深入理解Kubernetes Operator

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"本文要點："}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes API爲所有云資源提供了單個集成點，以此來促進雲原生技術的採用。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有一些框架和庫可以用來簡化Operator的編寫。支持多種語言，其中Go生態系統是最爲成熟的。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你可以爲非自有的軟件創建Operator。DevOps團隊可能會通過這種方式來管理數據庫或其他外部產品。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"難點不在於Operator本身，而是要學會理解它的行爲。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"多年來，Operator一直是Kubernetes生態系統的重要組成部分。通過將管理界面移動到Kubneretes API中，帶來了“單層玻璃”的體驗。對於希望簡化kuberentes原生應用程序的開發人員或者希望降低現有系統複雜性的DevOps工程師來說，Operator可能是一個非常有吸引力的選擇。但如何從頭開始創建一個Operator呢？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"深入理解Operator"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"Operator是什麼？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如今，Operator無處不在。數據庫、雲原生項目、任何需要在Kubernetes上部署或維護的複雜項目都用到了Operator。CoreOS在2016年首次引入了Operator，將運維關注點轉移到軟件系統中。Operator自動執行操作，例如，Operator可以部署數據庫實例、升級數據庫版本或執行備份。然後，這些系統可以被測試，響應速度比人類工程師更快。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Operator還通過使用自定義資源定義對Kubenretes API進行了擴展，將工具配置轉移到了API中。這意味着Kubenretes本身就變成了“單層玻璃”。DevOps工程師可以利用圍繞Kubernetes API資源而構建的工具生態系統來管理和監控他們部署的應用程序："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用Kubernetes內置的基於角色的訪問控制(RBAC)來修改授權和身份驗證。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用“git ops”對生產變更進行可複製的部署和代碼審查。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用基於開放策略代理(OPA)的安全工具在自定義資源上應用策略。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用Helm、Kustomize、ksonnet和Terraform等工具簡化部署描述。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}