Lab 6: Set SecurityContext for a Pod and Container

bryonbaker

In the first section of Lab 6 the spec for the Security Context lab has two "name" attributes under "containers".

name: secondapp
name:busy

Apart from the mistake of the missing space before "busy", the indentation looks like it is under containers, but there is already a name attribute. Is this a mistake, or should "name: busy" be nested elsewhere?
I have written the spec with the same nesting as secondapp and it appears to work fine - so I just want to understand what is going on.

serewicz

Hello,

Is the indentation issue in the book or in the example file? The name busy is for a container name which you will use with a kubectl exec statement later in the lab.

Regards,

bryonbaker

It is on page 2 of the lab 6. Looking through the API doco at: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#podspec-v1-core, there is no "name" property that lines up anywhere under PodSpec but as part of metadata and containers - and the lab already has that as "name: secondapp"
see attached

bryonbaker

The name busy is for a container name

@serewicz - The name "busy" is not the nested under the Container array in the lab, so how can this be the container name?
Looking at the API documentation. Name is however an attribute of each element in the Container array.
There is however a "patch merge key: name" in the PodSpec, but I am not sure what that is doing.
So what is the relationship between "name: busy" and "name: busybox" in the PodSpec in the labs? (See attached image)

serewicz

Did you find the use of the exec command later in the lab? If you omit the entry does that command still work? The use of indentation is how YAML knows which sections to collect together.