<1>使用环境变量传递参数
在.yaml文件的container部分使用
env:- name: DEMO_PARAM1 value: "Parameter from the environment"设置参数
podenv.yaml内容如下
apiVersion: v1kind: Podmetadata: name: podenv-demo labels: purpose: demo-podenvspec: containers: - name: podenv-demo-container image: busybox env: - name: DEMO_PARAM1 value: "Parameter from the environment" command: ["/bin/sh"] args: ["-c", "while true; do echo $(DEMO_PARAM1); sleep 10; done"]执行命令
kubectl apply -f podenv.yaml进入pod
kubectl -it exec podenv-demo /bin/sh查看参数
printenv可看到传入的参数
...DEMO_PARAM1=Parameter from the environment...<2>使用Secret
创建Secret
kubectl create secret generic test-secret --from-literal=username='admin' --from-literal=password='testsecret123'将secret数据作为文件在pod中通过volume访问
secretpod-volume.yaml内容如下
apiVersion: v1kind: Podmetadata: name: secret-test-podspec: containers: - name: test-container image: nginx volumeMounts: - name: secret-volume mountPath: /etc/secret-volume volumes: - name: secret-volume secret: secretName: test-secret生成pod执行命令
kubectl apply -f secretpod-volume.yaml进入pod查看
kubectl -it exec secret-test-pod /bin/sh在/etc/secret-volume下有对应的secret数据
password username通过创建环境变量的方式访问secret数据
secretpod-keyref.yaml内容如下
apiVersion: v1kind: Podmetadata: name: secret-envars-test-podspec: containers: - name: envars-test-container image: nginx env: - name: SECRET_USERNAME valueFrom: secretKeyRef: name: test-secret key: username - name: SECRET_PASSWORD valueFrom: secretKeyRef: name: test-secret key: password创建Pod
kubectl apply -f secretpod-keyref.yaml进入Pod
kubectl -it exec secret-envars-test-pod /bin/sh显示环境变量
执行命令
printenv
...SECRET_USERNAME=adminSECRET_PASSWORD=testsecret123...取得Pod配置信息
取得Pod的信息挂载的volume
podvolumelabel.yaml内容如下
apiVersion: v1kind: Podmetadata: name: kubernetes-downwardapi-volume-example labels: zone: ue-est-coast cluster: test-cluster1 rack: rack-22 annotations: build: two builder: john-doespec: containers: - name: client-container image: busybox command: ["sh", "-c"] args: - while true: do if [[ -e /etc/podinfo/labels ]]; then echo -en '\n\n'; cat /etc/podinfo/labels; fi; if [[ -e /etc/podinfo/annotations ]]; then echo -en '\n\n'; cat /etc/podinfo/annotations; fi; sleep 5; done; volumeMounts: - name: podinfo mountPath: /etc/podinfo readOnly: false volumes: - name: podinfo downwardAPI: items: - path: "labels" fieldRef: fieldPath: metadata.labels - path: "annotations" fieldRef: fieldPath: metadata.annotations创建Pod
kubectl apply -f getpodinf.yaml进入Pod
kubectl -it exec k8s-downwardapi-demo /bin/sh查看/etc/podinfo下有如下文件
annotations labels取得容器配置信息
取得容器的配置信息如请求内存,CPU资源,内存,CPU限定资源等
podvolumeresourceref.yaml内容如下
apiVersion: v1kind: Podmetadata: name: k8s-downwardapi-volume-resourcerefspec: containers: - name: resourceref-container image: busybox command: ["sh", "-c"] args: - while true; do echo -en '\n'; if [[ -e /etc/podinfo/cpu_limit ]]; then echo -en '\n'; cat /etc/podinfo/cpu_limit; fi; if [[ -e /etc/podinfo/cpu_request ]]; then echo -en '\n'; cat /etc/podinfo/cpu_request; fi; if [[ -e /etc/podinfo/mem_limit ]]; then echo -en '\n'; cat /etc/podinfo/mem_limit; fi; if [[ -e /etc/podinfo/mem_request ]]; then echo -en '\n'; cat /etc/podinfo/mem_request; fi; sleep 5; done; resources: requests: memory: "32Mi" cpu: "125m" limits: memory: "64Mi" cpu: "250m" volumeMounts: - name: podinfo mountPath: /etc/podinfo readOnly: false volumes: - name: podinfo downwardAPI: items: - path: "cpu_limit" resourceFieldRef: containerName: resourceref-container resource: limits.cpu divisor: 1m - path: "cpu_request" resourceFieldRef: containerName: resourceref-container resource: requests.cpu divisor: 1m - path: "mem_limit" resourceFieldRef: containerName: resourceref-container resource: limits.memory divisor: 1Mi - path: "mem_request" resourceFieldRef: containerName: resourceref-container resource: requests.memory divisor: 1Mi创建Pod
kubectl apply -f podvolumeresourceref.yaml 进入Pod
kubectl -it exec k8s-downwardapi-volume-resourceref /bin/sh查看/etc/podinfo下有如下文件
cpu_limit cpu_request mem_limit mem_request用Pod字段作为环境变量
在实际应用中Pod的name,IP等都需要在程序中取得,可以通过将Pod的这些值设为环境变量来获取
podvaluesenv.yaml内容如下
apiVersion: v1kind: Podmetadata: name: podvalue-env-fieldrefspec: containers: - name: podvalue-demo-container image: busybox command: [ "sh", "-c" ] args: - while true; do echo -en '\n'; printenv MY_NODE_NAME MY_POD_NAME MY_POD_NAMESPACE; printenv MY_POD_IP MY_POD_SERVICE_ACCOUNT; sleep 10; done; env: - name: MY_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MY_POD_IP valueFrom: fieldRef: fieldPath: status.podIP - name: MY_POD_SERVICE_ACCOUNT valueFrom: fieldRef: fieldPath: spec.serviceAccountName restartPolicy: Never创建Pod
kubectl apply -f podvalueasenv.yaml进入Pod
kubectl -it exec podvalue-env-fieldref /bin/sh执行命令printenv查看环境变量
...MY_POD_SERVICE_ACCOUNT=defaultMY_POD_NAMESPACE=defaultMY_POD_IP=172.20.2.93MY_NODE_NAME=xxxxxMY_POD_NAME=podvalue-env-fieldref...