15.3. 使用多个 Pod 预设置
您可以使用多个 pod 预设置来注入多个 Pod 注入策略。
- 确保 pod 预设置准入插件 已经启用。
创建 pod 预设置,类似于以下内容,以及环境变量、挂载点和/或存储卷:
kind: PodPreset apiVersion: settings.k8s.io/v1alpha1 metadata: name: allow-database spec: selector: matchLabels: role: frontend 1 env: - name: DB_PORT value: "6379" volumeMounts: - mountPath: /cache name: cache-volume volumes: - name: cache-volume emptyDir: {}- 1
- 与 pod 标签匹配的标签选择器。
创建第二个 pod 预先设置,如下所示:
kind: PodPreset apiVersion: settings.k8s.io/v1alpha1 metadata: name: proxy spec: selector: matchLabels: role: frontend 1 volumeMounts: - mountPath: /etc/proxy/configs name: proxy-volume volumes: - name: proxy-volume emptyDir: {}- 1
- 与 pod 标签匹配的标签选择器。
创建标准 pod 规格:
apiVersion: v1 kind: Pod metadata: name: website labels: app: website role: frontend 1 spec: containers: - name: website image: ecorp/website ports: - containerPort: 80- 1
- 与两个 pod 预设置标签选择器匹配的标签。
创建 pod:
$ oc create -f pod.yaml
创建后检查 pod 规格:
apiVersion: v1 kind: Pod metadata: name: website labels: app: website role: frontend annotations: podpreset.admission.kubernetes.io/allow-database: "resource version" 1 podpreset.admission.kubernetes.io/proxy: "resource version" 2 spec: containers: - name: website image: ecorp/website volumeMounts: - mountPath: /cache name: cache-volume - mountPath: /etc/proxy/configs name: proxy-volume ports: - containerPort: 80 env: - name: DB_PORT value: "6379" volumes: - name: cache-volume emptyDir: {} - name: proxy-volume emptyDir: {}
