ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Sau tus neeg teb xov tooj rau Kubernetes hauv Golang

Sau tus neeg teb xov tooj rau Kubernetes hauv Golang

Nco tseg. txhais.: Cov neeg khiav dej num yog cov pab cuam software rau Kubernetes, tsim los ua kom muaj kev ua haujlwm ntawm kev ua haujlwm niaj hnub ntawm pawg khoom thaum qee yam xwm txheej tshwm sim. Peb twb tau sau txog cov neeg ua haujlwm hauv qhov no tsab xov xwm, qhov chaw lawv tham txog cov tswv yim thiab cov ntsiab cai ntawm lawv txoj haujlwm. Tab sis yog tias cov ntaub ntawv ntawd tau pom ntau dua los ntawm sab ntawm kev ua haujlwm npaj ua haujlwm rau Kubernetes, tom qab ntawd qhov kev txhais ntawm tsab xov xwm tshiab tam sim no tau npaj tseg yog twb yog lub zeem muag ntawm tus tsim tawm / DevOps engineer puzzled los ntawm kev siv tus neeg teb xov tooj tshiab.

Sau tus neeg teb xov tooj rau Kubernetes hauv Golang

Kuv txiav txim siab sau tsab ntawv no nrog rau qhov piv txwv ntawm lub neej tiag tiag tom qab kuv sim nrhiav cov ntaub ntawv ntawm kev tsim tus neeg teb xov tooj rau Kubernetes, uas tau dhau los ntawm kev kawm cov cai.

Qhov piv txwv uas yuav piav qhia yog qhov no: hauv peb cov Kubernetes pawg, txhua tus Namespace sawv cev rau pab pawg sandbox ib puag ncig, thiab peb xav txwv kev nkag mus rau lawv kom cov pab pawg tsuas tuaj yeem ua si hauv lawv tus kheej sandboxes.

Koj tuaj yeem ua tiav qhov koj xav tau los ntawm kev muab tus neeg siv ib pab pawg uas muaj RoleBinding rau qhov tshwj xeeb Namespace ΠΈ ClusterRole nrog kho cov cai. Tus sawv cev YAML yuav zoo li no:

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: kubernetes-team-1
  namespace: team-1
subjects:
- kind: Group
  name: kubernetes-team-1
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: edit
apiGroup: rbac.authorization.k8s.io

(rolebinding.yaml, nyob rau hauv nyoos)

Tsim ib qho RoleBinding Koj tuaj yeem ua nws manually, tab sis tom qab hla lub cim cim npe, nws dhau los ua haujlwm nyuaj. Qhov no yog qhov uas Kubernetes cov neeg ua haujlwm tuaj yeem ua ke-lawv tso cai rau koj los tsim cov peev txheej Kubernetes raws li kev hloov pauv rau cov peev txheej. Hauv peb qhov xwm txheej peb xav tsim RoleBinding thaum tsim Namespace.

Ua ntej tshaj, cia peb txhais cov haujlwm mainuas ua qhov yuav tsum tau teeb tsa los khiav cov nqe lus thiab tom qab ntawd hu rau nqe lus ua haujlwm:

(Nco tseg. txhais.: ntawm no thiab hauv qab cov lus hauv cov cai tau muab txhais ua lus Lavxias. Ntxiv mus, qhov indentation tau raug kho rau qhov chaw es tsis txhob [pom zoo hauv Go] tabs nkaus xwb rau lub hom phiaj ntawm kev nyeem tau zoo dua hauv Habr layout. Tom qab txhua daim ntawv teev npe muaj cov txuas mus rau thawj ntawm GitHub, qhov twg cov lus hais lus Askiv thiab cov ntawv khaws cia.)

func main() {
  // УстанавливаСм Π²Ρ‹Π²ΠΎΠ΄ Π»ΠΎΠ³ΠΎΠ² Π² ΠΊΠΎΠ½ΡΠΎΠ»ΡŒΠ½Ρ‹ΠΉ STDOUT
  log.SetOutput(os.Stdout)

  sigs := make(chan os.Signal, 1) // Π‘ΠΎΠ·Π΄Π°Π΅ΠΌ ΠΊΠ°Π½Π°Π» для получСния сигналов ОБ
  stop := make(chan struct{})     // Π‘ΠΎΠ·Π΄Π°Π΅ΠΌ ΠΊΠ°Π½Π°Π» для получСния стоп-сигнала

  // РСгистрируСм ΠΏΠΎΠ»ΡƒΡ‡Π΅Π½ΠΈΠ΅ SIGTERM Π² ΠΊΠ°Π½Π°Π»Π΅ sigs
  signal.Notify(sigs, os.Interrupt, syscall.SIGTERM, syscall.SIGINT) 

  // Goroutines ΠΌΠΎΠ³ΡƒΡ‚ сами Π΄ΠΎΠ±Π°Π²Π»ΡΡ‚ΡŒ сСбя Π² WaitGroup,
 // Ρ‡Ρ‚ΠΎΠ±Ρ‹ Π·Π°Π²Π΅Ρ€ΡˆΠ΅Π½ΠΈΡ ΠΈΡ… выполнСния доТидались
  wg := &sync.WaitGroup{} 

  runOutsideCluster := flag.Bool("run-outside-cluster", false, "Set this flag when running outside of the cluster.")
  flag.Parse()
  // Π‘ΠΎΠ·Π΄Π°Π΅ΠΌ clientset для взаимодСйствия с кластСром Kubernetes
  clientset, err := newClientSet(*runOutsideCluster)

  if err != nil {
    panic(err.Error())
  }

  controller.NewNamespaceController(clientset).Run(stop, wg)

  <-sigs // Π–Π΄Π΅ΠΌ сигналов (Π΄ΠΎ получСния сигнала Π±ΠΎΠ»Π΅Π΅ Π½ΠΈΡ‡Π΅Π³ΠΎ Π½Π΅ происходит)
  log.Printf("Shutting down...")

  close(stop) // Π“ΠΎΠ²ΠΎΡ€ΠΈΠΌ goroutines ΠΎΡΡ‚Π°Π½ΠΎΠ²ΠΈΡ‚ΡŒΡΡ
  wg.Wait()   // ОТидаСм, Ρ‡Ρ‚ΠΎ всС остановлСно
}

(main.go, nyob rau hauv nyoos)

Peb ua cov hauv qab no:

  1. Peb teeb tsa tus neeg tuav haujlwm rau cov cim kev ua haujlwm tshwj xeeb kom ua rau kev txiav txim siab zoo ntawm tus neeg teb xov tooj.
  2. Peb siv WaitGroupkom gracefully nres tag nrho goroutines ua ntej txiav daim ntawv thov.
  3. Peb muab kev nkag mus rau pawg los ntawm kev tsim clientset.
  4. Tua tawm NamespaceController, nyob rau hauv uas tag nrho peb cov logic yuav nyob.

Tam sim no peb xav tau lub hauv paus rau logic, thiab nyob rau hauv peb cov ntaub ntawv no yog ib tug hais NamespaceController:

// NamespaceController слСдит Ρ‡Π΅Ρ€Π΅Π· Kubernetes API Π·Π° измСнСниями
// Π² пространствах ΠΈΠΌΠ΅Π½ ΠΈ создаСт RoleBinding для ΠΊΠΎΠ½ΠΊΡ€Π΅Ρ‚Π½ΠΎΠ³ΠΎ namespace.
type NamespaceController struct {
  namespaceInformer cache.SharedIndexInformer
  kclient           *kubernetes.Clientset
}

// NewNamespaceController создаСт Π½ΠΎΠ²Ρ‹ΠΉ NewNamespaceController
func NewNamespaceController(kclient *kubernetes.Clientset) *NamespaceController {
  namespaceWatcher := &NamespaceController{}

  // Π‘ΠΎΠ·Π΄Π°Π΅ΠΌ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ΅Ρ€ для слСТСния Π·Π° Namespaces
  namespaceInformer := cache.NewSharedIndexInformer(
    &cache.ListWatch{
      ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
        return kclient.Core().Namespaces().List(options)
      },
      WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
        return kclient.Core().Namespaces().Watch(options)
      },
    },
    &v1.Namespace{},
    3*time.Minute,
    cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc},
  )

  namespaceInformer.AddEventHandler(cache.ResourceEventHandlerFuncs{
    AddFunc: namespaceWatcher.createRoleBinding,
  })

  namespaceWatcher.kclient = kclient
  namespaceWatcher.namespaceInformer = namespaceInformer

  return namespaceWatcher
}

(controller.go, nyob rau hauv nyoos)

Ntawm no peb configure SharedIndexInformer, uas yuav ua tau zoo (siv lub cache) tos rau kev hloov pauv hauv namespaces (Nyeem ntxiv txog cov neeg qhia hauv kab lus "Kubernetes teem sijhawm ua haujlwm li cas?"- - kwv yees. txhais lus). Tom qab no peb txuas EventHandler rau tus neeg qhia, yog li ntawd thaum ntxiv lub npe (Namespace) muaj nuj nqi hu ua createRoleBinding.

Cov kauj ruam tom ntej yog los txhais cov haujlwm no createRoleBinding:

func (c *NamespaceController) createRoleBinding(obj interface{}) {
  namespaceObj := obj.(*v1.Namespace)
  namespaceName := namespaceObj.Name

  roleBinding := &v1beta1.RoleBinding{
    TypeMeta: metav1.TypeMeta{
      Kind:       "RoleBinding",
      APIVersion: "rbac.authorization.k8s.io/v1beta1",
    },
    ObjectMeta: metav1.ObjectMeta{
      Name:      fmt.Sprintf("ad-kubernetes-%s", namespaceName),
      Namespace: namespaceName,
    },
    Subjects: []v1beta1.Subject{
      v1beta1.Subject{
        Kind: "Group",
        Name: fmt.Sprintf("ad-kubernetes-%s", namespaceName),
      },
    },
    RoleRef: v1beta1.RoleRef{
      APIGroup: "rbac.authorization.k8s.io",
        Kind:     "ClusterRole",
        Name:     "edit",
    },
  }

  _, err := c.kclient.Rbac().RoleBindings(namespaceName).Create(roleBinding)

  if err != nil {
    log.Println(fmt.Sprintf("Failed to create Role Binding: %s", err.Error()))
  } else {
    log.Println(fmt.Sprintf("Created AD RoleBinding for Namespace: %s", roleBinding.Name))
  }
}

(controller.go, nyob rau hauv nyoos)

Peb tau txais lub npe raws li obj thiab hloov nws mus rau ib yam khoom Namespace. Ces peb txhais RoleBinding, raws li YAML cov ntaub ntawv tau hais thaum pib, siv cov khoom muab Namespace thiab tsim RoleBinding. Thaum kawg, peb teev seb qhov kev tsim tau ua tiav.

Lub luag haujlwm kawg yuav tsum tau txhais yog Run:

// Run запускаСт процСсс оТидания ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΠΉ Π² пространствах ΠΈΠΌΡ‘Π½
// ΠΈ дСйствия Π² соотвСтствии с этими измСнСниями.
func (c *NamespaceController) Run(stopCh <-chan struct{}, wg *sync.WaitGroup) {
  // Когда эта функция Π·Π°Π²Π΅Ρ€ΡˆΠ΅Π½Π°, ΠΏΠΎΠΌΠ΅Ρ‚ΠΈΠΌ ΠΊΠ°ΠΊ Π²Ρ‹ΠΏΠΎΠ»Π½Π΅Π½Π½ΡƒΡŽ
  defer wg.Done()

  // Π˜Π½ΠΊΡ€Π΅ΠΌΠ΅Π½Ρ‚ΠΈΡ€ΡƒΠ΅ΠΌ wait group, Ρ‚.ΠΊ. собираСмся Π²Ρ‹Π·Π²Π°Ρ‚ΡŒ goroutine
  wg.Add(1)

  // Π’Ρ‹Π·Ρ‹Π²Π°Π΅ΠΌ goroutine
  go c.namespaceInformer.Run(stopCh)

  // ОТидаСм получСния стоп-сигнала
  <-stopCh
}

(controller.go, nyob rau hauv nyoos)

Ntawm no peb tham WaitGroupuas peb tso lub goroutine thiab ces hu namespaceInformer, uas tau txhais ua ntej lawm. Thaum lub teeb liab nres tuaj txog, nws yuav xaus txoj haujlwm, qhia WaitGroup, uas tsis raug tua lawm, thiab qhov haujlwm no yuav tawm mus.

Cov ntaub ntawv hais txog kev tsim thiab khiav cov nqe lus no ntawm Kubernetes pawg tuaj yeem pom hauv repositories ntawm GitHub.

Qhov ntawd yog nws rau tus neeg teb xov tooj uas tsim RoleBinding thaum Namespace hauv Kubernetes pawg, npaj txhij.

Tau qhov twg los: www.hab.com

Ntxiv ib saib