You can use a PodPreset
object to inject information like secrets, volume
mounts, and environment variables etc into pods at creation time.
This task shows some examples on using the PodPreset
resource.
Get an overview of PodPresets at Understanding Pod Presets.
You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube, or you can use one of these Kubernetes playgrounds:
To check the version, enter kubectl version
.
This is a simple example to show how a Pod spec is modified by the Pod Preset.
podpreset/preset.yaml
|
---|
|
Create the PodPreset:
kubectl apply -f https://k8s.io/examples/podpreset/preset.yaml
Examine the created PodPreset:
kubectl get podpreset
NAME AGE
allow-database 1m
The new PodPreset will act upon any pod that has label role: frontend
.
podpreset/pod.yaml
|
---|
|
Create a pod:
kubectl create -f https://k8s.io/examples/podpreset/pod.yaml
List the running Pods:
kubectl get pods
NAME READY STATUS RESTARTS AGE
website 1/1 Running 0 4m
Pod spec after admission controller:
podpreset/merged.yaml
|
---|
|
To see above output, run the following command:
kubectl get pod website -o yaml
This is an example to show how a Pod spec is modified by the Pod Preset
that defines a ConfigMap
for Environment Variables.
User submitted pod spec:
podpreset/pod.yaml
|
---|
|
User submitted ConfigMap
:
podpreset/configmap.yaml
|
---|
|
Example Pod Preset:
podpreset/allow-db.yaml
|
---|
|
Pod spec after admission controller:
podpreset/allow-db-merged.yaml
|
---|
|
The following example shows that only the pod spec is modified by the Pod Preset.
User submitted ReplicaSet:
podpreset/replicaset.yaml
|
---|
|
Example Pod Preset:
podpreset/preset.yaml
|
---|
|
Pod spec after admission controller:
Note that the ReplicaSet spec was not changed, users have to check individual pods to validate that the PodPreset has been applied.
podpreset/replicaset-merged.yaml
|
---|
|
This is an example to show how a Pod spec is modified by multiple Pod Injection Policies.
User submitted pod spec:
podpreset/pod.yaml
|
---|
|
Example Pod Preset:
podpreset/preset.yaml
|
---|
|
Another Pod Preset:
podpreset/proxy.yaml
|
---|
|
Pod spec after admission controller:
podpreset/multi-merged.yaml
|
---|
|
This is an example to show how a Pod spec is not modified by the Pod Preset when there is a conflict.
User submitted pod spec:
podpreset/conflict-pod.yaml
|
---|
|
Example Pod Preset:
podpreset/conflict-preset.yaml
|
---|
|
Pod spec after admission controller will not change because of the conflict:
podpreset/conflict-pod.yaml
|
---|
|
If we run kubectl describe...
we can see the event:
kubectl describe ...
....
Events:
FirstSeen LastSeen Count From SubobjectPath Reason Message
Tue, 07 Feb 2017 16:56:12 -0700 Tue, 07 Feb 2017 16:56:12 -0700 1 {podpreset.admission.kubernetes.io/podpreset-allow-database } conflict Conflict on pod preset. Duplicate mountPath /cache.
Once you don’t need a pod preset anymore, you can delete it with kubectl
:
kubectl delete podpreset allow-database
podpreset "allow-database" deleted
Was this page helpful?
Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on Stack Overflow. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.