starlingx/docs
Code Issues Proposed changes
docs/doc/source/usertasks/specifying-kata-container-runtime-in-pod-spec.rst
Stone f63f0912c6 User Tasks guide 
Fixed typo in LetsEncrypt example

Removed duplicate Datanet entry from main index.rst

Reworked Use Kubernetes CPU Manager Static Policy prerequisite block.

Restored fault/index version of FM toctree in top-level index.

Added merged doc entries to top level index.rst.

Incorporated review comments. Also some generic formatting clean-up such as
converting abbreviations to rST-style :abbr: markup.

Moved url with embedded substitution out of code-block.

Addressed patch 2 review comments. Some addtional rST tidying. See comment replies
for open questions/issues.

This patch fixes an issue with 'stx' in filenames that may differ downstream using-an-image-from-the-local-docker-registry-in-a-container-spec
new substitution and changing code-blocks to parsed-literals as required.

Initial submission for review. Note that a couple of references to WR persist
in examples. These will be marked up with comments in the review.

Signed-off-by: Stone <ronald.stone@windriver.com>
Change-Id: I1efef569842caff5def9dc00395b594d91d7a5d0
Signed-off-by: Stone <ronald.stone@windriver.com>
2020-12-02 10:34:53 -05:00

68 lines
9.8 KiB
ReStructuredText
Raw Blame History

.. rpw1591793808686
.. _specifying-kata-container-runtime-in-pod-spec:
==========================================
Specify Kata Container Runtime in Pod Spec
==========================================
You can specify the use of Kata Container runtime in your pod specification by
runtime class or by annotation.
.. rubric:: |proc|
* Do one of the following:
.. table::
:widths: auto
+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+
| **To use the runtime class method:** | #. Create a RuntimeClass with handler set to kata. |
| | |
| | #. Reference this class in the pod spec, as shown in the following example: |
| | |
| | .. code-block:: none |
| | |
| | kind: RuntimeClass |
| | apiVersion: node.k8s.io/v1beta1 |
| | metadata: |
| | name: kata-containers |
| | handler: kata |
| | --- |
| | apiVersion: v1 |
| | kind: Pod |
| | metadata: |
| | name: busybox-runtime |
| | spec: |
| | runtimeClassName: kata-containers |
| | containers: |
| | - name: busybox |
| | command: |
| | - sleep |
| | - "3600" |
| | image: busybox |
+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+
| **To use the annotation method:** | Set io.kubernetes.cri.untrusted-workload to true in the annotations section of a pod spec. |
| | |
| | For example: |
| | |
| | .. code-block:: none |
| | |
| | apiVersion: v1 |
| | kind: Pod |
| | metadata: |
| | name: busybox-untrusted |
| | annotations: |
| | io.kubernetes.cri.untrusted-workload: "true" |
| | spec: |
| | containers: |
| | - name: busybox |
| | command: |
| | - sleep |
| | - "3600" |
| | image: busybox |
| | |
| | .. note:: |
| | This method is deprecated and may not be supported in future releases. |
+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+
View Git Blame Copy Permalink