Allowing containers to consume API objects

The Downward API contains such information as the pod’s name, project, and resource values. Containers can consume information from the downward API using environment variables or a volume plug-in.

Fields within the pod are selected using the API type. FieldRef has two fields:

Currently, the valid selectors in the v1 API include:

Selector	Description
`metadata.name`	The pod’s name. This is supported in both environment variables and volumes.
`metadata.namespace`	The pod’s namespace.This is supported in both environment variables and volumes.
`metadata.labels`	The pod’s labels. This is only supported in volumes and not in environment variables.
`metadata.annotations`	The pod’s annotations. This is only supported in volumes and not in environment variables.
`status.podIP`	The pod’s IP. This is only supported in environment variables and not volumes.

The apiVersion field, if not specified, defaults to the API version of the enclosing pod template.

Understanding how to consume container values using the downward API

You containers can consume API values using environment variables or a volume plug-in. Depending on the method you choose, containers can consume:

Pod name
Pod project/namespace
Pod annotations
Pod labels

Annotations and labels are available using only a volume plug-in.

When using a container’s environment variables, use the EnvVar type’s valueFrom field (of type EnvVarSource) to specify that the variable’s value should come from a FieldRef source instead of the literal value specified by the value field.

Only constant attributes of the pod can be consumed this way, as environment variables cannot be updated once a process is started in a way that allows the process to be notified that the value of a variable has changed. The fields supported using environment variables are:

Pod name

Procedure

To use environment variables

Create a pod.yaml file:
Create the pod from the pod.yaml file:
```
$ oc create -f pod.yaml
```
Check the container’s logs for the MY_POD_NAME and MY_POD_NAMESPACE values:
```
$ oc logs -p dapi-env-test-pod
```

You containers can consume API values using a volume plug-in.

Containers can consume:

Pod name
Pod project/namespace
Pod annotations
Pod labels

Procedure

To use the volume plug-in:

Create a volume-pod.yaml file:

kind: Pod
apiVersion: v1
metadata:
  labels:
    zone: us-east-coast
    cluster: downward-api-test-cluster1
    rack: rack-123
  name: dapi-volume-test-pod
  annotations:
    annotation1: "345"
    annotation2: "456"
spec:
  containers:
    - name: volume-test-container
      image: gcr.io/google_containers/busybox
      command: ["sh", "-c", "cat /tmp/etc/pod_labels /tmp/etc/pod_annotations"]
      volumeMounts:
        - name: podinfo
          mountPath: /tmp/etc
          readOnly: false
  volumes:
  - name: podinfo
    downwardAPI:
      defaultMode: 420
      items:
      - fieldRef:
          fieldPath: metadata.name
        path: pod_name
      - fieldRef:
          fieldPath: metadata.namespace
        path: pod_namespace
      - fieldRef:
          fieldPath: metadata.labels
        path: pod_labels
      - fieldRef:
          fieldPath: metadata.annotations
        path: pod_annotations

Create the pod from the volume-pod.yaml file:
```
$ oc create -f volume-pod.yaml
```

Check the container’s logs and verify the presence of the configured fields:

$ oc logs -p dapi-volume-test-pod

Example output

cluster=downward-api-test-cluster1
rack=rack-123
zone=us-east-coast
annotation2=456
kubernetes.io/config.source=api

When creating pods, you can use the Downward API to inject information about computing resource requests and limits so that image and application authors can correctly create an image for specific environments.

You can do this using environment variable or a volume plug-in.

When creating pods, you can use the Downward API to inject information about computing resource requests and limits using environment variables.

Procedure

To use environment variables:

When creating a pod configuration, specify environment variables that correspond to the contents of the resources field in the **spec.container** field:

....
spec:
  containers:
    - name: test-container
      image: gcr.io/google_containers/busybox:1.24
      command: [ "/bin/sh", "-c", "env" ]
      resources:
        requests:
          memory: "32Mi"
          cpu: "125m"
        limits:
          memory: "64Mi"
          cpu: "250m"
      env:
        - name: MY_CPU_REQUEST
          valueFrom:
            resourceFieldRef:
              resource: requests.cpu
        - name: MY_CPU_LIMIT
          valueFrom:
            resourceFieldRef:
              resource: limits.cpu
        - name: MY_MEM_REQUEST
          valueFrom:
            resourceFieldRef:
              resource: requests.memory
        - name: MY_MEM_LIMIT
          valueFrom:
            resourceFieldRef:
              resource: limits.memory
....

If the resource limits are not included in the container configuration, the downward API defaults to the node’s CPU and memory allocatable values.

Create the pod from the ***pod.yaml*** file:
```
$ oc create -f pod.yaml
```

When creating pods, you can use the Downward API to inject information about computing resource requests and limits using a volume plug-in.

Procedure

When creating a pod configuration, use the spec.volumes.downwardAPI.items field to describe the desired resources that correspond to the spec.resources field:

If the resource limits are not included in the container configuration, the Downward API defaults to the node’s CPU and memory allocatable values.
Create the pod from the ***volume-pod.yaml*** file:
```
$ oc create -f volume-pod.yaml
```

Consuming secrets using the Downward API

When creating pods, you can use the downward API to inject secrets so image and application authors can create an image for specific environments.

Procedure

Create a secret.yaml file:

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
data:
  password: cGFzc3dvcmQ=
  username: ZGV2ZWxvcGVy
type: kubernetes.io/basic-auth

Create a Secret object from the secret.yaml file:
```
$ oc create -f secret.yaml
```

Create a pod.yaml file that references the username field from the above Secret object:

apiVersion: v1
kind: Pod
metadata:
  name: dapi-env-test-pod
spec:
    - name: env-test-container
      image: gcr.io/google_containers/busybox
      command: [ "/bin/sh", "-c", "env" ]
      env:
          valueFrom:
            secretKeyRef:
              name: mysecret
              key: username
  restartPolicy: Never

Create the pod from the pod.yaml file:
```
$ oc create -f pod.yaml
```
Check the container’s logs for the MY_SECRET_USERNAME value:
```
$ oc logs -p dapi-env-test-pod
```

When creating pods, you can use the Downward API to inject configuration map values so image and application authors can create an image for specific environments.

Procedure

Create a ***configmap.yaml*** file:

apiVersion: v1
kind: ConfigMap
metadata:
  name: myconfigmap
data:
  mykey: myvalue

Create a ConfigMap object from the ***configmap.yaml*** file:
```
$ oc create -f configmap.yaml
```
Create a ***pod.yaml*** file that references the above ConfigMap object:
Create the pod from the ***pod.yaml*** file:
```
$ oc create -f pod.yaml
```
Check the container’s logs for the MY_CONFIGMAP_VALUE value:
```
$ oc logs -p dapi-env-test-pod
```

Referencing environment variables

When creating pods, you can reference the value of a previously defined environment variable by using the $() syntax. If the environment variable reference can not be resolved, the value will be left as the provided string.

Procedure

Create a ***pod.yaml*** file that references an existing environment variable:

apiVersion: v1
kind: Pod
metadata:
  name: dapi-env-test-pod
spec:
  containers:
    - name: env-test-container
      image: gcr.io/google_containers/busybox
      command: [ "/bin/sh", "-c", "env" ]
      env:
        - name: MY_EXISTING_ENV
          value: my_value
        - name: MY_ENV_VAR_REF_ENV
          value: $(MY_EXISTING_ENV)
  restartPolicy: Never

Create the pod from the ***pod.yaml*** file:
```
$ oc create -f pod.yaml
```
Check the container’s logs for the MY_ENV_VAR_REF_ENV value:
```
$ oc logs -p dapi-env-test-pod
```

When creating a pod, you can escape an environment variable reference by using a double dollar sign. The value will then be set to a single dollar sign version of the provided value.

Procedure

Create a ***pod.yaml*** file that references an existing environment variable:

apiVersion: v1
kind: Pod
metadata:
  name: dapi-env-test-pod
spec:
  containers:
    - name: env-test-container
      image: gcr.io/google_containers/busybox
      command: [ "/bin/sh", "-c", "env" ]
      env:
        - name: MY_NEW_ENV
          value: $$(SOME_OTHER_ENV)
  restartPolicy: Never

Create the pod from the ***pod.yaml*** file:
```
$ oc create -f pod.yaml
```