你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
本文概述如何使用信封对象将保留的 Kubernetes 资源类型从 Azure Kubernetes 舰队管理器(Kubernetes 舰队)中心群集传播到成员群集。
将 ConfigMap 用作信封对象
可使用以下 Kubernetes 舰队保留注释将 ConfigMap 指定为信封对象:
metadata:
annotations:
kubernetes-fleet.io/envelope-configmap: "true"
下面是将 ConfigMap 用作信封对象的示例:
apiVersion: v1
kind: ConfigMap
metadata:
name: envelope-configmap
namespace: app
annotations:
kubernetes-fleet.io/envelope-configmap: "true"
data:
resourceQuota.yaml: |
apiVersion: v1
kind: ResourceQuota
metadata:
name: mem-cpu-demo
namespace: app
spec:
hard:
requests.cpu: "1"
requests.memory: 1Gi
limits.cpu: "2"
limits.memory: 2Gi
webhook.yaml: |
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: null
labels:
azure-workload-identity.io/system: "true"
name: azure-wi-webhook-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: azure-wi-webhook-webhook-service
namespace: app
path: /mutate-v1-pod
failurePolicy: Fail
matchPolicy: Equivalent
name: mutation.azure-workload-identity.io
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- pods
sideEffects: None
将信封 ConfigMap 传播到成员群集
将上例中的信封对象应用于中心群集。 然后,使用 ClusterResourcePlacement 对象将中心群集中的资源传播到名为 kind-cluster-1 的成员群集。
下面是示例 ClusterResourcePlacement 规范:
spec:
policy:
clusterNames:
- kind-cluster-1
placementType: PickFixed
resourceSelectors:
- group: ""
kind: Namespace
name: app
version: v1
revisionHistoryLimit: 10
strategy:
type: RollingUpdate
检索信封 ConfigMap 放置的状态
下面是一个示例状态,显示成功放置信封对象:
status:
conditions:
- lastTransitionTime: "2023-11-30T19:54:13Z"
message: found all the clusters needed as specified by the scheduling policy
observedGeneration: 2
reason: SchedulingPolicyFulfilled
status: "True"
type: ClusterResourcePlacementScheduled
- lastTransitionTime: "2023-11-30T19:54:18Z"
message: All 1 cluster(s) are synchronized to the latest resources on the hub
cluster
observedGeneration: 2
reason: SynchronizeSucceeded
status: "True"
type: ClusterResourcePlacementSynchronized
- lastTransitionTime: "2023-11-30T19:54:18Z"
message: Successfully applied resources to 1 member clusters
observedGeneration: 2
reason: ApplySucceeded
status: "True"
type: ClusterResourcePlacementApplied
placementStatuses:
- clusterName: kind-cluster-1
conditions:
- lastTransitionTime: "2023-11-30T19:54:13Z"
message: 'Successfully scheduled resources for placement in kind-cluster-1:
picked by scheduling policy'
observedGeneration: 2
reason: ScheduleSucceeded
status: "True"
type: ResourceScheduled
- lastTransitionTime: "2023-11-30T19:54:18Z"
message: Successfully Synchronized work(s) for placement
observedGeneration: 2
reason: WorkSynchronizeSucceeded
status: "True"
type: WorkSynchronized
- lastTransitionTime: "2023-11-30T19:54:18Z"
message: Successfully applied resources
observedGeneration: 2
reason: ApplySucceeded
status: "True"
type: ResourceApplied
selectedResources:
- kind: Namespace
name: app
version: v1
- kind: ConfigMap
name: envelope-configmap
namespace: app
version: v1
注意
selectedResources 部分专门显示了所传播的信封对象。 状态不会单独列出信封对象包含的所有资源。
selectedResources 部分指示已成功传播命名空间应用以及名为 envelope-configmap 的 ConfigMap。 可以进一步验证 envelope-configmap 对象中提到的资源的成功传播,方法是确保 failedPlacements 的 placementStatus 中的 kind-cluster-1 部分不会出现在状态中。
下面是一个示例,它显示放置失败。 在此示例中,在 placementStatus 的 kind-cluster-1 部分中,failedPlacements 部分提供了未能应用的资源的详细信息。
failedPlacements 部分还提供了包含资源的信封对象的相关信息。
status:
conditions:
- lastTransitionTime: "2023-12-06T00:09:53Z"
message: found all the clusters needed as specified by the scheduling policy
observedGeneration: 2
reason: SchedulingPolicyFulfilled
status: "True"
type: ClusterResourcePlacementScheduled
- lastTransitionTime: "2023-12-06T00:09:58Z"
message: All 1 cluster(s) are synchronized to the latest resources on the hub
cluster
observedGeneration: 2
reason: SynchronizeSucceeded
status: "True"
type: ClusterResourcePlacementSynchronized
- lastTransitionTime: "2023-12-06T00:09:58Z"
message: Failed to apply manifests to 1 clusters, please check the `failedPlacements`
status
observedGeneration: 2
reason: ApplyFailed
status: "False"
type: ClusterResourcePlacementApplied
placementStatuses:
- clusterName: kind-cluster-1
conditions:
- lastTransitionTime: "2023-12-06T00:09:53Z"
message: 'Successfully scheduled resources for placement in kind-cluster-1:
picked by scheduling policy'
observedGeneration: 2
reason: ScheduleSucceeded
status: "True"
type: ResourceScheduled
- lastTransitionTime: "2023-12-06T00:09:58Z"
message: Successfully Synchronized work(s) for placement
observedGeneration: 2
reason: WorkSynchronizeSucceeded
status: "True"
type: WorkSynchronized
- lastTransitionTime: "2023-12-06T00:09:58Z"
message: Failed to apply manifests, please check the `failedPlacements` status
observedGeneration: 2
reason: ApplyFailed
status: "False"
type: ResourceApplied
failedPlacements:
- condition:
lastTransitionTime: "2023-12-06T00:09:53Z"
message: 'Failed to apply manifest: namespaces "app" not found'
reason: AppliedManifestFailedReason
status: "False"
type: Applied
envelope:
name: envelop-configmap
namespace: test-ns
type: ConfigMap
kind: ResourceQuota
name: mem-cpu-demo
namespace: app
version: v1
selectedResources:
- kind: Namespace
name: test-ns
version: v1
- kind: ConfigMap
name: envelop-configmap
namespace: test-ns
version: v1
