###

k8s新增了一个叫做downward API的概念。

其目的是,容器可以知道一些自己的信息,但又不需要跟k8s过度耦合(也就是不希望在容器中调用k8s的api)。

有两种方式可以将Pod和Container的信息暴漏给运行中的容器。

  • Environment variables
  • DownwardAPIVolumeFiles

这俩货,就叫做 downward API。可能是觉得环境变量的表达力不够丰富,k8s又引入了第二个Downward API类型的volume,这样可以将信息以文件的形式挂到容器里去(例如下面例子里的metadata.lables),相比来说环境变量可能会比较啰嗦。

Store Pod fields

apiVersion: v1
kind: Pod
metadata:
  name: kubernetes-downwardapi-volume-example
  labels:
    zone: us-est-coast
    cluster: test-cluster1
    rack: rack-22
  annotations:
    build: two
    builder: john-doe
spec:
  containers:
    - name: client-container
      image: k8s.gcr.io/busybox
      command: ["sh", "-c"]
      args:
      - while true; do
          if [[ -e /etc/podinfo/labels ]]; then
            echo -en '\n\n'; cat /etc/podinfo/labels; fi;
          if [[ -e /etc/podinfo/annotations ]]; then
            echo -en '\n\n'; cat /etc/podinfo/annotations; fi;
          sleep 5;
        done;
      volumeMounts:
        - name: podinfo
          mountPath: /etc/podinfo
          readOnly: false
  volumes:
    - name: podinfo
      downwardAPI:
        items:
          - path: "labels"
            fieldRef:
              fieldPath: metadata.labels
          - path: "annotations"
            fieldRef:
              fieldPath: metadata.annotations

这个例子把 metadata.labelsmetadata.annotations以文件的形式挂到了容器的/etc/podinfo里去,在容器里查看该目录里的labelsannotations文件,可以拿到Pod的元数据信息,达到了downware API的目的。

这两个文件实际是指向临时文件的链接,这样在Pod信息更新时,可以通过rename更新文件内容。

Store Container fields

apiVersion: v1
kind: Pod
metadata:
  name: kubernetes-downwardapi-volume-example-2
spec:
  containers:
    - name: client-container
      image: k8s.gcr.io/busybox:1.24
      command: ["sh", "-c"]
      args:
      - while true; do
          echo -en '\n';
          if [[ -e /etc/podinfo/cpu_limit ]]; then
            echo -en '\n'; cat /etc/podinfo/cpu_limit; fi;
          if [[ -e /etc/podinfo/cpu_request ]]; then
            echo -en '\n'; cat /etc/podinfo/cpu_request; fi;
          if [[ -e /etc/podinfo/mem_limit ]]; then
            echo -en '\n'; cat /etc/podinfo/mem_limit; fi;
          if [[ -e /etc/podinfo/mem_request ]]; then
            echo -en '\n'; cat /etc/podinfo/mem_request; fi;
          sleep 5;
        done;
      resources:
        requests:
          memory: "32Mi"
          cpu: "125m"
        limits:
          memory: "64Mi"
          cpu: "250m"
      volumeMounts:
        - name: podinfo
          mountPath: /etc/podinfo
          readOnly: false
  volumes:
    - name: podinfo
      downwardAPI:
        items:
          - path: "cpu_limit"
            resourceFieldRef:
              containerName: client-container
              resource: limits.cpu
          - path: "cpu_request"
            resourceFieldRef:
              containerName: client-container
              resource: requests.cpu
          - path: "mem_limit"
            resourceFieldRef:
              containerName: client-container
              resource: limits.memory
          - path: "mem_request"
            resourceFieldRef:
              containerName: client-container
              resource: requests.memory

跟上面Pod 类似,可以在/etc/podino里查看cpu_limit, cpu_request, mem_limit, mem_request这几个文件。这个跟env差别不大了。

能力

环境变量和downwareAPI卷支持传递如下信息:

  • The Node’s name
  • The Node’s IP
  • The Pod’s name
  • The Pod’s namespace
  • The Pod’s IP address
  • The Pod’s service account name
  • The Pod’s UID
  • A Container’s CPU limit
  • A Container’s CPU request
  • A Container’s memory limit
  • A Container’s memory request

downwardAPI卷还支持传递如下信息:

  • The Pod’s labels
  • The Pod’s annotations

Ref: