原生yaml接入使用说明
更新时间:2023-03-28
背景
目前BIE的云端资源类型均为自定义资源类型,如果用户的应用为原生K8S语义的YAML文件,那么用户需要将原生YAML文件的语义转换成BIE的资源语义进行应用及配置项等的创建,增加用户工作量的同时,语义转换失误就会造成实际下发的应用或配置项与原生YMAL中的应用及配置项产生差异,从而导致应用下发错误等问题。
为了解决上述问题,BIE目前支持原生K8S YAML语义资源文件的接入,用户可将原生YAML文件直接上传,系统会自动创建相应的BIE自定义资源类型,同一YAML文件可存在多种资源类型的定义,"---"分隔即可。
资源类型限制
由于需要与BIE云端自定义资源兼容,因此目前支持的K8S原生资源类型如下所示,除此之外的类型暂不支持:
| 类别 | 资源类型 |
|---|---|
| 资源对象 | Deployment、StatefulSet、DaemonSet、Job、Service |
| 存储对象 | Volume、Secret、ConfigMap |
使用说明
2.1 操作界面
通过应用部署->容器模式->通过YAML编辑打开相应对话框:
用户可以选择创建、更新、删除资源,只需上传对应的YAML文件即可。
2.2 nginx示例应用创建
- 导入一下yaml文件
YAML
1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 labels:
5 app: nginx
6 name: nginx-yaml
7 namespace: default
8spec:
9 replicas: 1
10 selector:
11 matchLabels:
12 app: nginx
13 template:
14 metadata:
15 labels:
16 app: nginx
17 spec:
18 containers:
19 - image: nginx:latest
20 name: nginx
21 ports:
22 - containerPort: 80
23 volumeMounts:
24 - name: common-cm
25 mountPath: /etc/config
26 - name: dcell
27 mountPath: /etc/secret
28 - name: cache-volume
29 mountPath: /cache
30 - name: test-volume
31 mountPath: /test-hp
32 imagePullSecrets:
33 - name: myregistrykey
34 volumes:
35 - name: common-cm
36 configMap:
37 name: common-cm
38 - name: dcell
39 secret:
40 secretName: dcell
41 - name: cache-volume
42 emptyDir: {}
43 - name: test-volume
44 hostPath:
45 path: /var/lib/baetyl
46 type: Directory- 导入后查看创建的nginx应用,如下所示:
2.3 各类型资源创建示例
2.3.1 密文类资源
镜像仓库凭证
- type固定为 kubernetes.io/dockerconfigjson
YAML
1apiVersion: v1
2data:
3 .dockerconfigjson: eyJhdXRocyI6eyJET0NLRVJfUkVHSVNUUllfU0VSVkVSIjp7InVzZXJuYW1lIjoiRE9DS0VSX1VTRVIiLCJwYXNzd29yZCI6IkRPQ0tFUl9QQVNTV09SRCIsImVtYWlsIjoiRE9DS0VSX0VNQUlMIiwiYXV0aCI6IlJFOURTMFZTWDFWVFJWSTZSRTlEUzBWU1gxQkJVMU5YVDFKRSJ9fX0=
4kind: Secret
5metadata:
6 name: myregistrykey
7 namespace: default
8type: kubernetes.io/dockerconfigjson证书
- type固定为 kubernetes.io/tls
YAML
1apiVersion: v1
2data:
3 tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURpekNDQW5PZ0F3SUJBZ0lRWENzeE02UnpjcTJVUk5ROHBINjZKekFOQmdrcWhraUc5dzBCQVFzRkFEQVYKTVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1CNFhEVEl4TVRJeU16QTJOREF5TmxvWERUSXlNVEl5TXpBMgpOREF5Tmxvd0xURXJNQ2tHQTFVRUF4TWlZbUZsZEhsc0xYZGxZbWh2YjJzdGMyVnlkbWxqWlM1a1pXWmhkV3gwCkxuTjJZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNeEdhays0QXd6ZDI2VWMKMzhvM05scVp2RWcrUFJqRkRvV1F0NnB1Y3ZDdFo0MUdGWXdFODlaMm1tT1RSeXlma1d1Mi95aWgzbkMwYTdvSwpxMmF5dzJzYTExRWU3TkZYMUY2MzB3UHNmZ1A0aG1LZmdIbEd6N05hTHU1SWQyNTNtZWtwZmI0QUs1UnVkNmZWCjEyOXJ1WXJUSDFLSHl3cWdkTGdqWFlVS0Q2VGhPYk1hTW5vVG5haTVnR3Evd1VMVVR0cy8zcUNaTU53ajlrNkoKR2hwWTQ3cFFhck1MVU1tWTl4TzExcDZNVzFIelRFQ2VQM0FQMUtVenZUMFd5U0kyb2NxdENIMlN1bUl5aW5uUwpEcnVTU3Jxb0pKOFE0MHhwdjROTjdqYm55M0k2TDZyWERJV2kwUmFZQ2pTaHc3TGlZSEVtcENBWEIxSHl3VmswCnZlNTFYRXNDQXdFQUFhT0J2akNCdXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3RXdZRFZSMGxCQXd3Q2dZSUt3WUIKQlFVSEF3RXdEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUWx0aXVhem9leW5IZVdJQXJWVC9EKwpEeGM1V2pCbEJnTlZIUkVFWGpCY2doWmlZV1YwZVd3dGQyVmlhRzl2YXkxelpYSjJhV05sZ2g1aVlXVjBlV3d0CmQyVmlhRzl2YXkxelpYSjJhV05sTG1SbFptRjFiSFNDSW1KaFpYUjViQzEzWldKb2IyOXJMWE5sY25acFkyVXUKWkdWbVlYVnNkQzV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHbkVMMzFwaitZdkFUa3N3L09pK2dBTwp5a05uYVhlZ2dLMEtnMW5vZmhXNXlhajBHNU9yVHFyVTBsYm5SVDEwTUgyKzZpcG9JSEVPNEliSTRnUEo0Z2JqCllNb2JQdTJGeDN0TVd2SStTcEs1NEJMT3FlZk5VMEJPV2pwSU5Vcis2MGl1OFZaNDhhYnVLZ0FjUmJSNktiQTIKRlpFN2VsZ0JHbnJ6ZUh1NHlNdEx2VEI2VUNzMFZnL0YvRkdVWjJ1ZnU3bEM5dFVFc3c0U3ZFSEp6ZEZLRnBNOAp3cGZOQU5WOWVEL1dlWDJRNEY5ci9NZm1XUFdIS2pJWTlTRzN1c29VUjlKZzgvZlZFaXBnRlRYQ3NlSnFEb1RECk9hN0J6TnVBZ3NlOVVGUmswc2ZGZnJkM1N4WkVmNHhZVzkwcmtIU3crL0c3Ni9RS3BYeTNaV0FFTXVnZmxsaz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
4 tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBekVacVQ3Z0RETjNicFJ6ZnlqYzJXcG04U0Q0OUdNVU9oWkMzcW01eThLMW5qVVlWCmpBVHoxbmFhWTVOSExKK1JhN2IvS0tIZWNMUnJ1Z3FyWnJMRGF4clhVUjdzMFZmVVhyZlRBK3grQS9pR1lwK0EKZVViUHMxb3U3a2gzYm5lWjZTbDl2Z0FybEc1M3A5WFhiMnU1aXRNZlVvZkxDcUIwdUNOZGhRb1BwT0U1c3hveQplaE9kcUxtQWFyL0JRdFJPMnovZW9Ka3czQ1AyVG9rYUdsamp1bEJxc3d0UXlaajNFN1hXbm94YlVmTk1RSjQvCmNBL1VwVE85UFJiSklqYWh5cTBJZlpLNllqS0tlZElPdTVKS3VxZ2tueERqVEdtL2cwM3VOdWZMY2pvdnF0Y00KaGFMUkZwZ0tOS0hEc3VKZ2NTYWtJQmNIVWZMQldUUzk3blZjU3dJREFRQUJBb0lCQVFDeG5uU29ObzlvYTZ5bAp5QktMQ1RFWTNGNUx6dHBmSkZFNU1CbVRkeEE0Vi84WFp4NHJMczg2NXN2ZDAxenEzeUNhTVhkeVJEVmZlSEhIClJhbTkxYWg0QTlHL05vMmloYVVpYXVKdm9mMzh3K2RONy9UTS94WndrL1VFdWp3bThKWUNtRkkrbUhWTVRqVjYKMlVUSEhEc3NDK0ZMYU1uU3hxeFd4R0YzNGNTeWpwb3VWNkdxTmY3eDBCa2llb1NieEZTd1cwa3ZreGJsdnpiZQpBTGpmcW1JcTJuWlo2OFZISTRncGR4dlIvU09ENjFRVzc1QU1wUGplbytzOHluaWZ3dDV0Tzh1dU5CRkE2NmJLCjlqRFFuc096RXR5aXZlN1AvWC9BME5YMEdNUFVHOHRBZjFMMFNlV0E4WmtwQ3RsU05KZlVLTWIwM0g3Y2hQVDgKQVhlL0R2MkJBb0dCQU94dytTUVhHQ0lzL3NNUmZ4YjZBS2loSHdDc1BieG1Yck8rNlZFK1F5VHlvMGFYdWxVbQo2UjZxNkNnRlhSWitEL2NKWEpSTUZmYmczK3dlVmtvZkdDeE5rZHl5bDVVUTdHczlVRXd0OXJZMy9PQ1Z5Zjc3Ck4rc0NpbkY0Z0E3amlzRVRSUGhVUUlBVk1wSmlDaHRvTTBTNDBVeXZwMzBTczNDZVBwcTZaczBMQW9HQkFOMHMKUlJnaXlZNjRmbHlrZGl0ZEZubnpocG1Gc3U3NlVHb0ZlYlAzMzdQSk51THJqRWxQUnZTSUtlczlzVUVsN0xRNQpnajg2TjhZY2txRmJyZWVaVkZsYlZNbGZpRjhpaFpacjl2cy9pNFhXeE5aK3ZlM2tEZngrTlpQYmhycmpBbS9JCkFDNXIzTWZNaWNlZEt5c2xlNVd0TjJkVGRBQ1NsUlVLTWxMTmRMWEJBb0dBWHN3YzE5OTZpWmxJdTZVME0xNGgKRFhzc0Z2VDMrNlYvcXNtTWVrcGdXVnYvSXJxS3RzRlhEaml2dy93Q2lwWVlpSTkwVXZEK2pYRXoxbE9EZlV4aQpRTUVKRGxkOGR3UEdCbWthM0xCQkRtWDhPWDlVOGFwL2pQWUQwK0xnVlJmZDlmTm4zN2pIODVLTUtDeXVxTFpxCmQ4OHgrM0VoMGYvQmVoRzRRQWtrVm1rQ2dZRUFzTlRxVVVmTyt1c0xMS3JaU0FaZktCWEtzZ2d4YmR4NFdxd1MKQ0EvUXJYL2RBRVR2bnRWaGw3VWVQdFRPV1pZbTBGbUNoMmJXblBEUFUyOW5kVm9rRkdWdlBxbkE4TDg3SzI4YQp3dnFsWk5hMy9mN0xmOTNzU01ubnNGVytQTUd2ZXd2ZkNUNTRBTTdLQWV6cFRNL2xKV0NlZ1dBNXlSTnBXcThTCldSMm5pSUVDZ1lBMTVUUjZtaXlFdW1Xbnp4MDBURk0zZDNTTC9LejFGSkRSd1BPam45Ri8vRFVKZ0J0RFErQWwKalc5MTFrekpvZjRBMjhVd0FKMFhQbzd5Zkx2bEpobWlPU1BhNi9ja0lsZ0E4S0pFZ2l4RExROHk5QjZqajFoQgpWZk84VVJSL3FUZG9uMTd6L1lHQ09BUzhzWTQ2UEova2J2R1BiUVpOOGFZaGFRSGZidCtUSWc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
5kind: Secret
6metadata:
7 namespace: default
8 name: baetyl-tls-secret
9type: kubernetes.io/tls普通密文
- 普通KV类型配置项 type为 Opaque
YAML
1apiVersion: v1
2kind: Secret
3metadata:
4 name: dcell
5 labels:
6 secret: dcell
7 annotations:
8 secret: dcell
9data:
10 username: YWRtaW4=
11 password: MWYyZDFlMmU2N2Rm
12type: Opaque2.3.2 配置项类资源
普通配置项
YAML
1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: common-cm
5data:
6 example.property.1: hello
7 example.property.2: world
8 conf.yaml: |-
9 property.1: value-1
10 property.2: value-2
11 property.3: value-3镜像配置项
- label:baetyl-config-type: baetyl-image 必须带,用于区分类型
- data:KV类型,且KEY的值必须为address
YAML
1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: image-cm
5 labels:
6 baetyl-config-type: baetyl-image
7data:
8 address: nginx:latest引入文件配置项
- data:kv类型,key值为文件名,value值如下所示,具体参考api,支持bos、http、s3等引入方式
YAML
1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: object-cm
5data:
6 123.jpg: |-
7 type: object
8 source: awss3
9 account: current
10 url: http://download.com/url
11 endpoint: http://xx.xx.com
12 addressFormat: pathStyle
13 bucket: baetyl
14 object: func.zip
15 unpack: zip
16 ak: xx
17 sk: xx
18 md5: xxxx函数配置项
- label:baetyl-config-type: baetyl-function 必须带,用于区分类型
- data:KV类型,key值为函数名,value如下所示
YAML
1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: function-cm
5 labels:
6 baetyl-config-type: baetyl-function
7data:
8 index.py: |-
9 "type": "object"
10 "source": "awss3"
11 "account": "current"
12 "url": "http://download.com/url"
13 "endpoint": "http://xx.xx.com"
14 "addressFormat": "pathStyle"
15 "bucket": "baetyl"
16 "object": "func.zip"
17 "unpack": "zip"
18 "ak": "xx"
19 "sk": "xx"
20 "md5": "xxxx"2.3.3 应用类资源
Deployment
YAML
1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 labels:
5 app: nginx
6 name: nginx
7 namespace: default
8spec:
9 replicas: 1
10 selector:
11 matchLabels:
12 app: nginx
13 strategy:
14 rollingUpdate:
15 maxSurge: 25%
16 maxUnavailable: 25%
17 type: RollingUpdate
18 template:
19 metadata:
20 labels:
21 app: nginx
22 spec:
23 containers:
24 - image: nginx:latest
25 name: nginx
26 ports:
27 - containerPort: 80
28 volumeMounts:
29 - name: common-cm
30 mountPath: /etc/config
31 - name: dcell
32 mountPath: /etc/secret
33 - name: cache-volume
34 mountPath: /cache
35 - name: test-volume
36 mountPath: /test-hp
37 imagePullSecrets:
38 - name: myregistrykey
39 volumes:
40 - name: common-cm
41 configMap:
42 name: common-cm
43 - name: dcell
44 secret:
45 secretName: dcell
46 - name: cache-volume
47 emptyDir: {}
48 - name: test-volume
49 hostPath:
50 path: /var/lib/baetyl
51 type: DirectoryDaemonset
YAML
1apiVersion: apps/v1
2kind: DaemonSet
3metadata:
4 labels:
5 app: nginx
6 name: dsApp
7 namespace: default
8spec:
9 replicas: 1
10 selector:
11 matchLabels:
12 app: nginx
13 template:
14 metadata:
15 labels:
16 app: nginx
17 spec:
18 containers:
19 - image: nginx:latest
20 name: nginx
21 resources:
22 limits:
23 memory: 200Mi
24 requests:
25 cpu: 100m
26 memory: 200Mi
27 ports:
28 - containerPort: 80
29 volumeMounts:
30 - name: common-cm
31 mountPath: /etc/config
32 - name: dcell
33 mountPath: /etc/secret
34 - name: cache-volume
35 mountPath: /cache
36 - name: test-volume
37 mountPath: /test-hp
38 imagePullSecrets:
39 - name: myregistrykey
40 volumes:
41 - name: common-cm
42 configMap:
43 name: common-cm
44 - name: dcell
45 secret:
46 secretName: dcell
47 - name: cache-volume
48 emptyDir: {}
49 - name: test-volume
50 hostPath:
51 path: /var/lib/baetyl
52 type: DirectoryJob
YAML
1apiVersion: batch/v1
2kind: Job
3metadata:
4 name: pi
5 labels:
6 app: pi
7spec:
8 backoffLimit: 6
9 completions: 1
10 parallelism: 1
11 template:
12 metadata:
13 name: pi
14 spec:
15 containers:
16 - name: pi
17 image: perl
18 command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
19 restartPolicy: Never2.3.4 service资源demo
NodePort
- 如果yaml文件中不携带service类型资源,则app的默认模式为ClusterIP模式,如果需要NodePort类型的app,则需要携带NodePort类型的Service,并且端口配置需要与deploy/ds/job中的端口配置关联,目前只支持NodePort类型Service的解析;
- 若删除资源时,只删除service资源,那么对应的操作是将app的port类型转为ClusterIP类型,端口配置不变,原有的NodePort端口配置删除,不再生效;
YAML
1apiVersion: v1
2kind: Service
3metadata:
4 labels:
5 svc: nginx
6 name: nginx-svc
7 namespace: default
8spec:
9 ports:
10 - name: web
11 port: 80
12 targetPort: 80
13 nodePort: 8080
14 selector:
15 app: nginx
16 type: NodePort