目錄
- CustomResourceDefinition簡介:
- 目前擴(kuò)展Kubernetes API的常用方式有3種:
- 配置規(guī)范
- 示例1: 創(chuàng)建自定義CRD
- 創(chuàng)造自定義CRD類型
- 示例2: etcd Operator 部署 (該項目已不在維護(hù))
- 部署創(chuàng)建etcd集群
CustomResourceDefinition簡介:
在 Kubernetes 中一切都可視為資源,Kubernetes 1.7 之后增加了對 CRD 自定義資源二次開發(fā)能力來擴(kuò)展 Kubernetes API,通過 CRD 我們可以向 Kubernetes API 中增加新資源類型,而不需要修改 Kubernetes 源碼來創(chuàng)建自定義的 API server,該功能大大提高了 Kubernetes 的擴(kuò)展能力。
當(dāng)你創(chuàng)建一個新的CustomResourceDefinition (CRD)時,Kubernetes API服務(wù)器將為你指定的每個版本創(chuàng)建一個新的RESTful資源路徑,我們可以根據(jù)該api路徑來創(chuàng)建一些我們自己定義的類型資源。CRD可以是命名空間的,也可以是集群范圍的,由CRD的作用域(scpoe)字段中所指定的,與現(xiàn)有的內(nèi)置對象一樣,刪除名稱空間將刪除該名稱空間中的所有自定義對象。customresourcedefinition本身沒有名稱空間,所有名稱空間都可以使用。
目前擴(kuò)展Kubernetes API的常用方式有3種:
- 使用CRD(CustomResourceDefinitions)自定義資源類型
- 開發(fā)自定義的APIServer并聚合至主API Server
- 及定制擴(kuò)展API Server源碼。這其中,CRD最為易用但限制頗多,自定義API Server更富于彈性但代碼工作量偏大,而僅在必須添加新的核心類型才能確保專用的Kberneves集群功能正常,才應(yīng)該定制系統(tǒng)源碼
CRD–>CRT–>CR
- 其中CRD與CRT一般由開發(fā)或服務(wù)供應(yīng)商提供
- CRD只是定義一個類型Kind,但實際把kind運(yùn)行起來CR需要有Controller來對資源進(jìn)行控制,所有只有定義CRD定義沒有并沒有實際意義,當(dāng)然也可以通過定義現(xiàn)在kind來運(yùn)行,比如deployment 通過定義 RC來運(yùn)行
配置規(guī)范
apiVersion: apiextensions.k8s.io/v1 #API群組和版本
kind: CustomResourceDefinition #資源類別
metadata:
-name <string> #資源名稱
spec:
conversion <object> #定義不同版本間的格式轉(zhuǎn)換方式
strategy <string># 不同版本間的自定義資源轉(zhuǎn)換策略,有None和webhook兩種取值
webhook <0bject>#如何調(diào)用用于進(jìn)行格式轉(zhuǎn)換的webhook
group <string>#資源所屬的API群組
names <object># 自定義資源的類型,即該CRD創(chuàng)建資源規(guī)范時使用的kind
categories <[]string>#資源所屬的類別編目,例如"kubectl get all"中的all
kind <string> #kind名稱,必選字段
listKind <string> #資源列表名稱,默認(rèn)為"`kind`List"
plural <string> #復(fù)數(shù),用于API路徑`/apis/<group>/<version>/. . ./<plural>'
shortNames <[string>#該資源的kind的縮寫格式
singular <string>#資源kind的單數(shù)形式,必須使用全小寫字母,默認(rèn)為小寫的kind名稱
preserveUnknownFields <boolean> #預(yù)留的非知名字段,kind等都是知名的預(yù)留字段
scope <string> #作用域,可用值為Cluster和Namespaced
versions <[]object>#版本號定義
additionalPrinterColumns <[]0bject> #需要返回的額外信息
name <string> #形如vM[alphaN|betaN]格式的版本名稱,例如v1或vlalpha2等
schema <object> #該資源的數(shù)據(jù)格式(schema)定義,必選字段
openAPIV3Schema <object> #用于校驗字段的schema對象,格式請參考相關(guān)手冊
served <boolean> #是否允許通過RESTful API調(diào)度該版本,必選字段
storage <boolean> #將自定義資源存儲于etcd中時是不是使用該版本
subresources <0bject>#子資源定義
scale <0bject># 啟用scale子資源,通過autoscaling/v1.Scale發(fā)送負(fù)荷
status <map[string]># 啟用status子資源,為資源生成/status端點
可以查看之前部署Calico創(chuàng)建的自定義CRD
[root@k8s-master ~]# kubectl api-resources #查看所有資源類型 NAME SHORTNAMES APIGROUP NAMESPACED KIND ... bgpconfigurations crd.projectcalico.org false BGPConfiguration bgppeers crd.projectcalico.org false BGPPeer blockaffinities crd.projectcalico.org false BlockAffinity clusterinformations crd.projectcalico.org false ClusterInformation felixconfigurations crd.projectcalico.org false FelixConfiguration globalnetworkpolicies crd.projectcalico.org false GlobalNetworkPolicy globalnetworksets crd.projectcalico.org false GlobalNetworkSet hostendpoints crd.projectcalico.org false HostEndpoint ipamblocks crd.projectcalico.org false IPAMBlock ipamconfigs crd.projectcalico.org false IPAMConfig ipamhandles crd.projectcalico.org false IPAMHandle ippools crd.projectcalico.org false IPPool kubecontrollersconfigurations crd.projectcalico.org false KubeControllersConfiguration networkpolicies crd.projectcalico.org true NetworkPolicy networksets crd.projectcalico.org true NetworkSet
查看calico的yaml文件可以看到里面很多CRD的定義
[root@k8s-master plugin]# vim calico.yaml ... --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ippools.crd.projectcalico.org spec: ...... ... [root@k8s-master plugin]# kubectl get CustomResourceDefinition NAME CREATED AT bgpconfigurations.crd.projectcalico.org 2021-08-29T14:33:24Z bgppeers.crd.projectcalico.org 2021-08-29T14:33:24Z blockaffinities.crd.projectcalico.org 2021-08-29T14:33:24Z clusterinformations.crd.projectcalico.org 2021-08-29T14:33:24Z felixconfigurations.crd.projectcalico.org 2021-08-29T14:33:24Z globalnetworkpolicies.crd.projectcalico.org 2021-08-29T14:33:24Z globalnetworksets.crd.projectcalico.org 2021-08-29T14:33:24Z hostendpoints.crd.projectcalico.org 2021-08-29T14:33:24Z ipamblocks.crd.projectcalico.org 2021-08-29T14:33:24Z ipamconfigs.crd.projectcalico.org 2021-08-29T14:33:24Z ipamhandles.crd.projectcalico.org 2021-08-29T14:33:24Z ippools.crd.projectcalico.org 2021-08-29T14:33:24Z kubecontrollersconfigurations.crd.projectcalico.org 2021-08-29T14:33:24Z networkpolicies.crd.projectcalico.org 2021-08-29T14:33:24Z networksets.crd.projectcalico.org 2021-08-29T14:33:25Z
示例1: 創(chuàng)建自定義CRD
[root@k8s-master crd]# cat crd-v1-user.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: users.auth.ilinux.io
spec:
group: auth.ilinux.io
names:
kind: User
plural: users
singular: user
shortNames:
- u
scope: Namespaced #名稱空間級別
versions:
- served: true
storage: true
name: v1alpha1 #版本號
schema:
openAPIV3Schema:
type: object #對字段做限制
properties:
spec:
type: object
properties:
userID:
type: integer #整形
minimum: 1
maximum: 65535
groups :
type: array #列表
items:
type: string
email:
type: string
password:
type: string
format: password
required: ["userID","groups"]
[root@k8s-master crd]# kubectl apply -f crd-v1-user.yaml
[root@k8s-master crd]# kubectl api-resources
NAME SHORTNAMES APIGROUP NAMESPACED KIND
bindings true Binding
...
users u auth.ilinux.io true User
創(chuàng)造自定義CRD類型
[root@k8s-master crd]# cat user-cr-demo.yaml apiVersion: auth.ilinux.io/v1alpha1 kind: User metadata: name: admin namespace: default spec: userID: 1 email: [email protected] groups: - superusers - adminstrators password: ikubernetes.io [root@k8s-master crd]# kubectl apply -f user-cr-demo.yaml user.auth.ilinux.io/admin created [root@k8s-master crd]# kubectl get User NAME AGE admin 14s [root@k8s-master ~]# kubectl describe User admin Name: admin Namespace: default Labels: <none> Annotations: <none> API Version: auth.ilinux.io/v1alpha1 Kind: User Metadata: Creation Timestamp: 2021-09-10T14:51:53Z Generation: 1 Managed Fields: API Version: auth.ilinux.io/v1alpha1 Fields Type: FieldsV1 fieldsV1: f:metadata: f:annotations: .: f:kubectl.kubernetes.io/last-applied-configuration: f:spec: .: f:email: f:groups: f:password: f:userID: Manager: kubectl-client-side-apply Operation: Update Time: 2021-09-10T14:51:53Z Resource Version: 2583010 Self Link: /apis/auth.ilinux.io/v1alpha1/namespaces/default/users/admin UID: 5af89454-e067-4f30-83b7-cc2ad82e3526 Spec: Email: [email protected] Groups: superusers adminstrators Password: ikubernetes.io User ID: 1 Events: <none>
以上定義的kind資源 沒Controller并不能運(yùn)行成實際對象,Controller的開發(fā)需要開發(fā)來完成
示例2: etcd Operator 部署 (該項目已不在維護(hù))
Operator 項目地址:
https://github.com/coreos/etcd-operator/blob/master/doc/user/install_guide.md
https://github.com/coreos/etcd-operator
https://github.com/operator-framework/awesome-operators
先安裝RBAC 再安裝etcd operator 再部署創(chuàng)建etcd集群
[root@k8s-master etcd-operator]# example/rbac/create_role.sh
Creating role with ROLE_NAME=etcd-operator, NAMESPACE=default
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
clusterrole.rbac.authorization.k8s.io/etcd-operator created
Creating role binding with ROLE_NAME=etcd-operator, ROLE_BINDING_NAME=etcd-operator, NAMESPACE=default
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/etcd-operator created
[root@k8s-master etcd-operator]# kubectl create -f example/deployment.yaml
error: unable to recognize "example/deployment.yaml": no matches for kind "Deployment" in version "extensions/v1beta1"
#deployment版本太老修改example/deployment.yaml
[root@k8s-master etcd-operator]# cat example/deployment.yaml
apiVersion: apps/v1 #版本
kind: Deployment
metadata:
name: etcd-operator
spec:
replicas: 1
selector: #添加字段
matchLabels:
name: etcd-operator
template:
metadata:
labels:
name: etcd-operator
spec:
containers:
- name: etcd-operator
image: quay.io/coreos/etcd-operator:v0.9.4
command:
- etcd-operator
# Uncomment to act for resources in all namespaces. More information in doc/user/clusterwide.md
#- -cluster-wide
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
[root@k8s-master etcd-operator]# kubectl create -f example/deployment.yaml
deployment.apps/etcd-operator created
[root@k8s-master etcd-operator]#
[root@k8s-master etcd-operator]# kubectl api-resources
...
etcdclusters etcd etcd.database.coreos.com true EtcdCluster
部署創(chuàng)建etcd集群
[root@k8s-master etcd-operator]# cat example/example-etcd-cluster.yaml apiVersion: "etcd.database.coreos.com/v1beta2" kind: "EtcdCluster" metadata: name: "example-etcd-cluster" ## Adding this annotation make this cluster managed by clusterwide operators ## namespaced operators ignore it # annotations: # etcd.database.coreos.com/scope: clusterwide spec: size: 3 #集群數(shù)理 version: "3.2.13" [root@k8s-master etcd-operator]# kubectl apply -f example/example-etcd-cluster.yaml etcdcluster.etcd.database.coreos.com/example-etcd-cluster created [root@k8s-master etcd-operator]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES etcd-operator-646cbffdb6-brbn6 1/1 Running 0 12m 192.168.51.58 k8s-node3 <none> <none> example-etcd-cluster-nc8pdgjrjr 1/1 Running 0 3m3s 192.168.51.59 k8s-node3 <none> <none> - 后面在加一個SVC就可以使用了
以上就是kubernetes k8s CRD自定義資源學(xué)習(xí)筆記的詳細(xì)內(nèi)容,更多關(guān)于kubernetes(k8s) CRD的資料請關(guān)注其它相關(guān)文章!
