K8S存储卷之DownwardAPI和Projected实战

                                              作者:尹正杰

版权声明:原创作品,谢绝转载!否则将追究法律责任。

一.DownwardAPI实战案例

1.DownwardAPI概述

与ConfigMap和Secret不同,DownwardAPI自身并非一种独立的API资源类型。

DownwardAPI只是一种将Pod的metadata、spec或status中的字段值注入到其内部Container里的方式。

DownwardAPI提供了两种方式用于将POD的信息注入到容器内部
	- 环境变量:
		用于单个变量,可以将POD信息和容器信息直接注入容器内部
	- Volume挂载:
		将 POD 信息生成为文件,直接挂载到容器内部中去

2.可向容器注入的元数据

可向容器注入的元数据 作用 是否可用于环境变量 是否可用卷
metadata.name Pod的名称 true true
metadata.namespace Pod的名称空间 true true
metadata.uid Pod的UID true true
metadata.labels Pod的标签 false true
metadata.labels['key'] 引用指定key的value true true
metadata.annotations Pod资源注解 false true
spec.nodeName Pod运行的节点名称 true false
spec.serviceAccountName Pod使用的sa名称 true false
status.podIP Pod的IP地址 true false
requests.cpu 容器期望的CPU资源 true true
requests.memory 容器期望的内存资源 true true
requests.ephermera-storage 容器期望的临时卷资源 true true
limits.cpu 容器的CPU上限 true true
limits.memory 容器的内存上限 true true
limits.ephemeral-storage 容器的临时卷上限 true true
在容器上基于DownwardAPI引用Pod元数据,可通过两种字段完成。
	- fieldRef:
		引用常规的元数据
	- resourceFieldRef:
		引用同资源限制和资源需求相关的元数据

这些信息都能够基于环境变量和卷的方式注入到容器中。

3.downwardAPI存储卷实战案例

	1.编写资源清单
[root@master231 yinzhengjie-k8s]# cat 01-downwardAPI-volumes.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: downwardapi-demo
spec:
  replicas: 1
  selector:
    matchLabels:
      apps: v1
  template:
    metadata:
      labels:
        apps: v1
    spec:
      volumes:
      - name: data01
        downwardAPI:
          items:
          - path: pod-name
            # 仅支持: annotations, labels, name and namespace。
            fieldRef:
              fieldPath: "metadata.name"
      - name: data02
        downwardAPI:
          items:
          - path: pod-ns
            fieldRef:
              fieldPath: "metadata.namespace"
      - name: data03
        downwardAPI:
          items:
          - path: containers-limists-memory
            # 仅支持: limits.cpu, limits.memory, requests.cpu and requests.memory
            resourceFieldRef:
              containerName: c1
              resource: "limits.memory"
      containers:
      - name: c1
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
        resources:
          requests:
            cpu: 0.2
            memory: 300Mi
          limits:
            cpu: 0.5
            memory: 500Mi
        volumeMounts:
        - name: data01
          mountPath: /yinzhengjie-xixi
        - name: data02
          mountPath: /yinzhengjie-haha
        - name: data03
          mountPath: /yinzhengjie-hehe
      - name: c2
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v2
        command:
        - tail
        args:
        - -f
        - /etc/hosts
        resources:
          limits:
            cpu: 1.5
            memory: 1.5Gi
[root@master231 yinzhengjie-k8s]# 

	2.创建资源
[root@master231 yinzhengjie-k8s]# kubectl apply -f 01-downwardAPI-volumes.yaml
deployment.apps/downwardapi-demo created
[root@master231 yinzhengjie-k8s]# 


	3.验证测试
[root@master231 yinzhengjie-k8s]# kubectl exec -it downwardapi-demo-5c696b958c-s9jm6 -c c1 -- cat /yinzhengjie-xixi/pod-name | more 
downloadapi-demo-5c696b958c-s9jm6
[root@master231 yinzhengjie-k8s]# 
[root@master231 yinzhengjie-k8s]# kubectl exec -it downwardapi-demo-5c696b958c-s9jm6 -c c1 -- cat /yinzhengjie-haha/pod-ns  | more 
default
[root@master231 yinzhengjie-k8s]# 
[root@master231 yinzhengjie-k8s]# echo `kubectl exec -it downwardapi-demo-5c696b958c-s9jm6 -c c1 -- cat /yinzhengjie-hehe/containers-limists-memory`/1024/1024 | bc
500
[root@master231 yinzhengjie-k8s]# 

4.downwardAPI之env实战案例

[root@master231 volumes]# cat 02-downloadAPI-volumes.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deploy-valuefrom-downwardapi-downwardapi
spec:
  replicas: 3
  selector:
    matchLabels:
      apps: xiuxian
  template:
    metadata:
      labels:
        apps: xiuxian
    spec:
      containers:
      - name: c1
        image: harbor.yinzhengjie.com/yinzhengjie-xiuxian/test:v2
        resources:
          requests:
            cpu: 0.2
            memory: 200Mi
          limits:
            cpu: 0.5
            memory: 500Mi
        imagePullPolicy: Always
        env:
        - name: yinzhengjie-PODNAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: yinzhengjie-IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: yinzhengjie-REQUESTS
          valueFrom:
            resourceFieldRef:
              resource: requests.cpu
        - name: yinzhengjie-LIMITS
          valueFrom:
            resourceFieldRef:
              resource: limits.memory

[root@master231 volumes]# 



	2.验证测试
[root@master231 volumes]# kubectl apply -f 02-downloadAPI-volumes.yaml
deployment.apps/deploy-valuefrom-downwardapi created
[root@master231 volumes]# 
[root@master231 volumes]# kubectl get pods -o wide
NAME                                   READY   STATUS    RESTARTS   AGE   IP             NODE        NOMINATED NODE   READINESS GATES
deploy-valuefrom-downwardapi-7f48549b-5v4rn        1/1     Running   0          3s    10.100.2.182   worker233   <none>           <none>
deploy-valuefrom-downwardapi-7f48549b-lkctz        1/1     Running   0          3s    10.100.1.138   worker232   <none>           <none>
deploy-valuefrom-downwardapi-7f48549b-wkf7s        1/1     Running   0          3s    10.100.1.139   worker232   <none>           <none>
[root@master231 volumes]# kubectl exec  deploy-valuefrom-downwardapi-7f48549b-5v4rn -- env
...
yinzhengjie-LIMITS=524288000
yinzhengjie-PODNAME=deploy-valuefrom-downwardapi-7f48549b-5v4rn
yinzhengjie-IP=10.100.2.182
# 很明显,对于requests字段并没有抓到0.2,而是"向上取整"。
yinzhengjie-REQUESTS=1
...



二.Projected实战案例

1.Projected卷概述

Projected Volume是一种特殊的卷类型,它能够将已存在的多个卷投射进同一个挂载点目录中。

Projected Volume仅支持对如下四种类型的卷(数据源)进行投射操作,这类的卷一般都是用于为容器提供预先定义好的数据:
	- Secret:
		投射Secret 对象。
	- ConfigMap:
		投射ConfigMap对象。
	- DownwardAPI:
		投射Pod元数据。
	- ServiceAccountToken:
		投射ServiceAccount Token。

2.Projected实战案例

	1.编写资源清单
[root@master231 yinzhengjie-k8s]# cat 03-projected-volumes.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: yinzhengjie-cm
data:
  blog: "https://www.cnblogs.com/yinzhengjie"
  k8s: "https://space.bilibili.com/600805398/channel/series"

---

apiVersion: v1
kind: Secret
metadata:
  name: yinzhengjie-secrets
stringData:
  username: admin
  password: yinzhengjie

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: projected-demo
spec:
  replicas: 1
  selector:
    matchLabels:
      apps: v1
  template:
    metadata:
      labels:
        apps: v1
    spec:
      volumes:
      - name: data01
        projected:
          sources:
          - downwardAPI:
              items:
              - path: containers-limists-memory
                resourceFieldRef:
                  containerName: c1
                  resource: "limits.memory"
          - configMap:
              name: yinzhengjie-cm
          - secret:
              name: yinzhengjie-secrets
          - serviceAccountToken:
              path: yinzhengjie-token
      containers:
      - name: c1
        image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1
        resources:
          limits:
            cpu: 0.5
            memory: 500Mi
        volumeMounts:
        - name: data01
          mountPath: /yinzhengjie-xixi
[root@master231 yinzhengjie-k8s]# 

	2.创建资源
[root@master231 yinzhengjie-k8s]# kubectl apply -f  03-projected-volumes.yaml 
configmap/yinzhengjie-cm created
secret/yinzhengjie-secrets created
deployment.apps/projected-demo created
[root@master231 yinzhengjie-k8s]# 


	3.验证测试
[root@master231 yinzhengjie-k8s]# kubectl get pods -o wide
NAME                              READY   STATUS    RESTARTS   AGE   IP               NODE        NOMINATED NODE   READINESS GATES
projected-demo-6b7b48f98d-j27ph   1/1     Running   0          46s   10.100.140.127   worker233   <none>           <none>
[root@master231 yinzhengjie-k8s]# 
[root@master231 yinzhengjie-k8s]# kubectl exec -it projected-demo-6b7b48f98d-j27ph -- sh
/ # ls -l /yinzhengjie-xixi/
total 0
lrwxrwxrwx    1 root     root            11 Feb 12 15:31 blog -> ..data/blog
lrwxrwxrwx    1 root     root            32 Feb 12 15:31 containers-limists-memory -> ..data/containers-limists-memory
lrwxrwxrwx    1 root     root            10 Feb 12 15:31 k8s -> ..data/k8s
lrwxrwxrwx    1 root     root            15 Feb 12 15:31 password -> ..data/password
lrwxrwxrwx    1 root     root            15 Feb 12 15:31 username -> ..data/username
lrwxrwxrwx    1 root     root            24 Feb 12 15:31 yinzhengjie-token -> ..data/yinzhengjie-token
/ # 
posted @   尹正杰  阅读(20)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· 2分钟学会 DeepSeek API,竟然比官方更好用!
· .NET 使用 DeepSeek R1 开发智能 AI 客户端
· 10亿数据,如何做迁移?
· 推荐几款开源且免费的 .NET MAUI 组件库
· c# 半导体/led行业 晶圆片WaferMap实现 map图实现入门篇
历史上的今天:
2020-02-13 Kubernetes系统安全-认证(Authentication)
2019-02-13 安装CDH 5.15.1详解
2019-02-13 MySQL 5.7主从复制实战篇
2019-02-13 top命令详解
2017-02-13 HTML&CSS基础-定义列表
2017-02-13 HTML&CSS基础-无序列表和有序列表
点击右上角即可分享
微信分享提示