers

from Managing Compute Resources for Containers

Resource types

CPU and memory are each a resource type. A resource type has a base unit. CPU is specified in units of cores, and memory is specified in units of bytes.


  • M: 1000*1000kb
  • Mi: 1024*1024kb

How Pods with resource requests are scheduled

When you create a Pod, the Kubernetes scheduler selects a node for the Pod to run on.

he resource usage of a Pod is reported as part of the Pod status.

Assigning Pods to Nodes

from Assigning Pods to Nodes

You can constrain a Pod to only be able to run on particular Node(s) , or to prefer to run on particular nodes.


nodeSelector is the simplest recommended form of node selection constraint.

apiVersion: v1
kind: Pod
  name: nginx
    env: test
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
    disktype: ssd


Taints and Tolerations

from Taints and Tolerations

Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes.



from Secrets

Kubernetes secret objects let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys.

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key.

To use a secret, a pod needs to reference the secret. A secret can be used with a pod in two ways: as files in a volume mounted on one or more of its containers, or used by kubelet when pulling images for the pod.

Creating a Secret


Using Secrets

Using Secrets as Files from a Pod

配置位置: .spec.volumes[].secret.secretName

Each secret you want to use needs to be referred to in .spec.volumes.

Using Secrets as Environment Variables

配置位置: env[].valueFrom.secretKeyRef

Using imagePullSecrets

An imagePullSecret is a way to pass a secret that contains a Docker (or other) image registry password to the Kubelet so it can pull a private image on behalf of your Pod.

Use cases

  • SSH Key
  • Prod/test Credential

Organizing Cluster Access Using kubeconfig Files

from Organizing Cluster Access Using kubeconfig Files


Pod Priority and Preemption

from Pod Priority and Preemption


Scheduling Framework

from Scheduling Framework


- - - - - -
written by 陈烨彬 Robin Chen , and published under (CC) BY-NC-SA.