Every week the Kubernetes contributing community meet virtually over Google Hangouts. We want anyone who's interested to know what's discussed in this forum.
- Simple rolling update - Brendan
- Rolling update = nice example of why RCs and Pods are good.
- ...pause… (Brendan needs demo recovery tips from Kelsey)
- Rolling update has recovery: Cancel update and restart, update continues from where it stopped.
- New controller gets name of old controller, so appearance is pure update.
- Can also name versions in update (won’t do rename at the end).
- Rocket demo - CoreOS folks
- 2 major differences between rocket & docker: Rocket is daemonless & pod-centric.
- Rocket has AppContainer format as native, but also supports docker image format.
- Can run AppContainer and docker containers in same pod.
- Changes are close to merged.
- demo service accounts and secrets being added to pods - Jordan
- Problem: It’s hard to get a token to talk to the API.
- New API object: “ServiceAccount”
- ServiceAccount is namespaced, controller makes sure that at least 1 default service account exists in a namespace.
- Typed secret “ServiceAccountToken”, controller makes sure there is at least 1 default token.
- DEMO
- Can use token from default service account to curl https://apiserver
- Can create new service account with ServiceAccountToken. Controller will create token for it.
- Can create a pod with service account, pods will have service account secret mounted at /var/run/secrets/kubernetes.io/…
- Kubelet running in a container - Paul
- Kubelet successfully ran pod w/ mounted secret.