將 Kubernetes 元件新增到 Automation Assembler 雲端範本時,您可以選擇新增叢集或讓使用者能夠在各種組態中建立命名空間。此選項通常取決於存取控制需求、設定 Kubernetes 元件的方式以及部署需求。

若要在 Automation Assembler 中將 Kubernetes 元件新增至雲端範本,請選取設計 > 雲端範本,按一下新增,然後找到並展開左側功能表上的 Kubernetes 選項。然後,透過將所需選項 (叢集或 KBS 命名空間) 拖曳至畫布來進行選取。

將與專案相關聯的 Kubernetes 叢集新增至雲端範本,是使 Kubernetes 資源可供有效使用者使用的最簡單方法。您可以在叢集上使用標籤來控制其部署位置,如同處理其他 Automation Assembler 資源一樣。在叢集部署的配置階段,可以使用標籤來選取區域和 VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) 計劃。

一旦以這種方式新增叢集,該叢集就會自動可供所有有效的使用者使用。

雲端範本範例

第一個雲端範本範例會顯示透過標記來控制的簡單 Kubernetes 部署的範本。Kubernetes 區域是使用在 [新增 Kubernetes 區域] 頁面上設定的兩個部署計劃建立的。在此案例中,名為 placement:tag 的標籤已新增為區域上的一項功能,用於比對雲端範本上的類似限制。如果有多個區域設定了此標籤,則會選取具有最低優先順序編號的區域。

formatVersion: 1
inputs: {}
resources:
  Cluster_provisioned_from_tag:
    type: Cloud.K8S.Cluster
    properties:
      hostname: 109.129.209.125
      constraints:
	-tag: 'placement tag'
      port: 7003
      workers: 1
      connectBy: hostname 

第二個雲端範本範例顯示如何使用名為 $(input.hostname) 的變數設定範本,以便使用者能夠在請求部署時輸入所需的叢集主機名稱。在叢集部署的資源配置階段,也可以使用標籤來選取區域和 TKGI 計劃。

formatVersion: 1
inputs:
  hostname:
    type: string
    title: Cluster hostname
resources:
  Cloud_K8S_Cluster_1:
    type: Cloud.K8S.Cluster
    properties:
      hostname: ${input.hostname}
      port: 8443
      connectBy: hostname
      workers: 1

如果您想要使用命名空間來管理叢集使用率,您可以在名為 name: ${input.name} 的雲端範本中設定一個變數,以取代請求部署時使用者輸入的命名空間名稱。對於此類部署,您需要建立一個如以下範例所示的範本:

1 formatVersion: 1
2 inputs:
3 name:
4    type: string
5    title: "Namespace name"
6 resources:
7    Cloud_KBS_Namespace_1:
8        type: Cloud.K8S.Namespace
9        properties:
10            name: ${input.name}

使用者可以透過 kubeconfig 檔案來管理已部署的叢集,這些檔案可從基礎結構 > 資源 > Kubernetes 叢集頁面存取。在頁面上找到所需叢集對應的卡,然後按一下 Kubeconfig

VMware Cloud Templates 中的主管命名空間

以下是 Automation Assembler 雲端範本中基本主管命名空間的架構。

{
  "title": "Supervisor namespace schema",
  "description": "Request schema for provisioning of Supervisor namespace resource",
  "type": "object",
  "properties": {
    "name": {
      "title": "Name",
      "description": "Alphabetic (a-z and 0-9) string with maximum length of 63 characters. The character ‘-’ is allowed anywhere except the first or last position of the identifier.",
      "type": "string",
      "pattern": "^.*\\$\\{.*\\}.*$|^((?!-)[a-z0-9-]{1,63}(?<!-))$",
      "ignoreOnUpdate": true
    },
    "description": {
      "title": "Description",
      "description": "An optional description of this Supervisor namespace.",
      "type": "string",
      "ignoreOnUpdate": true
    },
    "content": {
      "title": "Content",
      "description": "Kubernetes Yaml Content",
      "type": "string",
      "maxLength": 65000
    },
    "constraints": {
      "title": "Constraints",
      "description": "To target the correct resources, blueprint constraints are matched against infrastructure capability tags. Constraints must include the key name. Options include value, negative [!], and hard or soft requirement.",
      "type": "array",
      "recreateOnUpdate": true,
      "items": {
        "type": "object",
        "properties": {
          "tag": {
            "title": "Tag",
            "description": "Constraint definition in syntax `[!]tag_key[:tag_value][:hard|:soft]` \nExamples:\n```\n!location:eu:hard\n location:us:soft\n!pci\n```",
            "type": "string",
            "recreateOnUpdate": true
          }
        }
      }
    },
    "limits": {
      "title": "Limits",
      "description": "Defines namespace resource limits such as pods, services, etc.",
      "type": "object",
      "properties": {
        "stateful_set_count": {
          "title": "stateful_set_count",
          "description": "This represents the new value for 'statefulSetCount' option which is the maximum number of StatefulSets in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "deployment_count": {
          "title": "deployment_count",
          "description": "This represents the new value for 'deploymentCount' option which is the maximum number of deployments in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "cpu_limit_default": {
          "title": "cpu_limit_default",
          "description": "This represents the new value for the default CPU limit (in Mhz) for containers in the pod. If specified, this limit should be at least 10 MHz.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "config_map_count": {
          "title": "config_map_count",
          "description": "This represents the new value for 'configMapCount' option which is the maximum number of ConfigMaps in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "pod_count": {
          "title": "pod_count",
          "description": "This represents the new value for 'podCount' option which is the maximum number of pods in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "job_count": {
          "title": "job_count",
          "description": "This represents the new value for 'jobCount' option which is the maximum number of jobs in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "secret_count": {
          "title": "secret_count",
          "description": "This represents the new value for 'secretCount' option which is the maximum number of secrets in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "cpu_limit": {
          "title": "cpu_limit",
          "description": "This represents the new value for 'limits.cpu' option which is equivalent to the maximum CPU limit (in MHz) across all pods in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "cpu_request_default": {
          "title": "cpu_request_default",
          "description": "This represents the new value for the default CPU request (in Mhz) for containers in the pod. If specified, this field should be at least 10 MHz.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "memory_limit_default": {
          "title": "memory_limit_default",
          "description": "This represents the new value for the default memory limit (in mebibytes) for containers in the pod.",
         "type": "integer",
          "recreateOnUpdate": false
        },
        "memory_limit": {
          "title": "memory_limit",
          "description": "This represents the new value for 'limits.memory' option which is equivalent to the maximum memory limit (in mebibytes) across all pods in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "memory_request_default": {
          "title": "memory_request_default",
          "description": "This represents the new value for the default memory request (in mebibytes) for containers in the pod.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "service_count": {
          "title": "service_count",
          "description": "This represents the new value for 'serviceCount' option which is the maximum number of services in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "replica_set_count": {
          "title": "replica_set_count",
          "description": "This represents the new value for 'replicaSetCount' option which is the maximum number of ReplicaSets in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "replication_controller_count": {
          "title": "replication_controller_count",
          "description": "This represents the new value for 'replicationControllerCount' option which is the maximum number of ReplicationControllers in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "storage_request_limit": {
          "title": "storage_request_limit",
          "description": "This represents the new value for 'requests.storage' which is the limit on storage requests (in mebibytes) across all persistent volume claims from pods in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "persistent_volume_claim_count": {
          "title": "persistent_volume_claim_count",
          "description": "This represents the new value for 'persistentVolumeClaimCount' option which is the maximum number of PersistentVolumeClaims in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        },
        "daemon_set_count": {
          "title": "daemon_set_count",
          "description": "This represents the new value for 'daemonSetCount' option which is the maximum number of DaemonSets in the namespace.",
          "type": "integer",
          "recreateOnUpdate": false
        }
      },
      "additionalProperties": false
    },
    "vm_classes": {
      "title": "VM classes",
      "description": "Defines set of Virtual Machine classes to be assigned to the namespace",
      "type": "array",
      "recreateOnUpdate": false,
      "items": {
        "type": "object",
        "properties": {
          "name": {
            "title": "Name",
            "description": "Name of the Virtual Machine class.",
            "type": "string",
            "recreateOnUpdate": false
          }
        }
      }
    },
    "storage": {
      "title": "Storage policies",
      "description": "Defines set of storage profiles to be used to assign storage policies to the namespace.",
      "type": "array",
      "recreateOnUpdate": false,
      "items": {
        "type": "object",
        "properties": {
          "profile": {
            "type": "object",
            "title": "Storage profile",
            "description": "Defines storage policies to be assigned to the namespace",
            "recreateOnUpdate": false,
            "properties": {
              "constraints": {
                "title": "Constraints",
                "description": "To target the correct storage profiles, blueprint constraints are matched against storage profile capability tags.",
                "type": "array",
                "recreateOnUpdate": false,
                "items": {
                  "type": "object",
                  "properties": {
                    "tag": {
                      "title": "Tag",
                      "description": "Constraint definition in syntax `[!]tag_key[:tag_value][:hard|:soft]` \nExamples:\n```\nlocation:eu:hard\n location:us:soft\n```",
                      "type": "string",
                      "recreateOnUpdate": false
                    }
                  }
                },
                "minItems":1
              },
              "limitMb": {
                "title": "Limit",
                "description": "The maximum amount of storage (in mebibytes) which can be utilized by the namespace for this storage policy. Optional. If unset, no limits are placed.",
                "type": "integer"
              }
            },
            "required": [
              "constraints"
            ]
          }
        }
      }
    }
  },
  "required": [
    "name"
  ]
}

VMware Cloud Templates 支援對主管命名空間使用限制。限制可讓您控制 CPU 和記憶體的資源使用率,以及已部署機器允許在命名空間中使用的網繭數目上限。

formatVersion: 1
inputs: {}
resources:
  Cloud_SV_Namespace_1:
    type: Cloud.SV.Namespace
    properties:
      name: '${env.deploymentName}'
      limits:
        - cpu_limit: 1000
          cpu_request_default: 800
          memory_limit: 2000
          memory_limit_default: 1500
          pod_count: 200

以下範例顯示了如何使用標籤指定儲存區原則。

formatVersion: 1
inputs: {}
resources:
  Cloud_SV_Namespace_1:
    type: Cloud.SV.Namespace
    properties:
      name: 'ns-with-storage-policy'
      description: 'sample'
      storage: 
        - profile: 
            limitMb: 1000
            constraints: 
              - tag: 'storage:fast'
        - profile: 
            constraints: 
              - tag: 'storage:cheap'

對自助服務命名空間或叢集 VCT 使用任意 YAML

在叢集或命名空間建立過程中,您可能希望執行其他自訂。例如,您可能希望新增使用者 (角色/角色繫結)、建立網繭安全性原則,或安裝代理程式。透過使用 YAML content 內容,您可以定義要在該叢集/命名空間/主管命名空間上佈建的自訂套件。

content 內容關聯的每個 YAML 內容套件都必須使用三短劃線 (---) 分隔。此外,內容資訊必須是多行字串。請參閱以下 YAML 範例,瞭解如何設定內容套件。

formatVersion: 1
inputs: {}
resources:
  Cloud_Tanzu_Cluster_1:
    type: Cloud.Tanzu.Cluster
    properties:
      name: ddonchev-tkc
      plan: small
      content: |-
        apiVersion: rbac.authorization.k8s.io/v1
        kind: ClusterRoleBinding
        metadata:
          name: psp:authenticated-from-yaml
        subjects:
        - apiGroup: rbac.authorization.k8s.io
          kind: Group
          name: system:authenticated
        roleRef:
          apiGroup: rbac.authorization.k8s.io
          kind: ClusterRole
          name: psp:vmware-system-privileged
        ---
        apiVersion: apiextensions.k8s.io/v1
        kind: CustomResourceDefinition
        metadata:
          # name must match the spec fields below, and be in the form: <plural>.<group>
          name: crontabs.stable.example.com
        spec:
          # group name to use for REST API: /apis/<group>/<version>
          group: stable.example.com
          # list of versions supported by this CustomResourceDefinition
          versions:
            - name: v1
              # Each version can be enabled/disabled by Served flag.
              served: true
              # One and only one version must be marked as the storage version.
              storage: true
              schema:
                openAPIV3Schema:
                  type: object
                  properties:
                    spec:
                      type: object
                      properties:
                        cronSpec:
                          type: string
                        image:
                          type: string
                        replicas:
                          type: integer
          # either Namespaced or Cluster
          scope: Namespaced
          names:
            # plural name to be used in the URL: /apis/<group>/<version>/<plural>
            plural: crontabs
            # singular name to be used as an alias on the CLI and for display
            singular: crontab
            # kind is normally the CamelCased singular type. Your resource manifests use this.
            kind: CronTab
            # shortNames allow shorter string to match your resource on the CLI
            shortNames:
            - ct

內容屬性中定義的 YAML 也會顯示在部署的 [內容] 索引標籤上。

Automation Assembler 只能在部署的資源範圍內建立內容資源。例如:如果佈建 kubernetes 命名空間,則 Automation Assembler 無法在其他命名空間中建立部署。使用者擁有的權限就像他們在 kubectl 中使用 kubeconfig 時一樣。

佈建虛擬機器後,將開始安裝 content 內容中的 kubernetes 物件。如果 YAML 內容屬性中參考的某個資源無法佈建,Automation Assembler 將復原並從資源中刪除所有以前的 kubernetes 物件,並且部署的狀態為 [失敗]。該資源仍將進行佈建且可見。此外,您仍然可以使用第 2 天動作,包括嘗試再次套用內容。

可以使用雲端範本中的輸入增強 content 內容,如以下範例中所示。

formatVersion: 1
inputs: {}
resources:
  Cloud_SV_Namespace_1:
    type: Cloud.SV.Namespace
    properties:
      name: sv-namespace-with-vm-classes
      vm_classes:
        - name: best-effort-2xlarge
        - name: best-effort-4xlarge
        - name: best-effort-8xlarge

此外,還可以佈建自訂資源,例如 TanzuKubernetesCluster。此動作作為第 1 天作業將會失敗,因為主管命名空間將不包含所需的虛擬機器類別和儲存區類別。當虛擬機器類別和儲存區類別繫結到主管命名空間時,可以使用第 2 天動作建立 TanzuKubernetesCluster (或其他資源)。

附註:可以佈建不含內容的資源,並且仍可以透過第 2 天動作以 YAML 的形式新增 kubernetes 物件。

YAML 內容中顯示的內容定義了在資源上佈建的內容。編輯此內容時,下表顯示了可能的結果:

動作 結果
如果新增 kubernetes 物件並提交。 在資源上建立指定的物件。
如果移除 kubernetes 物件並提交。 從資源中刪除指定的物件。
如果修改 kubernetes 物件並提交。 在資源上修補指定的物件。

請務必釐清哪些動作視為對目前物件的修改。例如:如果修改物件的命名空間欄位,則會建立一個新物件,而不是要修補的舊物件。

資源的唯一性由以下欄位定義:apiVersionkindmetadata.namemetadata.namespace