k8s operator的理解
来自https://www.katacoda.com/openshift/courses/operatorframework/etcd-operatorcat > etcd-operator-crd.yaml<<EOF# 扩展资源的组apiVersion: apiextensions.k8s.io/v1# CRDkind: CustomResourceDefinitionmeta
·
来自https://www.katacoda.com/openshift/courses/operatorframework/etcd-operator
cat > etcd-operator-crd.yaml<<EOF
# 扩展资源的组
apiVersion: apiextensions.k8s.io/v1
# CRD
kind: CustomResourceDefinition
metadata:
# 这个CRD的名字,好像没啥用
name: etcdclusters.etcd.database.coreos.com
spec:
# CRD的组
group: etcd.database.coreos.com
#
names:
kind: EtcdCluster
listKind: EtcdClusterList
plural: etcdclusters
shortNames:
- etcdclus
- etcd
singular: etcdcluster
scope: Namespaced
# 版本
version: v1beta2
versions:
- name: v1beta2
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
EOF
# etcd operator的账户()
cat > etcd-operator-sa.yaml<<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: etcd-operator-sa
EOF
# 创建一个角色,角色肯定是有权限的
cat > etcd-operator-role.yaml<<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: etcd-operator-role
rules:
- apiGroups:
- etcd.database.coreos.com
resources:
- etcdclusters
- etcdbackups
- etcdrestores
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
- persistentvolumeclaims
- events
verbs:
- '*'
- apiGroups:
- apps
resources:
- deployments
verbs:
- '*'
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
EOF
# 赋予账户角色,也就是权限
cat > etcd-operator-rolebinding.yaml<<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: etcd-operator-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: etcd-operator-role
subjects:
- kind: ServiceAccount
name: etcd-operator-sa
namespace: myproject
EOF
# 部署etcd的operator,本质上是一个deploy,但是这个deploy控制着整个etcd cluster
cat > etcd-operator-deployment.yaml<<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
name: etcdoperator
name: etcd-operator
spec:
replicas: 1
selector:
matchLabels:
name: etcd-operator
template:
metadata:
labels:
name: etcd-operator
spec:
containers:
- command:
- etcd-operator
- --create-crd=false
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: MY_POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2
imagePullPolicy: IfNotPresent
name: etcd-operator
serviceAccountName: etcd-operator-sa
EOF
cat > etcd-operator-cr.yaml<<EOF
apiVersion: etcd.database.coreos.com/v1beta2
kind: EtcdCluster
metadata:
name: example-etcd-cluster
spec:
size: 3
version: 3.1.10
EOF
自定义的一种资源类型
CRD的实例
这个实例的操作者
实际上还是变成k8s的原有的资源
比如deploy、sts、saemonset等等
CRD -> CR -> 由etcd的operator接管 -> 他去创建etcd集群
sa
|
sa和Role的绑定
|
Role
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
1
0- 0
已为社区贡献4条内容
所有评论(0)