前言
目前kubernetes对单集群的支持能力还是比较好,那如果要把多个集群统一起来管理的话,这时候我们可以用到集群联邦技术(Federation)
集群联邦技术从v1发展到了v2版本,目前v1版本基本已经废弃了,v2版本的架构基于k8s CRD的特性来扩展的,今天要分析的代码也是v2版本
源码地址
k8s federation的源码地址如下
https://github.com/kubernetes-sigs/kubefed
源码结构
图1
源码分为图1中显示的这些包,apis中主要是定义了一些联邦用到的CRD资源,主要的流程代码在controller中
apis包分析
KubeFedClusterSpec
这个类定义了联邦管理的集群信息和状态,集群通过kubefedctl加进来之后,就会创建一个kubefedcluster对象,结构体如下
type KubeFedClusterstruct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
SpecKubeFedClusterSpec `json:"spec"`
// +optional
StatusKubeFedClusterStatus `json:"status,omitempty"`
}
type KubeFedClusterSpecstruct {
// The API endpoint of the member cluster. This can be a hostname,
// hostname:port, IP or IP:port.
APIEndpointstring `json:"apiEndpoint"`
// CABundle contains the certificate authority information.
// +optional
CABundle []byte `json:"caBundle,omitempty"`
// Name of the secret containing the token required to access the
// member cluster. The secret needs to exist in the same namespace
// as the control plane and should have a "token" key.
SecretRefLocalSecretReference `json:"secretRef"`
// DisabledTLSValidations defines a list of checks to ignore when validating
// the TLS connection to the member cluster. This can be any of *, SubjectName, or ValidityPeriod.
// If * is specified, it is expected to be the only option in list.
// +optional
DisabledTLSValidations []TLSValidation `json:"disabledTLSValidations,omitempty"`
}
FederatedTypeConfig
这个类定义了如何把一个联邦的API资源,对应到哪个子集群的K8S API资源,比如把federateddeployment 对应到deployment
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
SpecFederatedTypeConfigSpec `json:"spec"`
StatusFederatedTypeConfigStatus `json:"status,omitempty"`
}
type FederatedTypeConfigSpecstruct {
TargetTypeAPIResource `json:"targetType"`
PropagationPropagationMode `json:"propagation"`
FederatedTypeAPIResource `json:"federatedType"`
StatusType *APIResource `json:"statusType,omitempty"`
StatusCollection *StatusCollectionMode `json:"statusCollection,omitempty"`
}
type APIResourcestruct {
Groupstring `json:"group,omitempty"`
Versionstring `json:"version"`
Kindstring `json:"kind"`
PluralNamestring `json:"pluralName"`
Scope apiextv1b1.ResourceScope `json:"scope"`
}
client包分析
controller包分析
图2
入口
启动这些controller的入口在,controller-manager中
func startControllers(opts *options.Options, stopChan <-chan struct{}) {
if err := kubefedcluster.StartClusterController(opts.Config, opts.ClusterHealthCheckConfig, stopChan); err != nil {
klog.Fatalf("Error starting cluster controller: %v", err)
}
if utilfeature.DefaultFeatureGate.Enabled(features.SchedulerPreferences) {
if _, err := schedulingmanager.StartSchedulingManager(opts.Config, stopChan); err != nil {
klog.Fatalf("Error starting scheduling manager: %v", err)
}
}
if utilfeature.DefaultFeatureGate.Enabled(features.CrossClusterServiceDiscovery) {
if err := servicedns.StartController(opts.Config, stopChan); err != nil {
klog.Fatalf("Error starting dns controller: %v", err)
}
if err := dnsendpoint.StartServiceDNSEndpointController(opts.Config, stopChan); err != nil {
klog.Fatalf("Error starting dns endpoint controller: %v", err)
}
}
if utilfeature.DefaultFeatureGate.Enabled(features.FederatedIngress) {
if err := ingressdns.StartController(opts.Config, stopChan); err != nil {
klog.Fatalf("Error starting ingress dns controller: %v", err)
}
if err := dnsendpoint.StartIngressDNSEndpointController(opts.Config, stopChan); err != nil {
klog.Fatalf("Error starting ingress dns endpoint controller: %v", err)
}
}
if utilfeature.DefaultFeatureGate.Enabled(features.PushReconciler) {
if err := federatedtypeconfig.StartController(opts.Config, stopChan); err != nil {
klog.Fatalf("Error starting federated type config controller: %v", err)
}
}
}
clusterController
//todo
federatedtypeconfig Controller
//todo
