背景
Crossplane(跨平面,意思是可以跨越多个 公有云平台) 是一个开源的 Kubernetes 插件,它允许平台团队组装来自多个供应商的基础设施,并向应用程序团队公开更高级别的自助服务 api,而不需要编写任何代码。
Crossplane 扩展您的 Kubernetes 集群,为您提供任何基础设施或托管服务的 crd。将这些细粒度资源组合成更高级别的抽象,这些抽象可以使用您喜欢的工具,也可以和已经集成到集群中的现有流程进行版本管理、管理、部署和使用。
同类产品:Terraform
Composition
一个composition组织一个或多个自定义资源,以响应由 ApplicationDefinition 或 InfrastructureDefinition 定义的自定义资源的创建或修改:
- 可以定义怎样组合应用和基础设施
- 可以定义多个资源,包括组合资源
- 可以定义应用资源间的依赖关系
apiVersion: apiextensions.crossplane.io/v1alpha1
kind: Composition
metadata:
name: private-mysql-server
labels:
connectivity: private
spec:
# This composition declares that its input values will be read 'from' a
# resource of the specified kind, which must be defined by an
# InfrastructureDefinition. The field name denotes the relationship with the
# 'fromFieldPath' notation below.
from:
apiVersion: database.example.org/v1alpha1
kind: MySQLInstance
# This composition declares that its input values will be written 'to' the
# below resources. The field name denotes the relationship with the
# 'toFieldPath' notation below.
to:
- base:
apiVersion: azure.crossplane.io/v1alpha3
kind: ResourceGroup
spec:
location: West US
providerConfigRef:
name: example
reclaimPolicy: Delete
patches:
- fromFieldPath: "spec.region"
toFieldPath: "spec.forProvider.location"
transforms:
- type: map
map:
us-west: "West US"
us-east: "East US"
- base:
apiVersion: database.azure.crossplane.io/v1beta1
kind: MySQLServer
spec:
forProvider:
administratorLogin: myadmin
resourceGroupNameSelector:
matchComposite: true
location: West US
sslEnforcement: Disabled
version: "5.6"
sku:
tier: Basic
capacity: 1
family: Gen5
storageProfile:
storageMB: 20480
writeConnectionSecretToRef:
namespace: crossplane-system
providerConfigRef:
name: example
reclaimPolicy: Delete
patches:
- fromFieldPath: "metadata.uid"
toFieldPath: "spec.writeConnectionSecretToRef.name"
- fromFieldPath: "spec.engineVersion"
toFieldPath: "spec.forProvider.version"
- fromFieldPath: "spec.storageGB"
toFieldPath: "spec.forProvider.storageMB"
transforms:
- type: math
math:
multiply: 1024
- fromFieldPath: "spec.region"
toFieldPath: "spec.forProvider.location"
transforms:
- type: map
map:
us-west: "West US"
us-east: "East US"
# Specifies the (potentially sensitive) connection details that this 'to'
# resource should expose to the 'from' resource. Names are unique across all
# 'to' resources within this composition. Ignored by application resources.
connectionDetails:
- name: username
fromConnectionSecretKey: username
- name: password
fromConnectionSecretKey: password
- name: endpoint
fromConnectionSecretKey: endpoint
- base:
apiVersion: database.azure.crossplane.io/v1alpha3
kind: MySQLServerVirtualNetworkRule
spec:
serverNameSelector:
matchComposite: true
resourceGroupNameSelector:
matchComposite: true
properties:
virtualNetworkSubnetIdRef:
name: sample-subnet
reclaimPolicy: Delete
providerConfigRef:
name: azure-providerInfrastructureDefinition
一个表示基础设施的自定义CRD资源,由基础设施提供商实现。基础设施资源是集群范围的,并且只能组成其他集群范围的基础设施资源。基础设施资源包括由基础设施提供商实施的“原始”基础设施资源以及其他组合基础设施资源。
代码语言:javascript复制apiVersion: apiextensions.crossplane.io/v1alpha1
kind: InfrastructureDefinition
metadata:
# InfrastructureDefinition names are subject to the constraints of Kubernetes
# CustomResourceDefinition names. They must be of the form <plural>.<group>.
name: mysqlinstances.database.example.org
spec:
# Any composition that intends to satisfy an infrastructure resource must
# expose each of the named connection details exactly once in any of its
# connectionDetails objects. The connection secret published by the defined
# infrastructure resource will include only these connection details.
connectionDetails:
- username
- password
- endpoint
# Defines the structural schema and GroupVersionKind of this infrastructure.
# Only a single API version of the application may exist. Additional fields
# will be injected to support composition machinery.
crdSpecTemplate:
group: database.example.org
version: v1alpha1
names:
kind: MySQLInstance
listKind: MySQLInstanceList
plural: mysqlinstances
singular: mysqlinstance
validation:
openAPIV3Schema:
properties:
engineVersion:
type: string
region:
type: string
storageGB:
type: int
type: object
# An optional service account that will be used to reconcile MySQLInstance
# resources. This allows the use of RBAC to restrict which resources a
# MySQLInstance may be composed of. The specified service account must have
# full access to MySQLInstance resources, and 'get' access to Component
# resources.
#
# If the service account is omitted Crossplane will use its pod service
# account to manage MySQLInstance resources. This implies that anyone with
# sufficient RBAC permissions to create a Composition and to create a
# MySQLInstance will be able to compose their MySQLInstance of any
# infrastructure resource that Crossplane is able to create.
serviceAccountRef:
namespace: crossplane-system
name: mysqlinstances.database.example.org
# An optional default composition that will be set automatically for any
# MySQLInstance custom resources that omit both their compositeSelector and
# their compositeRef.
defaultCompositionRef:
name: cheap-rds
# An optional forced composition that will be set automatically for any
# MySQLInstance custom resource, overriding their compositeSelector and their
# compositeRef. If defaultComposition and forceComposition are both set, the
# forced composition wins.
enforcedCompositionRef:
name: mysqlinstances.database.example.orgApplicationDefinition
ApplicationDefinition 定义了一种代表应用程序的新型自定义资源
代码语言:javascript复制apiVersion: apiextensions.crossplane.io/v1alpha1
kind: ApplicationDefinition
metadata:
# ApplicationDefinition names are subject to the constraints of Kubernetes
# CustomResourceDefinition names. They must be of the form <plural>.<group>.
name: wordpresses.apps.example.org
spec:
# Defines the structural schema and GroupVersionKind of this application. Only
# a single API version of the application may exist. Additional fields will be
# injected to support composition machinery.
crdSpecTemplate:
group: apps.example.org
version: v1alpha1
names:
kind: Wordpress
listKind: WordpressList
plural: wordpresses
singular: wordpress
validation:
openAPIV3Schema:
properties:
administratorLogin:
type: string
storageSize:
type: int
storageType:
type: string
type: object
# An optional service account that will be used to reconcile Wordpress
# resources. This allows the use of RBAC to restrict which resources a
# Wordpress application may be composed of. The specified service account must
# have full access to Wordpress resources, and 'get' access to Component
# resources.
#
# If the service account is omitted Crossplane will use its pod service
# account to manage Wordpress resources. This implies that anyone with
# sufficient RBAC permissions to create a Composition and to create a
# Wordpress resource in a particular namespace will be able to compose their
# Wordpress of any resource Crossplane is able to create. Crossplane will
# refuse to create resources at the cluster scope or outside of the namespace
# in which the Wordpress was created.
serviceAccountRef:
namespace: crossplane-system
name: wordpresses.apps.example.org
# An optional default composition that will be set automatically for any
# Wordpress custom resources that omit both their compositeSelector and their
# compositeRef.
defaultCompositionRef:
name: local-wordpress
# An optional forced composition that will be set automatically for any
# Wordpress custom resource, overriding their compositeSelector and their
# compositeRef. If defaultComposition and forceComposition are both set, the
# forced composition wins.
enforcedCompositionRef:
name: wordpresses.apps.example.org通过执行A上面的pplicationdefinition,crossplane将自动创建一个CRD,这将允许用户使用上面自定义的应用资源:Wordpress
代码语言:javascript复制apiVersion: example.org/v1alpha1
kind: Wordpress
metadata:
namespace: default
name: coolblog
spec:
# The schema for the following three fields is defined by the above
# ApplicationDefinition.
administratorLogin: admin
storageSize: 2
storageType: SSD
# The below schema is automatically injected into the CustomResourceDefinition
# that is created by the ApplicationDefinition that defines the Wordpress
# resource.
# Multiple compositions may potentially satisfy a particular kind of
# application. Each application instance may influence which composition is
# used via label selectors. This could be used, for example, to determine
# whether a Wordpress application renders to a KubernetesApplication or to a
# plain old Kubernetes Deployment.
compositionSelector:
matchLabels:
compute: kubernetes
database: mysql
# The Wordpress author may explicitly select which composition should be used
# by setting the compositionRef. In the majority of cases the author will
# ignore this field and it will be set by a controller, similar to the
# contemporary classRef field.
compositionRef:
- name: wordpress-kubernetes-mysql
# Each application maintains an array of the resources they compose.
# Composed resources are always in the same namespace as the application
# resource. Any namespaced resource may be composed; composed resources
# model their relationship with the application resource via their
# controller reference. The application must maintain this array because
# there is currently no user friendly, performant way to discover which
# resources (of arbitrary kinds) are controlled by a particular resource per
# https://github.com/kubernetes/kubernetes/issues/54498
resourceRefs:
- apiVersion: database.example.org/v1alpha1
kind: MySQLInstanceRequirement
name: coolblog-3jmdf
- apiVersion: workload.crossplane.io/v1alpha1
kind: KubernetesApplication
name: coolblog-3mdm2Provider
基础设施资源提供者,它是一组k8s 的CRD和controllers的组合,用于一对一的定义各个provider 提供的资源。官方提供的provider 有:
- AWS provider
- GCP provider
- Azure
- Alibaba
- ...... provider 主要有两种资源组成,Provider 和 ProviderConfig
与Terraform集成
因为crossplane想做平台,如果所有的底层设施provider全部由自己来实现,那比较耗时。但是第三方基础设施肯定也不想给crossplane做嫁衣,因此现在crossplane面临的窘境就是provider太少了。
基于此,推出了Terrajet 的项目,该项目将让提供商开发人员生成 CRD 并使用封装 Terraform CLI 操作的通用运行时。这样我们就可以在几分钟内添加对资源的支持。
