使用 PodPreset 资源,可以在 Pod 创建时,自动修改 Pod 模板。
使用 label selector 选择要修改的 Pod 对象。
能够注入的属性有:secret objects / ConfigMap objects / storage volumes / container volume mounts / environment variables
相关文档
Pod Preset => overview
Injecting data into a Pod using PodPreset
the design proposal for PodPreset
第一步、启用 PodPreset 资源
Kubernetes v1.16.2/Pod Preset
Kubernetes v1.16.2/kube-apiserver
Kubernetes v1.16.2/API OVERVIEW/PodPreset v1alpha1 settings.k8s.io
how does kube-apiserver restart after editing /etc/kubernetes/manifests/kube-apiserver.yaml
Kubernetes v1.16.2,vim /etc/kubernetes/manifests/kube-apiserver.yaml
- --runtime-config=settings.k8s.io/v1alpha1=true - --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,PodPreset
由于 API Server 是静态 Pod 资源,因此在修改配置后,kubelet 会自动重启 API Server 组件。
第二步、定义 PodPreset 资源
由于很多镜像没有正确设置时区,因此我们计划使用 PodPreset 资源设置时区:
apiVersion: settings.k8s.io/v1alpha1
kind: PodPreset
metadata:
name: etc-localtime
spec:
selector:
# 如果 POD 设置 localtime: image 标签 ,则不应用
matchExpressions:
- operator: "NotIn"
key: "localtime"
values:
- "image"
volumeMounts:
- mountPath: /etc/localtime
name: etc-localtime
readOnly: true
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
第三步、创建 Pod 测试
将应用 PodPreset 的资源:
apiVersion: v1
kind: Pod
metadata:
name: counter
namespace: default
spec:
containers:
- name: count
image: busybox
args: [/bin/sh, -c,
'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']
将忽略 PodPreset 的资源:
apiVersion: v1
kind: Pod
metadata:
name: counter-localtime-image
namespace: default
labels:
localtime: image
spec:
containers:
- name: count
image: busybox
args: [/bin/sh, -c,
'i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done']
参考文献
Pod Preset
Injecting data into a Pod using PodPreset
the design proposal for PodPreset
CHAPTER 15. INJECTING INFORMATION INTO PODS USING POD PRESETS