Expose Pod Information to Containers Through Files

This page shows how a Pod can use a downwardAPI volume, to expose information about itself to containers running in the Pod. A downwardAPI volume can expose Pod fields and container fields.

In Kubernetes, there are two ways to expose Pod and container fields to a running container:

Together, these two ways of exposing Pod and container fields are called the downward API.

Before you begin

You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutorial on a cluster with at least two nodes that are not acting as control plane hosts. If you do not already have a cluster, you can create one by using minikube or you can use one of these Kubernetes playgrounds:

Store Pod fields

In this part of exercise, you create a Pod that has one container, and you project Pod-level fields into the running container as files. Here is the manifest for the Pod:

  1. pods/inject/dapi-volume.yaml
  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4. name: kubernetes-downwardapi-volume-example
  5. labels:
  6. zone: us-est-coast
  7. cluster: test-cluster1
  8. rack: rack-22
  9. annotations:
  10. build: two
  11. builder: john-doe
  12. spec:
  13. containers:
  14. - name: client-container
  15. image: registry.k8s.io/busybox
  16. command: ["sh", "-c"]
  17. args:
  18. - while true; do
  19. if [[ -e /etc/podinfo/labels ]]; then
  20. echo -en '\n\n'; cat /etc/podinfo/labels; fi;
  21. if [[ -e /etc/podinfo/annotations ]]; then
  22. echo -en '\n\n'; cat /etc/podinfo/annotations; fi;
  23. sleep 5;
  24. done;
  25. volumeMounts:
  26. - name: podinfo
  27. mountPath: /etc/podinfo
  28. volumes:
  29. - name: podinfo
  30. downwardAPI:
  31. items:
  32. - path: "labels"
  33. fieldRef:
  34. fieldPath: metadata.labels
  35. - path: "annotations"
  36. fieldRef:
  37. fieldPath: metadata.annotations

In the manifest, you can see that the Pod has a downwardAPI Volume, and the container mounts the volume at /etc/podinfo.

Look at the items array under downwardAPI. Each element of the array defines a downwardAPI volume. The first element specifies that the value of the Pod’s metadata.labels field should be stored in a file named labels. The second element specifies that the value of the Pod’s annotations field should be stored in a file named annotations.

Note:

The fields in this example are Pod fields. They are not fields of the container in the Pod.

Create the Pod:

  1. kubectl apply -f https://k8s.io/examples/pods/inject/dapi-volume.yaml

Verify that the container in the Pod is running:

  1. kubectl get pods

View the container’s logs:

  1. kubectl logs kubernetes-downwardapi-volume-example

The output shows the contents of the labels file and the annotations file:

  1. cluster="test-cluster1"
  2. rack="rack-22"
  3. zone="us-est-coast"
  4. build="two"
  5. builder="john-doe"

Get a shell into the container that is running in your Pod:

  1. kubectl exec -it kubernetes-downwardapi-volume-example -- sh

In your shell, view the labels file:

  1. /# cat /etc/podinfo/labels

The output shows that all of the Pod’s labels have been written to the labels file:

  1. cluster="test-cluster1"
  2. rack="rack-22"
  3. zone="us-est-coast"

Similarly, view the annotations file:

  1. /# cat /etc/podinfo/annotations

View the files in the /etc/podinfo directory:

  1. /# ls -laR /etc/podinfo

In the output, you can see that the labels and annotations files are in a temporary subdirectory: in this example, ..2982_06_02_21_47_53.299460680. In the /etc/podinfo directory, ..data is a symbolic link to the temporary subdirectory. Also in the /etc/podinfo directory, labels and annotations are symbolic links.

  1. drwxr-xr-x ... Feb 6 21:47 ..2982_06_02_21_47_53.299460680
  2. lrwxrwxrwx ... Feb 6 21:47 ..data -> ..2982_06_02_21_47_53.299460680
  3. lrwxrwxrwx ... Feb 6 21:47 annotations -> ..data/annotations
  4. lrwxrwxrwx ... Feb 6 21:47 labels -> ..data/labels
  5. /etc/..2982_06_02_21_47_53.299460680:
  6. total 8
  7. -rw-r--r-- ... Feb 6 21:47 annotations
  8. -rw-r--r-- ... Feb 6 21:47 labels

Using symbolic links enables dynamic atomic refresh of the metadata; updates are written to a new temporary directory, and the ..data symlink is updated atomically using rename(2).

Note:

A container using Downward API as a subPath volume mount will not receive Downward API updates.

Exit the shell:

  1. /# exit

Store container fields

The preceding exercise, you made Pod-level fields accessible using the downward API. In this next exercise, you are going to pass fields that are part of the Pod definition, but taken from the specific container rather than from the Pod overall. Here is a manifest for a Pod that again has just one container:

  1. pods/inject/dapi-volume-resources.yaml
  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4. name: kubernetes-downwardapi-volume-example-2
  5. spec:
  6. containers:
  7. - name: client-container
  8. image: registry.k8s.io/busybox:1.24
  9. command: ["sh", "-c"]
  10. args:
  11. - while true; do
  12. echo -en '\n';
  13. if [[ -e /etc/podinfo/cpu_limit ]]; then
  14. echo -en '\n'; cat /etc/podinfo/cpu_limit; fi;
  15. if [[ -e /etc/podinfo/cpu_request ]]; then
  16. echo -en '\n'; cat /etc/podinfo/cpu_request; fi;
  17. if [[ -e /etc/podinfo/mem_limit ]]; then
  18. echo -en '\n'; cat /etc/podinfo/mem_limit; fi;
  19. if [[ -e /etc/podinfo/mem_request ]]; then
  20. echo -en '\n'; cat /etc/podinfo/mem_request; fi;
  21. sleep 5;
  22. done;
  23. resources:
  24. requests:
  25. memory: "32Mi"
  26. cpu: "125m"
  27. limits:
  28. memory: "64Mi"
  29. cpu: "250m"
  30. volumeMounts:
  31. - name: podinfo
  32. mountPath: /etc/podinfo
  33. volumes:
  34. - name: podinfo
  35. downwardAPI:
  36. items:
  37. - path: "cpu_limit"
  38. resourceFieldRef:
  39. containerName: client-container
  40. resource: limits.cpu
  41. divisor: 1m
  42. - path: "cpu_request"
  43. resourceFieldRef:
  44. containerName: client-container
  45. resource: requests.cpu
  46. divisor: 1m
  47. - path: "mem_limit"
  48. resourceFieldRef:
  49. containerName: client-container
  50. resource: limits.memory
  51. divisor: 1Mi
  52. - path: "mem_request"
  53. resourceFieldRef:
  54. containerName: client-container
  55. resource: requests.memory
  56. divisor: 1Mi

In the manifest, you can see that the Pod has a downwardAPI volume, and that the single container in that Pod mounts the volume at /etc/podinfo.

Look at the items array under downwardAPI. Each element of the array defines a file in the downward API volume.

The first element specifies that in the container named client-container, the value of the limits.cpu field in the format specified by 1m should be published as a file named cpu_limit. The divisor field is optional and has the default value of 1. A divisor of 1 means cores for cpu resources, or bytes for memory resources.

Create the Pod:

  1. kubectl apply -f https://k8s.io/examples/pods/inject/dapi-volume-resources.yaml

Get a shell into the container that is running in your Pod:

  1. kubectl exec -it kubernetes-downwardapi-volume-example-2 -- sh

In your shell, view the cpu_limit file:

  1. # Run this in a shell inside the container
  2. cat /etc/podinfo/cpu_limit

You can use similar commands to view the cpu_request, mem_limit and mem_request files.

Project keys to specific paths and file permissions

You can project keys to specific paths and specific permissions on a per-file basis. For more information, see Secrets.

What’s next

  • Read the spec API definition for Pod. This includes the definition of Container (part of Pod).
  • Read the list of available fields that you can expose using the downward API.

Read about volumes in the legacy API reference:

  • Check the Volume API definition which defines a generic volume in a Pod for containers to access.
  • Check the DownwardAPIVolumeSource API definition which defines a volume that contains Downward API information.
  • Check the DownwardAPIVolumeFile API definition which contains references to object or resource fields for populating a file in the Downward API volume.
  • Check the ResourceFieldSelector API definition which specifies the container resources and their output format.