Edit This Page
Inject Information into Pods Using a PodPreset You can use a PodPreset object to inject information like secrets, volume
mounts, and environment variables etc into pods at creation time.
This task shows some examples on using the PodPreset resource.
Before you begin Get an overview of PodPresets at
Understanding Pod Presets .
You need to have a Kubernetes cluster, and the kubectl command-line tool must
be configured to communicate with your cluster. If you do not already have a
cluster, you can create one by using
Minikube ,
or you can use one of these Kubernetes playgrounds:
To check the version, enter kubectl version.
Simple Pod Spec Example This is a simple example to show how a Pod spec is modified by the Pod
Preset.
podpreset/preset.yamlapiVersion: settings.k8s.io/v1alpha1
PodPreset
name: allow-database
selector:
matchLabels:
role: frontend
env:
- name: DB_PORT
value: "6379"
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
Create the PodPreset:
kubectl apply -f https://k8s.io/examples/podpreset/preset.yamlExamine the created PodPreset:
NAME AGE
allow-database 1m
The new PodPreset will act upon any pod that has label role: frontend.
podpreset/pod.yamlapiVersion: v1
Pod
name: website
labels:
app: website
role: frontend
containers:
- name: website
image: nginx
ports:
- containerPort: 80
Create a pod:
kubectl create -f https://k8s.io/examples/podpreset/pod.yamlList the running Pods:
NAME READY STATUS RESTARTS AGE
website 1/1 Running 0 4m
Pod spec after admission controller:
podpreset/merged.yamlapiVersion: v1
Pod
name: website
labels:
app: website
role: frontend
annotations:
podpreset.admission.kubernetes.io/podpreset-allow-database: "resource version"
containers:
- name: website
image: nginx
volumeMounts:
- mountPath: /cache
name: cache-volume
ports:
- containerPort: 80
env:
- name: DB_PORT
value: "6379"
volumes:
- name: cache-volume
emptyDir: {}
To see above output, run the following command:
kubectl get pod website -o yamlPod Spec with ConfigMap Example This is an example to show how a Pod spec is modified by the Pod Preset
that defines a ConfigMap for Environment Variables.
User submitted pod spec:
podpreset/pod.yamlapiVersion: v1
Pod
name: website
labels:
app: website
role: frontend
containers:
- name: website
image: nginx
ports:
- containerPort: 80
User submitted ConfigMap:
podpreset/configmap.yamlapiVersion: v1
ConfigMap
name: etcd-env-config
number_of_members: "1"
initial_cluster_state: new
initial_cluster_token: DUMMY_ETCD_INITIAL_CLUSTER_TOKEN
discovery_token: DUMMY_ETCD_DISCOVERY_TOKEN
discovery_url: http://etcd_discovery:2379
etcdctl_peers: http://etcd:2379
duplicate_key: FROM_CONFIG_MAP
REPLACE_ME: "a value"
Example Pod Preset:
podpreset/allow-db.yamlapiVersion: settings.k8s.io/v1alpha1
PodPreset
name: allow-database
selector:
matchLabels:
role: frontend
env:
- name: DB_PORT
value: "6379"
- name: duplicate_key
value: FROM_ENV
- name: expansion
value: $(REPLACE_ME)
envFrom:
- configMapRef:
name: etcd-env-config
volumeMounts:
- mountPath: /cache
name: cache-volume
- mountPath: /etc/app/config.json
readOnly: true
name: secret-volume
volumes:
- name: cache-volume
emptyDir: {}
- name: secret-volume
secret:
secretName: config-details
Pod spec after admission controller:
podpreset/allow-db-merged.yamlapiVersion: v1
Pod
name: website
labels:
app: website
role: frontend
annotations:
podpreset.admission.kubernetes.io/podpreset-allow-database: "resource version"
containers:
- name: website
image: nginx
volumeMounts:
- mountPath: /cache
name: cache-volume
- mountPath: /etc/app/config.json
readOnly: true
name: secret-volume
ports:
- containerPort: 80
env:
- name: DB_PORT
value: "6379"
- name: duplicate_key
value: FROM_ENV
- name: expansion
value: $(REPLACE_ME)
envFrom:
- configMapRef:
name: etcd-env-config
volumes:
- name: cache-volume
emptyDir: {}
- name: secret-volume
secret:
secretName: config-details
ReplicaSet with Pod Spec Example The following example shows that only the pod spec is modified by the Pod
Preset.
User submitted ReplicaSet:
podpreset/replicaset.yamlapiVersion: apps/v1
ReplicaSet
name: frontend
replicas: 3
selector:
matchLabels:
role: frontend
matchExpressions:
- {key: role, operator: In, values: [frontend]}
template:
metadata:
labels:
app: guestbook
role: frontend
spec:
containers:
- name: php-redis
image: gcr.io/google_samples/gb-frontend:v3
resources:
requests:
cpu: 100m
memory: 100Mi
env:
- name: GET_HOSTS_FROM
value: dns
ports:
- containerPort: 80
Example Pod Preset:
podpreset/preset.yamlapiVersion: settings.k8s.io/v1alpha1
PodPreset
name: allow-database
selector:
matchLabels:
role: frontend
env:
- name: DB_PORT
value: "6379"
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
Pod spec after admission controller:
Note that the ReplicaSet spec was not changed, users have to check individual pods
to validate that the PodPreset has been applied.
podpreset/replicaset-merged.yamlapiVersion: v1
Pod
name: frontend
labels:
app: guestbook
role: frontend
annotations:
podpreset.admission.kubernetes.io/podpreset-allow-database: "resource version"
containers:
- name: php-redis
image: gcr.io/google_samples/gb-frontend:v3
resources:
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- mountPath: /cache
name: cache-volume
env:
- name: GET_HOSTS_FROM
value: dns
- name: DB_PORT
value: "6379"
ports:
- containerPort: 80
volumes:
- name: cache-volume
emptyDir: {}
Multiple PodPreset Example This is an example to show how a Pod spec is modified by multiple Pod
Injection Policies.
User submitted pod spec:
podpreset/pod.yamlapiVersion: v1
Pod
name: website
labels:
app: website
role: frontend
containers:
- name: website
image: nginx
ports:
- containerPort: 80
Example Pod Preset:
podpreset/preset.yamlapiVersion: settings.k8s.io/v1alpha1
PodPreset
name: allow-database
selector:
matchLabels:
role: frontend
env:
- name: DB_PORT
value: "6379"
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
Another Pod Preset:
podpreset/proxy.yamlapiVersion: settings.k8s.io/v1alpha1
PodPreset
name: proxy
selector:
matchLabels:
role: frontend
volumeMounts:
- mountPath: /etc/proxy/configs
name: proxy-volume
volumes:
- name: proxy-volume
emptyDir: {}
Pod spec after admission controller:
podpreset/multi-merged.yamlapiVersion: v1
Pod
name: website
labels:
app: website
role: frontend
annotations:
podpreset.admission.kubernetes.io/podpreset-allow-database: "resource version"
podpreset.admission.kubernetes.io/podpreset-proxy: "resource version"
containers:
- name: website
image: nginx
volumeMounts:
- mountPath: /cache
name: cache-volume
- mountPath: /etc/proxy/configs
name: proxy-volume
ports:
- containerPort: 80
env:
- name: DB_PORT
value: "6379"
volumes:
- name: cache-volume
emptyDir: {}
- name: proxy-volume
emptyDir: {}
Conflict Example This is an example to show how a Pod spec is not modified by the Pod Preset
when there is a conflict.
User submitted pod spec:
podpreset/conflict-pod.yamlapiVersion: v1
Pod
name: website
labels:
app: website
role: frontend
containers:
- name: website
image: nginx
volumeMounts:
- mountPath: /cache
name: cache-volume
ports:
- containerPort: 80
volumes:
- name: cache-volume
emptyDir: {}
Example Pod Preset:
podpreset/conflict-preset.yamlapiVersion: settings.k8s.io/v1alpha1
PodPreset
name: allow-database
selector:
matchLabels:
role: frontend
env:
- name: DB_PORT
value: "6379"
volumeMounts:
- mountPath: /cache
name: other-volume
volumes:
- name: other-volume
emptyDir: {}
Pod spec after admission controller will not change because of the conflict:
podpreset/conflict-pod.yamlapiVersion: v1
Pod
name: website
labels:
app: website
role: frontend
containers:
- name: website
image: nginx
volumeMounts:
- mountPath: /cache
name: cache-volume
ports:
- containerPort: 80
volumes:
- name: cache-volume
emptyDir: {}
If we run kubectl describe... we can see the event:
....
Events:
FirstSeen LastSeen Count From SubobjectPath Reason Message
Tue, 07 Feb 2017 16:56:12 -0700 Tue, 07 Feb 2017 16:56:12 -0700 1 {podpreset.admission.kubernetes.io/podpreset-allow-database } conflict Conflict on pod preset. Duplicate mountPath /cache.
Deleting a Pod Preset Once you don’t need a pod preset anymore, you can delete it with kubectl:
kubectl delete podpreset allow-databasepodpreset "allow-database" deleted
Feedback Was this page helpful?
Yes
No Thanks for the feedback. If you have a specific, answerable question about how to use Kubernetes, ask it on
Stack Overflow .
Open an issue in the GitHub repo if you want to
report a problem
or
suggest an improvement .
