You can use a podpreset
object to inject information like secrets, volume
mounts, and environment variables etc into pods at creation time.
This task shows some examples on using the PodPreset
resource.
Get an overview of PodPresets at Understanding Pod Presets.
You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube, or you can use one of these Kubernetes playgrounds:
To check the version, enter kubectl version
.
This is a simple example to show how a Pod spec is modified by the Pod Preset.
podpreset-preset.yaml docs/tasks/inject-data-application
|
---|
|
Create the PodPreset:
kubectl create -f https://k8s.io/docs/tasks/inject-data-application/podpreset-preset.yaml
Examine the created PodPreset:
$ kubectl get podpreset
NAME AGE
allow-database 1m
The new PodPreset will act upon any pod that has label role: frontend
.
podpreset-pod.yaml docs/tasks/inject-data-application
|
---|
|
Create a pod:
$ kubectl create -f https://k8s.io/docs/tasks/inject-data-application/podpreset-pod.yaml
List the running Pods:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
website 1/1 Running 0 4m
Pod spec after admission controller:
podpreset-merged.yaml docs/tasks/inject-data-application
|
---|
|
To see above output, run the following command:
$ kubectl get pod website -o yaml
ConfigMap
ExampleThis is an example to show how a Pod spec is modified by the Pod Preset
that defines a ConfigMap
for Environment Variables.
User submitted pod spec:
podpreset-pod.yaml docs/tasks/inject-data-application
|
---|
|
User submitted ConfigMap
:
podpreset-configmap.yaml docs/tasks/inject-data-application
|
---|
|
Example Pod Preset:
podpreset-allow-db.yaml docs/tasks/inject-data-application
|
---|
|
Pod spec after admission controller:
podpreset-allow-db-merged.yaml docs/tasks/inject-data-application
|
---|
|
The following example shows that only the pod spec is modified by the Pod Preset.
User submitted ReplicaSet:
podpreset-replicaset.yaml docs/tasks/inject-data-application
|
---|
|
Example Pod Preset:
podpreset-preset.yaml docs/tasks/inject-data-application
|
---|
|
Pod spec after admission controller:
Note that the ReplicaSet spec was not changed, users have to check individual pods to validate that the PodPreset has been applied.
podpreset-replicaset-merged.yaml docs/tasks/inject-data-application
|
---|
|
This is an example to show how a Pod spec is modified by multiple Pod Injection Policies.
User submitted pod spec:
podpreset-pod.yaml docs/tasks/inject-data-application
|
---|
|
Example Pod Preset:
podpreset-preset.yaml docs/tasks/inject-data-application
|
---|
|
Another Pod Preset:
podpreset-proxy.yaml docs/tasks/inject-data-application
|
---|
|
Pod spec after admission controller:
podpreset-multi-merged.yaml docs/tasks/inject-data-application
|
---|
|
This is an example to show how a Pod spec is not modified by the Pod Preset when there is a conflict.
User submitted pod spec:
podpreset-conflict-pod.yaml docs/tasks/inject-data-application
|
---|
|
Example Pod Preset:
podpreset-conflict-preset.yaml docs/tasks/inject-data-application
|
---|
|
Pod spec after admission controller will not change because of the conflict:
podpreset-conflict-pod.yaml docs/tasks/inject-data-application
|
---|
|
If we run kubectl describe...
we can see the event:
$ kubectl describe ...
....
Events:
FirstSeen LastSeen Count From SubobjectPath Reason Message
Tue, 07 Feb 2017 16:56:12 -0700 Tue, 07 Feb 2017 16:56:12 -0700 1 {podpreset.admission.kubernetes.io/podpreset-allow-database } conflict Conflict on pod preset. Duplicate mountPath /cache.
Once you don’t need a pod preset anymore, you can delete it with kubectl
:
$ kubectl delete podpreset allow-database
podpreset "allow-database" deleted