关于kubernetes:28kubernetesk8s笔记-CRD

CustomResourceDefinition简介：

在 Kubernetes 中所有都可视为资源，Kubernetes 1.7 之后减少了对 CRD 自定义资源二次开发能力来扩大 Kubernetes API，通过 CRD 咱们能够向 Kubernetes API 中减少新资源类型，而不须要批改 Kubernetes 源码来创立自定义的 API server，该性能大大提高了 Kubernetes 的扩大能力。
当你创立一个新的CustomResourceDefinition (CRD)时，Kubernetes API服务器将为你指定的每个版本创立一个新的RESTful资源门路，咱们能够依据该api门路来创立一些咱们本人定义的类型资源。CRD能够是命名空间的，也能够是集群范畴的，由CRD的作用域(scpoe)字段中所指定的，与现有的内置对象一样，删除名称空间将删除该名称空间中的所有自定义对象。customresourcedefinition自身没有名称空间，所有名称空间都能够应用。

目前扩大Kubernetes API的罕用形式有3种:
应用CRD(CustomResourceDefinitions)自定义资源类型
开发自定义的APIServer并聚合至主API Server
及定制扩大API Server源码。这其中，CRD最为易用但限度颇多，自定义API Server更富于弹性但代码工作量偏大，而仅在必须增加新的外围类型能力确保专用的Kberneves集群性能失常，才应该定制零碎源码
CRD-->CRT-->CR
其中CRD与CRT个别由开发或服务供应商提供
CRD只是定义一个类型Kind，但理论把kind运行起来CR须要有Controller来对资源进行管制，所有只有定义CRD定义没有并没有实际意义，当然也能够通过定义当初kind来运行，比方deployment 通过定义 RC来运行

配置标准

apiVersion: apiextensions.k8s.io/v1 #API群组和版本kind: CustomResourceDefinition #资源类别metadata:  -name <string> #资源名称spec:  conversion <object> #定义不同版本间的格局转换形式    strategy <string># 不同版本间的自定义资源转换策略，有None和webhook两种取值    webhook <0bject>#如何调用用于进行格局转换的webhook  group <string>#资源所属的API群组  names <object># 自定义资源的类型，即该CRD创立资源标准时应用的kind    categories <[]string>#资源所属的类别编目，例如"kubectl get all"中的all    kind <string> #kind名称,必选字段    listKind <string> #资源列表名称，默认为"`kind`List"    plural <string>  #复数，用于API门路`/apis/<group>/<version>/. . ./<plural>'    shortNames <[string>#该资源的kind的缩写格局    singular <string>#资源kind的复数模式，必须应用全小写字母，默认为小写的kind名称  preserveUnknownFields <boolean> #预留的非知名字段，kind等都是出名的预留字段  scope <string> #作用域，可用值为Cluster和Namespaced  versions <[]object>#版本号定义    additionalPrinterColumns <[]0bject> #须要返回的额定信息    name <string>  #形如vM[alphaN|betaN]格局的版本名称，例如v1或vlalpha2等    schema <object> #该资源的数据格式(schema)定义，必选字段      openAPIV3Schema <object> #用于校验字段的schema对象，格局请参考相干手册    served <boolean> #是否容许通过RESTful API调度该版本，必选字段    storage <boolean> #将自定义资源存储于etcd中时是不是应用该版本    subresources <0bject>#子资源定义      scale <0bject># 启用scale子资源，通过autoscaling/v1.Scale发送负荷      status <map[string]># 启用status子资源，为资源生成/status端点

能够查看之前部署Calico创立的自定义CRD

[root@k8s-master ~]# kubectl api-resources      #查看所有资源类型NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND...  bgpconfigurations                              crd.projectcalico.org          false        BGPConfigurationbgppeers                                       crd.projectcalico.org          false        BGPPeerblockaffinities                                crd.projectcalico.org          false        BlockAffinityclusterinformations                            crd.projectcalico.org          false        ClusterInformationfelixconfigurations                            crd.projectcalico.org          false        FelixConfigurationglobalnetworkpolicies                          crd.projectcalico.org          false        GlobalNetworkPolicyglobalnetworksets                              crd.projectcalico.org          false        GlobalNetworkSethostendpoints                                  crd.projectcalico.org          false        HostEndpointipamblocks                                     crd.projectcalico.org          false        IPAMBlockipamconfigs                                    crd.projectcalico.org          false        IPAMConfigipamhandles                                    crd.projectcalico.org          false        IPAMHandleippools                                        crd.projectcalico.org          false        IPPoolkubecontrollersconfigurations                  crd.projectcalico.org          false        KubeControllersConfigurationnetworkpolicies                                crd.projectcalico.org          true         NetworkPolicynetworksets                                    crd.projectcalico.org          true         NetworkSet

查看calico的yaml文件能够看到外面很多CRD的定义

[root@k8s-master plugin]# vim calico.yaml   ...---apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:name: ippools.crd.projectcalico.orgspec:.........[root@k8s-master plugin]# kubectl get CustomResourceDefinitionNAME                                                  CREATED ATbgpconfigurations.crd.projectcalico.org               2021-08-29T14:33:24Zbgppeers.crd.projectcalico.org                        2021-08-29T14:33:24Zblockaffinities.crd.projectcalico.org                 2021-08-29T14:33:24Zclusterinformations.crd.projectcalico.org             2021-08-29T14:33:24Zfelixconfigurations.crd.projectcalico.org             2021-08-29T14:33:24Zglobalnetworkpolicies.crd.projectcalico.org           2021-08-29T14:33:24Zglobalnetworksets.crd.projectcalico.org               2021-08-29T14:33:24Zhostendpoints.crd.projectcalico.org                   2021-08-29T14:33:24Zipamblocks.crd.projectcalico.org                      2021-08-29T14:33:24Zipamconfigs.crd.projectcalico.org                     2021-08-29T14:33:24Zipamhandles.crd.projectcalico.org                     2021-08-29T14:33:24Zippools.crd.projectcalico.org                         2021-08-29T14:33:24Zkubecontrollersconfigurations.crd.projectcalico.org   2021-08-29T14:33:24Znetworkpolicies.crd.projectcalico.org                 2021-08-29T14:33:24Znetworksets.crd.projectcalico.org                     2021-08-29T14:33:25Z

示例1: 创立自定义CRD

[root@k8s-master crd]# cat crd-v1-user.yaml apiVersion: apiextensions.k8s.io/v1kind: CustomResourceDefinitionmetadata:name: users.auth.ilinux.iospec:group: auth.ilinux.ionames:  kind: User  plural: users  singular: user  shortNames:  - uscope: Namespaced  #名称空间级别versions:- served: true  storage: true  name: v1alpha1  #版本号  schema:    openAPIV3Schema:      type: object    #对字段做限度       properties:        spec:          type: object          properties:            userID:              type: integer  #整形              minimum: 1              maximum: 65535            groups :              type: array   #列表              items:                type: string            email:              type: string            password:              type: string              format: password          required: ["userID","groups"][root@k8s-master crd]# kubectl apply -f crd-v1-user.yaml [root@k8s-master crd]# kubectl api-resourcesNAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KINDbindings                                                                      true         Binding...users                             u            auth.ilinux.io                 true         User

发明自定义CRD类型

[root@k8s-master crd]# cat user-cr-demo.yaml apiVersion: auth.ilinux.io/v1alpha1kind: Usermetadata:name: adminnamespace: defaultspec:userID: 1email: test@test.comgroups:- superusers- adminstratorspassword: ikubernetes.io[root@k8s-master crd]# kubectl apply -f user-cr-demo.yaml user.auth.ilinux.io/admin created[root@k8s-master crd]# kubectl get UserNAME    AGEadmin   14s[root@k8s-master ~]# kubectl describe User adminName:         adminNamespace:    defaultLabels:       <none>Annotations:  <none>API Version:  auth.ilinux.io/v1alpha1Kind:         UserMetadata:Creation Timestamp:  2021-09-10T14:51:53ZGeneration:          1Managed Fields:  API Version:  auth.ilinux.io/v1alpha1  Fields Type:  FieldsV1  fieldsV1:    f:metadata:      f:annotations:        .:        f:kubectl.kubernetes.io/last-applied-configuration:    f:spec:      .:      f:email:      f:groups:      f:password:      f:userID:  Manager:         kubectl-client-side-apply  Operation:       Update  Time:            2021-09-10T14:51:53ZResource Version:  2583010Self Link:         /apis/auth.ilinux.io/v1alpha1/namespaces/default/users/adminUID:               5af89454-e067-4f30-83b7-cc2ad82e3526Spec:Email:  test@test.comGroups:  superusers  adminstratorsPassword:  ikubernetes.ioUser ID:   1Events:      <none>

以上定义的kind资源没Controller并不能运行成理论对象，Controller的开发须要开发来实现

示例2: etcd Operator 部署 (该我的项目已不在保护)

Operator 我的项目地址:
https://github.com/operator-f...
https://github.com/coreos/etc...
https://github.com/coreos/etc...

先装置RBAC 再装置etcd operator 再部署创立etcd集群

[root@k8s-master etcd-operator]# example/rbac/create_role.shCreating role with ROLE_NAME=etcd-operator, NAMESPACE=defaultWarning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleclusterrole.rbac.authorization.k8s.io/etcd-operator createdCreating role binding with ROLE_NAME=etcd-operator, ROLE_BINDING_NAME=etcd-operator, NAMESPACE=defaultWarning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBindingclusterrolebinding.rbac.authorization.k8s.io/etcd-operator created[root@k8s-master etcd-operator]# kubectl create -f example/deployment.yamlerror: unable to recognize "example/deployment.yaml": no matches for kind "Deployment" in version "extensions/v1beta1"#deployment版本太老批改example/deployment.yaml[root@k8s-master etcd-operator]# cat example/deployment.yamlapiVersion: apps/v1  #版本kind: Deploymentmetadata:name: etcd-operatorspec:replicas: 1selector:   #增加字段  matchLabels: name: etcd-operatortemplate:  metadata: labels:   name: etcd-operator  spec: containers: - name: etcd-operator   image: quay.io/coreos/etcd-operator:v0.9.4   command:   - etcd-operator   # Uncomment to act for resources in all namespaces. More information in doc/user/clusterwide.md   #- -cluster-wide   env:   - name: MY_POD_NAMESPACE     valueFrom:       fieldRef:         fieldPath: metadata.namespace   - name: MY_POD_NAME     valueFrom:       fieldRef:         fieldPath: metadata.name[root@k8s-master etcd-operator]# kubectl create -f example/deployment.yamldeployment.apps/etcd-operator created[root@k8s-master etcd-operator]# [root@k8s-master etcd-operator]# kubectl api-resources...etcdclusters                      etcd         etcd.database.coreos.com       true         EtcdCluster

部署创立etcd集群

[root@k8s-master etcd-operator]# cat example/example-etcd-cluster.yamlapiVersion: "etcd.database.coreos.com/v1beta2"kind: "EtcdCluster"metadata:name: "example-etcd-cluster"## Adding this annotation make this cluster managed by clusterwide operators## namespaced operators ignore it# annotations:#   etcd.database.coreos.com/scope: clusterwidespec:size: 3  #集群数理version: "3.2.13"[root@k8s-master etcd-operator]# kubectl apply -f  example/example-etcd-cluster.yamletcdcluster.etcd.database.coreos.com/example-etcd-cluster created[root@k8s-master etcd-operator]# kubectl get pod -o wideNAME                              READY   STATUS    RESTARTS   AGE    IP              NODE        NOMINATED NODE   READINESS GATESetcd-operator-646cbffdb6-brbn6    1/1     Running   0          12m    192.168.51.58   k8s-node3   <none>           <none>example-etcd-cluster-nc8pdgjrjr   1/1     Running   0          3m3s   192.168.51.59   k8s-node3   <none>           <none>

前面在加一个SVC就能够应用了