kubernets之从应用访问pod元数据以及其他资源
一 downwardAPI的应用
1.1 前面我们介绍了如何通过configmap以及secret将配置传入到pod的容器中,但是传递的这些都是预先能够安排和只晓得,对于那些只有当pod创建起来之后才由其他一些资源创建的配置,上面说到的那些都没用,我们需要另外一种kubernets资源来提供这些配置的渲染,这种方式主要是通过将pod定义和状态中取得的数据作为环境变量和文件值
1.2 介绍pod一些常见的元数据
-
- pod的名称
- pod的IP
- pod所在的命名空间
- pod所在的运行节点
- pod的标签
- pod的注解
- pod运行所归属的服务账号名称
- 每个容器请求的CPU和内存的使用量
- 每个容器可以使用的CPU以及内存的限制
二 通过环境变量的形式暴露元数据
2.1 创建一个pod然后将以上pod的元数据暴露到容器的环境变量里面
apiVersion: v1 kind: Pod metadata: name: downward spec: containers: - name: main image: busybox command: ["sleep", "999999"] resources: requests: cpu: 15m memory: 10M limits: cpu: 100m memory: 50M env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: SERVICE_ACCOUNT valueFrom: fieldRef: fieldPath: spec.serviceAccountName - name: CONTAINER_CPU_REQUEST_MILLICORES valueFrom: resourceFieldRef: resource: requests.cpu divisor: 1m - name: CONTAINER_MEMORY_LIMIT_KIBIBYTES valueFrom: resourceFieldRef: resource: limits.memory divisor: 1M
- 通过该文件创建了一个pod,并定义了POD_NAME,POD_IP等的环境变量
- 注意一下resource的单位要定义准确,否则有可能会卡在ContainerCreating上面
2.2 查看一下该创建的容器里面所渲染出来的环境变量
[root@node01 Chapter08]# k exec downward -- env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin HOSTNAME=downward POD_NAME=downward POD_NAMESPACE=default NODE_NAME=node01 POD_IP=10.244.2.65 SERVICE_ACCOUNT=default CONTAINER_CPU_REQUEST_MILLICORES=15 CONTAINER_MEMORY_LIMIT_KIBIBYTES=50 KUBERNETES_PORT_443_TCP_PORT=443 KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1 KUBERNETES_SERVICE_HOST=10.96.0.1 KUBERNETES_SERVICE_PORT=443 KUBERNETES_SERVICE_PORT_HTTPS=443 KUBERNETES_PORT=tcp://10.96.0.1:443 KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443 KUBERNETES_PORT_443_TCP_PROTO=tcp HOME=/root
- 可以看到上面定义的所有内容都成功的渲染到了容器的环境变量里面了
2.3 创建一个pod,然后通过downwardapi卷的形式将pod的元数据以文件的形式挂载到pod的容器里面
apiVersion: v1 kind: Pod metadata: name: downward-volume labels: name: wxm annotations: key1: value1 key2: | multi line value spec: containers: - name: main image: busybox command: ["sleep", "999999"] resources: requests: cpu: 15m memory: 10M limits: cpu: 100m memory: 50M volumeMounts: - name: downward mountPath: /etc/downward volumes: - name: downward downwardAPI: items: - path: "podName" fieldRef: fieldPath: metadata.name - path: "podNamespace" fieldRef: fieldPath: metadata.namespace - path: "annotations" fieldRef: fieldPath: metadata.annotations - path: "containerCpuRequestMilliCores" resourceFieldRef: containerName: main resource: requests.cpu divisor: 1m - path: "containerMemoryLimitBytes" resourceFieldRef: containerName: main resource: limits.memory divisor: 1M
2.4 之后查看该容器是否渲染成配置文件了
[root@node01 Chapter08]# k exec downward-volume -- ls -Alrt /etc/downward total 0 lrwxrwxrwx 1 root root 19 Jan 5 12:43 podNamespace -> ..data/podNamespace lrwxrwxrwx 1 root root 14 Jan 5 12:43 podName -> ..data/podName lrwxrwxrwx 1 root root 32 Jan 5 12:43 containerMemoryLimitBytes -> ..data/containerMemoryLimitBytes lrwxrwxrwx 1 root root 36 Jan 5 12:43 containerCpuRequestMilliCores -> ..data/containerCpuRequestMilliCores lrwxrwxrwx 1 root root 18 Jan 5 12:43 annotations -> ..data/annotations lrwxrwxrwx 1 root root 31 Jan 5 12:43 ..data -> ..2021_01_05_12_43_26.673712213 drwxr-xr-x 2 root root 140 Jan 5 12:43 ..2021_01_05_12_43_26.673712213
- 可以看到数据成功的挂载到了pod的目录上面了
- 我们如愿以偿的将标签和注解也成功的以文件的形式挂载到了容器上面
- 当暴露的内容是容器级别的时候需要指定容器名称如图中红色所示
