83bdc62289
The batch/v1beta1 API version of RuntimeClass is no longer served as of v1.25 Migrate API clients to use the batch/v1 API version instead which is available since 1.20. Note: It can't be tested until we add back in support for Kata containers on debian. Story: 2010368 Task: 47293 Signed-off-by: Sachin Gopala Krishna <saching.krishna@windriver.com> Change-Id: Id483f97775931d319c4f44113ada1595c74b3aed
72 lines
9.9 KiB
ReStructuredText
72 lines
9.9 KiB
ReStructuredText
|
|
.. rpw1591793808686
|
|
.. _specifying-kata-container-runtime-in-pod-spec:
|
|
|
|
==========================================
|
|
Specify Kata Container Runtime in Pod Spec
|
|
==========================================
|
|
|
|
.. note::
|
|
|
|
Kata Containers will not be supported in |prod-long| |prod-ver|.
|
|
|
|
You can specify the use of Kata Container runtime in your pod specification by
|
|
runtime class or by annotation.
|
|
|
|
.. rubric:: |proc|
|
|
|
|
* Do one of the following:
|
|
|
|
.. table::
|
|
:widths: auto
|
|
|
|
+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+
|
|
| **To use the runtime class method:** | #. Create a RuntimeClass with handler set to kata. |
|
|
| | |
|
|
| | #. Reference this class in the pod spec, as shown in the following example: |
|
|
| | |
|
|
| | .. code-block:: none |
|
|
| | |
|
|
| | kind: RuntimeClass |
|
|
| | apiVersion: node.k8s.io/v1 |
|
|
| | metadata: |
|
|
| | name: kata-containers |
|
|
| | handler: kata |
|
|
| | --- |
|
|
| | apiVersion: v1 |
|
|
| | kind: Pod |
|
|
| | metadata: |
|
|
| | name: busybox-runtime |
|
|
| | spec: |
|
|
| | runtimeClassName: kata-containers |
|
|
| | containers: |
|
|
| | - name: busybox |
|
|
| | command: |
|
|
| | - sleep |
|
|
| | - "3600" |
|
|
| | image: busybox |
|
|
+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+
|
|
| **To use the annotation method:** | Set io.kubernetes.cri.untrusted-workload to true in the annotations section of a pod spec. |
|
|
| | |
|
|
| | For example: |
|
|
| | |
|
|
| | .. code-block:: none |
|
|
| | |
|
|
| | apiVersion: v1 |
|
|
| | kind: Pod |
|
|
| | metadata: |
|
|
| | name: busybox-untrusted |
|
|
| | annotations: |
|
|
| | io.kubernetes.cri.untrusted-workload: "true" |
|
|
| | spec: |
|
|
| | containers: |
|
|
| | - name: busybox |
|
|
| | command: |
|
|
| | - sleep |
|
|
| | - "3600" |
|
|
| | image: busybox |
|
|
| | |
|
|
| | .. note:: |
|
|
| | This method is deprecated and may not be supported in future releases. |
|
|
+--------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------+
|