前言
环境:centos7.9 docker-ce-20.10.9 kubernetes-version v1.22.6
有时候我们在想,如果容器里面的应用进程想要指定pod所在node节点的IP地址,该如何实现?好在kubernetes为我们提供Downward API的方式来解决这种问题。
Downward API提供了2种方式来暴露pod元数据,即通过环境变量或者挂载downwardAPI卷的形式来暴露pod的元数据。
方式一、通过环境变量来暴露pod元数据(不能实现热更新)
[root@master downardapi]# cat deployment_nginx_downwardapi_env.yaml #创建一个deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-nginx-downwardapi-env
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: deployment-nginx-downwardapi-env
template:
metadata:
labels:
app: deployment-nginx-downwardapi-env
spec:
containers:
- image: nginx:1.7.9
name: nginx-container
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 2m
memory: 200Mi
limits:
cpu: 4m
memory: 400Mi
env:
- name: DEPLOYMENT_NAME #定义DEPLOYMENT_NAME环境变量
valueFrom:
fieldRef:
fieldPath: metadata.name #DEPLOYMENT_NAME环境变量其值引用自metadata.name(注意,这里
# # 的metadata.name获取的将是pod的name而不是deployment的名字,因为前面
# # 我们说过downward api获取的是pod的元数据)
- name: NODE_NAME #定义NODE_NAME环境变量
valueFrom:
fieldRef:
fieldPath: spec.nodeName #NODE_NAME环境变量其值引用自spec.nodeName
- name: HOST_IP #定义HOST_IP环境变量
valueFrom:
fieldRef:
fieldPath: status.hostIP #HOST_IP环境变量其值引用自status.hostIP
- name: REQUEST_CPU #定义REQUEST_CPU环境变量
valueFrom:
resourceFieldRef:
resource: requests.cpu #REQUEST_CPU环境变量其值引用自requests.cpu
- name: REQUEST_MEMORY #定义REQUEST_MEMORY环境变量
valueFrom:
resourceFieldRef:
resource: requests.memory #REQUEST_MEMORY环境变量其值引用自requests.memory
- name: LIMIT_CPU #定义LIMIT_CPU环境变量
valueFrom:
resourceFieldRef:
resource: limits.cpu #LIMIT_CPU环境变量其值引用自limits.cpu
- name: LIMIT_MEMORY #定义LIMIT_MEMORY环境变量
valueFrom:
resourceFieldRef:
resource: limits.memory #LIMIT_MEMORY环境变量其值引用自limits.memory
ports:
- name: http
containerPort: 80
[root@master downardapi]#
#注意:容器中引用pod的元数据,不同的数据使用不同的关键字,并且只有部分属性才能被引用,kubectl explain
# deployment.spec.template.spec.containers.env.valueFrom. 查看使用帮助如下:
fieldRef <Object>
Selects a field of the pod: supports metadata.name, metadata.namespace,
`metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
resourceFieldRef <Object>
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage) are currently supported.
#查看容器里的环境变量,如下所示,容器里的应用程序可以正常获取到环境变量值
[root@master downardapi]# kubectl exec -it deployment-nginx-downwardapi-env-57d8fcc46f-cc9js -- env
NODE_NAME=node1
HOST_IP=192.168.118.132
REQUEST_CPU=1
REQUEST_MEMORY=209715200
LIMIT_CPU=1
LIMIT_MEMORY=419430400
DEPLOYMENT_NAME=deployment-nginx-downwardapi-env-57d8fcc46f-cc9js
方式二、通过挂载downwardAPI卷来暴露pod元数据(能实现热更新)
除了上面的通过环境变量来传递pod元数据,kubernetes还可以通过挂载downwardAPI卷来实现暴露pod元数据,如下:
[root@master downardapi]# vim deployment_nginx_downwardapi_volume.yaml #创建一个deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-nginx-downwardapi-volume
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: deployment-nginx-downwardapi-volume
template:
metadata:
labels:
app: deployment-nginx-downwardapi-volume
spec:
containers:
- image: nginx:1.7.9
name: nginx-container
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 2m
memory: 200Mi
limits:
cpu: 4m
memory: 400Mi
ports:
- name: http
containerPort: 80
volumeMounts:
- name: downward-volume
mountPath: /etc/downward_config/
volumes:
- name: downward-volume
downwardAPI: #通过挂载downwardAPI卷来暴露pod元数据
defaultMode: 0777
items:
- path: "podName"
fieldRef:
fieldPath: metadata.name
- path: "namespace"
fieldRef:
fieldPath: metadata.namespace
- path: "requestCPU"
resourceFieldRef:
containerName: nginx-container #这里引用了容器的名称,因为很简单downwardAPI卷是pod级别的,而资源字段每个容
#器都可以有,所以downwardAPI必须知道你引用的是哪个容器的资源字段
resource: requests.cpu
- path: "requestMemory"
resourceFieldRef:
containerName: nginx-container
resource: requests.memory
- path: "limitCPU"
resourceFieldRef:
containerName: nginx-container
resource: limits.cpu
- path: "limitMemory"
resourceFieldRef:
containerName: nginx-container
resource: limits.memory
"deployment_nginx_downwardapi_volume.yaml" 59L, 1744C written
[root@master downardapi]# kubectl apply -f deployment_nginx_downwardapi_volume.yaml
deployment.apps/deployment-nginx-downwardapi-volume created
[root@master downardapi]# kubectl get -l app=deployment-nginx-downwardapi-volume
You must specify the type of resource to get. Use "kubectl api-resources" for a complete list of supported resources.
error: Required resource not specified.
Use "kubectl explain <resource>" for a detailed description of that resource (e.g. kubectl explain pods).
See 'kubectl get -h' for help and examples
[root@master downardapi]# kubectl get pods -l app=deployment-nginx-downwardapi-volume
NAME READY STATUS RESTARTS AGE
deployment-nginx-downwardapi-volume-65cbf9b88-kn94g 1/1 Running 0 19s
[root@master downardapi]# kubectl exec -it deployment-nginx-downwardapi-volume-65cbf9b88-kn94g -- ls -l /etc/downward_config/
total 0
lrwxrwxrwx 1 root root 15 Apr 24 02:10 limitCPU -> ..data/limitCPU
lrwxrwxrwx 1 root root 18 Apr 24 02:10 limitMemory -> ..data/limitMemory
lrwxrwxrwx 1 root root 16 Apr 24 02:10 namespace -> ..data/namespace
lrwxrwxrwx 1 root root 14 Apr 24 02:10 podName -> ..data/podName
lrwxrwxrwx 1 root root 17 Apr 24 02:10 requestCPU -> ..data/requestCPU
lrwxrwxrwx 1 root root 20 Apr 24 02:10 requestMemory -> ..data/requestMemory
[root@master downardapi]# kubectl exec -it deployment-nginx-downwardapi-volume-65cbf9b88-kn94g -- cat /etc/downward_config/limitCPU
1[root@master downardapi]# kubectl exec -it deployment-nginx-downwardapi-volume-65cbf9b88-kn94g -- cat /etc/downward_config/limitMemory
^[[A419430400[root@master downardapi]# kubectl exec -it deployment-nginx-downwardapi-volume-65cbf9b88-kn94g -- cat /etc/downward_config/limitMemory
419430400[root@master downardapi]# kubectl exec -it deployment-nginx-downwardapi-volume-65cbf9b88-kn94g -- cat /etc/downward_config/namespace
default[root@master downardapi]# kubectl exec -it deployment-nginx-downwardapi-volume-65cbf9b88-kn94g -- cat /etc/downward_config/podName
deployment-nginx-downwardapi-volume-65cbf9b88-kn94g[root@master downardapi]# kubectl exec -it deployment-nginx-downwardapi-volume-65cbf9b88-kn94g -- cat /etc/downward_config/requestCPU
^[[A1[root@master downardapi]# kubectl exec -it deployment-nginx-downwardapi-volume-65cbf9b88-kn94g -- cat /etc/downward_config/requestMemory
209715200[root@master downardapi]#
总结
传递pod元数据给容器可以使用Downward API,Downward API提供了2种方式来暴露pod元数据,即通过环境变量或者挂载downwardAPI卷的形式来暴露pod的元数据。
通过环境变量传递的pod元数据,当pod元数据发现变更之后,如
方式一、通过环境变量来暴露pod元数据
[root@master downardapi]# cat deployment_nginx_downwardapi_env.yaml #创建一个deployment
..........
env:
- name: DEPLOYMENT_NAME #定义DEPLOYMENT_NAME环境变量
valueFrom:
fieldRef:
fieldPath: metadata.name #DEPLOYMENT_NAME环境变量其值引用自metadata.name(注意,这里
# # 的metadata.name获取的将是pod的name而不是deployment的名字,因为前面
# # 我们说过downward api获取的是pod的元数据)
- name: NODE_NAME #定义NODE_NAME环境变量
valueFrom:
fieldRef:
fieldPath: spec.nodeName #NODE_NAME环境变量其值引用自spec.nodeName
- name: HOST_IP #定义HOST_IP环境变量
valueFrom:
fieldRef:
fieldPath: status.hostIP #HOST_IP环境变量其值引用自status.hostIP
- name: REQUEST_CPU #定义REQUEST_CPU环境变量
valueFrom:
resourceFieldRef:
resource: requests.cpu #REQUEST_CPU环境变量其值引用自requests.cpu
- name: REQUEST_MEMORY #定义REQUEST_MEMORY环境变量
valueFrom:
resourceFieldRef:
resource: requests.memory #REQUEST_MEMORY环境变量其值引用自requests.memory
- name: LIMIT_CPU #定义LIMIT_CPU环境变量
valueFrom:
resourceFieldRef:
resource: limits.cpu #LIMIT_CPU环境变量其值引用自limits.cpu
- name: LIMIT_MEMORY #定义LIMIT_MEMORY环境变量
valueFrom:
resourceFieldRef:
resource: limits.memory #LIMIT_MEMORY环境变量其值引用自limits.memory
ports:
- name: http
containerPort: 80
[root@master downardapi]#
方式二、通过挂载downwardAPI卷来暴露pod元数据
```bash
[root@master downardapi]# vim deployment_nginx_downwardapi_volume.yaml #创建一个deployment
.............
volumeMounts:
- name: downward-volume
mountPath: /etc/downward_config/
volumes:
- name: downward-volume
downwardAPI: #通过挂载downwardAPI卷来暴露pod元数据
defaultMode: 0777
items:
- path: "podName"
fieldRef:
fieldPath: metadata.name
- path: "namespace"
fieldRef:
fieldPath: metadata.namespace
- path: "requestCPU"
resourceFieldRef:
containerName: nginx-container
resource: requests.cpu
- path: "requestMemory"
resourceFieldRef:
containerName: nginx-container
resource: requests.memory
- path: "limitCPU"
resourceFieldRef:
containerName: nginx-container
resource: limits.cpu
- path: "limitMemory"
resourceFieldRef:
containerName: nginx-container
resource: limits.memory
注意:容器中引用pod的元数据,不同的数据使用不同的关键字,并且只有部分属性才能被引用。