超级操作员在 Kubernetes 中

huangapple go评论79阅读模式
英文:

Super-Operator In Kubernetes

问题

我需要自动化在Kubernetes中配置一个复杂的应用程序。这是一个复杂的、多步骤的过程,涉及到一些集群范围的资源和一些特定于应用程序的资源。集群范围的资源包括:

  • Istio
  • 几个运算符(例如证书管理器、Prometheus运算符、Postgres运算符等)

然后,我想创建一个应用程序(我们称之为 Foo),它利用 Istio 和前面提到的运算符。它将创建有状态集、服务、证书、一个 Postgres 数据库、Istio 网关、Prometheus PodMonitors 等。

将会创建多个 Foo,每个配置不同(因为 Kubernetes 集群将用于提供 Foo 应用作为多租户服务)。

如何以惯用的方式实现这一点?我认为我应该编写一个 Foo 控制器,假设 Istio 和其他运算符(Prometheus、证书管理器、Postgres 等)已经存在。

是否可以编写一个元 ClusterOfFoos 运算符,用于安装 Istio、安装所需的运算符,然后安装 Foo 控制器?

如果可以的话,如何从控制器中进行运算符的配置(通常通过 Helm 安装)?

到目前为止,我已经尝试使用 Helm 来做到这一点,但有太多的依赖关系,Helm 往往会一次性创建所有资源,这会导致一些操作失败(例如,当部署引用尚未由证书管理器创建的密钥时)。

英文:

I need to automate the provisioning of a complex application in Kubernetes. It's a complex, multi-step process that involves provisioning of some cluster-wide resources and some app-specific resources. The cluster-wide resources are:

  • Istio
  • A few Operators (Cert Manager, Prometheus Operator, Postgres Operator, among others)

Then I want to create an application (let's call it Foo) which leverages Istio and the aforementioned operators. It will create statefulsets, services, Certificates, a Postgres database, Istio gateways, Prometheus PodMonitors, etc.

There will be multiple Foo's created, each configured differently (since the Kubernetes cluster will be used to provide Foo applications as a multi-tenant service).

What's the idiomatic way to do this? I think I should write a Foo controller which assumes that Istio and the other operators (prometheus, cert-manager, postgres, etc) already exist.

Is it possible to write a meta ClusterOfFoos operator that installs Istio, installs the required operators, and then installs the Foo controller?

If so, how does one go about provisioning operators (normally installed through Helm) from within a controller?

So far I have looked into using helm to do this, but there are too many dependencies and Helm just tends to create all resources at once, which makes some things fail (eg. when a deployment refers to a Secret that hasn't yet been created by cert-manager).

答案1

得分: 1

Operator Lifecycle Manager非常适合这项任务。

当您创建操作员Foo时,您可以通过创建一个捆绑包来以OLM方式打包它,其中包含了ClusterServiceVersion ,用于通知OLM需要在安装之前和升级期间解析的依赖关系。这些可以只是您需要的API列表 - OLM将找到并安装拥有每个API的最新版本的操作员集。

所有您的依赖关系都是在Operatorhub.io Catalog中提供的操作员,因此它们在您安装OLM后立即可用于安装和解析依赖关系。

您还可以通过将这些对象包含在捆绑包本身中来配置某些依赖关系。根据文档,截止到这篇文章发布时,支持以下对象:

Secret
ClusterRole
ClusterRoleBinding
ConfigMap
ServiceAccount
Service
Role
RoleBinding
PrometheusRule
ServiceMonitor
PodDisruptionBudget
PriorityClasse
VerticalPodAutoscaler
ConsoleYAMLSample
ConsoleQuickStart
ConsoleCLIDownload
ConsoleLink

Operator SDK可以帮助您引导捆绑包。

英文:

The Operator Lifecycle Manager is really well suited for the task.

When you create operator Foo, you can package it in the OLM way by creating a bundle which contains the ClusterServiceVersion needed to inform OLM of dependencies that need to be resolved before install and during upgrades. These can just be a list of APIs you need - and OLM will find and install the set of latest versions of the operators that own each API.

All your dependencies are operators available in the Operatorhub.io Catalog so they are available for install and dependency resolution as soon as you install OLM.

You can also configure certain dependencies by including these objects in the bundle itself. According to the docs, the following objects are supported as of the time of this post:

Secret
ClusterRole
ClusterRoleBinding
ConfigMap
ServiceAccount
Service
Role
RoleBinding
PrometheusRule
ServiceMonitor
PodDisruptionBudget
PriorityClasse
VerticalPodAutoscaler
ConsoleYAMLSample
ConsoleQuickStart
ConsoleCLIDownload
ConsoleLink

The Operator SDK can help you with bootstrapping the bundle.

答案2

得分: 0

使用GitOps工作流,您可以自动化Kubernetes中的复杂应用程序。

  • 您需要在YAML文件中定义集群范围的资源和特定于应用程序的资源。
  • 通过使用GitOps工具,您可以持续部署Kubernetes资源,它们将自动在集群中部署更改。
  • 使用Helm图表安装Istio,并确保Helm图表中的依赖项按顺序创建。
  • 您可以通过FOO创建自定义控制器,它可以读取YAML文件的配置。
  • 使用Kubernetes CRD来定义每个FOO的配置;它们将允许您创建针对每个应用程序特定的自定义资源。
  • 通过使用Helm;它将从CRD中读取配置并生成正确的YAML值。

上述描述的方法将允许您使用不同配置创建多个FOO应用程序,并确保所需的资源按正确顺序安装。

您可以查看来自Codefresh有关 GitOps工作流 的文章以及官方 Kubernetes页面
您还可以查看 处理多个应用程序和环境 以及Argo CD 如何在这种情况下非常有用。

英文:

By using GitOps workflow you can automate complex applications in Kubernetes.

  • You need to define cluster-wide resources and application specific resources in a YAML file.
  • By using GitOps tools you can continuously deploy kubernetes resources and they will automatically deploy the changes in the cluster.
  • Use Helm chart to install Istio and make sure dependencies in the Helm chart are created in order.
  • You can create a custom controller by FOO where it can read configuration of YAML files.
  • Use kubernetes CRDs to define configuration of each FOO; they will allow you to create custom resources which are specific for each application.
  • By using Helm; it will read the configuration from the CRD and generate correct YAML values.

The above described approach will allow you to create multiple FOO applications with different configurations and ensure that the required resources are installed in correct order.

You can check this article from codefresh regarding GitOps Workflow and official kubernetes page.
You can also check Working with Multiple Applications and Environments and how Argo CD is useful for this scenario.

huangapple
  • 本文由 发表于 2023年2月20日 00:38:09
  • 转载请务必保留本文链接:https://go.coder-hub.com/75501687.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定