CustomResourceDefinition 简介:
在 Kubernetes 中所有都可视为资源,Kubernetes 1.7 之后减少了对 CRD 自定义资源二次开发能力来扩大 Kubernetes API,通过 CRD 咱们能够向 Kubernetes API 中减少新资源类型,而不须要批改 Kubernetes 源码来创立自定义的 API server,该性能大大提高了 Kubernetes 的扩大能力。
当你创立一个新的 CustomResourceDefinition (CRD)时,Kubernetes API 服务器将为你指定的每个版本创立一个新的 RESTful 资源门路,咱们能够依据该 api 门路来创立一些咱们本人定义的类型资源。CRD 能够是命名空间的,也能够是集群范畴的,由 CRD 的作用域 (scpoe) 字段中所指定的,与现有的内置对象一样,删除名称空间将删除该名称空间中的所有自定义对象。customresourcedefinition 自身没有名称空间,所有名称空间都能够应用。
- 目前扩大 Kubernetes API 的罕用形式有 3 种:
- 应用 CRD(CustomResourceDefinitions)自定义资源类型
- 开发自定义的 APIServer 并聚合至主 API Server
- 及定制扩大 API Server 源码。这其中,CRD 最为易用但限度颇多,自定义 API Server 更富于弹性但代码工作量偏大,而仅在必须增加新的外围类型能力确保专用的 Kberneves 集群性能失常,才应该定制零碎源码
- CRD–>CRT–>CR
其中 CRD 与 CRT 个别由开发或服务供应商提供
CRD 只是定义一个类型 Kind,但理论把 kind 运行起来 CR 须要有 Controller 来对资源进行管制,所有只有定义 CRD 定义没有并没有实际意义,当然也能够通过定义当初 kind 来运行,比方 deployment 通过定义 RC 来运行
配置标准
apiVersion: apiextensions.k8s.io/v1 #API 群组和版本
kind: CustomResourceDefinition #资源类别
metadata:
-name <string> #资源名称
spec:
conversion <object> #定义不同版本间的格局转换形式
strategy <string># 不同版本间的自定义资源转换策略,有 None 和 webhook 两种取值
webhook <0bject># 如何调用用于进行格局转换的 webhook
group <string># 资源所属的 API 群组
names <object># 自定义资源的类型,即该 CRD 创立资源标准时应用的 kind
categories <[]string># 资源所属的类别编目,例如 "kubectl get all" 中的 all
kind <string> #kind 名称, 必选字段
listKind <string> #资源列表名称,默认为 "`kind`List"
plural <string> #复数,用于 API 门路 `/apis/<group>/<version>/. . ./<plural>'
shortNames <[string># 该资源的 kind 的缩写格局
singular <string># 资源 kind 的复数模式,必须应用全小写字母,默认为小写的 kind 名称
preserveUnknownFields <boolean> #预留的非知名字段,kind 等都是出名的预留字段
scope <string> #作用域,可用值为 Cluster 和 Namespaced
versions <[]object># 版本号定义
additionalPrinterColumns <[]0bject> #须要返回的额定信息
name <string> #形如 vM[alphaN|betaN]格局的版本名称,例如 v1 或 vlalpha2 等
schema <object> #该资源的数据格式 (schema) 定义,必选字段
openAPIV3Schema <object> #用于校验字段的 schema 对象,格局请参考相干手册
served <boolean> #是否容许通过 RESTful API 调度该版本,必选字段
storage <boolean> #将自定义资源存储于 etcd 中时是不是应用该版本
subresources <0bject># 子资源定义
scale <0bject># 启用 scale 子资源,通过 autoscaling/v1.Scale 发送负荷
status <map[string]># 启用 status 子资源,为资源生成 /status 端点
- 能够查看之前部署 Calico 创立的自定义 CRD
[root@k8s-master ~]# kubectl api-resources #查看所有资源类型
NAME SHORTNAMES APIGROUP NAMESPACED KIND
...
bgpconfigurations crd.projectcalico.org false BGPConfiguration
bgppeers crd.projectcalico.org false BGPPeer
blockaffinities crd.projectcalico.org false BlockAffinity
clusterinformations crd.projectcalico.org false ClusterInformation
felixconfigurations crd.projectcalico.org false FelixConfiguration
globalnetworkpolicies crd.projectcalico.org false GlobalNetworkPolicy
globalnetworksets crd.projectcalico.org false GlobalNetworkSet
hostendpoints crd.projectcalico.org false HostEndpoint
ipamblocks crd.projectcalico.org false IPAMBlock
ipamconfigs crd.projectcalico.org false IPAMConfig
ipamhandles crd.projectcalico.org false IPAMHandle
ippools crd.projectcalico.org false IPPool
kubecontrollersconfigurations crd.projectcalico.org false KubeControllersConfiguration
networkpolicies crd.projectcalico.org true NetworkPolicy
networksets crd.projectcalico.org true NetworkSet
-
查看 calico 的 yaml 文件能够看到外面很多 CRD 的定义
[root@k8s-master plugin]# vim calico.yaml ... --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ippools.crd.projectcalico.org spec: ...... ... [root@k8s-master plugin]# kubectl get CustomResourceDefinition NAME CREATED AT bgpconfigurations.crd.projectcalico.org 2021-08-29T14:33:24Z bgppeers.crd.projectcalico.org 2021-08-29T14:33:24Z blockaffinities.crd.projectcalico.org 2021-08-29T14:33:24Z clusterinformations.crd.projectcalico.org 2021-08-29T14:33:24Z felixconfigurations.crd.projectcalico.org 2021-08-29T14:33:24Z globalnetworkpolicies.crd.projectcalico.org 2021-08-29T14:33:24Z globalnetworksets.crd.projectcalico.org 2021-08-29T14:33:24Z hostendpoints.crd.projectcalico.org 2021-08-29T14:33:24Z ipamblocks.crd.projectcalico.org 2021-08-29T14:33:24Z ipamconfigs.crd.projectcalico.org 2021-08-29T14:33:24Z ipamhandles.crd.projectcalico.org 2021-08-29T14:33:24Z ippools.crd.projectcalico.org 2021-08-29T14:33:24Z kubecontrollersconfigurations.crd.projectcalico.org 2021-08-29T14:33:24Z networkpolicies.crd.projectcalico.org 2021-08-29T14:33:24Z networksets.crd.projectcalico.org 2021-08-29T14:33:25Z
示例 1: 创立自定义 CRD
[root@k8s-master crd]# cat crd-v1-user.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: users.auth.ilinux.io spec: group: auth.ilinux.io names: kind: User plural: users singular: user shortNames: - u scope: Namespaced #名称空间级别 versions: - served: true storage: true name: v1alpha1 #版本号 schema: openAPIV3Schema: type: object #对字段做限度 properties: spec: type: object properties: userID: type: integer #整形 minimum: 1 maximum: 65535 groups : type: array #列表 items: type: string email: type: string password: type: string format: password required: ["userID","groups"] [root@k8s-master crd]# kubectl apply -f crd-v1-user.yaml [root@k8s-master crd]# kubectl api-resources NAME SHORTNAMES APIGROUP NAMESPACED KIND bindings true Binding ... users u auth.ilinux.io true User
-
发明自定义 CRD 类型
[root@k8s-master crd]# cat user-cr-demo.yaml apiVersion: auth.ilinux.io/v1alpha1 kind: User metadata: name: admin namespace: default spec: userID: 1 email: test@test.com groups: - superusers - adminstrators password: ikubernetes.io [root@k8s-master crd]# kubectl apply -f user-cr-demo.yaml user.auth.ilinux.io/admin created [root@k8s-master crd]# kubectl get User NAME AGE admin 14s [root@k8s-master ~]# kubectl describe User admin Name: admin Namespace: default Labels: <none> Annotations: <none> API Version: auth.ilinux.io/v1alpha1 Kind: User Metadata: Creation Timestamp: 2021-09-10T14:51:53Z Generation: 1 Managed Fields: API Version: auth.ilinux.io/v1alpha1 Fields Type: FieldsV1 fieldsV1: f:metadata: f:annotations: .: f:kubectl.kubernetes.io/last-applied-configuration: f:spec: .: f:email: f:groups: f:password: f:userID: Manager: kubectl-client-side-apply Operation: Update Time: 2021-09-10T14:51:53Z Resource Version: 2583010 Self Link: /apis/auth.ilinux.io/v1alpha1/namespaces/default/users/admin UID: 5af89454-e067-4f30-83b7-cc2ad82e3526 Spec: Email: test@test.com Groups: superusers adminstrators Password: ikubernetes.io User ID: 1 Events: <none>
- 以上定义的 kind 资源 没 Controller 并不能运行成理论对象,Controller 的开发须要开发来实现
示例 2: etcd Operator 部署 (该我的项目已不在保护)
-
Operator 我的项目地址:
https://github.com/operator-f…
https://github.com/coreos/etc…
https://github.com/coreos/etc… -
-
先装置 RBAC 再装置 etcd operator 再部署创立 etcd 集群
[root@k8s-master etcd-operator]# example/rbac/create_role.sh Creating role with ROLE_NAME=etcd-operator, NAMESPACE=default Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole clusterrole.rbac.authorization.k8s.io/etcd-operator created Creating role binding with ROLE_NAME=etcd-operator, ROLE_BINDING_NAME=etcd-operator, NAMESPACE=default Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding clusterrolebinding.rbac.authorization.k8s.io/etcd-operator created [root@k8s-master etcd-operator]# kubectl create -f example/deployment.yaml error: unable to recognize "example/deployment.yaml": no matches for kind "Deployment" in version "extensions/v1beta1" #deployment 版本太老批改 example/deployment.yaml [root@k8s-master etcd-operator]# cat example/deployment.yaml apiVersion: apps/v1 #版本 kind: Deployment metadata: name: etcd-operator spec: replicas: 1 selector: #增加字段 matchLabels: name: etcd-operator template: metadata: labels: name: etcd-operator spec: containers: - name: etcd-operator image: quay.io/coreos/etcd-operator:v0.9.4 command: - etcd-operator # Uncomment to act for resources in all namespaces. More information in doc/user/clusterwide.md #- -cluster-wide env: - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name [root@k8s-master etcd-operator]# kubectl create -f example/deployment.yaml deployment.apps/etcd-operator created [root@k8s-master etcd-operator]# [root@k8s-master etcd-operator]# kubectl api-resources ... etcdclusters etcd etcd.database.coreos.com true EtcdCluster
-
-
- 部署创立 etcd 集群
[root@k8s-master etcd-operator]# cat example/example-etcd-cluster.yaml apiVersion: "etcd.database.coreos.com/v1beta2" kind: "EtcdCluster" metadata: name: "example-etcd-cluster" ## Adding this annotation make this cluster managed by clusterwide operators ## namespaced operators ignore it # annotations: # etcd.database.coreos.com/scope: clusterwide spec: size: 3 #集群数理 version: "3.2.13" [root@k8s-master etcd-operator]# kubectl apply -f example/example-etcd-cluster.yaml etcdcluster.etcd.database.coreos.com/example-etcd-cluster created [root@k8s-master etcd-operator]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES etcd-operator-646cbffdb6-brbn6 1/1 Running 0 12m 192.168.51.58 k8s-node3 <none> <none> example-etcd-cluster-nc8pdgjrjr 1/1 Running 0 3m3s 192.168.51.59 k8s-node3 <none> <none>
-
前面在加一个 SVC 就能够应用了