Monday, May 11, 2015
Weekly Kubernetes Community Hangout Notes - May 1 2015
Every week the Kubernetes contributing community meet virtually over Google Hangouts. We want anyone who’s interested to know what’s discussed in this forum.
Simple rolling update - Brendan
Rolling update = nice example of why RCs and Pods are good.
…pause… (Brendan needs demo recovery tips from Kelsey)
Rolling update has recovery: Cancel update and restart, update continues from where it stopped.
New controller gets name of old controller, so appearance is pure update.
Can also name versions in update (won’t do rename at the end).
Rocket demo - CoreOS folks
2 major differences between rocket & docker: Rocket is daemonless & pod-centric.
Rocket has AppContainer format as native, but also supports docker image format.
Can run AppContainer and docker containers in same pod.
Changes are close to merged.
demo service accounts and secrets being added to pods - Jordan
Problem: It’s hard to get a token to talk to the API.
New API object: “ServiceAccount”
ServiceAccount is namespaced, controller makes sure that at least 1 default service account exists in a namespace.
Typed secret “ServiceAccountToken”, controller makes sure there is at least 1 default token.
DEMO
- Can create new service account with ServiceAccountToken. Controller will create token for it.
Can create a pod with service account, pods will have service account secret mounted at /var/run/secrets/kubernetes.io/…
Kubelet running in a container - Paul
- Kubelet successfully ran pod w/ mounted secret.