概述
Pod Preset是一种API资源,该对象用来在 Pod 创建的时候向 Pod 中注入某些特定信息,可以包括 secret、volume、volume mount 和环境变量等。使用Pod预设允许pod模板作者不必显式提供每个pod的所有信息。这样,使用特定服务的pod模板的作者不需要知道有关该服务的所有详细信息。
PodPreset工作流程
- 根据标签选择器检查要创建的Pod是否匹配
- 合并PodPreset中的各种资源,并注入要创建的Pod
- 注入发生错误时,不注入PodPreset信息情况下创建Pod
- 在注入的Pod中添加注解”podpreset.admission.kubernetes.io/podpreset-
启动PodPreset
修改/etc/kubernetes/manifests/kube-apiserver.yaml
1 | ## 在command 下添加以下2项 |
创建PodPreset
新建allow-tz-env-podpreset.yaml
1 | vim allow-tz-env-podpreset.yaml |
查看PodPreset
1 | $ kubectl get podpresets.settings.k8s.io |
验证
查看已创建的pod是否应用
发现并未应用env TZ,重启Pod看是否能够应用
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33 $ kubectl exec -it nginx-web-5bc97545f5-drnsn bash
root@nginx-web-5bc97545f5-drnsn:/# env
NGINX_WEB_PORT_80_TCP=tcp://10.96.79.178:80
HOSTNAME=nginx-web-5bc97545f5-drnsn
NJS_VERSION=1.15.12.0.3.1-1~stretch
NGINX_WEB_SERVICE_HOST=10.96.79.178
NGINX_VERSION=1.15.12-1~stretch
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
NGINX_WEB_PORT_80_TCP_PROTO=tcp
KUBERNETES_PORT=tcp://10.96.0.1:443
PWD=/
HOME=/root
KUBERNETES_SERVICE_PORT_HTTPS=443
NGINX_WEB_PORT_80_TCP_PORT=80
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
NGINX_WEB_PORT_80_TCP_ADDR=10.96.79.178
NGINX_WEB_PORT=tcp://10.96.79.178:80
TERM=xterm
NGINX_WEB_SERVICE_PORT=80
SHLVL=1
KUBERNETES_SERVICE_PORT=443
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_SERVICE_HOST=10.96.0.1
_=/usr/bin/env
root@nginx-web-5bc97545f5-drnsn:/# time
real 0m0.000s
user 0m0.000s
sys 0m0.000s
root@nginx-web-5bc97545f5-drnsn:/# date
Thu Jun 13 07:44:31 UTC 2019
重启Pod,再次查看
已经注入
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31 kubectl delete nginx-web-5bc97545f5-drnsn
$ [K8sSj] kubectl exec -it nginx-web-5bc97545f5-nlwjg bash
root@nginx-web-5bc97545f5-nlwjg:/# env
NGINX_WEB_PORT_80_TCP=tcp://10.96.79.178:80
TZ=Asia/Shanghai
HOSTNAME=nginx-web-5bc97545f5-nlwjg
NJS_VERSION=0.3.2
NGINX_WEB_SERVICE_HOST=10.96.79.178
NGINX_VERSION=1.17.0
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1
NGINX_WEB_PORT_80_TCP_PROTO=tcp
PKG_RELEASE=1~stretch
KUBERNETES_PORT=tcp://10.96.0.1:443
PWD=/
HOME=/root
KUBERNETES_SERVICE_PORT_HTTPS=443
NGINX_WEB_PORT_80_TCP_PORT=80
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443
NGINX_WEB_PORT_80_TCP_ADDR=10.96.79.178
NGINX_WEB_PORT=tcp://10.96.79.178:80
TERM=xterm
NGINX_WEB_SERVICE_PORT=80
SHLVL=1
KUBERNETES_SERVICE_PORT=443
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_SERVICE_HOST=10.96.0.1
_=/usr/bin/env
root@nginx-web-5bc97545f5-nlwjg:/# date
Thu Jun 13 15:47:12 CST 2019
查看Pod的yaml文件
可以看到env已经注入,当然注入的还有podpreset注解
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66 $ [K8sSj] kubectl get pod nginx-web-5bc97545f5-n7z5h -o yaml
apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/podIP: 192.168.0.139/32
podpreset.admission.kubernetes.io/podpreset-allow-tz-env: "12887508"
creationTimestamp: 2019-06-13T07:45:36Z
generateName: nginx-web-5bc97545f5-
labels:
pod-template-hash: 5bc97545f5
run: nginx-web
name: nginx-web-5bc97545f5-n7z5h
namespace: default
ownerReferences:
- apiVersion: apps/v1
blockOwnerDeletion: true
controller: true
kind: ReplicaSet
name: nginx-web-5bc97545f5
uid: 121e0458-7918-11e9-8c40-26def9e195d0
resourceVersion: "12888142"
selfLink: /api/v1/namespaces/default/pods/nginx-web-5bc97545f5-n7z5h
uid: 3b398ecf-8daf-11e9-bf6b-26def9e195d0
spec:
containers:
- env:
- name: TZ
value: Asia/Shanghai
image: nginx
imagePullPolicy: Always
name: nginx-web
ports:
- containerPort: 80
protocol: TCP
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: default-token-r74dm
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: master1
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 20
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 20
volumes:
- name: default-token-r74dm
secret:
defaultMode: 420
secretName: default-token-r74dm
- 本文作者: ChuLinx
- 本文链接: http://yoursite.com/2019/12/14/kubernetes1.14使用PodPreset设置集群Pod统一时区/
- 版权声明: 本博客所有文章除特别声明外,均采用 MIT 许可协议。转载请注明出处!