PodPreset

PodPreset 用来给指定标签的 Pod 注入额外的信息,如环境变量、存储卷等。这样,Pod 模板就不需要为每个 Pod 都显式设置重复的信息。

当然,你也可以给 Pod 增加注解 podpreset.admission.kubernetes.io/exclude: "true" 来避免它们被 PodPreset 修改。

API 版本对照表

Kubernetes 版本 API 版本 默认开启
v1.6+ settings.k8s.io/v1alpha1

开启 PodPreset

  • 开启 API kube-apiserver --runtime-config=settings.k8s.io/v1alpha1=true
  • 开启准入控制 --enable-admission-plugins=..,PodPreset

PodPreset 示例

增加环境变量和存储卷的 PodPreset

  1. kind: PodPreset
  2. apiVersion: settings.k8s.io/v1alpha1
  3. metadata:
  4. name: allow-database
  5. namespace: myns
  6. spec:
  7. selector:
  8. matchLabels:
  9. role: frontend
  10. env:
  11. - name: DB_PORT
  12. value: "6379"
  13. volumeMounts:
  14. - mountPath: /cache
  15. name: cache-volume
  16. volumes:
  17. - name: cache-volume
  18. emptyDir: {}

用户提交 Pod

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4. name: website
  5. labels:
  6. app: website
  7. role: frontend
  8. spec:
  9. containers:
  10. - name: website
  11. image: ecorp/website
  12. ports:
  13. - containerPort: 80

经过准入控制 PodPreset 后,Pod 会自动增加环境变量和存储卷

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4. name: website
  5. labels:
  6. app: website
  7. role: frontend
  8. annotations:
  9. podpreset.admission.kubernetes.io/allow-database: "resource version"
  10. spec:
  11. containers:
  12. - name: website
  13. image: ecorp/website
  14. volumeMounts:
  15. - mountPath: /cache
  16. name: cache-volume
  17. ports:
  18. - containerPort: 80
  19. env:
  20. - name: DB_PORT
  21. value: "6379"
  22. volumes:
  23. - name: cache-volume
  24. emptyDir: {}

ConfigMap 示例

ConfigMap

  1. apiVersion: v1
  2. kind: ConfigMap
  3. metadata:
  4. name: etcd-env-config
  5. data:
  6. number_of_members: "1"
  7. initial_cluster_state: new
  8. initial_cluster_token: DUMMY_ETCD_INITIAL_CLUSTER_TOKEN
  9. discovery_token: DUMMY_ETCD_DISCOVERY_TOKEN
  10. discovery_url: http://etcd_discovery:2379
  11. etcdctl_peers: http://etcd:2379
  12. duplicate_key: FROM_CONFIG_MAP
  13. REPLACE_ME: "a value"

PodPreset

  1. kind: PodPreset
  2. apiVersion: settings.k8s.io/v1alpha1
  3. metadata:
  4. name: allow-database
  5. namespace: myns
  6. spec:
  7. selector:
  8. matchLabels:
  9. role: frontend
  10. env:
  11. - name: DB_PORT
  12. value: 6379
  13. - name: duplicate_key
  14. value: FROM_ENV
  15. - name: expansion
  16. value: $(REPLACE_ME)
  17. envFrom:
  18. - configMapRef:
  19. name: etcd-env-config
  20. volumeMounts:
  21. - mountPath: /cache
  22. name: cache-volume
  23. - mountPath: /etc/app/config.json
  24. readOnly: true
  25. name: secret-volume
  26. volumes:
  27. - name: cache-volume
  28. emptyDir: {}
  29. - name: secret-volume
  30. secretName: config-details

用户提交的 Pod

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4. name: website
  5. labels:
  6. app: website
  7. role: frontend
  8. spec:
  9. containers:
  10. - name: website
  11. image: ecorp/website
  12. ports:
  13. - containerPort: 80

经过准入控制 PodPreset 后,Pod 会自动增加 ConfigMap 环境变量

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4. name: website
  5. labels:
  6. app: website
  7. role: frontend
  8. annotations:
  9. podpreset.admission.kubernetes.io/allow-database: "resource version"
  10. spec:
  11. containers:
  12. - name: website
  13. image: ecorp/website
  14. volumeMounts:
  15. - mountPath: /cache
  16. name: cache-volume
  17. - mountPath: /etc/app/config.json
  18. readOnly: true
  19. name: secret-volume
  20. ports:
  21. - containerPort: 80
  22. env:
  23. - name: DB_PORT
  24. value: "6379"
  25. - name: duplicate_key
  26. value: FROM_ENV
  27. - name: expansion
  28. value: $(REPLACE_ME)
  29. envFrom:
  30. - configMapRef:
  31. name: etcd-env-config
  32. volumes:
  33. - name: cache-volume
  34. emptyDir: {}
  35. - name: secret-volume
  36. secretName: config-details

修改 Pod 时区示例

下面的示例会把带有标签 tz: shanghai的所有Pod都自动改成上海时区:

  1. kind: PodPreset
  2. apiVersion: settings.k8s.io/v1alpha1
  3. metadata:
  4. name: tz-shanghai
  5. namespace: default
  6. spec:
  7. selector:
  8. matchLabels:
  9. tz: shanghai
  10. volumeMounts:
  11. - mountPath: /etc/localtime
  12. name: tz-config
  13. volumes:
  14. - name: tz-config
  15. hostPath:
  16. path: /usr/share/zoneinfo/Asia/Shanghai