Operator-1初识Operator

Posted saynaihe

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Operator-1初识Operator相关的知识,希望对你有一定的参考价值。

背景:

接触kubernetes也好多年了,开始就各种听说Operator的,但是从来没有深入了解动手写过Operator。开始体验一下简单的Operator

Operator初体验

什么是Operator?

参照:红帽官方文档什么是 Kubernetes Operator?
**coreos2016年引入,**是一种封装、部署和管理 Kubernetes 应用的方法

  1. crd webhook controller

开发工具:

what is crd

**CRD **全称是 Custom Resource Definition, CRD是一种无需编码就可以扩展原生kubenetes API接口的方式。适合扩展kubernetes的自定义接口和功能。如果想更为灵活的添加逻辑就需要API Aggregation方式.

开始准备

常用的开发工具有一下几种:

我的开发工具 包括goland kubebuilder kustomize,kubernetes1.23.6,工作环境rocky linux 8.5 go 1.17
注意:一定看一下go 版本 与开发工具对应版本,以及与kubernetes的版本

kubebuilder kustomize install

https://github.com/kubernetes-sigs/kubebuilder/releases

[root@zhangpeng ~]# wget https://github.com/kubernetes-sigs/kubebuilder/releases/download/v3.5.0/kubebuilder_linux_amd64


[root@zhangpeng ~]# mv kubebuilder_linux_amd64 /usr/bin/kubebuilder
[root@zhangpeng ~]# chmod +x /usr/bin/kubebuilder
[root@zhangpeng ~]# kubebuilder version
Version: main.versionKubeBuilderVersion:"3.5.0", KubernetesVendor:"1.24.1", GitCommit:"26d12ab1134964dbbc3f68877ebe9cf6314e926a", BuildDate:"2022-06-24T12:17:52Z", GoOs:"linux", GoArch:"amd64"

root@zhangpeng ~]# wget https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv4.5.5/kustomize_v4.5.5_linux_amd64.tar.gz



[root@zhangpeng ~]# tar zxvf kustomize_v4.5.5_linux_amd64.tar.gz 
kustomize
[root@zhangpeng ~]# chmod +x kustomize
[root@zhangpeng ~]# mv kustomize /usr/bin/kustomize
[root@zhangpeng ~]# kustomize version
Version:kustomize/v4.5.5 GitCommit:daa3e5e2c2d3a4b8c94021a7384bfb06734bcd26 BuildDate:2022-05-20T20:25:40Z GoOs:linux GoArch:amd64

创建并初始化项目

goland创建名为kube-oprator1的项目:


终端执行一下命令:

[zhangpeng@zhangpeng kube-oprator1]$ kubebuilder init --plugins go/v3 --domain zhangpeng.com --owner "zhang peng"

貌似提示我go版本过低?(go版本 1.17.6我的是)

升级一下go版本

注意:非必须,后面是降低了kubebuilder的版本。go版本就保持1.17版本了,

浏览器打开https://golang.google.cn/dl/ go下载页面,选择1.17最新版本下载并替换本地GO版本!

[root@zhangpeng ~]# wget https://golang.google.cn/dl/go1.17.11.linux-amd64.tar.gz
[root@zhangpeng ~]# tar zxvf go1.17.11.linux-amd64.tar.gz
[root@zhangpeng ~]# which go
/usr/go/bin/go
[root@zhangpeng ~]# cd go/
[root@zhangpeng ~]# cp -Ra * /usr/go/
[root@zhangpeng go]# go version go1.17.11 linux/amd64

。。。。貌似还是报错,仔细看了一眼https://github.com/kubernetes-sigs/kubebuilder/releases我还是换个kubebuilder版本吧…

kubebuilder 版本3.4.1

[root@zhangpeng ~]# wget https://github.com/kubernetes-sigs/kubebuilder/releases/download/v3.4.1/kubebuilder_linux_amd64
[root@zhangpeng ~]# mv kubebuilder_linux_amd64 /usr/bin/kubebuilder
mv:是否覆盖'/usr/bin/kubebuilder'? y
[root@zhangpeng ~]# chmod +x /usr/bin/kubebuilder 
[root@zhangpeng ~]# kubebuilder version
Version: main.versionKubeBuilderVersion:"3.4.1", KubernetesVendor:"1.23.5", GitCommit:"d59d7882ce95ce5de10238e135ddff31d8ede026", BuildDate:"2022-05-06T13:58:56Z", GoOs:"linux", GoArch:"amd64"

kubebuilder init --plugins go/v3 --domain zhangpeng.com --owner "zhang peng"


生成目录结构如下:

重点关注一下config/default/ kustomization.yaml文件:

现在能看懂的配置,命名空间!我这里就不修改了采用默认的配置!

 [zhangpeng@zhangpeng kube-oprator1]$ kubebuilder create api --group myapp1 --version v1 --kind Redis


目录结构如下

注意:关于 domain group version kind对应 :

apiVersion:myapp1.zhangpeng.com/v1
kind: Redis

简单创建一个crd

api/v1/redis_type.go


随手演示删除Foo字段,添加一个Port字段,设置port字段为int类型!

以test目录下yaml文件定制crd

test/redis.yaml

apiVersion: myapp1.zhangpeng.com/v1
kind: Redis
metadata:
  name: myapp
spec:
  port: 1011

make install创建crd

[zhangpeng@zhangpeng kube-oprator1]$ kubectl get crd
No resources found
[zhangpeng@zhangpeng kube-oprator1]$ make install 
GOBIN=/home/zhangpeng/GolandProjects/kube-oprator1/bin go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.8.0
/home/zhangpeng/GolandProjects/kube-oprator1/bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
/home/zhangpeng/GolandProjects/kube-oprator1/bin/kustomize build config/crd | kubectl apply -f -
customresourcedefinition.apiextensions.k8s.io/redis.myapp1.zhangpeng.com created
[zhangpeng@zhangpeng kube-oprator1]$ kubectl get crd
NAME                         CREATED AT
redis.myapp1.zhangpeng.com   2022-06-28T06:44:52Z

关于reconcile

controllers/redis_controller.go
关于reconcile就先不求甚解了

func (r *RedisReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) 
	_ = log.FromContext(ctx)

	// TODO(user): your logic here
	redis := &myapp1v1.Redis
	if err := r.Get(ctx, req.NamespacedName, redis); err != nil 
		fmt.Println(err)
	 else 
		fmt.Println("object", redis)
	

	return ctrl.Result, nil

本地调试 make run

终端一运行

[zhangpeng@zhangpeng kube-oprator1]$ maker run

终端2运行

 
 [zhangpeng@zhangpeng kube-oprator1]$ kubectl apply -f test/redis.yaml

观察终端1 得到如下输出:

初步发布到kubernetes集群

注:我的环境安装了podman,关于podman自行百度,镜像仓库使用了腾讯云镜像仓库个人版

关于Podman

先修改docker构建命令为podman!

podman login将密码记住…基本跟docker的使用方法差不多

[zhangpeng@zhangpeng kube-oprator1]$ podman login --username=xxxxx ccr.ccs.tencentyun.com

dockerhub加速

的特别强调一下dockerhub加速

[zhangpeng@zhangpeng kube-oprator1]$  vim /etc/containers/registries.conf

文件末尾添加了加速地址!

short-name-mode = "permissive"
[[registry]]
prefix="docker.io"
location="pvurwzu6.mirror.aliyuncs.com"

重启podman服务

[zhangpeng@zhangpeng kube-oprator1]$  systemctl restart podman

构建发布镜像

Dockerfile文件中添加GOPROXY

ENV GOPROXY=https://goproxy.io

[zhangpeng@zhangpeng kube-oprator1]$ make docker-build docker-push IMG=ccr.ccs.tencentyun.com/layatools/zpredis:v1


顺便发现腾讯云个人仓库一个不显示OCI-Image大小的bug…

注:过程很曲折。中间有镜像下不动的科学上网了,自行脑部。如“gcr.io/distroless/static:nonroot镜像我的操作环境为rocky linux 8.5下载不动的时候我直接科学上网了…

发布方式:

[zhangpeng@zhangpeng kube-oprator1]$ make deploy IMG=ccr.ccs.tencentyun.com/layatools/zpredis:v1

make又失败了最终根据Makefile中deploy手动执行如下命令:

[zhangpeng@zhangpeng kube-oprator1]$ cd config/manager &&  kustomize edit set image controller=ccr.ccs.tencentyun.com/layatools/zpredis:v1
[zhangpeng@zhangpeng kube-oprator1]$ kustomize build config/default | kubectl apply -f -

注意:两条命令都是在kube-oprator1项目根目录下执行的!


默认命名空间没有修改查看kube-oprator1-system namespace命名空间下pod状态!

[zhangpeng@zhangpeng kube-oprator1]$ kubectl get ns
NAME                   STATUS   AGE
default                Active   61d
kube-node-lease        Active   61d
kube-oprator1-system   Active   25h
kube-public            Active   61d
kube-system            Active   61d
zhangpeng1             Active   8d
[zhangpeng@zhangpeng kube-oprator1]$ kubectl get pods -n kube-oprator1-system

理论上pod是没有部署成功的,原因如下:gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0无法下载…我是用的苯方法,rocky开发机科学上网下载镜像上传到腾讯与镜像仓库,然后pull镜像到kuberntes机器work节点。当然了work节点我只有一个测试环境还好~

等待pod running
![2022-06-28 18-37-36 的屏幕截图.png](https://img-blog.csdnimg.cn/img_convert/6356251f346968c2c97e3b7d1fde6f03.png#clientId=ub51769ba-e43b-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=1080&id=u662c269c&margin=[object Object]&name=2022-06-28 18-37-36 的屏幕截图.png&originHeight=1080&originWidth=1920&originalType=binary&ratio=1&rotation=0&showTitle=false&size=401372&status=done&style=none&taskId=udb83bfae-5178-4cb9-b80b-69149556300&title=&width=1920)

CRD自定义资源简单验证

以test/redis.yaml为例

apiVersion: myapp1.zhangpeng.com/v1
kind: Redis
metadata:
  name: myapp
spec:
  port: 1011

参照https://book.kubebuilder.io/reference/markers/crd-validation.html 就设置一下port的范围!
![image.png](https://img-blog.csdnimg.cn/img_convert/26c5c9b02405f7a4c0051c5ec38d8781.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=690&id=ude6a2424&margin=[object Object]&name=image.png&originHeight=690&originWidth=1190&originalType=binary&ratio=1&rotation=0&showTitle=false&size=160211&status=done&style=none&taskId=ue1c6d085-8c10-454e-907f-263c651408a&title=&width=1190)

	// +kubebuilder:validation:Minimum:=1024
	// +kubebuilder:validation:Maximum:=10240

![image.png](https://img-blog.csdnimg.cn/img_convert/4ed45c6945e72427796a66e7a9d03391.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=609&id=u404ea746&margin=[object Object]&name=image.png&originHeight=609&originWidth=1595&originalType=binary&ratio=1&rotation=0&showTitle=false&size=152043&status=done&style=none&taskId=u3dd763de-8994-4327-8081-12232d8e202&title=&width=1595)

make install 依然失败!还是手动命令了
注:这个地方我做错了好几次,原因是我以为make install =kustomize build config/crd | kubectl apply -f -,仔细看了一眼Makefile:
![image.png](https://img-blog.csdnimg.cn/img_convert/923f55cd4892713daf6c106b2d58f851.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=707&id=u934c8d85&margin=[object Object]&name=image.png&originHeight=707&originWidth=1089&originalType=binary&ratio=1&rotation=0&showTitle=false&size=76038&status=done&style=none&taskId=uce144566-570c-4f1b-acfc-6c5b8bfe1d3&title=&width=1089)
包含manifests的步骤,尝试了一下果然如此!

[zhangpeng@zhangpeng kube-oprator1]$ ./bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases

[zhangpeng@zhangpeng kube-oprator1]$ kustomize build config/crd | kubectl apply -f -

![image.png](https://img-blog.csdnimg.cn/img_convert/99a23ced0c143576224ec6da380e1929.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=744&id=uca412a24&margin=[object Object]&name=image.png&originHeight=744&originWidth=1325&originalType=binary&ratio=1&rotation=0&showTitle=false&size=176406&status=done&style=none&taskId=u8932aa22-949b-475c-ac9b-f3442bb1c91&title=&width=1325)

[zhangpeng@zhangpeng kube-oprator1]$ kubectl get crd redis.myapp1.zhangpeng.com -o yaml

![2N5nbJSMqC.png](https://img-blog.csdnimg.cn/img_convert/eba07e9b4a84e70bdd6394cc823a856d.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=853&id=ucc65a158&margin=[object Object]&name=2N5nbJSMqC.png&originHeight=853&originWidth=768&originalType=binary&ratio=1&rotation=0&showTitle=false&size=113474&status=done&style=none&taskId=u48d18705-ece6-4eb6-90cb-0f2ea683f61&title=&width=768)

[zhangpeng@zhangpeng kube-oprator1]$ kubectl delete -f test/redis.yaml
[zhangpeng@zhangpeng kube-oprator1]$ kubectl apply -f test/redis.yaml

得到如下输出:端口小于1024无法创建成功
![6bpr7hgcdQ.png](https://img-blog.csdnimg.cn/img_convert/c13718d6ff8e0a52f6e4ed676ebabbd3.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=748&id=u232fe551&margin=[object Object]&name=6bpr7hgcdQ.png&originHeight=748&originWidth=1037&originalType=binary&ratio=1&rotation=0&showTitle=false&size=122478&status=done&style=none&taskId=ucf5e9a7f-8ae9-41d3-b9d2-eca906a1549&title=&width=1037)
修改 test/redis.yaml port: 1024

apiVersion: myapp1.zhangpeng.com/v1
kind: Redis
metadata:
  name: myapp
spec:
  port: 1024

![wrUgeuqwvC.png](https://img-blog.csdnimg.cn/img_convert/f889daae1353a2fbb6190a362d5f4337.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=754&id=u984c44b4&margin=[object Object]&name=wrUgeuqwvC.png&originHeight=754&originWidth=1044&originalType=binary&ratio=1&rotation=0&showTitle=false&size=152999&status=done&style=none&taskId=uc047c700-5f51-4178-b35e-af21970137f&title=&width=1044)

[zhangpeng@zhangpeng cert]$ kubectl get pods -A|grep cert
cert-manager           cert-manager-677874db78-zcm6l                       1/1     Running            0                  14m
cert-manager           cert-manager-cainjector-6c5bf7b759-mf4gf            1/1     Running            0                  14m
cert-manager           cert-manager-webhook-5685fdbc4b-ncrxl               1/1     Running            0                  14m

webhook简单测试

简单准入控制器webhook create

[zhangpeng@zhangpeng kube-oprator1]$ kubebuilder create webhook --group myapp1 --version v1 --kind Redis --defaulting --programmatic-validation

![bVzxTxybrI.png](https://img-blog.csdnimg.cn/img_convert/1addf81309df3aa094487e9abdb5e6cc.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=267&id=uef085f6a&margin=[object Object]&name=bVzxTxybrI.png&originHeight=267&originWidth=1398&originalType=binary&ratio=1&rotation=0&showTitle=false&size=46492&status=done&style=none&taskId=u95dfe770-87c3-4355-8fbf-8f349a97669&title=&width=1398)
kube-oprator1 api/v1目录下增加了webhook的相关文件,做了一个简单的验证** name=zhangpeng**
![image.png](https://img-blog.csdnimg.cn/img_convert/6f4ee354bad9728c86b1230577940766.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=540&id=ueeb1c940&margin=[object Object]&name=image.png&originHeight=540&originWidth=1520&originalType=binary&ratio=1&rotation=0&showTitle=false&size=152963&status=done&style=none&taskId=u829d2515-2359-49e3-be51-c1635b9af84&title=&width=1520)

func (r *Redis) ValidateCreate() error 
	redislog.Info("validate create", "name", r.Name)
	if r.Name == "zhangpeng" 
		return errors.New("error name")
	

	// TODO(user): fill in your validation logic upon object creation.
	return nil

证书管理cert-manager:

访问https://github.com/cert-manager/cert-manager/releases下载页面,1.19.0是alpha版本 我用了1.18.2的版本!
![image.png](https://img-blog.csdnimg.cn/img_convert/f17188937624ce3bc61b0f9e419ad069.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=918&id=u65b6218c&margin=[object Object]&name=image.png&originHeight=918&originWidth=1583&originalType=binary&ratio=1&rotation=0&showTitle=false&size=201808&status=done&style=none&taskId=ucdc240b8-b0c1-47ce-a3de-6f9514db182&title=&width=1583)

[zhangpeng@zhangpeng cert]$ pwd
/home/zhangpeng/cert
[zhangpeng@zhangpeng cert]$ wget https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml
[zhangpeng@zhangpeng cert]$ kubectl apply -f cert-manager.yaml
[zhangpeng@zhangpeng cert]$ kubectl get pods -A|grep cert

![2022-06-28 19-50-45 的屏幕截图.png](https://img-blog.csdnimg.cn/img_convert/477c16627686588f94cede4470f5ad54.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=1080&id=u5af0ab60&margin=[object Object]&name=2022-06-28 19-50-45 的屏幕截图.png&originHeight=1080&originWidth=1920&originalType=binary&ratio=1&rotation=0&showTitle=false&size=289747&status=done&style=none&taskId=uac530b1f-2726-4f52-9aad-d2599e3c7d9&title=&width=1920)
![2022-06-28 19-53-21 的屏幕截图.png](https://img-blog.csdnimg.cn/img_convert/6f25f2d1b237d799e591dc6ee38d810c.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=1080&id=ue18841ef&margin=[object Object]&name=2022-06-28 19-53-21 的屏幕截图.png&originHeight=1080&originWidth=1920&originalType=binary&ratio=1&rotation=0&showTitle=false&size=292040&status=done&style=none&taskId=ue5eb8b65-50c5-436d-84f0-7c04f01b2a2&title=&width=1920)
注意:镜像依然要科学上网下载

修改文件

config/default/kustomization.yaml下箭头标注部分解开注释
![image.png](https://img-blog.csdnimg.cn/img_convert/5346da796d8075237936f6d832f9c753.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=482&id=u7c4c11c7&margin=[object Object]&name=image.png&originHeight=482&originWidth=1461&originalType=binary&ratio=1&rotation=0&showTitle=false&size=131903&status=done&style=none&taskId=uda056b43-1250-4d7a-9eb8-ea973c70e38&title=&width=1461)
![image.png](https://img-blog.csdnimg.cn/img_convert/3ccce2beacb9b6f27454ddcdb889b882.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=912&id=u04d8884d&margin=[object Object]&name=image.png&originHeight=912&originWidth=1532&originalType=binary&ratio=1&rotation=0&showTitle=false&size=251152&status=done&style=none&taskId=ucfd362dd-5a56-4362-b89a-7c6ea439da1&title=&width=1532)
**config/manager/manager.yaml **
![k4tZYzr46h.png](https://img-blog.csdnimg.cn/img_convert/adabca3031141c9ba67d5865b82a5a5b.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=698&id=uef8df943&margin=[object Object]&name=k4tZYzr46h.png&originHeight=698&originWidth=1013&originalType=binary&ratio=1&rotation=0&showTitle=false&size=114564&status=done&style=none&taskId=uaf51e6e8-dc9d-46f8-8c4f-c7f85207df3&title=&width=1013)

删除crd

make uninstall可以不过我的make总是失败…直接删除了!

[zhangpeng@zhangpeng kube-oprator1]$kubectl delete crd redis.myapp1.zhangpeng.com

![ekWrnYeRSP.png](https://img-blog.csdnimg.cn/img_convert/b6225fe70de4f7b2cb268907a67f6c7e.png#clientId=u628892ab-8527-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=372&id=u6df3b313&margin=[object Object]&name=ekWrnYeRSP.png&originHeight=372&originWidth=977&originalType=binary&ratio=1&rotation=0&showTitle=false&size=69381&status=done&style=none&taskId=u736c21a8-7620-432a-a9d9-4fd15dbf5b6&title=&width=977)

打包镜像发布

打包发布镜像,其实最好应该修改一个镜像标签tag,这里就演示 就先这样了!make install 也不能用不知道那里有问题了 直接复制Makefile中的命令了!构建镜像并发布镜像!

[zhangpeng@zhangpeng kube-oprator1]$ ./bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
[zhangpeng@zhangpeng kube-oprator1]$ kustomize build config/crd  | kubectl apply -f -
customresourcedefinition.apiextensions.k8s.io/redis.myapp1.zhangpeng.com configured

[zhangpeng@zhangpeng kube-oprator1]$ make docker-build docker-push IMG=ccr.ccs.tencentyun.com/layatools/zpredis:v1
[zhangpeng@zhangpeng kube-oprator1]$ make deploy IMG=ccr.ccs.tencentyun.com/layatools/zpredis:v1


[zhangpeng@zhangpeng kube-oprator1]$ cd config/manager && kustomize edit set image controller=ccr.ccs.tencentyun.com/layatools/zpredis:v1
[zhangpeng@zhangpeng kube-oprator1]$ kustomize build config/default | kubectl apply -f -



恩修改成zhangpeng1

创建成功了?看一下make run,but make run无法运行了?

本地调试模式注释掉main.go SetupWebhookWithManager


总结:

1.注意开发工具之间版本的匹配
2.make 失败时候看一下Makefile中相关命令可以手动运行一下
3.资源的清理,本地调试模式
4.接下来准备设计一个简单的oprator?

以上是关于Operator-1初识Operator的主要内容,如果未能解决你的问题,请参考以下文章

Operator3-设计一个operator

Operator3-设计一个operator

Operator3-设计一个operator

Operator3-设计一个operator

Operator-2从pod开始简单operator

Operator-2从pod开始简单operator