concepts/workloads/pods/podpreset/

Pod Preset

This page provides an overview of PodPresets, which are objects for injecting certain information into pods at creation time. The information can include secrets, volumes, volume mounts, and environment variables. 本页概述了pod预设，它们是在创建时将某些信息注入pod的对象。这些信息可以包括机密、卷、卷装入和环境变量。

• Understanding Pod Presets
• How It Works
• Enable Pod Preset
• What's next

Understanding Pod Presets

A Pod Preset is an API resource for injecting additional runtime requirements into a Pod at creation time. You use label selectors to specify the Pods to which a given Pod Preset applies. pod preset是一个api资源，用于在创建pod时将额外的运行时需求注入到pod中。您可以使用[标签选择器](https://kubernetes.io/docs/concepts/overvi... with objects/labels/label selectors)来指定应用给定POD预设的POD。

Using a Pod Preset allows pod template authors to not have to explicitly provide all information for every pod. This way, authors of pod templates consuming a specific service do not need to know all the details about that service. 使用pod预置允许pod模板作者不必显式地为每个pod提供所有信息。这样，使用特定服务的pod模板的作者就不需要知道该服务的所有细节。

For more information about the background, see the design proposal for PodPreset. 有关更多信息，请参见[pod preset的设计方案](https://git.k8s.io/community/contributors/... proposals/service catalog/pod preset.md)。有关更多信息，请参见[pod preset的设计方案](https://git.k8s.io/community/contributors/... proposals/service catalog/pod preset.md)。

How It Works

Kubernetes provides an admission controller (PodPreset) which, when enabled, applies Pod Presets to incoming pod creation requests. When a pod creation request occurs, the system does the following: k8s提供了一个允许控制器（PodPreset），当启用时，它将pod预置应用于传入的pod创建请求。当出现POD创建请求时，系统将执行以下操作：

1. Retrieve all PodPresets available for use. 检索所有可用的“pod预设”。
2. Check if the label selectors of any PodPreset matches the labels on the pod being created. 检查任何“podpreset”的标签选择器是否与正在创建的pod上的标签匹配。
3. Attempt to merge the various resources defined by the PodPreset into the Pod being created. 尝试将“podpreset”定义的各种资源合并到正在创建的pod中。
4. On error, throw an event documenting the merge error on the pod, and create the pod without any injected resources from the PodPreset. 出错时，抛出一个记录pod上合并错误的事件，并创建pod*而不使用来自“podpreset”的任何注入资源。
5. Annotate the resulting modified Pod spec to indicate that it has been modified by a PodPreset. The annotation is of the form podpreset.admission.kubernetes.io/podpreset-<pod-preset name>: "<resource version>". 对得到的修改后的pod规范进行注释，以指示它已被“podpreset”修改。注释的格式为“pod preset.admission.kubernetes.io/podpreset-：”“。

Each Pod can be matched by zero or more Pod Presets; and each PodPreset can be applied to zero or more pods. When a PodPreset is applied to one or more Pods, Kubernetes modifies the Pod Spec. For changes to Env, EnvFrom, and VolumeMounts, Kubernetes modifies the container spec for all containers in the Pod; for changes to Volume, Kubernetes modifies the Pod Spec. 每个pod可以由零个或多个pod预设匹配；每个“podpreset”可以应用于零个或多个pod。当“podpreset”应用于一个或多个pod时，kubernetes修改pod规范。对于“env”、“envfrom”和“volumemounts”的更改，kubernetes修改pod中所有容器的容器规范；对于“volume”的更改，kubernetes修改pod规范。

Note: A Pod Preset is capable of modifying the following fields in a Pod spec when appropriate: - The .spec.containers field. - The initContainers field (requires Kubernetes version 1.14.0 or later). 注意：POD预设可以在适当时修改POD规范中的以下字段：'.spec.containers'字段。-“initcontainers”字段（需要Kubernetes 1.14.0或更高版本）。

Disable Pod Preset for a Specific Pod

There may be instances where you wish for a Pod to not be altered by any Pod Preset mutations. In these cases, you can add an annotation in the Pod Spec of the form:在某些情况下，您可能希望POD不被任何POD预设突变所改变。在这些情况下，可以在表单的pod规范中添加注释： podpreset.admission.kubernetes.io/exclude: "true".

Enable Pod Preset

In order to use Pod Presets in your cluster you must ensure the following: 要在集群中使用POD预设，必须确保：

1. You have enabled the API type settings.k8s.io/v1alpha1/podpreset. For example, this can be done by including settings.k8s.io/v1alpha1=true in the --runtime-config option for the API server. In minikube add this flag --extra-config=apiserver.runtime-config=settings.k8s.io/v1alpha1=true while starting the cluster.

2. You have enabled the admission controller PodPreset. One way to doing this is to include PodPreset in the --enable-admission-plugins option value specified for the API server. In minikube add this flag 您已启用许可控制器pod预设。一种方法是在为API服务器指定的--enable admission plugins选项值中包含podpreset。在Minikube中添加此标志

   --extra-config=apiserver.enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,PodPreset

   while starting the cluster.

3. You have defined your Pod Presets by creating PodPreset objects in the namespace you will use.

What's next

• Injecting data into a Pod using PodPreset

本作品采用《CC 协议》，转载必须注明作者和本文链接