Extending Kubernetes with Controllers/Operators

 Posted on April 25, 2019  |  3 minutes  |  Chris Hein

Extending Kubernetes can provide an immence amount of value, allowing you to build new functionality into the Kubernetes control plane without having to modify or fork the core codebase. You can do all of that with a relatively low amount of work. This talk goes through the basics of how to build extentions into k8s using CRDs, operators and controllers

This talk walks through how to use Kubernetes and the models and design patterns which Kubernetes is built upon to extend it in new and interesting ways. The beginnings of the talk introduce the basics of Kubernetes and how it works. You’re able to follow along in the slides using large code blocks which dive us deeper and deeper.

We start off by introducing some of the common ways Kubernetes is explained. An open source container management platform, that helps you run containers at scale and gives you primitives for building modern applications. While I agree with this now, we are beginning the process to shift this slightly. Removing container and making it an open source management platform allows us to think different. We see this change in a few places, KubeVirt for example, allowing you to schedule VMs using Kubernetes. Or my project the AWS Service Operator which allows you to manage AWS infra directly from Kubernetes.

One that is out of the way we start diving into the hows, how does it all work with a grounding around well defined specs and the apiserver. Explaining how Kubernetes objects work as records of intent which persist in etcd. Finally landing on the meet and potatoes, how they work. Designed after automation and robotics using a control loop with a desired state, an actual state and then a function which reconciles that. All of this can be a lot to pick up and feels complex but we can easily see the benefits. All of this == controllers.

While that might seems like a big task, if you look under the hood of k8s you can find tons of these exact workflows. All of these controllers in the system.

So how do you go about extending this, this is where we introduce the what makes Kubernetes great for this type of task. It was built to be extended. There are multiple places where this exists.

  1. Custom Resource Definitions (CRDs)
  2. Container Storage Interface (CSI)
  3. Container Networking Interface (CNI)
  4. Container Runtime Interface (CRI)
  5. Device Plugins
  6. Dynamic Admission Controllers
  7. Authentication Webhook

The rest of the talk walks through why CRDs are powerful and how you can use the same libraries written in go to provide controllers which operate on CRDs to build extension points within your cluster.

If you’d like to see an example of extending a Kubernetes cluster for fun, check out the Node Operator. While this project SHOULD NOT be used in production the code is a simple example of building a controller run as a DaemonSet can configure your ~/.ssh/authorized_keys file.

Hopefully this presentation was helpful.

- Chris

kubernetes  k8s  operators  controllers  crds  oss  opensource  open source 

See also

comments powered by Disqus