Customize Pod Configuration
Ververica Platform lets you define custom Kubernetes settings for the pods that run your Flink jobs. You can attach labels, annotations, and volume mounts that apply to all pods in a deployment, and use full Kubernetes pod templates to configure JobManager and TaskManager pods independently. For example, you can add sidecar containers for logging, monitoring, or security proxies.
Pod-level customization is configured through the deployment YAML under spec.template.spec.kubernetes.
Overview
Two mechanisms are available:
| Mechanism | YAML path | Scope |
|---|---|---|
| Shared pod settings | kubernetes.pods | All pods (JobManager and TaskManager) |
| Per-component pod templates | kubernetes.jobManagerPodTemplate and kubernetes.taskManagerPodTemplate | JobManager or TaskManager pods individually |
Use shared pod settings for labels, annotations, and volume mounts you want on every pod. Use pod templates for full Kubernetes pod spec customization, including sidecar containers, init containers, and per-component labels.
Configure Shared Pod Settings
Settings under kubernetes.pods apply to all pods created by the deployment.
Labels
Attach Kubernetes labels to all Flink pods. Labels are useful for monitoring selectors, network policies, and cost allocation.
kubernetes:
pods:
labels:
team: data-engineering
env: production
The kubectl commands on this page require the deployment to be in a running state. If the deployment has not been started, no pods exist and the commands return no results.
To verify that labels are applied:
kubectl -n <NAMESPACE> get pod \
-l deploymentName=<DEPLOYMENT_NAME> \
--show-labels
Annotations
Attach Kubernetes annotations to all Flink pods. Annotations are commonly used for Prometheus scraping configuration, sidecar injectors such as Istio or Vault, and tooling metadata.
kubernetes:
pods:
annotations:
monitoring.example.com/scrape: "true"
To verify that annotations are applied:
kubectl -n <NAMESPACE> describe pod \
-l deploymentName=<DEPLOYMENT_NAME>,component=jobmanager
Volume Mounts
Mount additional volumes into all Flink pods. Each entry defines both the volume and the mount point.
kubernetes:
pods:
volumeMounts:
- name: shared-data
volume:
name: shared-data
emptyDir: {}
volumeMount:
name: shared-data
mountPath: /opt/flink/shared-data
To verify that volumes are mounted:
kubectl -n <NAMESPACE> describe pod \
-l deploymentName=<DEPLOYMENT_NAME>,component=jobmanager \
| grep -A4 "shared-data"
Configure Per-Component Pod Templates
kubernetes.jobManagerPodTemplate and kubernetes.taskManagerPodTemplate accept a full Kubernetes pod spec. Use these fields to configure the JobManager and TaskManager pods independently.
Component-Specific Labels
Apply labels to one component only:
kubernetes:
jobManagerPodTemplate:
metadata:
labels:
role: jobmanager-custom
taskManagerPodTemplate:
metadata:
labels:
role: taskmanager-custom
Sidecar Containers
Add sidecar containers to run alongside the Flink process. Sidecars are useful for log shippers, monitoring agents, and security proxies, without requiring changes to the Flink image.
The image field is required for each sidecar container.
kubernetes:
jobManagerPodTemplate:
spec:
containers:
- name: monitoring-sidecar
image: nginx:alpine
env:
- name: MONITORING_TARGET
value: jobmanager
taskManagerPodTemplate:
spec:
containers:
- name: monitoring-sidecar
image: nginx:alpine
env:
- name: MONITORING_TARGET
value: taskmanager
To verify that sidecar containers are running:
# Check that both containers are ready (2/2)
kubectl -n <NAMESPACE> get pods \
-l deploymentName=<DEPLOYMENT_NAME>
# Inspect the sidecar on the JobManager pod
kubectl -n <NAMESPACE> describe pod \
-l deploymentName=<DEPLOYMENT_NAME>,component=jobmanager \
| grep -A10 "monitoring-sidecar:"
# Inspect the sidecar on the TaskManager pod
kubectl -n <NAMESPACE> describe pod \
-l deploymentName=<DEPLOYMENT_NAME>,component=taskmanager \
| grep -A10 "monitoring-sidecar:"
Complete Configuration Example
The following YAML shows all supported pod customization options combined under spec.template.spec.kubernetes:
spec:
template:
spec:
kubernetes:
pods:
labels:
team: data-engineering
env: production
annotations:
monitoring.example.com/purpose: my-flink-job
volumeMounts:
- name: shared-data
volume:
name: shared-data
emptyDir: {}
volumeMount:
name: shared-data
mountPath: /opt/flink/shared-data
jobManagerPodTemplate:
metadata:
labels:
role: jobmanager-custom
spec:
containers:
- name: monitoring-sidecar
image: nginx:alpine
env:
- name: MONITORING_TARGET
value: jobmanager
taskManagerPodTemplate:
metadata:
labels:
role: taskmanager-custom
spec:
containers:
- name: monitoring-sidecar
image: nginx:alpine
env:
- name: MONITORING_TARGET
value: taskmanager
Known Limitations
The following fields are accepted by the API at the kubernetes.pods level but are not reliably applied at runtime. Do not use them until this behavior is resolved.
| Field | YAML path | Status | Workaround |
|---|---|---|---|
securityContext | kubernetes.pods | Behavior unconfirmed | Use jobManagerPodTemplate.spec.securityContext or taskManagerPodTemplate.spec.securityContext |
nodeSelector | kubernetes.pods | Silently fails | Use node affinity rules instead |
env | kubernetes.pods | Accepted but not applied | Set environment variables in sidecar containers using the pod template |
imagePullSecrets | kubernetes.pods | Silently ignored | Use jobManagerPodTemplate.spec.imagePullSecrets or taskManagerPodTemplate.spec.imagePullSecrets |