downwardAPI存储卷
有时候,应用程序需要基于其所在的环境信息设定运行特性等,这类环境信息包括节点及集群的部分详细属性信息等,例如,Nginx 进程可根据节点的 CPU 核心数量自动设定要启动的 worker 进程数,JVM 虚拟机可根据节点内存资源自动设定其堆内存大小。类似地,托管运行于 Kubernetes 的 Pod 对象中的容器化应用偶尔也需要获取其所属 Pod 对象的 IP、主机名、标签、注解、UID、请求的 CPU 及内存资源量及其限额,甚至是 Pod 所在的节点名称等,容器可以通过环境变量或 downwardAPI 存储卷访问此类信息,不过,标签和注解仅支持通过存储卷暴露给容器。
一、环境变量式元数据注入
引用 downwardAPI 元数据信息的常用方式之一是使用容器的环境变量,它通过在 valueFrom 字段中嵌套 fieldRef 或 resourceFieldRef 字段引用相应的数据源。不过,通常只有常量类的属性才能够通过环境变量注入容器中,毕竟,在进程启动完成后将无法再向其告知变量值的变动,于是,环境变量也就不支持中途的更新操作。
可通过 fieldRef 字段引用的信息具体如下:
-
- spec.nodeName: 节点名称。
- status.hostIP: 节点 IP 地址。
- metadata.name: Pod 对象的名称。
- metadata.namespace: Pod 对象隶属的名称空间。
- status.podIP: Pod 对象的 IP 地址。
- spec.serviceAccountName: Pod 对象使用的 ServiceAccount 资源的名称。
- metadata.uid: Pod 对象的 UID。
- metadata.labels['KEY']: Pod 对象标签中的指定键的值,例如 metadata.labels['mylabel'],仅 Kubernetes 1.9及之后的版本才支持。
另外,可通过 resourceFieldRef 字段引用的信息是指当前容器的资源请求及资源限额的定义,因此它们包括 requests.cpu、limits.cpu、requests.memory 和 limits.memory 四项。
下面的资源配置清单示例(downwardAPI-env.yaml)中定义的 Pod 对象通过环境变量向容器 env-test-container 中注入了 Pod 对象的名称、隶属的名称空间、标签的 app 的值以及容器自身的 CPU 资源限额和内存资源请求等信息:
apiVersion: v1
kind: Pod
metadata:
name: env-test-pod
labels:
app: env-test-pod
spec:
containers:
- name: env-test-containers
image: busybox
command: ["/bin/sh", "-c", "env"]
resources:
requests:
memory: "32Mi"
cpu: "125m"
limits:
memory: "64Mi"
cpu: "250m"
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.labels['app']
- name: MY_CPU_LIMIT
valueFrom:
resourceFieldRef:
resource: limits.cpu
- name: MY_MEM_REQUEST
valueFrom:
resourceFieldRef:
resource: requests.memory
divisor: 1Mi
restartPolicy: Never
而后,可以通过控制台日志获取注入的环境变量:
kubectl logs env-test-pod | grep "^MY_"
二、存储卷式元数据注入
向容器注入元数据信息的另外一种方式是使用 downwardAPI 存储卷,它将配置的字段数据映射为文件并可通过容器中的挂载进行访问。
downwardAPI 字段定义如下:
[root@mh-k8s-master-247-10 ~]# kubectl explain pod.spec.volumes.downwardAPI
KIND: Pod
VERSION: v1
RESOURCE: downwardAPI <Object>
DESCRIPTION:
DownwardAPI represents downward API about the pod that should populate this
volume
DownwardAPIVolumeSource represents a volume containing downward API info.
Downward API volumes support ownership management and SELinux relabeling.
FIELDS:
defaultMode <integer>
Optional: mode bits to use on created files by default. Must be a value
between 0 and 0777. Defaults to 0644. Directories within the path are not
affected by this setting. This might be in conflict with other options that
affect the file mode, like fsGroup, and the result can be other mode bits
set.
items <[]Object>
Items is a list of downward API volume file
[root@mh-k8s-master-247-10 ~]#
在 downwardAPI 存储卷中使用 fieldRef 引用如下两个数据源:
-
- metadata.labels: Pod 对象的所有标签信息,每行一个,格式为 label-key="escaped-label-value"。
- metadata.annotations: Pod 对象的所有注解信息,每行一个,格式为 annotation-key="escaped-annotation-value"。
下面的资源撇脂清单示例(downwardAPI-vol.yaml)中定义的 Pod 对象通过 downwardAPI 存储卷向容器 volume-test-container 中注入了 Pod 对象隶属的名称空间、标签、注解以及容器自身的 CPU 资源限额和内存资源请求等信息。存储卷在容器中的挂载点 为 /etc/podinfo 目录,因此,注入的每一项信息均会映射为此路径下的一个文件:
apiVersion: v1
kind: Pod
metadata:
labels: east-china
rack: rack-101
app: dapi-vol-pod
name: dapi-vol-pod
annotations:
annotation1: "test-value-1"
spec:
containers:
- name: volume-test-container
image: busybox
command: ["/bin/sh", "-c", "sleep 864000"]
resources:
requests:
memory: "32Mi"
cpu: "125m"
limits:
memory: "64Mi"
cpu: "256m"
volueMounts:
- name: podinfo
mountPath: /etc/podinfo
readOnly: false
volumes:
- name: podinfo
downwardAPI:
defaultMode: 420
items:
- fieldRef:
fieldPath: metadata.namespace
path: pod_namespace
- fieldRef:
fieldPath: metadata.labels
path: pod_labels
- fieldRef:
fieldPath: metadata.annotations
path: pod_annotations
- resourceFieldRef:
containerName: volume-test-container
resource: requests.memory
divisor: "1Mi"
path: "mem_request"
pod.spec.volumes.downwardAPI.items 字段定义如下:
[root@mh-k8s-master-247-10 ~]# kubectl explain pod.spec.volumes.downwardAPI.items
KIND: Pod
VERSION: v1
RESOURCE: items <[]Object>
DESCRIPTION:
Items is a list of downward API volume file
DownwardAPIVolumeFile represents information to create the file containing
the pod field
FIELDS:
fieldRef <Object>
Required: Selects a field of the pod: only annotations, labels, name and
namespace are supported.
mode <integer>
Optional: mode bits to use on this file, must be a value between 0 and
0777. If not specified, the volume defaultMode will be used. This might be
in conflict with other options that affect the file mode, like fsGroup, and
the result can be other mode bits set.
path <string> -required-
Required: Path is the relative path name of the file to be created. Must
not be absolute or contain the '..' path. Must be utf-8 encoded. The first
item of the relative path must not start with '..'
resourceFieldRef <Object>
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
[root@mh-k8s-master-247-10 ~]#
pod.spec.volumes.downwardAPI.items.resourceFieldRef 字段定义如下:
[root@mh-k8s-master-247-10 ~]# ^C
[root@mh-k8s-master-247-10 ~]# kubectl explain pod.spec.volumes.downwardAPI.items.resourceFieldRef
KIND: Pod
VERSION: v1
RESOURCE: resourceFieldRef <Object>
DESCRIPTION:
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently
supported.
ResourceFieldSelector represents container resources (cpu, memory) and
their output format
FIELDS:
containerName <string>
Container name: required for volumes, optional for env vars
divisor <string>
Specifies the output format of the exposed resources, defaults to "1"
resource <string> -required-
Required: resource to select
[root@mh-k8s-master-247-10 ~]#
通过查看 Pod 对象的标签列表:
kubectl exec dapi-vol-pod -- cat /etc/podinfo/pod_labels