PodPreset给pod注入好东西

一、介绍

PodPreset用来给指定标签的Pod注入额外的信息，如环境变量、存储卷等。这样，Pod模板就不需要为每个Pod都显式设置重复的信息。

二、如何开启PodPreset

1、vi /usr/lib/systemd/system/kube-apiserver.service

2、在--admission-control=中新增PodPreset

3、在--runtime-config=中新增http://settings.k8s.io/v1alpha1=true

4、systemctl daemon-reload&&systemctl restart kube-apiserver.service重启生效

案例一：通过PodPreset统一修改整个集群服务时区

1、allow-tz-env.yaml文件内容：

apiVersion: settings.k8s.io/v1alpha1
kind: PodPreset
metadata:
name: allow-tz-env
spec:
selector:
matchLabels:
env:
    - name: TZ
      value: Asia/Shanghai

2、通过kubectl create -f allow-tz-env.yaml -nglt命令为glt空间创建podpreset规则（matchLabels:为空代表应用于glt空间所有服务，也可以指定值如app: backend）

3、kubectl get podpreset allow-tz-env -nglt -oyaml查看已创建的podpreset规则

4、ke glt backend → echo $TZ验证结果为Asia/Shanghai

案例二：通过PodPreset实现pod资源与node资源隔离

1、在所有node节点上安装

wget https://copr-be.cloud.fedoraproject.org/results/ganto/lxd/epel-7-x86_64/00486278-lxcfs/lxcfs-2.0.5-3.el7.centos.x86_64.rpm

rpm -ivh lxcfs-2.0.5-3.el7.centos.x86_64.rpm

2、systemctl enable lxcfs&&systemctl start lxcfs启动

3、lxcfs-volume.yaml文件内容：

apiVersion: settings.k8s.io/v1alpha1
kind: PodPreset
metadata:
name: lxcfs-volume
spec:
selector:
matchLabels:
volumeMounts:
    - mountPath: /proc/cpuinfo
      name: cpuinfo
    - mountPath: /proc/diskstats
      name: diskstats
    - mountPath: /proc/meminfo
      name: meminfo
    - mountPath: /proc/stat
      name: stat
    - mountPath: /proc/swaps
      name: swaps
    - mountPath: /proc/uptime
      name: uptime
  volumes:
  - name: cpuinfo
    hostPath:
path: /var/lib/lxcfs/proc/cpuinfo
      type: File
  - name: diskstats
    hostPath:
path: /var/lib/lxcfs/proc/diskstats
      type: File
  - name: meminfo
    hostPath:
path: /var/lib/lxcfs/proc/meminfo
      type: File
  - name: stat
    hostPath:
path: /var/lib/lxcfs/proc/stat
      type: File
  - name: swaps
    hostPath:
path: /var/lib/lxcfs/proc/swaps
      type: File
  - name: uptime
    hostPath:
path: /var/lib/lxcfs/proc/uptime
      type: File

4、通过kubectl create -f lxcfs-volume.yaml -nglt 命令创建资源隔离规则,podpreset以namespace为准应用服务pod内

5、kubectl get podpreset lxcfs-volume -nglt -oyaml查看已创建的podpreset规则

6、ke glt backend→ free -m结果显示request的资源

案例三：通过PodPreset实现arthas挂载容器里

1、把下载后的arthas-boot.jar到指定目录如:/opt/arthas/下

2、kubectl create -f arthas-volume.yaml -nglt（注:namespace要加上）

apiVersion: settings.k8s.io/v1alpha1
kind: PodPreset
metadata:
name: arthas-volume
spec:
selector:
matchLabels:
volumeMounts:
    - mountPath: /opt/arthas
      name: arthas
  volumes:
    - name: arthas
      hostPath:
path: /opt/test/arthas
        type: Directory

3、ke glt backend进入容器去/opt/arthas/目录下查看是否存在arthas-boot.jar

 

参考：https://zhuanlan.zhihu.com/p/68959186