深入理解Kubernetes Operator

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"本文要点："}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Kubernetes API为所有云资源提供了单个集成点，以此来促进云原生技术的采用。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"有一些框架和库可以用来简化Operator的编写。支持多种语言，其中Go生态系统是最为成熟的。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"你可以为非自有的软件创建Operator。DevOps团队可能会通过这种方式来管理数据库或其他外部产品。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"难点不在于Operator本身，而是要学会理解它的行为。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"多年来，Operator一直是Kubernetes生态系统的重要组成部分。通过将管理界面移动到Kubneretes API中，带来了“单层玻璃”的体验。对于希望简化kuberentes原生应用程序的开发人员或者希望降低现有系统复杂性的DevOps工程师来说，Operator可能是一个非常有吸引力的选择。但如何从头开始创建一个Operator呢？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"深入理解Operator"}]},{"type":"heading","attrs":{"align":null,"level":4},"content":[{"type":"text","text":"Operator是什么？"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如今，Operator无处不在。数据库、云原生项目、任何需要在Kubernetes上部署或维护的复杂项目都用到了Operator。CoreOS在2016年首次引入了Operator，将运维关注点转移到软件系统中。Operator自动执行操作，例如，Operator可以部署数据库实例、升级数据库版本或执行备份。然后，这些系统可以被测试，响应速度比人类工程师更快。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Operator还通过使用自定义资源定义对Kubenretes API进行了扩展，将工具配置转移到了API中。这意味着Kubenretes本身就变成了“单层玻璃”。DevOps工程师可以利用围绕Kubernetes API资源而构建的工具生态系统来管理和监控他们部署的应用程序："}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用Kubernetes内置的基于角色的访问控制(RBAC)来修改授权和身份验证。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用“git ops”对生产变更进行可复制的部署和代码审查。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用基于开放策略代理(OPA)的安全工具在自定义资源上应用策略。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"使用Helm、Kustomize、ksonnet和Terraform等工具简化部署描述。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}