etcd 是一个很好的例子,对于我们来说,我们只需要知道怎么把值放进去,然后怎么取出来,至于怎么认证,怎么升级,怎么管理,我们并不关心,所以,我们不关心的部分Operator帮我们管理
想要运行这个operator,首先我们要先创建一个CRD ,也就是说,Kuberntes 原生是不知道什么etcd的,也不知道该怎么帮你创建(原生支持的pod,例如你告诉kubernetes创建一个pod,它知道怎么创建,但是如果你如果什么都不做,直接让kubernetes创建一个etcd 资源,它就傻了),所以,我们首先要告诉Kubernetes 我们的etcd是怎么定义的
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
cat etcd-operator-crd.yaml apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: etcdclusters.etcd.database.coreos.com spec: group: etcd.database.coreos.com names: kind: EtcdCluster listKind: EtcdClusterList plural: etcdclusters shortNames: - etcdclus - etcd singular: etcdcluster scope: Namespaced version: v1beta2 versions: - name: v1beta2 served: true storage: true kubectl create -f etcd-operator-crd.yaml customresourcedefinition.apiextensions.k8s.io/etcdclusters.etcd.database.coreos.com created kubectl get crd NAME CREATED AT etcdclusters.etcd.database.coreos.com 2020-07-18T13:45:18Z |
然后,我们还需要一个serviceaccount , 因为我们要有权限能够运行一个etcd Operator(因为资源是新的,kubernetes也没有提前帮你分配相应的权限)
|
1 2 3 4 5 6 7 8 9 10 |
cat etcd-operator-sa.yaml apiVersion: v1 kind: ServiceAccount metadata: name: etcd-operator-sa kubectl create -f etcd-operator-sa.yaml serviceaccount/etcd-operator-sa created |
接下来,我们就要分配给我们刚刚的serviceaacount分配权限,kubernetes的权限管理RBAC之前也整理过,
role 部分(定义了谁挂载了这个role就有权限对etcdclusters ,etcdbackups,etcdresores有*的权限,当然下边还额外给了Pod ,service等权限)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
cat etcd-operator-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: etcd-operator-role rules: - apiGroups: - etcd.database.coreos.com resources: - etcdclusters - etcdbackups - etcdrestores verbs: - '*' - apiGroups: - "" resources: - pods - services - endpoints - persistentvolumeclaims - events verbs: - '*' - apiGroups: - apps resources: - deployments verbs: - '*' - apiGroups: - "" resources: - secrets verbs: - get |
|
1 2 |
kubectl create -f etcd-operator-role.yaml role.rbac.authorization.k8s.io/etcd-operator-role created |
Role binding部分(这地方把我们的serviceaccount和role绑定了)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
cat etcd-operator-rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: etcd-operator-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: etcd-operator-role subjects: - kind: ServiceAccount name: etcd-operator-sa namespace: default |
|
1 2 |
kubectl create -f etcd-operator-rolebinding.yaml rolebinding.rbac.authorization.k8s.io/etcd-operator-rolebinding created |
准备工作这里就结束了,这个时候,我们已经教会了Kubernetes 认识我们自定义的资源,这个时候我们就要把Operator启动起来,Operator就是一个pod, 这个pod会监听所有的资源创建,如果有人说自己要创建一个etcd,它就会和kubernetes说我来创建,这个pod里边写了如何备份,如何启动,如何调整集群相关的业务逻辑代码
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
cat etcd-operator-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: etcd-operator spec: selector: matchLabels: app: etcd-operator replicas: 1 template: metadata: labels: app: etcd-operator spec: containers: - name: etcd-operator image: quay.io/coreos/etcd-operator:v0.9.4 command: - etcd-operator - --create-crd=false env: - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MY_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name imagePullPolicy: IfNotPresent serviceAccountName: etcd-operator-sa |
这个就是operator pod的定义,所有核心的代码都在image 中,我们要做的就是,把这个pod 资源run起来
|
1 2 3 4 5 6 7 8 9 10 |
$kubectl create -f etcd-operator-deployment.yaml deployment.apps/etcd-operator created $kubectl get deployments NAME READY UP-TO-DATE AVAILABLE AGE brazen-bee-mysql 1/1 1 1 219d etcd-operator 0/1 1 0 12s $kubectl get pods NAME READY STATUS RESTARTS AGE brazen-bee-mysql-7c5bb846c5-krbdf 1/1 Running 1 219d etcd-operator-6f6bbc45c-wc7tn 0/1 ContainerCreating 0 21s |
这个时候,所有的准备工作就完成了,这个时候我们就可以和创建deployment一样创建一个etcd cluster了
|
1 2 3 4 5 6 7 8 9 10 11 |
$cat etcd-cluster-cr.yaml apiVersion: etcd.database.coreos.com/v1beta2 kind: EtcdCluster metadata: name: example-etcd-cluster spec: size: 3 version: 3.1.10 $kubectl create -f etcd-cluster-cr.yaml etcdcluster.etcd.database.coreos.com/example-etcd-cluster created |
Latest posts by Zhiming Zhang (see all)
- aws eks node 自动化扩展工具 Karpenter - 8月 10, 2022
- ReplicationController and ReplicaSet in Kubernetes - 12月 20, 2021
- public key fingerprint - 5月 27, 2021