Shulou(Shulou.com)06/01 Report--

Editor to share with you how to expand Kubernetes in Operator, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

What extension points does Kubernetes have?

Kubernetes is a portable, extensible, open source platform for managing containerized workloads and services that facilitate declarative configuration and automation. Kubernetes has a large and fast-growing ecosystem. Kubernetes services, support, and tools are widely available [^ 1].

Although Kubernetes is now the de facto standard for container choreography, and its own features are very rich and flexible, it can not meet everyone's needs. When the capabilities provided by Kubernetes can not meet our needs, we can make use of its powerful expansion capabilities to customize.

So the question is: what extension points does Kubernetes have?

Kubernate extension

As shown in the figure above, when running from the client to the underlying container, Kubernetes has reserved extension points for us in most places, and we look at it from top to next.

1. Kubectl

Kubectl is the most common client tool we use to interact with Kubernetes. Common operation and maintenance operations are completed through kubectl. Kubectl provides us with a plug-in mechanism to facilitate expansion.

The kubectl plug-in is actually any executable file prefixed with kubectl-. When executing the kubectl plug-in, you can run the plug-in in the way of the kubectl plug-in name parameter.

Just as Ubuntu uses apt management software and mac can use brew, kubectl has a similar plug-in management tool krew [^ 4]. At the same time, we can find out from https://krew.sigs.Kubernetes.io/plugins/ whether the plug-in we need already exists.

2. APIServer polymerization layer

Since Kubernetes v1.7, APIServer has introduced the aggregation layer feature, which allows every developer to implement aggregation API services to expose the interfaces they need without recompiling any Kubernetes code [^ 3].

If we submit the following resource to Kubernetes, the user will be forwarded to the metrics-server.kube-system.svc service in the cluster when accessing the / apis/metrics.Kubernetes.io/v1beta1 path of the API server

ApiVersion: apiregistration.Kubernetes.io/v1 kind: APIService metadata: name: v1beta1.metrics.Kubernetes.io spec: service: name: metrics-server namespace: kube-system group: metrics.Kubernetes.io version: v1beta1 insecureSkipTLSVerify: true groupPriorityMinimum: 100 versionPriority: 100 admission Control

In addition, requests from other clients, such as kubectl or client-go, will be sent to APIServer for authentication-> authentication-> admission control steps, each of which can be extended, of which the most commonly used is the extension of admission control, which will be discussed in detail in a subsequent article.

The admission control will go through first, changing the admission control MutatingAdmissionWebhook, and then verifying the admission control ValidatingAdmissionWebhook. If any admission controller returns an error, the request will fail. For example, we can do many things with these two admission controllers, such as injecting sidecar, verifying resources, adjusting pod quotas, and so on.

3. Kubernetes resources

Deployment, Pod and Node are all built-in resources officially provided by Kubernetes, but sometimes when the built-in resources can not meet our needs, we can use CustomResource, that is, custom resources. Custom resources are often used in conjunction with Controller, but it is important to note that when using custom resources, you need to think that ConfigMap would be more appropriate if only some configuration, so don't abuse this feature.

4. Controller controller

The maintenance of the state of resources in Kubernetes is realized by Controller. Controller will constantly try to adjust a resource to the state we describe. This is what we often call declarative api, and Controller does all the specific work behind declarative api. Controller is usually used in conjunction with CRD.

5. Schedule scheduler

The scheduler is a special controller that monitors Pod changes and dispatches Pod to nodes. The scheduler can be replaced directly or use multiple schedulers. In addition, the official default scheduler also supports WebHook. [^ 5]

6. CNI network plug-in

The CNI network plug-in, or Container Network Interface (Container Network Interface), contains a set of interfaces and frameworks for developing plug-ins to configure network cards in the Linux container. Generally speaking, we do not customize the development of network plug-ins, but use open source components, such as Flannel and Cilium. If Kubernetes uses cloud services, we will also encounter some custom network plug-ins, such as Aliyun has Terway.

7. CSI storage plug-in

CSI storage plug-in, whose full name is Container Storage Interface, can support different storage types through CSI interface

8. CRI container runtime

CRI container runtime, full name Container Runtime Interface, is a set of gRPC interfaces for managing container runtime and images. This interface can be used to support different container runtimes such as docker, containerd, etc.

Operator

Kubernetes is a highly scalable system, although it has so many extension points, generally speaking, we are more exposed to custom resources, controllers, admission control, some will also do some extensions to kubectl and scheduler, others mostly use mature open source components. The Operator that we focus on in this series will involve custom resources, controllers, and admission controls.

Operator follows the philosophy of Kubernetes, which uses custom resource management applications and their components, and the Operator pattern encapsulates the task automation code you write.

Common uses of Operator include [^ 6]:

Deploy applications on demand

Get / restore a backup of the application status

Handle application code upgrades and related changes. For example, database schema or additional configuration settings

Publish a service that requires applications that do not support Kubernetes API to find it

Simulate faults in the whole or part of the cluster to test its stability

Select a leader role for a distributed application without an internal member election program

From the introduction of the concept of Operator to now, there are many tools that can help us to develop quickly and at a low cost, the most commonly used of which are CoreOS's open source operator-sdk and kubebuilder maintained by the K8s sig team. We choose kubebuilder for this series.

In addition to our own development, we can also find ready-made Operator developed by others on https://operatorhub.io/ to use.

The above is all the content of the article "how to extend Kubernetes in Operator". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.