23-pod-Pod Preset

concepts/workloads/pods/podpreset/

This page provides an overview of PodPresets, which are objects for injecting certain information into pods at creation time. The information can include secrets, volumes, volume mounts, and environment variables. 本頁概述了pod預設，它們是在建立時將某些資訊注入pod的物件。這些資訊可以包括機密、卷、卷裝入和環境變數。

Understanding Pod Presets

A Pod Preset is an API resource for injecting additional runtime requirements into a Pod at creation time. You use label selectors to specify the Pods to which a given Pod Preset applies. pod preset是一個api資源，用於在建立pod時將額外的執行時需求注入到pod中。您可以使用[標籤選擇器](https://kubernetes.io/docs/concepts/overvi... with objects/labels/label selectors)來指定應用給定POD預設的POD。

Using a Pod Preset allows pod template authors to not have to explicitly provide all information for every pod. This way, authors of pod templates consuming a specific service do not need to know all the details about that service. 使用pod預置允許pod模板作者不必顯式地為每個pod提供所有資訊。這樣，使用特定服務的pod模板的作者就不需要知道該服務的所有細節。

For more information about the background, see the design proposal for PodPreset. 有關更多資訊，請參見[pod preset的設計方案](https://git.k8s.io/community/contributors/... proposals/service catalog/pod preset.md)。有關更多資訊，請參見[pod preset的設計方案](https://git.k8s.io/community/contributors/... proposals/service catalog/pod preset.md)。

How It Works

Kubernetes provides an admission controller (PodPreset) which, when enabled, applies Pod Presets to incoming pod creation requests. When a pod creation request occurs, the system does the following: k8s提供了一個允許控制器（PodPreset），當啟用時，它將pod預置應用於傳入的pod建立請求。當出現POD建立請求時，系統將執行以下操作：

Retrieve all PodPresets available for use. 檢索所有可用的“pod預設”。
Check if the label selectors of any PodPreset matches the labels on the pod being created. 檢查任何“podpreset”的標籤選擇器是否與正在建立的pod上的標籤匹配。
Attempt to merge the various resources defined by the PodPreset into the Pod being created. 嘗試將“podpreset”定義的各種資源合併到正在建立的pod中。
On error, throw an event documenting the merge error on the pod, and create the pod without any injected resources from the PodPreset. 出錯時，丟擲一個記錄pod上合併錯誤的事件，並建立pod*而不使用來自“podpreset”的任何注入資源。
Annotate the resulting modified Pod spec to indicate that it has been modified by a PodPreset. The annotation is of the form podpreset.admission.kubernetes.io/podpreset-<pod-preset name>: "<resource version>". 對得到的修改後的pod規範進行註釋，以指示它已被“podpreset”修改。註釋的格式為“pod preset.admission.kubernetes.io/podpreset-：”“。

Each Pod can be matched by zero or more Pod Presets; and each PodPreset can be applied to zero or more pods. When a PodPreset is applied to one or more Pods, Kubernetes modifies the Pod Spec. For changes to Env, EnvFrom, and VolumeMounts, Kubernetes modifies the container spec for all containers in the Pod; for changes to Volume, Kubernetes modifies the Pod Spec. 每個pod可以由零個或多個pod預設匹配；每個“podpreset”可以應用於零個或多個pod。當“podpreset”應用於一個或多個pod時，kubernetes修改pod規範。對於“env”、“envfrom”和“volumemounts”的更改，kubernetes修改pod中所有容器的容器規範；對於“volume”的更改，kubernetes修改pod規範。

Note: A Pod Preset is capable of modifying the following fields in a Pod spec when appropriate: - The .spec.containers field. - The initContainers field (requires Kubernetes version 1.14.0 or later). 注意：POD預設可以在適當時修改POD規範中的以下欄位：'.spec.containers'欄位。-“initcontainers”欄位（需要Kubernetes 1.14.0或更高版本）。

Disable Pod Preset for a Specific Pod

There may be instances where you wish for a Pod to not be altered by any Pod Preset mutations. In these cases, you can add an annotation in the Pod Spec of the form:在某些情況下，您可能希望POD不被任何POD預設突變所改變。在這些情況下，可以在表單的pod規範中新增註釋： podpreset.admission.kubernetes.io/exclude: "true".

Enable Pod Preset

In order to use Pod Presets in your cluster you must ensure the following: 要在叢集中使用POD預設，必須確保：

You have enabled the API type settings.k8s.io/v1alpha1/podpreset. For example, this can be done by including settings.k8s.io/v1alpha1=true in the --runtime-config option for the API server. In minikube add this flag --extra-config=apiserver.runtime-config=settings.k8s.io/v1alpha1=true while starting the cluster.
You have enabled the admission controller PodPreset. One way to doing this is to include PodPreset in the --enable-admission-plugins option value specified for the API server. In minikube add this flag 您已啟用許可控制器pod預設。一種方法是在為API伺服器指定的--enable admission plugins選項值中包含podpreset。在Minikube中新增此標誌
```
--extra-config=apiserver.enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota,PodPreset
```
while starting the cluster.
You have defined your Pod Presets by creating PodPreset objects in the namespace you will use.

What's next

Injecting data into a Pod using PodPreset