作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
目录
- 一.DownwardAPI实战案例
- 1.DownwardAPI概述
- 2.可向容器注入的元数据
- 3.downwardAPI实战案例
- 二.Projected实战案例
- 1.Projected卷概述
- 2.Projected实战案例
一.DownwardAPI实战案例
1.DownwardAPI概述
与ConfigMap和Secret不同,DownwardAPI自身并非一种独立的API资源类型。DownwardAPI只是一种将Pod的metadata、spec或status中的字段值注入到其内部Container里的方式。DownwardAPI提供了两种方式用于将POD的信息注入到容器内部- 环境变量:用于单个变量,可以将POD信息和容器信息直接注入容器内部- Volume挂载:将 POD 信息生成为文件,直接挂载到容器内部中去
2.可向容器注入的元数据
| 可向容器注入的元数据 | 作用 | 是否可用于环境变量 | 是否可用卷 |
|---|---|---|---|
| metadata.name | Pod的名称 | true | true |
| metadata.namespace | Pod的名称空间 | true | true |
| metadata.uid | Pod的UID | true | true |
| metadata.labels | Pod的标签 | false | true |
| metadata.labels['key'] | 引用指定key的value | true | true |
| metadata.annotations | Pod资源注解 | false | true |
| spec.nodeName | Pod运行的节点名称 | true | false |
| spec.serviceAccountName | Pod使用的sa名称 | true | false |
| status.podIP | Pod的IP地址 | true | false |
| requests.cpu | 容器期望的CPU资源 | true | true |
| requests.memory | 容器期望的内存资源 | true | true |
| requests.ephermera-storage | 容器期望的临时卷资源 | true | true |
| limits.cpu | 容器的CPU上限 | true | true |
| limits.memory | 容器的内存上限 | true | true |
| limits.ephemeral-storage | 容器的临时卷上限 | true | true |
在容器上基于DownwardAPI引用Pod元数据,可通过两种字段完成。- fieldRef:引用常规的元数据- resourceFieldRef:引用同资源限制和资源需求相关的元数据这些信息都能够基于环境变量和卷的方式注入到容器中。
3.downwardAPI实战案例
1.编写资源清单
[root@master231 yinzhengjie-k8s]# cat 01-downloadAPI-volumes.yaml
apiVersion: apps/v1
kind: Deployment
metadata:name: downloadapi-demo
spec:replicas: 1selector:matchLabels:apps: v1template:metadata:labels:apps: v1spec:volumes:- name: data01downwardAPI:items:- path: pod-name# 仅支持: annotations, labels, name and namespace。fieldRef:fieldPath: "metadata.name"- name: data02downwardAPI:items:- path: pod-nsfieldRef:fieldPath: "metadata.namespace"- name: data03downwardAPI:items:- path: containers-limists-memory# 仅支持: limits.cpu, limits.memory, requests.cpu and requests.memoryresourceFieldRef:containerName: c1resource: "limits.memory"containers:- name: c1image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1resources:requests:cpu: 0.2memory: 300Milimits:cpu: 0.5memory: 500MivolumeMounts:- name: data01mountPath: /yinzhengjie-xixi- name: data02mountPath: /yinzhengjie-haha- name: data03mountPath: /yinzhengjie-hehe- name: c2image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v2command:- tailargs:- -f- /etc/hostsresources:limits:cpu: 1.5memory: 1.5Gi
[root@master231 yinzhengjie-k8s]# 2.创建资源
[root@master231 yinzhengjie-k8s]# kubectl apply -f 01-downloadAPI-volumes.yaml
deployment.apps/downloadapi-demo created
[root@master231 yinzhengjie-k8s]# 3.验证测试
[root@master231 yinzhengjie-k8s]# kubectl exec -it downloadapi-demo-5c696b958c-s9jm6 -c c1 -- cat /yinzhengjie-xixi/pod-name | more
downloadapi-demo-5c696b958c-s9jm6
[root@master231 yinzhengjie-k8s]#
[root@master231 yinzhengjie-k8s]# kubectl exec -it downloadapi-demo-5c696b958c-s9jm6 -c c1 -- cat /yinzhengjie-haha/pod-ns | more
default
[root@master231 yinzhengjie-k8s]#
[root@master231 yinzhengjie-k8s]# echo `kubectl exec -it downloadapi-demo-5c696b958c-s9jm6 -c c1 -- cat /yinzhengjie-hehe/containers-limists-memory`/1024/1024 | bc
500
[root@master231 yinzhengjie-k8s]# 二.Projected实战案例
1.Projected卷概述
Projected Volume是一种特殊的卷类型,它能够将已存在的多个卷投射进同一个挂载点目录中。Projected Volume仅支持对如下四种类型的卷(数据源)进行投射操作,这类的卷一般都是用于为容器提供预先定义好的数据:- Secret:投射Secret 对象。- ConfigMap:投射ConfigMap对象。- DownwardAPI:投射Pod元数据。- ServiceAccountToken:投射ServiceAccount Token。
2.Projected实战案例
1.编写资源清单
[root@master231 yinzhengjie-k8s]# cat 01-projected-volumes.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: yinzhengjie-cm
data:blog: "https://www.cnblogs.com/yinzhengjie"k8s: "https://space.bilibili.com/600805398/channel/series"---apiVersion: v1
kind: Secret
metadata:name: yinzhengjie-secrets
stringData:username: adminpassword: yinzhengjie---
apiVersion: apps/v1
kind: Deployment
metadata:name: projected-demo
spec:replicas: 1selector:matchLabels:apps: v1template:metadata:labels:apps: v1spec:volumes:- name: data01projected:sources:- downwardAPI:items:- path: containers-limists-memoryresourceFieldRef:containerName: c1resource: "limits.memory"- configMap:name: yinzhengjie-cm- secret:name: yinzhengjie-secrets- serviceAccountToken:path: yinzhengjie-tokencontainers:- name: c1image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1resources:limits:cpu: 0.5memory: 500MivolumeMounts:- name: data01mountPath: /yinzhengjie-xixi
[root@master231 yinzhengjie-k8s]# 2.创建资源
[root@master231 yinzhengjie-k8s]# kubectl apply -f 01-projected-volumes.yaml
configmap/yinzhengjie-cm created
secret/yinzhengjie-secrets created
deployment.apps/projected-demo created
[root@master231 yinzhengjie-k8s]# 3.验证测试
[root@master231 yinzhengjie-k8s]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
projected-demo-6b7b48f98d-j27ph 1/1 Running 0 46s 10.100.140.127 worker233 <none> <none>
[root@master231 yinzhengjie-k8s]#
[root@master231 yinzhengjie-k8s]# kubectl exec -it projected-demo-6b7b48f98d-j27ph -- sh
/ # ls -l /yinzhengjie-xixi/
total 0
lrwxrwxrwx 1 root root 11 Feb 12 15:31 blog -> ..data/blog
lrwxrwxrwx 1 root root 32 Feb 12 15:31 containers-limists-memory -> ..data/containers-limists-memory
lrwxrwxrwx 1 root root 10 Feb 12 15:31 k8s -> ..data/k8s
lrwxrwxrwx 1 root root 15 Feb 12 15:31 password -> ..data/password
lrwxrwxrwx 1 root root 15 Feb 12 15:31 username -> ..data/username
lrwxrwxrwx 1 root root 24 Feb 12 15:31 yinzhengjie-token -> ..data/yinzhengjie-token
/ #
