如何实现一个 CRD ?

CRD 的全称是 Custom Resource Definition,顾名思义,就是用户在 Kubernetes 中添加一个跟 Pod,Deployment 类似的 API 资源类型。

下面以 Istio 的 DestinationRule 为例,说明实现一个 CRD 的具体步骤。


第一步,创建 CustomResourceDefinition YAML 文件

kind 为 CustomResourceDefinitionspec.names.kind 为我们要创建的 DestinationRule

以下省略了 additionalPrinterColumns 与 validation 内容,完整内容见 install/kubernetes/helm/istio-init/files/crd-10.yaml

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  annotations:
    "helm.sh/resource-policy": keep
  labels:
    app: istio-pilot
    chart: istio
    heritage: Tiller
    release: istio
  name: destinationrules.networking.istio.io
spec:
  additionalPrinterColumns: ...
  group: networking.istio.io
  names:
    categories:
      - istio-io
      - networking-istio-io
    kind: DestinationRule
    listKind: DestinationRuleList
    plural: destinationrules
    shortNames:
      - dr
    singular: destinationrule
  scope: Namespaced
  subresources:
    status: {}
  validation: ...
  versions:
    - name: v1alpha3
      served: true
      storage: true

第二步,定义 DestinationRule 对象的完整描述

type DestinationRule struct {
    meta_v1.TypeMeta   `json:",inline"`
    meta_v1.ObjectMeta `json:"metadata"`
    Spec               map[string]interface{} `json:"spec"`
}

DestinationRule

istio/api defines component-level APIs and common configuration formats for the Istio platform.

type DestinationRule struct {
    // The name of a service from the service registry. Service
    // names are looked up from the platform's service registry (e.g.,
    // Kubernetes services, Consul services, etc.) and from the hosts
    // declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for
    // services that do not exist in the service registry will be ignored.
    //
    // *Note for Kubernetes users*: When short names are used (e.g. "reviews"
    // instead of "reviews.default.svc.cluster.local"), Istio will interpret
    // the short name based on the namespace of the rule, not the service. A
    // rule in the "default" namespace containing a host "reviews" will be
    // interpreted as "reviews.default.svc.cluster.local", irrespective of
    // the actual namespace associated with the reviews service. _To avoid
    // potential misconfigurations, it is recommended to always use fully
    // qualified domain names over short names._
    //
    // Note that the host field applies to both HTTP and TCP services.
    Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
    // Traffic policies to apply (load balancing policy, connection pool
    // sizes, outlier detection).
    TrafficPolicy *TrafficPolicy `protobuf:"bytes,2,opt,name=traffic_policy,json=trafficPolicy,proto3" json:"traffic_policy,omitempty"`
    // One or more named sets that represent individual versions of a
    // service. Traffic policies can be overridden at subset level.
    Subsets []*Subset `protobuf:"bytes,3,rep,name=subsets,proto3" json:"subsets,omitempty"`
    // A list of namespaces to which this destination rule is exported.
    // The resolution of a destination rule to apply to a service occurs in the
    // context of a hierarchy of namespaces. Exporting a destination rule allows
    // it to be included in the resolution hierarchy for services in
    // other namespaces. This feature provides a mechanism for service owners
    // and mesh administrators to control the visibility of destination rules
    // across namespace boundaries.
    //
    // If no namespaces are specified then the destination rule is exported to all
    // namespaces by default.
    //
    // The value "." is reserved and defines an export to the same namespace that
    // the destination rule is declared in. Similarly, the value "*" is reserved and
    // defines an export to all namespaces.
    //
    // NOTE: in the current release, the `exportTo` value is restricted to
    // "." or "*" (i.e., the current namespace or all namespaces).
    ExportTo             []string `protobuf:"bytes,4,rep,name=export_to,json=exportTo,proto3" json:"export_to,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}
Avatar
叶王
高级研发工程师

目前主要做边缘计算和 Service Mesh 相关研发工作。