PodPreset

当然，你也可以给 Pod 增加注解 来避免它们被 PodPreset 修改。

• 开启 API kube-apiserver --runtime-config=settings.k8s.io/v1alpha1=true
• 开启准入控制 --enable-admission-plugins=..,PodPreset

增加环境变量和存储卷的 PodPreset

apiVersion: v1
kind: Pod
metadata:
  name: website
  labels:
    app: website
    role: frontend
spec:
  containers:
    - name: website
      image: ecorp/website
      ports:
        - containerPort: 80

经过准入控制 PodPreset 后，Pod 会自动增加环境变量和存储卷

ConfigMap

kind: ConfigMap
metadata:
data:
  number_of_members: "1"
  initial_cluster_state: new
  initial_cluster_token: DUMMY_ETCD_INITIAL_CLUSTER_TOKEN
  discovery_token: DUMMY_ETCD_DISCOVERY_TOKEN
  discovery_url: http://etcd_discovery:2379
  etcdctl_peers: http://etcd:2379
  duplicate_key: FROM_CONFIG_MAP
  REPLACE_ME: "a value"

用户提交的 Pod

apiVersion: v1
kind: Pod
metadata:
  name: website
  labels:
    app: website
    role: frontend
spec:
    - name: website
      ports:
        - containerPort: 80

经过准入控制 PodPreset 后，Pod 会自动增加 ConfigMap 环境变量

kind: PodPreset
apiVersion: settings.k8s.io/v1alpha1
metadata:
  name: tz-shanghai
  namespace: default
spec:
  selector:
    matchLabels:
      tz: shanghai
  volumeMounts:
    - mountPath: /etc/localtime
      name: tz-config
  volumes:
    - name: tz-config
      hostPath: