Operator-1初识Operator

Operator-1初识Operator

背景:

接触kubernetes也好多年了，开始就各种听说Operator的，但是从来没有深入了解动手写过Operator。开始体验一下简单的Operator

Operator初体验

什么是Operator?

参照：红帽官方文档什么是 Kubernetes Operator？coreos2016年引入,是一种封装、部署和管理 Kubernetes 应用的方法

crd webhook controller

开发工具:

what is crd

CRD 全称是 Custom Resource Definition, CRD是一种无需编码就可以扩展原生kubenetes API接口的方式。适合扩展kubernetes的自定义接口和功能。如果想更为灵活的添加逻辑就需要API Aggregation方式.

开始准备

kubebuilder kustomize install

[root@zhangpeng ~]# wget ~]# mv kubebuilder_linux_amd64 /usr/bin/kubebuilder [root@zhangpeng ~]# chmod +x /usr/bin/kubebuilder [root@zhangpeng ~]# kubebuilder version Version: main.version{KubeBuilderVersion:"3.5.0", KubernetesVendor:"1.24.1", GitCommit:"26d12ab1134964dbbc3f68877ebe9cf6314e926a", BuildDate:"2022-06-24T12:17:52Z", GoOs:"linux", GoArch:"amd64"}

root@zhangpeng ~]# wget ~]# tar zxvf kustomize_v4.5.5_linux_amd64.tar.gz kustomize [root@zhangpeng ~]# chmod +x kustomize [root@zhangpeng ~]# mv kustomize /usr/bin/kustomize [root@zhangpeng ~]# kustomize version {Version:kustomize/v4.5.5 GitCommit:daa3e5e2c2d3a4b8c94021a7384bfb06734bcd26 BuildDate:2022-05-20T20:25:40Z GoOs:linux GoArch:amd64}

创建并初始化项目

goland创建名为kube-oprator1的项目：

[zhangpeng@zhangpeng kube-oprator1]$ kubebuilder init --plugins go/v3 --domain zhangpeng.com --owner "zhang peng"

升级一下go版本

注意：非必须，后面是降低了kubebuilder的版本。go版本就保持1.17版本了，

[root@zhangpeng ~]# wget https://golang.google.cn/dl/go1.17.11.linux-amd64.tar.gz [root@zhangpeng ~]# tar zxvf go1.17.11.linux-amd64.tar.gz [root@zhangpeng ~]# which go /usr/go/bin/go [root@zhangpeng ~]# cd go/ [root@zhangpeng ~]# cp -Ra * /usr/go/ [root@zhangpeng go]# go version go1.17.11 linux/amd64

kubebuilder 版本3.4.1

[root@zhangpeng ~]# wget https://github.com/kubernetes-sigs/kubebuilder/releases/download/v3.4.1/kubebuilder_linux_amd64 [root@zhangpeng ~]# mv kubebuilder_linux_amd64 /usr/bin/kubebuilder mv：是否覆盖'/usr/bin/kubebuilder'？ y [root@zhangpeng ~]# chmod +x /usr/bin/kubebuilder [root@zhangpeng ~]# kubebuilder version Version: main.version{KubeBuilderVersion:"3.4.1", KubernetesVendor:"1.23.5", GitCommit:"d59d7882ce95ce5de10238e135ddff31d8ede026", BuildDate:"2022-05-06T13:58:56Z", GoOs:"linux", GoArch:"amd64"}

kubebuilder init --plugins go/v3 --domain zhangpeng.com --owner "zhang peng"

[zhangpeng@zhangpeng kube-oprator1]$ kubebuilder create api --group myapp1 --version v1 --kind Redis

注意:关于 domain group version kind对应 :

apiVersion:myapp1.zhangpeng.com/v1 kind: Redis

简单创建一个crd

以test目录下yaml文件定制crd

test/redis.yaml

apiVersion: myapp1.zhangpeng.com/v1 kind: Redis metadata: name: myapp spec: port: 1011

make install创建crd

[zhangpeng@zhangpeng kube-oprator1]$ kubectl get crd No resources found [zhangpeng@zhangpeng kube-oprator1]$ make install GOBIN=/home/zhangpeng/GolandProjects/kube-oprator1/bin go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.8.0 /home/zhangpeng/GolandProjects/kube-oprator1/bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases /home/zhangpeng/GolandProjects/kube-oprator1/bin/kustomize build config/crd | kubectl apply -f - customresourcedefinition.apiextensions.k8s.io/redis.myapp1.zhangpeng.com created [zhangpeng@zhangpeng kube-oprator1]$ kubectl get crd NAME CREATED AT redis.myapp1.zhangpeng.com 2022-06-28T06:44:52Z

关于reconcile

func (r *RedisReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { _ = log.FromContext(ctx) // TODO(user): your logic here redis := &myapp1v1.Redis{} if err := r.Get(ctx, req.NamespacedName, redis); err != nil { fmt.Println(err) } else { fmt.Println("object", redis) } return ctrl.Result{}, nil }

本地调试 make run

终端一运行

[zhangpeng@zhangpeng kube-oprator1]$ maker run

终端2运行

[zhangpeng@zhangpeng kube-oprator1]$ kubectl apply -f test/redis.yaml

初步发布到kubernetes集群

注：我的环境安装了podman，关于podman自行百度，镜像仓库使用了腾讯云镜像仓库个人版

关于Podman

[zhangpeng@zhangpeng kube-oprator1]$ podman login --username=xxxxx ccr.ccs.tencentyun.com

dockerhub加速

的特别强调一下dockerhub加速

[zhangpeng@zhangpeng kube-oprator1]$ vim /etc/containers/registries.conf

文件末尾添加了加速地址！

short-name-mode = "permissive" [[registry]] prefix="docker.io" location="pvurwzu6.mirror.aliyuncs.com"

重启podman服务

[zhangpeng@zhangpeng kube-oprator1]$ systemctl restart podman

构建发布镜像

Dockerfile文件中添加GOPROXY

ENV GOPROXY=kube-oprator1]$ make docker-build docker-push IMG=ccr.ccs.tencentyun.com/layatools/zpredis:v1

注：过程很曲折。中间有镜像下不动的科学上网了，自行脑部。如“gcr.io/distroless/static:nonroot镜像我的操作环境为rocky linux 8.5下载不动的时候我直接科学上网了......

发布方式：

[zhangpeng@zhangpeng kube-oprator1]$ make deploy IMG=ccr.ccs.tencentyun.com/layatools/zpredis:v1

make又失败了最终根据Makefile中deploy手动执行如下命令：

[zhangpeng@zhangpeng kube-oprator1]$ cd config/manager && kustomize edit set image controller=ccr.ccs.tencentyun.com/layatools/zpredis:v1 [zhangpeng@zhangpeng kube-oprator1]$ kustomize build config/default | kubectl apply -f -

[zhangpeng@zhangpeng kube-oprator1]$ kubectl get ns NAME STATUS AGE default Active 61d kube-node-lease Active 61d kube-oprator1-system Active 25h kube-public Active 61d kube-system Active 61d zhangpeng1 Active 8d [zhangpeng@zhangpeng kube-oprator1]$ kubectl get pods -n kube-oprator1-system

CRD自定义资源简单验证

以test/redis.yaml为例

apiVersion: myapp1.zhangpeng.com/v1 kind: Redis metadata: name: myapp spec: port: 1011

// +kubebuilder:validation:Minimum:=1024 // +kubebuilder:validation:Maximum:=10240

[zhangpeng@zhangpeng kube-oprator1]$ ./bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases [zhangpeng@zhangpeng kube-oprator1]$ kustomize build config/crd | kubectl apply -f -

[zhangpeng@zhangpeng kube-oprator1]$ kubectl get crd redis.myapp1.zhangpeng.com -o yaml

[zhangpeng@zhangpeng kube-oprator1]$ kubectl delete -f test/redis.yaml [zhangpeng@zhangpeng kube-oprator1]$ kubectl apply -f test/redis.yaml

apiVersion: myapp1.zhangpeng.com/v1 kind: Redis metadata: name: myapp spec: port: 1024

[zhangpeng@zhangpeng cert]$ kubectl get pods -A|grep cert cert-manager cert-manager-677874db78-zcm6l 1/1 Running 0 14m cert-manager cert-manager-cainjector-6c5bf7b759-mf4gf 1/1 Running 0 14m cert-manager cert-manager-webhook-5685fdbc4b-ncrxl 1/1 Running 0 14m

webhook简单测试

简单准入控制器webhook create

[zhangpeng@zhangpeng kube-oprator1]$ kubebuilder create webhook --group myapp1 --version v1 --kind Redis --defaulting --programmatic-validation

func (r *Redis) ValidateCreate() error { redislog.Info("validate create", "name", r.Name) if r.Name == "zhangpeng" { return errors.New("error name") } // TODO(user): fill in your validation logic upon object creation. return nil }

证书管理cert-manager:

[zhangpeng@zhangpeng cert]$ pwd /home/zhangpeng/cert [zhangpeng@zhangpeng cert]$ wget https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml [zhangpeng@zhangpeng cert]$ kubectl apply -f cert-manager.yaml [zhangpeng@zhangpeng cert]$ kubectl get pods -A|grep cert

修改文件

删除crd

make uninstall可以不过我的make总是失败......直接删除了！

[zhangpeng@zhangpeng kube-oprator1]$kubectl delete crd redis.myapp1.zhangpeng.com

打包镜像发布

打包发布镜像，其实最好应该修改一个镜像标签tag，这里就演示 就先这样了！make install 也不能用不知道那里有问题了 直接复制Makefile中的命令了！构建镜像并发布镜像！

[zhangpeng@zhangpeng kube-oprator1]$ ./bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases [zhangpeng@zhangpeng kube-oprator1]$ kustomize build config/crd | kubectl apply -f - customresourcedefinition.apiextensions.k8s.io/redis.myapp1.zhangpeng.com configured [zhangpeng@zhangpeng kube-oprator1]$ make docker-build docker-push IMG=ccr.ccs.tencentyun.com/layatools/zpredis:v1 [zhangpeng@zhangpeng kube-oprator1]$ make deploy IMG=ccr.ccs.tencentyun.com/layatools/zpredis:v1

[zhangpeng@zhangpeng kube-oprator1]$ cd config/manager && kustomize edit set image controller=ccr.ccs.tencentyun.com/layatools/zpredis:v1 [zhangpeng@zhangpeng kube-oprator1]$ kustomize build config/default | kubectl apply -f -

总结：

1.注意开发工具之间版本的匹配2.make 失败时候看一下Makefile中相关命令可以手动运行一下3.资源的清理，本地调试模式4.接下来准备设计一个简单的Operator?

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。