You can use a podpreset
object to inject information like secrets, volume
mounts, and environment variables etc into pods at creation time.
This task shows some examples on using the PodPreset
resource.
You can get an overview of PodPresets at
Understanding Pod Presets.
This is a simple example to show how a Pod spec is modified by the Pod Preset.
podpreset-preset.yaml
|
---|
|
Create the PodPreset:
kubectl create -f https://k8s.io/docs/tasks/inject-data-application/podpreset-preset.yaml
Examine the created PodPreset:
$ kubectl get podpreset
NAME AGE
allow-database 1m
The new PodPreset will act upon any pod that has label role: frontend
.
podpreset-pod.yaml
|
---|
|
Create a pod:
$ kubectl create -f https://k8s.io/docs/tasks/inject-data-application/podpreset-pod.yaml
List the running Pods:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
website 1/1 Running 0 4m
Pod spec after admission controller:
podpreset-merged.yaml
|
---|
|
To see above output, run the following command:
$ kubectl get pod website -o yaml
ConfigMap
ExampleThis is an example to show how a Pod spec is modified by the Pod Preset
that defines a ConfigMap
for Environment Variables.
User submitted pod spec:
podpreset-pod.yaml
|
---|
|
User submitted ConfigMap
:
podpreset-configmap.yaml
|
---|
|
Example Pod Preset:
podpreset-allow-db.yaml
|
---|
|
Pod spec after admission controller:
podpreset-allow-db-merged.yaml
|
---|
|
The following example shows that only the pod spec is modified by the Pod Preset.
User submitted ReplicaSet:
podpreset-replicaset.yaml
|
---|
|
Example Pod Preset:
podpreset-preset.yaml
|
---|
|
Pod spec after admission controller:
Note that the ReplicaSet spec was not changed, users have to check individual pods to validate that the PodPreset has been applied.
podpreset-replicaset-merged.yaml
|
---|
|
This is an example to show how a Pod spec is modified by multiple Pod Injection Policies.
User submitted pod spec:
podpreset-pod.yaml
|
---|
|
Example Pod Preset:
podpreset-preset.yaml
|
---|
|
Another Pod Preset:
podpreset-proxy.yaml
|
---|
|
Pod spec after admission controller:
podpreset-multi-merged.yaml
|
---|
|
This is an example to show how a Pod spec is not modified by the Pod Preset when there is a conflict.
User submitted pod spec:
podpreset-conflict-pod.yaml
|
---|
|
Example Pod Preset:
podpreset-conflict-preset.yaml
|
---|
|
Pod spec after admission controller will not change because of the conflict:
podpreset-conflict-pod.yaml
|
---|
|
If we run kubectl describe...
we can see the event:
$ kubectl describe ...
....
Events:
FirstSeen LastSeen Count From SubobjectPath Reason Message
Tue, 07 Feb 2017 16:56:12 -0700 Tue, 07 Feb 2017 16:56:12 -0700 1 {podpreset.admission.kubernetes.io/podpreset-allow-database } conflict Conflict on pod preset. Duplicate mountPath /cache.
Once you don’t need a pod preset anymore, you can delete it with kubectl
:
$ kubectl delete podpreset allow-database
podpreset "allow-database" deleted