原生yaml接入使用说明

更新时间：2023-03-28

背景

目前BIE的云端资源类型均为自定义资源类型，如果用户的应用为原生K8S语义的YAML文件，那么用户需要将原生YAML文件的语义转换成BIE的资源语义进行应用及配置项等的创建，增加用户工作量的同时，语义转换失误就会造成实际下发的应用或配置项与原生YMAL中的应用及配置项产生差异，从而导致应用下发错误等问题。

为了解决上述问题，BIE目前支持原生K8S YAML语义资源文件的接入，用户可将原生YAML文件直接上传，系统会自动创建相应的BIE自定义资源类型，同一YAML文件可存在多种资源类型的定义，"---"分隔即可。

资源类型限制

由于需要与BIE云端自定义资源兼容，因此目前支持的K8S原生资源类型如下所示，除此之外的类型暂不支持：

类别	资源类型
资源对象	Deployment、StatefulSet、DaemonSet、Job、Service
存储对象	Volume、Secret、ConfigMap

使用说明

2.1 操作界面

通过应用部署->容器模式->通过YAML编辑打开相应对话框：

用户可以选择创建、更新、删除资源，只需上传对应的YAML文件即可。

2.2 nginx示例应用创建

导入一下yaml文件

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx-yaml
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - image: nginx:latest
          name: nginx
          ports:
          - containerPort: 80
          volumeMounts:
          - name: common-cm
            mountPath: /etc/config
          - name: dcell
            mountPath: /etc/secret
          - name: cache-volume
            mountPath: /cache
          - name: test-volume
            mountPath: /test-hp
      imagePullSecrets:
        - name: myregistrykey
      volumes:
        - name: common-cm
          configMap:
            name: common-cm
        - name: dcell
          secret:
            secretName: dcell
        - name: cache-volume
          emptyDir: {}
        - name: test-volume
          hostPath:
            path: /var/lib/baetyl
            type: Directory

导入后查看创建的nginx应用，如下所示：

2.3 各类型资源创建示例

2.3.1 密文类资源

镜像仓库凭证

type固定为 kubernetes.io/dockerconfigjson

apiVersion: v1
data:
  .dockerconfigjson: eyJhdXRocyI6eyJET0NLRVJfUkVHSVNUUllfU0VSVkVSIjp7InVzZXJuYW1lIjoiRE9DS0VSX1VTRVIiLCJwYXNzd29yZCI6IkRPQ0tFUl9QQVNTV09SRCIsImVtYWlsIjoiRE9DS0VSX0VNQUlMIiwiYXV0aCI6IlJFOURTMFZTWDFWVFJWSTZSRTlEUzBWU1gxQkJVMU5YVDFKRSJ9fX0=
kind: Secret
metadata:
  name: myregistrykey
  namespace: default
type: kubernetes.io/dockerconfigjson

证书

type固定为 kubernetes.io/tls

apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURpekNDQW5PZ0F3SUJBZ0lRWENzeE02UnpjcTJVUk5ROHBINjZKekFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl4TVRJeU16QTJOREF5TmxvWERUSXlNVEl5TXpBMgpOREF5Tmxvd0xURXJNQ2tHQTFVRUF4TWlZbUZsZEhsc0xYZGxZbWh2YjJzdGMyVnlkbWxqWlM1a1pXWmhkV3gwCkxuTjJZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNeEdhays0QXd6ZDI2VWMKMzhvM05scVp2RWcrUFJqRkRvV1F0NnB1Y3ZDdFo0MUdGWXdFODlaMm1tT1RSeXlma1d1Mi95aWgzbkMwYTdvSwpxMmF5dzJzYTExRWU3TkZYMUY2MzB3UHNmZ1A0aG1LZmdIbEd6N05hTHU1SWQyNTNtZWtwZmI0QUs1UnVkNmZWCjEyOXJ1WXJUSDFLSHl3cWdkTGdqWFlVS0Q2VGhPYk1hTW5vVG5haTVnR3Evd1VMVVR0cy8zcUNaTU53ajlrNkoKR2hwWTQ3cFFhck1MVU1tWTl4TzExcDZNVzFIelRFQ2VQM0FQMUtVenZUMFd5U0kyb2NxdENIMlN1bUl5aW5uUwpEcnVTU3Jxb0pKOFE0MHhwdjROTjdqYm55M0k2TDZyWERJV2kwUmFZQ2pTaHc3TGlZSEVtcENBWEIxSHl3VmswCnZlNTFYRXNDQXdFQUFhT0J2akNCdXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3RXdZRFZSMGxCQXd3Q2dZSUt3WUIKQlFVSEF3RXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUWx0aXVhem9leW5IZVdJQXJWVC9EKwpEeGM1V2pCbEJnTlZIUkVFWGpCY2doWmlZV1YwZVd3dGQyVmlhRzl2YXkxelpYSjJhV05sZ2g1aVlXVjBlV3d0CmQyVmlhRzl2YXkxelpYSjJhV05sTG1SbFptRjFiSFNDSW1KaFpYUjViQzEzWldKb2IyOXJMWE5sY25acFkyVXUKWkdWbVlYVnNkQzV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHbkVMMzFwaitZdkFUa3N3L09pK2dBTwp5a05uYVhlZ2dLMEtnMW5vZmhXNXlhajBHNU9yVHFyVTBsYm5SVDEwTUgyKzZpcG9JSEVPNEliSTRnUEo0Z2JqCllNb2JQdTJGeDN0TVd2SStTcEs1NEJMT3FlZk5VMEJPV2pwSU5Vcis2MGl1OFZaNDhhYnVLZ0FjUmJSNktiQTIKRlpFN2VsZ0JHbnJ6ZUh1NHlNdEx2VEI2VUNzMFZnL0YvRkdVWjJ1ZnU3bEM5dFVFc3c0U3ZFSEp6ZEZLRnBNOAp3cGZOQU5WOWVEL1dlWDJRNEY5ci9NZm1XUFdIS2pJWTlTRzN1c29VUjlKZzgvZlZFaXBnRlRYQ3NlSnFEb1RECk9hN0J6TnVBZ3NlOVVGUmswc2ZGZnJkM1N4WkVmNHhZVzkwcmtIU3crL0c3Ni9RS3BYeTNaV0FFTXVnZmxsaz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBekVacVQ3Z0RETjNicFJ6ZnlqYzJXcG04U0Q0OUdNVU9oWkMzcW01eThLMW5qVVlWCmpBVHoxbmFhWTVOSExKK1JhN2IvS0tIZWNMUnJ1Z3FyWnJMRGF4clhVUjdzMFZmVVhyZlRBK3grQS9pR1lwK0EKZVViUHMxb3U3a2gzYm5lWjZTbDl2Z0FybEc1M3A5WFhiMnU1aXRNZlVvZkxDcUIwdUNOZGhRb1BwT0U1c3hveQplaE9kcUxtQWFyL0JRdFJPMnovZW9Ka3czQ1AyVG9rYUdsamp1bEJxc3d0UXlaajNFN1hXbm94YlVmTk1RSjQvCmNBL1VwVE85UFJiSklqYWh5cTBJZlpLNllqS0tlZElPdTVKS3VxZ2tueERqVEdtL2cwM3VOdWZMY2pvdnF0Y00KaGFMUkZwZ0tOS0hEc3VKZ2NTYWtJQmNIVWZMQldUUzk3blZjU3dJREFRQUJBb0lCQVFDeG5uU29ObzlvYTZ5bAp5QktMQ1RFWTNGNUx6dHBmSkZFNU1CbVRkeEE0Vi84WFp4NHJMczg2NXN2ZDAxenEzeUNhTVhkeVJEVmZlSEhIClJhbTkxYWg0QTlHL05vMmloYVVpYXVKdm9mMzh3K2RONy9UTS94WndrL1VFdWp3bThKWUNtRkkrbUhWTVRqVjYKMlVUSEhEc3NDK0ZMYU1uU3hxeFd4R0YzNGNTeWpwb3VWNkdxTmY3eDBCa2llb1NieEZTd1cwa3ZreGJsdnpiZQpBTGpmcW1JcTJuWlo2OFZISTRncGR4dlIvU09ENjFRVzc1QU1wUGplbytzOHluaWZ3dDV0Tzh1dU5CRkE2NmJLCjlqRFFuc096RXR5aXZlN1AvWC9BME5YMEdNUFVHOHRBZjFMMFNlV0E4WmtwQ3RsU05KZlVLTWIwM0g3Y2hQVDgKQVhlL0R2MkJBb0dCQU94dytTUVhHQ0lzL3NNUmZ4YjZBS2loSHdDc1BieG1Yck8rNlZFK1F5VHlvMGFYdWxVbQo2UjZxNkNnRlhSWitEL2NKWEpSTUZmYmczK3dlVmtvZkdDeE5rZHl5bDVVUTdHczlVRXd0OXJZMy9PQ1Z5Zjc3Ck4rc0NpbkY0Z0E3amlzRVRSUGhVUUlBVk1wSmlDaHRvTTBTNDBVeXZwMzBTczNDZVBwcTZaczBMQW9HQkFOMHMKUlJnaXlZNjRmbHlrZGl0ZEZubnpocG1Gc3U3NlVHb0ZlYlAzMzdQSk51THJqRWxQUnZTSUtlczlzVUVsN0xRNQpnajg2TjhZY2txRmJyZWVaVkZsYlZNbGZpRjhpaFpacjl2cy9pNFhXeE5aK3ZlM2tEZngrTlpQYmhycmpBbS9JCkFDNXIzTWZNaWNlZEt5c2xlNVd0TjJkVGRBQ1NsUlVLTWxMTmRMWEJBb0dBWHN3YzE5OTZpWmxJdTZVME0xNGgKRFhzc0Z2VDMrNlYvcXNtTWVrcGdXVnYvSXJxS3RzRlhEaml2dy93Q2lwWVlpSTkwVXZEK2pYRXoxbE9EZlV4aQpRTUVKRGxkOGR3UEdCbWthM0xCQkRtWDhPWDlVOGFwL2pQWUQwK0xnVlJmZDlmTm4zN2pIODVLTUtDeXVxTFpxCmQ4OHgrM0VoMGYvQmVoRzRRQWtrVm1rQ2dZRUFzTlRxVVVmTyt1c0xMS3JaU0FaZktCWEtzZ2d4YmR4NFdxd1MKQ0EvUXJYL2RBRVR2bnRWaGw3VWVQdFRPV1pZbTBGbUNoMmJXblBEUFUyOW5kVm9rRkdWdlBxbkE4TDg3SzI4YQp3dnFsWk5hMy9mN0xmOTNzU01ubnNGVytQTUd2ZXd2ZkNUNTRBTTdLQWV6cFRNL2xKV0NlZ1dBNXlSTnBXcThTCldSMm5pSUVDZ1lBMTVUUjZtaXlFdW1Xbnp4MDBURk0zZDNTTC9LejFGSkRSd1BPam45Ri8vRFVKZ0J0RFErQWwKalc5MTFrekpvZjRBMjhVd0FKMFhQbzd5Zkx2bEpobWlPU1BhNi9ja0lsZ0E4S0pFZ2l4RExROHk5QjZqajFoQgpWZk84VVJSL3FUZG9uMTd6L1lHQ09BUzhzWTQ2UEova2J2R1BiUVpOOGFZaGFRSGZidCtUSWc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
  namespace: default
  name: baetyl-tls-secret
type: kubernetes.io/tls

普通密文

普通KV类型配置项 type为 Opaque

apiVersion: v1
kind: Secret
metadata:
  name: dcell
  labels:
    secret: dcell
  annotations:
    secret: dcell
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm
type: Opaque

2.3.2 配置项类资源

普通配置项

apiVersion: v1
kind: ConfigMap
metadata:
  name: common-cm
data:
  example.property.1: hello
  example.property.2: world
  conf.yaml: |-
    property.1: value-1
    property.2: value-2
    property.3: value-3

镜像配置项

label：baetyl-config-type: baetyl-image 必须带，用于区分类型
data：KV类型，且KEY的值必须为address

apiVersion: v1
kind: ConfigMap
metadata:
  name: image-cm
  labels:
    baetyl-config-type: baetyl-image
data:
  address: nginx:latest

引入文件配置项

data：kv类型，key值为文件名，value值如下所示，具体参考api，支持bos、http、s3等引入方式

apiVersion: v1
kind: ConfigMap
metadata:
  name: object-cm
data:
  123.jpg: |-
    type: object
    source: awss3
    account: current
    url: http://download.com/url
    endpoint: http://xx.xx.com
    addressFormat: pathStyle
    bucket: baetyl
    object: func.zip
    unpack: zip
    ak: xx
    sk: xx
    md5: xxxx

函数配置项

label：baetyl-config-type: baetyl-function 必须带，用于区分类型
data：KV类型，key值为函数名，value如下所示

apiVersion: v1
kind: ConfigMap
metadata:
  name: function-cm
  labels:
    baetyl-config-type: baetyl-function
data:
  index.py: |-
    "type": "object"
    "source": "awss3"
    "account": "current"
    "url": "http://download.com/url"
    "endpoint": "http://xx.xx.com"
    "addressFormat": "pathStyle"
    "bucket": "baetyl"
    "object": "func.zip"
    "unpack": "zip"
    "ak": "xx"
    "sk": "xx"
    "md5": "xxxx"

2.3.3 应用类资源

Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - image: nginx:latest
          name: nginx
          ports:
          - containerPort: 80
          volumeMounts:
          - name: common-cm
            mountPath: /etc/config
          - name: dcell
            mountPath: /etc/secret
          - name: cache-volume
            mountPath: /cache
          - name: test-volume
            mountPath: /test-hp
      imagePullSecrets:
        - name: myregistrykey
      volumes:
        - name: common-cm
          configMap:
            name: common-cm
        - name: dcell
          secret:
            secretName: dcell
        - name: cache-volume
          emptyDir: {}
        - name: test-volume
          hostPath:
            path: /var/lib/baetyl
            type: Directory

Daemonset

apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: nginx
  name: dsApp
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
        - image: nginx:latest
          name: nginx
          resources:
            limits:
              memory: 200Mi
            requests:
              cpu: 100m
              memory: 200Mi
          ports:
          - containerPort: 80
          volumeMounts:
          - name: common-cm
            mountPath: /etc/config
          - name: dcell
            mountPath: /etc/secret
          - name: cache-volume
            mountPath: /cache
          - name: test-volume
            mountPath: /test-hp
      imagePullSecrets:
        - name: myregistrykey
      volumes:
        - name: common-cm
          configMap:
            name: common-cm
        - name: dcell
          secret:
            secretName: dcell
        - name: cache-volume
          emptyDir: {}
        - name: test-volume
          hostPath:
            path: /var/lib/baetyl
            type: Directory

Job

apiVersion: batch/v1
kind: Job
metadata:
  name: pi
  labels:
    app: pi
spec:
  backoffLimit: 6
  completions: 1
  parallelism: 1
  template:
    metadata:
      name: pi
    spec:
      containers:
      - name: pi
        image: perl
        command: ["perl",  "-Mbignum=bpi", "-wle", "print bpi(2000)"]
      restartPolicy: Never

2.3.4 service资源demo

NodePort

如果yaml文件中不携带service类型资源，则app的默认模式为ClusterIP模式，如果需要NodePort类型的app，则需要携带NodePort类型的Service，并且端口配置需要与deploy/ds/job中的端口配置关联，目前只支持NodePort类型Service的解析；
若删除资源时，只删除service资源，那么对应的操作是将app的port类型转为ClusterIP类型，端口配置不变，原有的NodePort端口配置删除，不再生效；

apiVersion: v1
kind: Service
metadata:
  labels:
    svc: nginx
  name: nginx-svc
  namespace: default
spec:
  ports:
    - name: web
      port: 80
      targetPort: 80
      nodePort: 8080
  selector:
    app: nginx
  type: NodePort

emptyDir卷使用说明

容器应用状态说明

百度智能云

智能边缘 BIE