Pod
Pods are immutable, cannot do k apply or k replace commands on them.
Have to delete them first.
A pod is ready if readiness probe is passing. Can be running before it is ready.
Editing a pod
kubectl edit pod <pod-name> command. Please note that only the properties listed below are editable.
spec.containers[*].image
spec.initContainers[*].image
spec.activeDeadlineSeconds
spec.tolerations
spec.terminationGracePeriodSeconds
Docker Tip
Docker Entrypoint always runs. or can be overridden with --entrypoint
CMD is appended to Entrypoint if exists, and can be replaced by last args in docker cmd
Pod Manifest
apiVersion: v1
kind: Pod
metadata:
name: ubuntu-sleeper-pod
labels:
app:
function:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
containers:
- name: ubuntu-sleeper
image: ubuntu-sleeper
command: ["sleep2.0"] # Corresponds to Entrypoint
args: ["10"] # Correcponts to CMD
securityContext:
runAsUser: 1000
runAsGroup: 3000
allowPrivilegeEscalation: false # Prevents privilege escalation
privileged: false # Ensures the container is not privileged
readOnlyRootFilesystem: true # Makes the root filesystem read-only
capabilities:
drop:
- ALL # Drops all Linux capabilities
runAsNonRoot: true # Ensures the container does not run as root
readinessProbe:
httpGet: // tcpSocket.port: | exec.command:
path: /health
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 8
livenessProbe:
...similar to readiness...
restartPolicy: Never
initContainers:
- name: init-myservice # Multiple init containers run sequentially
image: busybox
command: ['sh', '-c', 'git clone <some-repository-that-will-be-used-by-application> ;']
Pod Conditions
- PodScheduled
- Initialized
- ContainersReady
- Ready
Dockerfile → K8s Cmd & Args Mapping
🔄 Mapping Summary
| Dockerfile Directive | Kubernetes Field |
| -------------------- | ---------------- |
| `ENTRYPOINT` | `command` |
| `CMD` | `args` |