Obtain the metadata from a container - Elastic Container Instance

The metadata of an elastic container instance (pod) provides information about the pod and the containers in the pod. The information includes the name, ID, IP address and network interface controller (NIC) of the pod and containers. You can use the metadata of the pod to manage and use containers. This topic describes how to obtain the metadata of a pod from a container to present the metadata to running containers.

Method 1: Use MetaServer to access metadata

Connect to a container. For more information, see Connect to an elastic container instance.

Access metadata.

Note

If curl is not installed in the container, install curl.

curl http://100.100.100.200/latest/meta-data/<metadata>

Replace <metadata> with the metadata item that you want to query. For example, replace <metadata> with instance-id.

curl http://100.100.100.200/latest/meta-data/instance-id

The following table describes the metadata items of an elastic container instance that you can query.

Metadata item	Description
/dns-conf/nameservers	The Domain Name System (DNS) configurations of the elastic container instance.
/eipv4	The elastic IPv4 address of the elastic container instance.
/hostname	The hostname of the elastic container instance, which is the ContainerGroupName value.
/instance-id	The ID of the elastic container instance.
/mac	The media access control (MAC) address of the elastic container instance.
/network/interfaces/	The MAC addresses of the NICs.
/network/interfaces/macs/[mac]/network-interface-id	The ID of the NIC. Replace [mac] with the MAC address of the elastic container instance.
/network/interfaces/macs/[mac]/netmask	The subnet mask of the NIC.
/network/interfaces/macs/[mac]/vswitch-cidr-block	The IPv4 CIDR block of the vSwitch to which the NIC is connected.
/network/interfaces/macs/[mac]/vpc-cidr-block	The IPv4 CIDR block of the virtual private cloud (VPC) to which the NIC belongs.
/network/interfaces/macs/[mac]/private-ipv4s	The private IPv4 addresses assigned to the NIC.
/network/interfaces/macs/[mac]/vpc-ipv6-cidr-blocks	The IPv6 CIDR block of the VPC to which the NIC belongs. This item is applicable only to the elastic container instances that reside in VPCs and to which IPv6 addresses are assigned.
/network/interfaces/macs/[mac]/vswitch-id	The ID of the vSwitch that resides in the same VPC as the security group of the NIC.
/network/interfaces/macs/[mac]/vpc-id	The ID of the VPC in which the security group of the NIC resides.
/network/interfaces/macs/[mac]/primary-ip-address	The primary private IP address of the NIC.
/network/interfaces/macs/[mac]/gateway	The IPv4 gateway address of the NIC.
/instance/max-netbw-egress	The maximum outbound internal bandwidth of the elastic container instance. Unit: Kbit/s.
/instance/max-netbw-ingerss	The maximum inbound internal bandwidth of the elastic container instance. Unit: Kbit/s.
/network/interfaces/macs/[mac]/ipv6s	The IPv6 addresses assigned to the NIC. This item is applicable only to elastic container instances that reside in VPCs and to which IPv6 addresses are assigned.
/network/interfaces/macs/[mac]/ipv6-gateway	The IPv6 gateway address of the VPC to which the NIC belongs.
/network/interfaces/macs/[mac]/vswitch-ipv6-cidr-block	The IPv6 CIDR block of the vSwitch to which the NIC is connected. This item is applicable only to elastic container instances that reside within VPCs and to which IPv6 addresses are assigned.
/private-ipv4	The private IPv4 address of the elastic container instance.
/ntp-conf/ntp-servers	The address of the Network Time Protocol (NTP) server.
/owner-account-id	The ID of the Alibaba Cloud account to which the elastic container instance belongs.
/region-id	The region ID of the elastic container instance.
/serial-number	The serial number of the elastic container instance.
/vpc-id	The ID of the VPC in which the elastic container instance resides.
/vpc-cidr-block	The CIDR block of the VPC in which the elastic container instance resides.
/vswitch-cidr-block	The CIDR block of the vSwitch to which the elastic container instance is connected.
/vswitch-id	The ID of the vSwitch to which the elastic container instance is connected.
/zone-id	The zone ID of the elastic container instance.
/ram/security-credentials/[role-name]	The temporary Security Token Service (STS) credentials generated for the Resource Access Management (RAM) role of the elastic container instance. You can obtain the temporary STS credentials only after you specify a RAM role for an elastic container instance. Replace [role-name] with the name of the RAM role. If you do not replace [role-name] with the name of the RAM role, the name of the elastic container instance is returned.

Method 2: Configure environment variables for a container

You can obtain the metadata of an elastic container instance by configuring container environment variables. The following table describes the metadata items of elastic container instances that you can obtain by configuring container environment variables.

Key	Value	Description
eci_id	__ECI_ID__	The ID of the elastic container instance.
eci_name	__ECI_NAME__	The name of the elastic container instance.
region_id	__REGION_ID__	The region ID of the elastic container instance.
zone_id	__ZONE_ID__	The zone ID of the elastic container instance.
container_name	__CONTAINER_NAME__	The name of the container.

Sample configurations:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: test
  labels:
    app: test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      name: nginx-test
      labels:
        app: nginx
        alibabacloud.com/eci: "true" 
    spec:
      containers:
      - name: nginx
        image: registry.cn-shanghai.aliyuncs.com/eci_open/nginx:1.14.2
        ports:
        - containerPort: 80
        env:  
          - name: eci_id
            value: __ECI_ID__
          - name: eci_name
            value: __ECI_NAME__
          - name: region_id
            value: __REGION_ID__
          - name: zone_id
            value: __ZONE_ID__
          - name: container_name
            value: __CONTAINER_NAME__

Log on to the container and view the environment variables. You can find that the environment variables have taken effect. Example:

K8s获取元数据

Method 3: Use the Downward API

The Kubernetes Downward API provides the following methods to expose pod information to running containers:

Pass pod information to environment variables of a container
You can pass each piece of pod information as the value of a single environment variable to a container.
Mount pod information as a volume file to a container
You can generate a file based on pod information and mount the file as a volume to a container.

The integration of Container Service for Kubernetes (ACK) and Elastic Container Instance supports the most fields used by the Downward API.

Pass pod information to environment variables of a container

You can use the Downward API to pass information such as the name, namespace, and IP address of a pod to environment variables of a container. The following table describes the metadata items that you can obtain by configuring environment variables of a container.

Metadata item	Description
metadata.name	The name of the pod.
metadata.namespace	The namespace of the pod.
metadata.uid	The user ID (UID) of the pod.
metadata.labels['<KEY>']	The label value of the pod.
metadata.annotations['<KEY>']	The annotation value of the pod. For more information, see Pod annotations.
spec.serviceAccountName	The name of the pod service account.
spec.nodeName	The name of the node.
status.podIP	The IP address of the node.

Sample Deployment configurations:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: downward-env
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
        annotations: 
            regionId: cn-beijing
            platform: Aliyun ECI
        labels:
            app: nginx
            env: test
            alibabacloud.com/eci: "true" 
    spec:
      containers:
      - name: nginx
        image: registry-vpc.cn-beijing.aliyuncs.com/eci_open/nginx:1.14.2
        env:
        - name: METADATA_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: METADATA_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: METADATA_UID
          valueFrom:
            fieldRef:
              fieldPath: metadata.uid
        - name: METADATA_LABELS
          valueFrom:
            fieldRef:
              fieldPath: metadata.labels['env']
        - name: METADATA_ANNOTATIONS_REGION
          valueFrom:
            fieldRef:
              fieldPath: metadata.annotations['regionId']
        - name: METADATA_ANNOTATIONS_ECI_INSTANCE_ID
          valueFrom:
            fieldRef:
              fieldPath: metadata.annotations['k8s.aliyun.com/eci-instance-id']
        - name: STATUS_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: SPEC_SERVICE_ACCOUNT_NAME
          valueFrom:
            fieldRef:
              fieldPath: spec.serviceAccountName

Log on to the container and view the environment variables. You can find that fieldRef has taken effect. Example:

downward

Mount pod information as a volume file to a container

You can use the Downward API to mount pod information such as labels and annotations as a volume file to a container. The following table describes the metadata items of elastic container instances that you can obtain by mounting volume files to a container.

Metadata item	Description
metadata.name	The name of the pod.
metadata.namespace	The namespace of the pod.
metadata.uid	The UID of the pod.
metadata.labels['<KEY>']	The label value of the pod.
metadata.annotations['<KEY>']	The annotation value of the pod.
metadata.labels	All labels of the pod.
metadata.annotations	All annotations of the pod.

Note

The Downward API can pass pod fields, but cannot pass container fields such as limits.cpu, requests.cpu, limits.memory, requests.memory, limits.ephemeral-storage, and requests.ephemeral-storage.

Sample Deployment configurations:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: downward-down-volume
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
        annotations: 
            regionId: cn-beijing
            platform: Aliyun ECI
        labels:
            app: nginx
            env: test
            alibabacloud.com/eci: "true" 
    spec:
      containers:
      - name: nginx
        image: registry-vpc.cn-beijing.aliyuncs.com/eci_open/nginx:1.14.2
        volumeMounts:
        - name: podinfo
          mountPath: /etc/podinfo
          readOnly: false
      volumes:
      - name: podinfo
        downwardAPI:
          items:
            - path: "metadata.name"
              fieldRef:
                fieldPath: metadata.name
            - path: "metadata.namespace"
              fieldRef:
                fieldPath: metadata.namespace
            - path: "metadata.uid"
              fieldRef:
                fieldPath: metadata.uid
            - path: "metadata.labels"
              fieldRef:
                fieldPath: metadata.labels
            - path: "metadata.annotations"
              fieldRef:
                fieldPath: metadata.annotations

Log on to the container and go to the directory where the volume is mounted. You can find that fieldRef has taken effect and that the pod information specified in fieldRef is stored in the directory. Example:

K8s获取元数据2