Overview

It is common for containers to consume information about API objects. The downward API is a mechanism that allows containers to do this without coupling to OpenShift Enterprise. Containers can consume information from the downward API using environment variables or a volume plug-in.

Selecting Fields

Fields within the pod are selected using the FieldRef API type. FieldRef has two fields:

Field Description

fieldPath

The path of the field to select, relative to the pod.

apiVersion

The API version to interpret the fieldPath selector within.

Currently, there are four valid selectors in the v1 API:

Selector Description

metadata.name

The pod’s name.

metadata.namespace

The pod’s namespace.

metadata.labels

The pod’s labels.

metadata.annotations

The pod’s annotations.

The apiVersion field, if not specified, defaults to the API version of the enclosing pod template.

In the future, more information, such as resource limits for pods and information about services, will be available using the downward API.

Using Environment Variables

One mechanism for consuming the downward API is using a container’s environment variables. The EnvVar type’s valueFrom field (of type EnvVarSource) is used to specify that the variable’s value should come from a FieldRef source instead of the literal value specified by the value field. In the future, additional sources may be supported; currently the source’s fieldRef field is used to select a field from the downward API.

Only constant attributes of the pod can be consumed this way, as environment variables cannot be updated once a process is started in a way that allows the process to be notified that the value of a variable has changed. The fields supported using environment variables are:

  • Pod name

  • Pod namespace

For example:

  1. Create a pod.json file:

    apiVersion: v1
    kind: Pod
    metadata:
      name: dapi-env-test-pod
    spec:
      containers:
        - name: env-test-container
          image: gcr.io/google_containers/busybox
          command: [ "/bin/sh", "-c", "env" ]
          env:
            - name: MY_POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: MY_POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
      restartPolicy: Never
  2. Create the pod from the pod.json file:

    $ oc create -f pod.json
  3. Check the container’s logs:

    $ oc logs -p dapi-env-test-pod

    You should see MY_POD_NAME and MY_POD_NAMESPACE in the logs.

Using the Volume Plug-in

Another mechanism for consuming the downward API is using a volume plug-in. The downward API volume plug-in creates a volume with configured fields projected into files. The metadata field of the VolumeSource API object is used to configure this volume. The plug-in supports the following fields:

  • Pod name

  • Pod namespace

  • Pod annotations

  • Pod labels

Example 1. Downward API Volume Plug-in Configuration
spec:
  volumes:
    - name: podinfo
      metadata: (1)
        items:  (2)
          - name: "labels" (3)
            fieldRef:
              fieldPath: metadata.labels (4)
1 The metadata field of the volume source configures the downward API volume.
2 The items field holds a list of fields to project into the volume.
3 The name of the file to project the field into.
4 The selector of the field to project.

For example:

  1. Create a volume-pod.json file:

    kind: Pod
    apiVersion: v1
    metadata:
      labels:
        zone: us-east-coast
        cluster: downward-api-test-cluster1
        rack: rack-123
      name: dapi-volume-test-pod
      annotations:
        annotation1: 345
        annotation2: 456
    spec:
      containers:
        - name: volume-test-container
          image: gcr.io/google_containers/busybox
          command: ["sh", "-c", "cat /etc/labels /etc/annotations"]
          volumeMounts:
            - name: podinfo
              mountPath: /etc
              readOnly: false
      volumes:
        - name: podinfo
          metadata:
            items:
              - name: "labels"
                fieldRef:
                  fieldPath: metadata.labels
              - name: "annotations"
                fieldRef:
                  fieldPath: metadata.annotations
      restartPolicy: Never
  2. Create the pod from the volume-pod.json file:

    $ oc create -f volume-pod.json
  3. Check the container’s logs and verify the presence of the configured fields:

    $ oc logs -p dapi-volume-test-pod
    cluster=downward-api-test-cluster1
    rack=rack-123
    zone=us-east-coast
    annotation1=345
    annotation2=456
    kubernetes.io/config.source=api