Kubernetes Limitations in Orka
What you can and cannot do when working with Kubernetes directly in Orka.
Your Orka environment is a Kubernetes cluster that you can manage with kubectl
. The cluster is helm
-enabled and has RBAC configured. Your control over the cluster is limited via pod security policies, cluster roles, and role bindings.
Allowed namespaces
You can access and interact with the sandbox
namespace only.
You cannot access and interact with the kube-system
, kube-public
, and default
namespaces.
Volumes
You can work with the following volume types:
configMap
persistentVolumeClaim
emptyDir
secret
projected
nfs
You cannot work with any volume types not listed above. If you need to work with another volume type that's not allowed by default, contact the MacStadium team.
Need persistent volumes?
The default RBAC does not let you work with persistent volumes directly. You need to work closely with the MacStadium team to enable persistent volumes for your cluster. See Persistent Volumes.
Resources
Read/Write
configmaps
endpoints
persistentvolumeclaims
pods
(including attach
, exec
, port-forward
, and proxy
; excluding privileged pods)
replicationcontrollers
(including scaling)
secrets
services
(including proxies)
daemonsets
deployments
(including rollback and scaling)
replicasets
(including scaling)
statefulsets
(including scaling)
horizontalpodautoscalers
cronjobs
jobs
ingresses
networkpolicies
Read-only
controllerrevisions
events
limitranges
current namespace
status
pod
logs
pod
status
replicationcontroller
status
resourcequotas
(including status)
What's next
Start using kubectl
and helm
.
Updated over 1 year ago