將 Kubernetes 元件新增到 Automation Assembler 雲端範本時,您可以選擇新增叢集或讓使用者能夠在各種組態中建立命名空間。此選項通常取決於存取控制需求、設定 Kubernetes 元件的方式以及部署需求。
若要在 Automation Assembler 中將 Kubernetes 元件新增至雲端範本,請選取 ,按一下新增,然後找到並展開左側功能表上的 Kubernetes 選項。然後,透過將所需選項 (叢集或 KBS 命名空間) 拖曳至畫布來進行選取。
將與專案相關聯的 Kubernetes 叢集新增至雲端範本,是使 Kubernetes 資源可供有效使用者使用的最簡單方法。您可以在叢集上使用標籤來控制其部署位置,如同處理其他 Automation Assembler 資源一樣。在叢集部署的配置階段,可以使用標籤來選取區域和 VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) 計劃。
一旦以這種方式新增叢集,該叢集就會自動可供所有有效的使用者使用。
雲端範本範例
第一個雲端範本範例會顯示透過標記來控制的簡單 Kubernetes 部署的範本。Kubernetes 區域是使用在 [新增 Kubernetes 區域] 頁面上設定的兩個部署計劃建立的。在此案例中,名為 placement:tag
的標籤已新增為區域上的一項功能,用於比對雲端範本上的類似限制。如果有多個區域設定了此標籤,則會選取具有最低優先順序編號的區域。
formatVersion: 1 inputs: {} resources: Cluster_provisioned_from_tag: type: Cloud.K8S.Cluster properties: hostname: 109.129.209.125 constraints: -tag: 'placement tag' port: 7003 workers: 1 connectBy: hostname
第二個雲端範本範例顯示如何使用名為 $(input.hostname) 的變數設定範本,以便使用者能夠在請求部署時輸入所需的叢集主機名稱。在叢集部署的資源配置階段,也可以使用標籤來選取區域和 TKGI 計劃。
formatVersion: 1 inputs: hostname: type: string title: Cluster hostname resources: Cloud_K8S_Cluster_1: type: Cloud.K8S.Cluster properties: hostname: ${input.hostname} port: 8443 connectBy: hostname workers: 1
如果您想要使用命名空間來管理叢集使用率,您可以在名為 name: ${input.name} 的雲端範本中設定一個變數,以取代請求部署時使用者輸入的命名空間名稱。對於此類部署,您需要建立一個如以下範例所示的範本:
1 formatVersion: 1 2 inputs: 3 name: 4 type: string 5 title: "Namespace name" 6 resources: 7 Cloud_KBS_Namespace_1: 8 type: Cloud.K8S.Namespace 9 properties: 10 name: ${input.name}
使用者可以透過 kubeconfig 檔案來管理已部署的叢集,這些檔案可從Kubeconfig。
頁面存取。在頁面上找到所需叢集對應的卡,然後按一下VMware Cloud Templates 中的主管命名空間
以下是 Automation Assembler 雲端範本中基本主管命名空間的架構。
{ "title": "Supervisor namespace schema", "description": "Request schema for provisioning of Supervisor namespace resource", "type": "object", "properties": { "name": { "title": "Name", "description": "Alphabetic (a-z and 0-9) string with maximum length of 63 characters. The character ‘-’ is allowed anywhere except the first or last position of the identifier.", "type": "string", "pattern": "^.*\\$\\{.*\\}.*$|^((?!-)[a-z0-9-]{1,63}(?<!-))$", "ignoreOnUpdate": true }, "description": { "title": "Description", "description": "An optional description of this Supervisor namespace.", "type": "string", "ignoreOnUpdate": true }, "content": { "title": "Content", "description": "Kubernetes Yaml Content", "type": "string", "maxLength": 65000 }, "constraints": { "title": "Constraints", "description": "To target the correct resources, blueprint constraints are matched against infrastructure capability tags. Constraints must include the key name. Options include value, negative [!], and hard or soft requirement.", "type": "array", "recreateOnUpdate": true, "items": { "type": "object", "properties": { "tag": { "title": "Tag", "description": "Constraint definition in syntax `[!]tag_key[:tag_value][:hard|:soft]` \nExamples:\n```\n!location:eu:hard\n location:us:soft\n!pci\n```", "type": "string", "recreateOnUpdate": true } } } }, "limits": { "title": "Limits", "description": "Defines namespace resource limits such as pods, services, etc.", "type": "object", "properties": { "stateful_set_count": { "title": "stateful_set_count", "description": "This represents the new value for 'statefulSetCount' option which is the maximum number of StatefulSets in the namespace.", "type": "integer", "recreateOnUpdate": false }, "deployment_count": { "title": "deployment_count", "description": "This represents the new value for 'deploymentCount' option which is the maximum number of deployments in the namespace.", "type": "integer", "recreateOnUpdate": false }, "cpu_limit_default": { "title": "cpu_limit_default", "description": "This represents the new value for the default CPU limit (in Mhz) for containers in the pod. If specified, this limit should be at least 10 MHz.", "type": "integer", "recreateOnUpdate": false }, "config_map_count": { "title": "config_map_count", "description": "This represents the new value for 'configMapCount' option which is the maximum number of ConfigMaps in the namespace.", "type": "integer", "recreateOnUpdate": false }, "pod_count": { "title": "pod_count", "description": "This represents the new value for 'podCount' option which is the maximum number of pods in the namespace.", "type": "integer", "recreateOnUpdate": false }, "job_count": { "title": "job_count", "description": "This represents the new value for 'jobCount' option which is the maximum number of jobs in the namespace.", "type": "integer", "recreateOnUpdate": false }, "secret_count": { "title": "secret_count", "description": "This represents the new value for 'secretCount' option which is the maximum number of secrets in the namespace.", "type": "integer", "recreateOnUpdate": false }, "cpu_limit": { "title": "cpu_limit", "description": "This represents the new value for 'limits.cpu' option which is equivalent to the maximum CPU limit (in MHz) across all pods in the namespace.", "type": "integer", "recreateOnUpdate": false }, "cpu_request_default": { "title": "cpu_request_default", "description": "This represents the new value for the default CPU request (in Mhz) for containers in the pod. If specified, this field should be at least 10 MHz.", "type": "integer", "recreateOnUpdate": false }, "memory_limit_default": { "title": "memory_limit_default", "description": "This represents the new value for the default memory limit (in mebibytes) for containers in the pod.", "type": "integer", "recreateOnUpdate": false }, "memory_limit": { "title": "memory_limit", "description": "This represents the new value for 'limits.memory' option which is equivalent to the maximum memory limit (in mebibytes) across all pods in the namespace.", "type": "integer", "recreateOnUpdate": false }, "memory_request_default": { "title": "memory_request_default", "description": "This represents the new value for the default memory request (in mebibytes) for containers in the pod.", "type": "integer", "recreateOnUpdate": false }, "service_count": { "title": "service_count", "description": "This represents the new value for 'serviceCount' option which is the maximum number of services in the namespace.", "type": "integer", "recreateOnUpdate": false }, "replica_set_count": { "title": "replica_set_count", "description": "This represents the new value for 'replicaSetCount' option which is the maximum number of ReplicaSets in the namespace.", "type": "integer", "recreateOnUpdate": false }, "replication_controller_count": { "title": "replication_controller_count", "description": "This represents the new value for 'replicationControllerCount' option which is the maximum number of ReplicationControllers in the namespace.", "type": "integer", "recreateOnUpdate": false }, "storage_request_limit": { "title": "storage_request_limit", "description": "This represents the new value for 'requests.storage' which is the limit on storage requests (in mebibytes) across all persistent volume claims from pods in the namespace.", "type": "integer", "recreateOnUpdate": false }, "persistent_volume_claim_count": { "title": "persistent_volume_claim_count", "description": "This represents the new value for 'persistentVolumeClaimCount' option which is the maximum number of PersistentVolumeClaims in the namespace.", "type": "integer", "recreateOnUpdate": false }, "daemon_set_count": { "title": "daemon_set_count", "description": "This represents the new value for 'daemonSetCount' option which is the maximum number of DaemonSets in the namespace.", "type": "integer", "recreateOnUpdate": false } }, "additionalProperties": false }, "vm_classes": { "title": "VM classes", "description": "Defines set of Virtual Machine classes to be assigned to the namespace", "type": "array", "recreateOnUpdate": false, "items": { "type": "object", "properties": { "name": { "title": "Name", "description": "Name of the Virtual Machine class.", "type": "string", "recreateOnUpdate": false } } } }, "storage": { "title": "Storage policies", "description": "Defines set of storage profiles to be used to assign storage policies to the namespace.", "type": "array", "recreateOnUpdate": false, "items": { "type": "object", "properties": { "profile": { "type": "object", "title": "Storage profile", "description": "Defines storage policies to be assigned to the namespace", "recreateOnUpdate": false, "properties": { "constraints": { "title": "Constraints", "description": "To target the correct storage profiles, blueprint constraints are matched against storage profile capability tags.", "type": "array", "recreateOnUpdate": false, "items": { "type": "object", "properties": { "tag": { "title": "Tag", "description": "Constraint definition in syntax `[!]tag_key[:tag_value][:hard|:soft]` \nExamples:\n```\nlocation:eu:hard\n location:us:soft\n```", "type": "string", "recreateOnUpdate": false } } }, "minItems":1 }, "limitMb": { "title": "Limit", "description": "The maximum amount of storage (in mebibytes) which can be utilized by the namespace for this storage policy. Optional. If unset, no limits are placed.", "type": "integer" } }, "required": [ "constraints" ] } } } } }, "required": [ "name" ] }
VMware Cloud Templates 支援對主管命名空間使用限制。限制可讓您控制 CPU 和記憶體的資源使用率,以及已部署機器允許在命名空間中使用的網繭數目上限。
formatVersion: 1 inputs: {} resources: Cloud_SV_Namespace_1: type: Cloud.SV.Namespace properties: name: '${env.deploymentName}' limits: - cpu_limit: 1000 cpu_request_default: 800 memory_limit: 2000 memory_limit_default: 1500 pod_count: 200
以下範例顯示了如何使用標籤指定儲存區原則。
formatVersion: 1 inputs: {} resources: Cloud_SV_Namespace_1: type: Cloud.SV.Namespace properties: name: 'ns-with-storage-policy' description: 'sample' storage: - profile: limitMb: 1000 constraints: - tag: 'storage:fast' - profile: constraints: - tag: 'storage:cheap'
對自助服務命名空間或叢集 VCT 使用任意 YAML
在叢集或命名空間建立過程中,您可能希望執行其他自訂。例如,您可能希望新增使用者 (角色/角色繫結)、建立網繭安全性原則,或安裝代理程式。透過使用 YAML content
內容,您可以定義要在該叢集/命名空間/主管命名空間上佈建的自訂套件。
與 content
內容關聯的每個 YAML 內容套件都必須使用三短劃線 (---) 分隔。此外,內容資訊必須是多行字串。請參閱以下 YAML 範例,瞭解如何設定內容套件。
formatVersion: 1 inputs: {} resources: Cloud_Tanzu_Cluster_1: type: Cloud.Tanzu.Cluster properties: name: ddonchev-tkc plan: small content: |- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: psp:authenticated-from-yaml subjects: - apiGroup: rbac.authorization.k8s.io kind: Group name: system:authenticated roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: psp:vmware-system-privileged --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: <plural>.<group> name: crontabs.stable.example.com spec: # group name to use for REST API: /apis/<group>/<version> group: stable.example.com # list of versions supported by this CustomResourceDefinition versions: - name: v1 # Each version can be enabled/disabled by Served flag. served: true # One and only one version must be marked as the storage version. storage: true schema: openAPIV3Schema: type: object properties: spec: type: object properties: cronSpec: type: string image: type: string replicas: type: integer # either Namespaced or Cluster scope: Namespaced names: # plural name to be used in the URL: /apis/<group>/<version>/<plural> plural: crontabs # singular name to be used as an alias on the CLI and for display singular: crontab # kind is normally the CamelCased singular type. Your resource manifests use this. kind: CronTab # shortNames allow shorter string to match your resource on the CLI shortNames: - ct
內容屬性中定義的 YAML 也會顯示在部署的 [內容] 索引標籤上。
Automation Assembler 只能在部署的資源範圍內建立內容資源。例如:如果佈建 kubernetes 命名空間,則 Automation Assembler 無法在其他命名空間中建立部署。使用者擁有的權限就像他們在 kubectl 中使用 kubeconfig 時一樣。
佈建虛擬機器後,將開始安裝 content
內容中的 kubernetes 物件。如果 YAML 內容屬性中參考的某個資源無法佈建,Automation Assembler 將復原並從資源中刪除所有以前的 kubernetes 物件,並且部署的狀態為 [失敗]。該資源仍將進行佈建且可見。此外,您仍然可以使用第 2 天動作,包括嘗試再次套用內容。
可以使用雲端範本中的輸入增強 content
內容,如以下範例中所示。
formatVersion: 1 inputs: {} resources: Cloud_SV_Namespace_1: type: Cloud.SV.Namespace properties: name: sv-namespace-with-vm-classes vm_classes: - name: best-effort-2xlarge - name: best-effort-4xlarge - name: best-effort-8xlarge
此外,還可以佈建自訂資源,例如 TanzuKubernetesCluster
。此動作作為第 1 天作業將會失敗,因為主管命名空間將不包含所需的虛擬機器類別和儲存區類別。當虛擬機器類別和儲存區類別繫結到主管命名空間時,可以使用第 2 天動作建立 TanzuKubernetesCluster
(或其他資源)。
附註:可以佈建不含內容的資源,並且仍可以透過第 2 天動作以 YAML 的形式新增 kubernetes 物件。
YAML 內容中顯示的內容定義了在資源上佈建的內容。編輯此內容時,下表顯示了可能的結果:
動作 | 結果 |
---|---|
如果新增 kubernetes 物件並提交。 | 在資源上建立指定的物件。 |
如果移除 kubernetes 物件並提交。 | 從資源中刪除指定的物件。 |
如果修改 kubernetes 物件並提交。 | 在資源上修補指定的物件。 |
請務必釐清哪些動作視為對目前物件的修改。例如:如果修改物件的命名空間欄位,則會建立一個新物件,而不是要修補的舊物件。
資源的唯一性由以下欄位定義:apiVersion
、kind
、metadata.name
、metadata.namespace