硬核!谁来管理Operator?
在上一篇 运维人员的愿望是什么? 文章中我们详细介绍了如何开发一个Operator. 但是,在Operator开发完成之后,将会面临新的问题。比如如何安装部署到分布式集群、升级以及给这个Operator分配权限呢?
The Operator Lifecycle Manager (OLM) 就是来解决这些问题的,GitHub: https://github.com/operator-framework/operator-lifecycle-manager
在详细展开OLM之前,我们先来温习下众所周知的Linux OS 包管理器: YUM(Yellow dog Updater, Modified), 估计很多同学不知道它的全称是什么,赶紧记下,肯(zhuang)定(bi)用的到。
在Linux OS中,安装软件时,我们大多会使用yum,它很方便,完美解决了rpm的弊端(包的各种依赖关系,崩溃到😭),主要优点:
- 软件仓库,包含软件包和索引文件
解决了包的各种依赖问题,以及带有很多友好的指令,比如:
$ yum list
$ yum info
$ yum search
$ yum install
...对应地, 我们可以把Operator类比为某个软件包,把OLM类比为YUM. 不同的是OLM 管理的是Operator要一直运行,而软件包不用,所以OLM更加复杂。
OLM 在OpenShift 4.x版本是默认安装的,在3.11版本是选装。您也可以在Kubernetes集群手动安装:
$ git clone https://github.com/operator-framework/operator-lifecycle-manager.git
$ kubectl create -f deploy/upstream/quickstart/crds.yaml
$ kubectl create -f deploy/upstream/quickstart/olm.yamlOLM中有个很重要的资源叫做ClusterServiceVersion, 简称CSV. 这里边定义了Operator的基本描述,权限设置,CRD依赖等。OLM就是通过CSV对象来管理对应的Operator. 这也意味着,如果您想把您的Operator托管于OLM,您必须得创建对应的CSV 文件。方便的是,您可以使用Operator-SDK指令,一键生成,如下:
mac:learn-operator jianzhang$ pwd
/Users/jianzhang/goproject/src/github.com/example-inc/learn-operator
mac:learn-operator jianzhang$ operator-sdk olm-catalog gen-csv --operator-name learn-operator --csv-version 0.0.1 --csv-channel alpha创建该CSV文件到您的集群中,如下,可以看到该Operator已经在集群中创建,并托管于OLM.
mac:learn-operator jianzhang$ oc create -f deploy/olm-catalog/learn-operator/0.0.1/learn-operator.v0.0.1.clusterserviceversion.yaml
clusterserviceversion.operators.coreos.com/learn-operator.v0.0.1 created
mac:learn-operator jianzhang$ oc get csv
NAME DISPLAY VERSION REPLACES PHASE
learn-operator.v0.0.1 Learn Operator 0.0.1 learn-operator.v0.0.0 Succeeded
mac:learn-operator jianzhang$ oc get pods
NAME READY STATUS RESTARTS AGE
learn-operator-65bc85cbd7-7hqcx 1/1 Running 0 36s在UI界面上查看安装的Operator:
点击"Create Instance"创建该Operator应用实例。
我的Operator有多个版本,甚至有多个Operator,该怎么托管于OLM并为开发用户提供服务呢?
创建package文件, 以3scale Operator为例,如下,OLM 使用Channel 来进行版本划分,这些Channle 可以根据您的需求灵活可配。
mac:community-operators jianzhang$ cat community-operators/3scale-community-operator/3scale-community-operator.package.yaml
packageName: 3scale-community-operator
channels:
- name: threescale-2.6
currentCSV: 3scale-community-operator.v0.3.0
- name: threescale-2.7
currentCSV: 3scale-community-operator.v0.4.0
defaultChannel: threescale-2.7我们来看下3scale Operator的整体目录结构,您也可以从https://github.com/operator-framework/community-operators/tree/master/community-operators/3scale-community-operator 获取。
mac:community-operators jianzhang$ tree community-operators/3scale-community-operator/
community-operators/3scale-community-operator/
├── 0.3.0
│ ├── 3scale-community-operator.v0.3.0.clusterserviceversion.yaml
│ ├── apimanagers.apps.3scale.net.crd.yaml
│ ├── apis.capabilities.3scale.net.crd.yaml
│ ├── bindings.capabilities.3scale.net.crd.yaml
│ ├── limits.capabilities.3scale.net.crd.yaml
│ ├── mappingrules.capabilities.3scale.net.crd.yaml
│ ├── metrics.capabilities.3scale.net.crd.yaml
│ ├── plans.capabilities.3scale.net.crd.yaml
│ └── tenants.capabilities.3scale.net.crd.yaml
├── 0.4.0
│ ├── 3scale-community-operator.v0.4.0.clusterserviceversion.yaml
│ ├── apps_v1alpha1_apimanager_crd.yaml
│ ├── capabilities_v1alpha1_api_crd.yaml
│ ├── capabilities_v1alpha1_binding_crd.yaml
│ ├── capabilities_v1alpha1_limit_crd.yaml
│ ├── capabilities_v1alpha1_mappingrule_crd.yaml
│ ├── capabilities_v1alpha1_metric_crd.yaml
│ ├── capabilities_v1alpha1_plan_crd.yaml
│ └── capabilities_v1alpha1_tenant_crd.yaml
└── 3scale-community-operator.package.yaml编写好Operator Manifest 文件后,该如何使用呢?这就涉及到另外一个OLM资源,叫做CatalogSource. 它里面运行了一个Sqlit3数据库,用于OLM其它服务的搜索查询。类似于Yum 的仓库。
我们把这些3scale Operator manifest 文件打包到Image. Dockerfile文件如下:
mac:community-operators jianzhang$ cat Dockerfile
FROM quay.io/operator-framework/upstream-registry-builder:latest AS builder
COPY 3scale-community-operator manifests
RUN /bin/initializer -o ./bundles.db
FROM registry.access.redhat.com/ubi7/ubi
COPY --from=builder /build/bundles.db /bundles.db
COPY --from=builder /bin/registry-server /registry-server
COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe
EXPOSE 50051
ENTRYPOINT ["/registry-server"]
CMD ["--database", "bundles.db"]该镜像名称为quay.io/jiazha/catalogsource:3scale.
mac:community-operators jianzhang$ docker build . -t quay.io/jiazha/catalogsource:3scale
Sending build context to Docker daemon 21.68MB
Step 1/10 : FROM quay.io/operator-framework/upstream-registry-builder:latest AS builder
...
Successfully tagged quay.io/jiazha/catalogsource:3scale把它push到Quay.io registry, 并把它设置为Public 以便于镜像拉取。
mac:community-operators jianzhang$ docker push quay.io/jiazha/catalogsource:3scale
The push refers to repository [quay.io/jiazha/catalogsource]
...
3scale: digest: sha256:1d6edc6e65665a7ecf80f5cad8e6b3f6ee09441aa59bb9e8f6ad471940ef0ad9 size: 1368在OpenShift/Kubernetes集群中创建对应的CatalogSource 资源:
mac:~ jianzhang$ cat cs-jian.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: jian-catalog
namespace: openshift-marketplace
spec:
sourceType: grpc
image: quay.io/jiazha/catalogsource:3scale
displayName: Jian Operators
publisher: Jian Zhang
mac:~ jianzhang$ oc create -f cs-jian.yaml
catalogsource.operators.coreos.com/jian-catalog created我们可以看到CatalogSource、Pod资源已经成功创建:
mac:~ jianzhang$ oc get catalogsource -n openshift-marketplace
NAME DISPLAY TYPE PUBLISHER AGE
jian-catalog Jian Operators grpc Jian Zhang 49s
mac:~ jianzhang$ oc get pod -n openshift-marketplace
NAME READY STATUS RESTARTS AGE
jian-catalog-6rrhq 1/1 Running 0 82s检查Packagemanifest 资源,它会读取CatalogSource 中的数据库,把里面的Operator显示出来。
mac:~ jianzhang$ oc get packagemanifest |grep Jian
3scale-community-operator Jian Operators 2m4s打开集群的Web Console, 点击Operators->OperatorHub, 勾选Jian Operators, 3Scale Operator 已经在界面上成功显示了。
依次点击安装:
用户可以选择所需的Channel, 里面对应不同的版本。
可以看到3Scale Operator成功创建。
点击3scale, 列出了该Operator所管理的各种服务。集群管理员可以点击Create Instance 来创建所需的服务实例即可。
腾讯云开发者
