k8s operator的理解

原创 于 2021-03-31 00:23:24 发布 · 912 阅读 · 2 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#kubernetes

该博客介绍了如何在Kubernetes环境中使用Etcd Operator创建和管理Etcd集群。首先,通过定义CRD(Custom Resource Definition)扩展了Kubernetes的资源类型,然后创建了Service Account、Role和RoleBinding来授予必要的权限。接着,部署了Etcd Operator的Deployment,该Deployment负责响应CRD实例(EtcdCluster)并自动化创建和管理Etcd集群。最后,创建了一个EtcdCluster的实例作为CRD的示例。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

来自https://www.katacoda.com/openshift/courses/operatorframework/etcd-operator

cat > etcd-operator-crd.yaml<<EOF
# 扩展资源的组
apiVersion: apiextensions.k8s.io/v1
# CRD
kind: CustomResourceDefinition
metadata:
# 这个CRD的名字,好像没啥用
  name: etcdclusters.etcd.database.coreos.com
spec:
# CRD的组
  group: etcd.database.coreos.com
#   
  names:
    kind: EtcdCluster
    listKind: EtcdClusterList
    plural: etcdclusters
    shortNames:
    - etcdclus
    - etcd
    singular: etcdcluster
  scope: Namespaced
# 版本  
  version: v1beta2
  versions:
  - name: v1beta2
    schema:
      openAPIV3Schema:
        type: object
        x-kubernetes-preserve-unknown-fields: true
    served: true
    storage: true
EOF

# etcd operator的账户()
cat > etcd-operator-sa.yaml<<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: etcd-operator-sa
EOF

# 创建一个角色,角色肯定是有权限的
cat > etcd-operator-role.yaml<<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: etcd-operator-role
rules:
- apiGroups:
  - etcd.database.coreos.com
  resources:
  - etcdclusters
  - etcdbackups
  - etcdrestores
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - pods
  - services
  - endpoints
  - persistentvolumeclaims
  - events
  verbs:
  - '*'
- apiGroups:
  - apps
  resources:
  - deployments
  verbs:
  - '*'
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
EOF

# 赋予账户角色,也就是权限
cat > etcd-operator-rolebinding.yaml<<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: etcd-operator-rolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: etcd-operator-role
subjects:
- kind: ServiceAccount
  name: etcd-operator-sa
  namespace: myproject
EOF


# 部署etcd的operator,本质上是一个deploy,但是这个deploy控制着整个etcd cluster
cat > etcd-operator-deployment.yaml<<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    name: etcdoperator
  name: etcd-operator
spec:
  replicas: 1
  selector:
    matchLabels:
      name: etcd-operator
  template:
    metadata:
      labels:
        name: etcd-operator
    spec:
      containers:
      - command:
        - etcd-operator
        - --create-crd=false
        env:
        - name: MY_POD_NAMESPACE
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
        - name: MY_POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2
        imagePullPolicy: IfNotPresent
        name: etcd-operator
      serviceAccountName: etcd-operator-sa
EOF



cat > etcd-operator-cr.yaml<<EOF
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdCluster
metadata:
  name: example-etcd-cluster
spec:
  size: 3
  version: 3.1.10
EOF


自定义的一种资源类型
    CRD的实例
	            这个实例的操作者
										实际上还是变成k8s的原有的资源
										比如deploy、sts、saemonset等等
CRD -> CR -> 由etcd的operator接管 -> 他去创建etcd集群
                 sa
				  |
				 sa和Role的绑定
				  |
				 Role
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值