Skip to content

Deployment

Deployment

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ejemplo-basico
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - name: nginx
          image: nginx:1.25
---

Variables de entorno individuales

Dentro de spec.template.spec.container:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
env:
  - name: ENTORNO
    value: "produccion"
  - name: API_KEY
    valueFrom:
      secretKeyRef:
        name: ejemplo-secret
        key: api_key
  - name: REGION
    valueFrom:
      configMapKeyRef:
        name: ejemplo-configmap
        key: region

Cargar todas las variables de un ConfigMap y un Secret

Dentro de spec.template.spec.container:

1
2
3
4
5
envFrom:
  - configMapRef:
      name: ejemplo-configmap
  - secretRef:
      name: ejemplo-secret

Puertos

1
2
3
4
ports:
- name: http
  containerPort: 8080
  protocol: TCP

Montar ficheros desde ConfigMap y Secret (volumenes)

Dentro de spec.template.spec.container:

1
2
3
4
5
6
7
8
9
volumeMounts:
  - name: configmap-vol
    mountPath: /etc/config
    subPath: app.conf
    readOnly: true
  - name: secret-vol
    mountPath: /etc/secret
    subPath: password.txt
    readOnly: true

Dentro de spec.template.spec.volumes:

1
2
3
4
5
6
7
8
9
volumes:
  - name: configmap-vol
    configMap:
      name: ejemplo-configmap
      defaultMode: 0640
  - name: secret-vol
    secret:
      secretName: ejemplo-secret
      defaultMode: 0400

Montar PVC (volumen persistente)

Dentro de spec.template.spec.container:

1
2
3
- name: datos-persistentes
  mountPath: /var/www/html
  subPath: index.html

Dentro de spec.template.spec.volumes:

1
2
3
- name: datos-persistentes
  persistentVolumeClaim:
    claimName: ejemplo-pvc

Health checks (liveness/readiness/startup probes)

Dentro de spec.template.spec.container:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
livenessProbe:
  httpGet:
    path: /
    port: 80
  initialDelaySeconds: 10
  periodSeconds: 15

readinessProbe:
  httpGet:
    path: /
    port: 80
  initialDelaySeconds: 5
  periodSeconds: 10

startupProbe:
  httpGet:
    path: /
    port: 80
  failureThreshold: 30
  periodSeconds: 10

Recursos (CPU/Memoria)

Dentro de spec.template.spec.container:

1
2
3
4
5
6
7
resources:
  requests:
    cpu: "250m"
    memory: "256Mi"
  limits:
    cpu: "500m"
    memory: "512Mi"

Node Affinity

Dentro de spec.template.spec:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
# Obligatorio
affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: disktype
              operator: In
              values:
                - ssd

# Preferencia
affinity:
  nodeAffinity:
    preferredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: disktype
              operator: In
              values:
                - ssd

Pod Anti-Affinity

Dentro de spec.template.spec:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
affinity:
  podAntiAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
            - key: app
              operator: In
              values:
                - nginx
        topologyKey: "kubernetes.io/hostname"

**Ejemplo**: asegura que no haya más de un pod con `app=nginx` en el mismo nodo (`topologyKey=hostname` → nodo físico).

Node Selector y Tolerations

Dentro de spec.template.spec:

1
2
3
4
5
6
7
8
nodeSelector:
  disktype: ssd

tolerations:
  - key: "dedicado"
    operator: "Equal"
    value: "true"
    effect: "NoSchedule"

Security Context

1
2
3
4
securityContext:
  runAsUser: 1000              # UID que usará el contenedor (no root)
  runAsGroup: 1000             # GID correspondiente (opcional)
  fsGroup: 1000                # GID que se aplicará a los ficheros montados