Implementation of Kardinal as a K8S Operator.
The Kardinal operator watches the cluster K8S resources, generates a cluster topology and applies changes to satisfy the cluster topology. One difference with today is that the operator only manages what needs to be added to the user cluster (dev services, network resources…). The operator does not reconcile user resources. We introduce some k8s custom resources: service dependencies, flows, plugins and templates. Those resources will be namespaced.
The operator performs the same operation each time one of the watched Flow custom resources is added or removed.
- Generate the base cluster topology from the list of services, dependencies, deployments, gateways…
- Generate flow topologies from the list of flows, plugins and templates. Every operation performed by the operator needs to be idempotent which means the plugins need to be idempotent.
- Merge the topologies
- Generate the K8s resources needed (dev services, network resources…) to satisfy the merged topology and reconcile the cluster.
Istio is required and your namespaces should be labeled for injection.
istioctl manifest install --set profile=default
kubectl label namespace <namespace name> istio-injection=enabled
The Kardinal Operator is built using Kubebuilder. Run the following commands to install the CRDs and the operator in the cluster pointed by your kubeconfig. The operator runs in a newly created namespace kardinal-operator-system.
make deploy
apiVersion: core.kardinal.dev/v1
kind: Flow
metadata:
labels:
app.kubernetes.io/name: kardinal
app.kubernetes.io/managed-by: kardinal-operator
name: flow-test
namespace: baseline
spec:
service: frontend
image: kurtosistech/frontend:demo-frontendRun the following commands to uninstall the CRDs and the operator in the cluster pointed by your kubeconfig.
make undeploy
Minikube + K8S manifest deployed. K8S context set to your local cluster.
make install (to install the CRDs into the cluster)
The following three commands are commonly used during development:
make lint (Run golangci linter. Can also be configured inside your IDE.)
make test (Run tests against local cluster)
make run (Run operator against your local cluster)
Manage custom resources with kubectl:
# Create a flow
kubectl create -f ./ci/flow-test.yaml
# Delete a flow
kubectl delete -f ./ci/flow-test.yaml
# Get all flows in namespace
kubectl get flows -n baseline
# Describe a flow by its name
kubectl describe flows flow-test -n baseline
- Read this document to follow the design rules.
- The CRDs API files are inside the
./api/core/v1folder. - You can edit the
flowAPI for example:- Add, update or remove fields in the
FlowSpecinside theflow_types.gofile. Don't forget to add the json tags. - Run
make manifeststo include your changes in the auto generated./config/crd/bases/core.kardinal.dev_flows.yamlmanifest file. - Update the spec example inside
./config/samples/core_v1_flow.yaml
- Add, update or remove fields in the
- If you are adding a new CRD make sure its schema has been added in the
initfunction in the./cmd/main.gofile
- Read this document to understand what are the RBAC markers and how to compose them.
- Add, update or remove the RBAC markers, for instance the
flowcontroller:- Open the flow controller file
./internal/controller/core/flow_controller.go - Edit the markers inside of it.
- Run
make manifeststo include your changes in the auto generated./config/rbac/role.yamlmanifest file. - NOTE: If you receive an error, please run the specified command in the error and re-run make manifests.
- Open the flow controller file
If you previously ran Kardinal Manager, you may already have a gateway-istio deployment in your cluster. This could lead to requests being
routed through it instead of the gateway-istio deployment in the baseline namespace. This issue arises because a gateway resource may
still exist. We recommend removing it —only if you're certain it was created by Kardinal— before deploying the ./ci/obd-demo.yaml manifest.
You can do this with the following command: kubectl delete Gateway gateway