乐趣区

关于kubernetes:28kubernetesk8s笔记-CRD

CustomResourceDefinition 简介:

在 Kubernetes 中所有都可视为资源,Kubernetes 1.7 之后减少了对 CRD 自定义资源二次开发能力来扩大 Kubernetes API,通过 CRD 咱们能够向 Kubernetes API 中减少新资源类型,而不须要批改 Kubernetes 源码来创立自定义的 API server,该性能大大提高了 Kubernetes 的扩大能力。
当你创立一个新的 CustomResourceDefinition (CRD)时,Kubernetes API 服务器将为你指定的每个版本创立一个新的 RESTful 资源门路,咱们能够依据该 api 门路来创立一些咱们本人定义的类型资源。CRD 能够是命名空间的,也能够是集群范畴的,由 CRD 的作用域 (scpoe) 字段中所指定的,与现有的内置对象一样,删除名称空间将删除该名称空间中的所有自定义对象。customresourcedefinition 自身没有名称空间,所有名称空间都能够应用。

  • 目前扩大 Kubernetes API 的罕用形式有 3 种:
  • 应用 CRD(CustomResourceDefinitions)自定义资源类型
  • 开发自定义的 APIServer 并聚合至主 API Server
  • 及定制扩大 API Server 源码。这其中,CRD 最为易用但限度颇多,自定义 API Server 更富于弹性但代码工作量偏大,而仅在必须增加新的外围类型能力确保专用的 Kberneves 集群性能失常,才应该定制零碎源码
  • CRD–>CRT–>CR
    其中 CRD 与 CRT 个别由开发或服务供应商提供
    CRD 只是定义一个类型 Kind,但理论把 kind 运行起来 CR 须要有 Controller 来对资源进行管制,所有只有定义 CRD 定义没有并没有实际意义,当然也能够通过定义当初 kind 来运行,比方 deployment 通过定义 RC 来运行

配置标准

apiVersion: apiextensions.k8s.io/v1 #API 群组和版本
kind: CustomResourceDefinition #资源类别
metadata:
  -name <string> #资源名称
spec:
  conversion <object> #定义不同版本间的格局转换形式
    strategy <string># 不同版本间的自定义资源转换策略,有 None 和 webhook 两种取值
    webhook <0bject># 如何调用用于进行格局转换的 webhook
  group <string># 资源所属的 API 群组
  names <object># 自定义资源的类型,即该 CRD 创立资源标准时应用的 kind
    categories <[]string># 资源所属的类别编目,例如 "kubectl get all" 中的 all
    kind <string> #kind 名称, 必选字段
    listKind <string> #资源列表名称,默认为 "`kind`List"
    plural <string>  #复数,用于 API 门路 `/apis/<group>/<version>/. . ./<plural>'
    shortNames <[string># 该资源的 kind 的缩写格局
    singular <string># 资源 kind 的复数模式,必须应用全小写字母,默认为小写的 kind 名称
  preserveUnknownFields <boolean> #预留的非知名字段,kind 等都是出名的预留字段
  scope <string> #作用域,可用值为 Cluster 和 Namespaced
  versions <[]object># 版本号定义
    additionalPrinterColumns <[]0bject> #须要返回的额定信息
    name <string>  #形如 vM[alphaN|betaN]格局的版本名称,例如 v1 或 vlalpha2 等
    schema <object> #该资源的数据格式 (schema) 定义,必选字段
      openAPIV3Schema <object> #用于校验字段的 schema 对象,格局请参考相干手册
    served <boolean> #是否容许通过 RESTful API 调度该版本,必选字段
    storage <boolean> #将自定义资源存储于 etcd 中时是不是应用该版本
    subresources <0bject># 子资源定义
      scale <0bject># 启用 scale 子资源,通过 autoscaling/v1.Scale 发送负荷
      status <map[string]># 启用 status 子资源,为资源生成 /status 端点
  • 能够查看之前部署 Calico 创立的自定义 CRD
[root@k8s-master ~]# kubectl api-resources      #查看所有资源类型
NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND
...  
bgpconfigurations                              crd.projectcalico.org          false        BGPConfiguration
bgppeers                                       crd.projectcalico.org          false        BGPPeer
blockaffinities                                crd.projectcalico.org          false        BlockAffinity
clusterinformations                            crd.projectcalico.org          false        ClusterInformation
felixconfigurations                            crd.projectcalico.org          false        FelixConfiguration
globalnetworkpolicies                          crd.projectcalico.org          false        GlobalNetworkPolicy
globalnetworksets                              crd.projectcalico.org          false        GlobalNetworkSet
hostendpoints                                  crd.projectcalico.org          false        HostEndpoint
ipamblocks                                     crd.projectcalico.org          false        IPAMBlock
ipamconfigs                                    crd.projectcalico.org          false        IPAMConfig
ipamhandles                                    crd.projectcalico.org          false        IPAMHandle
ippools                                        crd.projectcalico.org          false        IPPool
kubecontrollersconfigurations                  crd.projectcalico.org          false        KubeControllersConfiguration
networkpolicies                                crd.projectcalico.org          true         NetworkPolicy
networksets                                    crd.projectcalico.org          true         NetworkSet
  • 查看 calico 的 yaml 文件能够看到外面很多 CRD 的定义

    [root@k8s-master plugin]# vim calico.yaml   
    ...
    ---
    apiVersion: apiextensions.k8s.io/v1
    kind: CustomResourceDefinition
    metadata:
    name: ippools.crd.projectcalico.org
    spec:
    ......
    ...
    
    [root@k8s-master plugin]# kubectl get CustomResourceDefinition
    NAME                                                  CREATED AT
    bgpconfigurations.crd.projectcalico.org               2021-08-29T14:33:24Z
    bgppeers.crd.projectcalico.org                        2021-08-29T14:33:24Z
    blockaffinities.crd.projectcalico.org                 2021-08-29T14:33:24Z
    clusterinformations.crd.projectcalico.org             2021-08-29T14:33:24Z
    felixconfigurations.crd.projectcalico.org             2021-08-29T14:33:24Z
    globalnetworkpolicies.crd.projectcalico.org           2021-08-29T14:33:24Z
    globalnetworksets.crd.projectcalico.org               2021-08-29T14:33:24Z
    hostendpoints.crd.projectcalico.org                   2021-08-29T14:33:24Z
    ipamblocks.crd.projectcalico.org                      2021-08-29T14:33:24Z
    ipamconfigs.crd.projectcalico.org                     2021-08-29T14:33:24Z
    ipamhandles.crd.projectcalico.org                     2021-08-29T14:33:24Z
    ippools.crd.projectcalico.org                         2021-08-29T14:33:24Z
    kubecontrollersconfigurations.crd.projectcalico.org   2021-08-29T14:33:24Z
    networkpolicies.crd.projectcalico.org                 2021-08-29T14:33:24Z
    networksets.crd.projectcalico.org                     2021-08-29T14:33:25Z
    

    示例 1: 创立自定义 CRD

    [root@k8s-master crd]# cat crd-v1-user.yaml 
    apiVersion: apiextensions.k8s.io/v1
    kind: CustomResourceDefinition
    metadata:
    name: users.auth.ilinux.io
    spec:
    group: auth.ilinux.io
    names:
      kind: User
      plural: users
      singular: user
      shortNames:
      - u
    scope: Namespaced  #名称空间级别
    versions:
    - served: true
      storage: true
      name: v1alpha1  #版本号
      schema:
        openAPIV3Schema:
          type: object    #对字段做限度 
          properties:
            spec:
              type: object
              properties:
                userID:
                  type: integer  #整形
                  minimum: 1
                  maximum: 65535
                groups :
                  type: array   #列表
                  items:
                    type: string
                email:
                  type: string
                password:
                  type: string
                  format: password
              required: ["userID","groups"]
    [root@k8s-master crd]# kubectl apply -f crd-v1-user.yaml 
    
    [root@k8s-master crd]# kubectl api-resources
    NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND
    bindings                                                                      true         Binding
    ...
    users                             u            auth.ilinux.io                 true         User
  • 发明自定义 CRD 类型

    [root@k8s-master crd]# cat user-cr-demo.yaml 
    apiVersion: auth.ilinux.io/v1alpha1
    kind: User
    metadata:
    name: admin
    namespace: default
    spec:
    userID: 1
    email: test@test.com
    groups:
    - superusers
    - adminstrators
    password: ikubernetes.io
    
    [root@k8s-master crd]# kubectl apply -f user-cr-demo.yaml 
    user.auth.ilinux.io/admin created
    
    [root@k8s-master crd]# kubectl get User
    NAME    AGE
    admin   14s
    
    [root@k8s-master ~]# kubectl describe User admin
    Name:         admin
    Namespace:    default
    Labels:       <none>
    Annotations:  <none>
    API Version:  auth.ilinux.io/v1alpha1
    Kind:         User
    Metadata:
    Creation Timestamp:  2021-09-10T14:51:53Z
    Generation:          1
    Managed Fields:
      API Version:  auth.ilinux.io/v1alpha1
      Fields Type:  FieldsV1
      fieldsV1:
        f:metadata:
          f:annotations:
            .:
            f:kubectl.kubernetes.io/last-applied-configuration:
        f:spec:
          .:
          f:email:
          f:groups:
          f:password:
          f:userID:
      Manager:         kubectl-client-side-apply
      Operation:       Update
      Time:            2021-09-10T14:51:53Z
    Resource Version:  2583010
    Self Link:         /apis/auth.ilinux.io/v1alpha1/namespaces/default/users/admin
    UID:               5af89454-e067-4f30-83b7-cc2ad82e3526
    Spec:
    Email:  test@test.com
    Groups:
      superusers
      adminstrators
    Password:  ikubernetes.io
    User ID:   1
    Events:      <none>
    
  • 以上定义的 kind 资源 没 Controller 并不能运行成理论对象,Controller 的开发须要开发来实现

示例 2: etcd Operator 部署 (该我的项目已不在保护)

  • Operator 我的项目地址:

    https://github.com/operator-f…
    https://github.com/coreos/etc…
    https://github.com/coreos/etc…

    1. 先装置 RBAC 再装置 etcd operator 再部署创立 etcd 集群

      [root@k8s-master etcd-operator]# example/rbac/create_role.sh
      Creating role with ROLE_NAME=etcd-operator, NAMESPACE=default
      Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole
      clusterrole.rbac.authorization.k8s.io/etcd-operator created
      Creating role binding with ROLE_NAME=etcd-operator, ROLE_BINDING_NAME=etcd-operator, NAMESPACE=default
      Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
      clusterrolebinding.rbac.authorization.k8s.io/etcd-operator created
      
      [root@k8s-master etcd-operator]# kubectl create -f example/deployment.yaml
      error: unable to recognize "example/deployment.yaml": no matches for kind "Deployment" in version "extensions/v1beta1"
      #deployment 版本太老批改 example/deployment.yaml
      [root@k8s-master etcd-operator]# cat example/deployment.yaml
      apiVersion: apps/v1  #版本
      kind: Deployment
      metadata:
      name: etcd-operator
      spec:
      replicas: 1
      selector:   #增加字段
        matchLabels:
       name: etcd-operator
      template:
        metadata:
       labels:
         name: etcd-operator
        spec:
       containers:
       - name: etcd-operator
         image: quay.io/coreos/etcd-operator:v0.9.4
         command:
         - etcd-operator
         # Uncomment to act for resources in all namespaces. More information in doc/user/clusterwide.md
         #- -cluster-wide
         env:
         - name: MY_POD_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         - name: MY_POD_NAME
           valueFrom:
             fieldRef:
               fieldPath: metadata.name
      
      [root@k8s-master etcd-operator]# kubectl create -f example/deployment.yaml
      deployment.apps/etcd-operator created
      [root@k8s-master etcd-operator]# 
      
      [root@k8s-master etcd-operator]# kubectl api-resources
      ...
      etcdclusters                      etcd         etcd.database.coreos.com       true         EtcdCluster
      
    1. 部署创立 etcd 集群
    [root@k8s-master etcd-operator]# cat example/example-etcd-cluster.yaml
    apiVersion: "etcd.database.coreos.com/v1beta2"
    kind: "EtcdCluster"
    metadata:
    name: "example-etcd-cluster"
    ## Adding this annotation make this cluster managed by clusterwide operators
    ## namespaced operators ignore it
    # annotations:
    #   etcd.database.coreos.com/scope: clusterwide
    spec:
    size: 3  #集群数理
    version: "3.2.13"
    [root@k8s-master etcd-operator]# kubectl apply -f  example/example-etcd-cluster.yaml
    etcdcluster.etcd.database.coreos.com/example-etcd-cluster created
    
    [root@k8s-master etcd-operator]# kubectl get pod -o wide
    NAME                              READY   STATUS    RESTARTS   AGE    IP              NODE        NOMINATED NODE   READINESS GATES
    etcd-operator-646cbffdb6-brbn6    1/1     Running   0          12m    192.168.51.58   k8s-node3   <none>           <none>
    example-etcd-cluster-nc8pdgjrjr   1/1     Running   0          3m3s   192.168.51.59   k8s-node3   <none>           <none>
  • 前面在加一个 SVC 就能够应用了

退出移动版