Menu Close

5.3. 为较新的 Operator SDK 版本升级项目

OpenShift Container Platform 4.8 支持 Operator SDK v1.8.0。如果已在工作站上安装了 v1.3.0 CLI,您可以通过安装最新版本将 CLI 升级到 v1.8.0。

但是,要确保您现有的 Operator 项目与 Operator SDK v1.8.0 的兼容性,在 v1.3.0 起引入的相关破坏更改需要升级步骤。您必须在之前使用 v1.3.0 创建或维护的任何 Operator 项目中手动执行升级步骤。

5.3.1. 针对 Operator SDK v1.8.0 升级项目

要升级现有 Operator 项目,请执行以下升级步骤,以便与 v1.8.0 兼容。

先决条件

  • 安装了 operator SDK v1.8.0
  • 之前使用 Operator SDK v1.3.0 创建或维护的 Operator 项目

流程

  1. PROJECT 文件进行以下更改:

    1. 更新 PROJECT 文件 plugins 对象,以使用 manifestsscorecard 对象。

      用于创建 Operator Lifecycle Manager(OLM)和 scorecard 清单的 manifestsscorecard 插件,现在具有用于运行 create 子命令以创建相关文件的插件对象。

      • 对于基于 Go 的 Operator 项目,已存在一个基于 Go 的插件配置对象。虽然旧配置仍被支持,但将来这些新对象会很有用,因为配置选项会添加到其相应的插件中:

        旧配置

        version: 3-alpha
        ...
        plugins:
          go.sdk.operatorframework.io/v2-alpha: {}

        新配置

        version: 3-alpha
        ...
        plugins:
          manifests.sdk.operatorframework.io/v2: {}
          scorecard.sdk.operatorframework.io/v2: {}

      • 可选: 对于基于 Ansible 和 Helm 的 Operator 项目,之前的插件配置对象不存在。虽然您不需要添加插件配置对象,但将来这些新对象会很有用,因为配置选项会添加到其相应的插件中:

        version: 3-alpha
        ...
        plugins:
          manifests.sdk.operatorframework.io/v2: {}
          scorecard.sdk.operatorframework.io/v2: {}
    2. PROJECT 配置版本 3-alpha 必须升级到 3PROJECT 文件中的 version 键代表 PROJECT 配置版本:

      PROJECT 文件

      version: 3-alpha
      resources:
      - crdVersion: v1
      ...

      版本 3-alpha 已成为稳定的 版本 3,包含一组足以完全描述项目的配置字段。在技术上,这种更改不会破坏系统,因为此版本的 spec 是 alpha,但在 operator-sdk 命令中默认使用它,因此应该将其标记为破坏并有方便的升级路径。

      1. 运行 alpha config-3alpha-to-3 命令,将大多数 PROJECT 文件从版本 3-alpha 转换为 3

        $ operator-sdk alpha config-3alpha-to-3

        输出示例

        Your PROJECT config file has been converted from version 3-alpha to 3. Please make sure all config data is correct.

        命令也会以无法自动转换的指示输出注释。

      2. 验证更改:

        PROJECT 文件

        version: "3"
        resources:
        - api:
          crdVersion: v1
        ...

  2. config/manager/manager.yaml 文件进行以下更改:

    1. 对于基于 Ansible 和 Helm 的 Operator 项目,添加存活度和就绪度探测。

      使用 Operator SDK 构建的新项目默认配置有探测。端点 /healthz/readyz 现在包括在提供的镜像库中。您可以通过更新 Dockerfile 来使用最新的基础镜像来更新现有项目以使用探测,然后将以下内容添加到 config/manager/manager.yaml 文件中的 manager 容器中:

      例 5.1. 配置基于 Ansible 的 Operator 项目

        livenessProbe:
          httpGet:
            path: /healthz
            port: 6789
          initialDelaySeconds: 15
          periodSeconds: 20
        readinessProbe:
          httpGet:
            path: /readyz
            port: 6789
          initialDelaySeconds: 5
          periodSeconds: 10

      例 5.2. 配置基于 Helm 的 Operator 项目

        livenessProbe:
          httpGet:
            path: /healthz
            port: 8081
          initialDelaySeconds: 15
          periodSeconds: 20
        readinessProbe:
          httpGet:
            path: /readyz
            port: 8081
          initialDelaySeconds: 5
          periodSeconds: 10
    2. 对于基于 Ansible 和 Helm 的 Operator 项目,在管理器的部署中添加安全上下文。

      config/manager/manager.yaml 文件中添加以下安全上下文:

      例 5.3. config/manager/manager.yaml 文件

      spec:
        ...
        template:
          ...
          spec:
            securityContext:
              runAsNonRoot: true
            containers:
            - name: manager
              securityContext:
                allowPrivilegeEscalation: false
  3. Makefile 进行以下更改:

    1. 对于 Ansible 和基于 Helm 的 Operator 项目,更新 Makefile 中的 helm-operatoransible-operator URL:

      • 对于基于 Ansible 的 Operator 项目,请更改:

        https://github.com/operator-framework/operator-sdk/releases/download/v1.3.0/ansible-operator-v1.3.0-$(ARCHOPER)-$(OSOPER)

        改为:

        https://github.com/operator-framework/operator-sdk/releases/download/v1.8.0/ansible-operator_$(OS)_$(ARCH)
      • 对于基于 Helm 的 Operator 项目,请更改:

        https://github.com/operator-framework/operator-sdk/releases/download/v1.3.0/helm-operator-v1.3.0-$(ARCHOPER)-$(OSOPER)

        改为:

        https://github.com/operator-framework/operator-sdk/releases/download/v1.8.0/helm-operator_$(OS)_$(ARCH)
    2. 对于 Ansible 和基于 Helm 的 Operator 项目,更新 Makefile 中的 helm-operatoransible-operatorkustomize 规则。这些规则下载本地二进制文件,但如果有全局二进制文件,则不会使用它:

      例 5.4. 基于 Ansible 的 Operator 项目的Makefile diff

       PATH  := $(PATH):$(PWD)/bin
       SHELL := env PATH=$(PATH) /bin/sh
      -OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
      -ARCH := $(shell uname -m | sed 's/x86_64/amd64/')
      +OS    = $(shell uname -s | tr '[:upper:]' '[:lower:]')
      +ARCH  = $(shell uname -m | sed 's/x86_64/amd64/')
      +OSOPER   = $(shell uname -s | tr '[:upper:]' '[:lower:]' | sed 's/darwin/apple-darwin/' | sed 's/linux/linux-gnu/')
      +ARCHOPER = $(shell uname -m )
      
      -# Download kustomize locally if necessary, preferring the $(pwd)/bin path over global if both exist.
      -.PHONY: kustomize
      -KUSTOMIZE = $(shell pwd)/bin/kustomize
       kustomize:
      -ifeq (,$(wildcard $(KUSTOMIZE)))
      -ifeq (,$(shell which kustomize 2>/dev/null))
      +ifeq (, $(shell which kustomize 2>/dev/null))
       	@{ \
       	set -e ;\
      -	mkdir -p $(dir $(KUSTOMIZE)) ;\
      -	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | \
      -	tar xzf - -C bin/ ;\
      +	mkdir -p bin ;\
      +	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | tar xzf - -C bin/ ;\
       	}
      +KUSTOMIZE=$(realpath ./bin/kustomize)
       else
      -KUSTOMIZE = $(shell which kustomize)
      -endif
      +KUSTOMIZE=$(shell which kustomize)
       endif
      
      -# Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist.
      -.PHONY: ansible-operator
      -ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator
       ansible-operator:
      -ifeq (,$(wildcard $(ANSIBLE_OPERATOR)))
      -ifeq (,$(shell which ansible-operator 2>/dev/null))
      +ifeq (, $(shell which ansible-operator 2>/dev/null))
       	@{ \
       	set -e ;\
      -	mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\
      -	curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.3.0/ansible-operator_$(OS)_$(ARCH) ;\
      -	chmod +x $(ANSIBLE_OPERATOR) ;\
      +	mkdir -p bin ;\
      +	curl -LO https://github.com/operator-framework/operator-sdk/releases/download/v1.8.0/ansible-operator-v1.8.0-$(ARCHOPER)-$(OSOPER) ;\
      +	mv ansible-operator-v1.8.0-$(ARCHOPER)-$(OSOPER) ./bin/ansible-operator ;\
      +	chmod +x ./bin/ansible-operator ;\
       	}
      +ANSIBLE_OPERATOR=$(realpath ./bin/ansible-operator)
       else
      -ANSIBLE_OPERATOR = $(shell which ansible-operator)
      -endif
      +ANSIBLE_OPERATOR=$(shell which ansible-operator)
       endif

      例 5.5. 基于 Helm 的 Operator 项目的Makefile diff

       PATH  := $(PATH):$(PWD)/bin
       SHELL := env PATH=$(PATH) /bin/sh
      -OS := $(shell uname -s | tr '[:upper:]' '[:lower:]')
      -ARCH := $(shell uname -m | sed 's/x86_64/amd64/')
      +OS    = $(shell uname -s | tr '[:upper:]' '[:lower:]')
      +ARCH  = $(shell uname -m | sed 's/x86_64/amd64/')
      +OSOPER   = $(shell uname -s | tr '[:upper:]' '[:lower:]' | sed 's/darwin/apple-darwin/' | sed 's/linux/linux-gnu/')
      +ARCHOPER = $(shell uname -m )
      
      -# Download kustomize locally if necessary, preferring the $(pwd)/bin path over global if both exist.
      -.PHONY: kustomize
      -KUSTOMIZE = $(shell pwd)/bin/kustomize
       kustomize:
      -ifeq (,$(wildcard $(KUSTOMIZE)))
      -ifeq (,$(shell which kustomize 2>/dev/null))
      +ifeq (, $(shell which kustomize 2>/dev/null))
       	@{ \
       	set -e ;\
      -	mkdir -p $(dir $(KUSTOMIZE)) ;\
      -	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | \
      -	tar xzf - -C bin/ ;\
      +	mkdir -p bin ;\
      +	curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | tar xzf - -C bin/ ;\
       	}
      +KUSTOMIZE=$(realpath ./bin/kustomize)
       else
      -KUSTOMIZE = $(shell which kustomize)
      -endif
      +KUSTOMIZE=$(shell which kustomize)
       endif
      
      -# Download helm-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist.
      -.PHONY: helm-operator
      -HELM_OPERATOR = $(shell pwd)/bin/helm-operator
       helm-operator:
      -ifeq (,$(wildcard $(HELM_OPERATOR)))
      -ifeq (,$(shell which helm-operator 2>/dev/null))
      +ifeq (, $(shell which helm-operator 2>/dev/null))
       	@{ \
       	set -e ;\
      -	mkdir -p $(dir $(HELM_OPERATOR)) ;\
      -	curl -sSLo $(HELM_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.3.0/helm-operator_$(OS)_$(ARCH) ;\
      -	chmod +x $(HELM_OPERATOR) ;\
      +	mkdir -p bin ;\
      +	curl -LO https://github.com/operator-framework/operator-sdk/releases/download/v1.8.0/helm-operator-v1.8.0-$(ARCHOPER)-$(OSOPER) ;\
      +	mv helm-operator-v1.8.0-$(ARCHOPER)-$(OSOPER) ./bin/helm-operator ;\
      +	chmod +x ./bin/helm-operator ;\
       	}
      +HELM_OPERATOR=$(realpath ./bin/helm-operator)
       else
      -HELM_OPERATOR = $(shell which helm-operator)
      -endif
      +HELM_OPERATOR=$(shell which helm-operator)
       endif
    3. 将位置目录参数 . 移到 docker-buildmake 目标中。

      docker-build 目标中的目录参数 . 移到最后一个位置参数,以与 podman CLI 的预期一致,这样可以进行替换清理:

      旧目标

      docker-build:
        docker build . -t ${IMG}

      新目标

      docker-build:
        docker build -t ${IMG} .

      您可以运行以下命令进行此更改:

      $ sed -i 's/docker build . -t ${IMG}/docker build -t ${IMG} ./' $(git grep -l 'docker.*build \. ')
    4. 对于 Ansible 和基于 Helm 的 Operator 项目,在 Makefile 中添加一个 help 目标。

      Ansible 和 Helm 的项目现在默认在 Makefile 中提供 help 目标,类似于 --help 标志。您可以使用以下行手动将此目标添加到 Makefile 中:

      例 5.6. help 目标

      ##@ General
      
      # The help target prints out all targets with their descriptions organized
      # beneath their categories. The categories are represented by '##@' and the
      # target descriptions by '##'. The awk commands is responsible for reading the
      # entire set of makefiles included in this invocation, looking for lines of the
      # file as xyz: ## something, and then pretty-format the target and help. Then,
      # if there's a line with ##@ something, that gets pretty-printed as a category.
      # More info on the usage of ANSI control characters for terminal formatting:
      # https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
      # More info on the awk command:
      # http://linuxcommand.org/lc3_adv_awk.php
      
      help: ## Display this help.
      	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
    5. 添加 opmcatalog-build 目标。您可以使用这些目标为 Operator 创建自己的目录,或将 Operator 捆绑包添加到现有目录中:

      1. 通过添加以下几行将目标添加到 Makefile 中:

        例 5.7. OPMcatalog-build 目标

        .PHONY: opm
        OPM = ./bin/opm
        opm:
        ifeq (,$(wildcard $(OPM)))
        ifeq (,$(shell which opm 2>/dev/null))
        	@{ \
        	set -e ;\
        	mkdir -p $(dir $(OPM)) ;\
        	curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\
        	chmod +x $(OPM) ;\
        	}
        else
        OPM = $(shell which opm)
        endif
        endif
        BUNDLE_IMGS ?= $(BUNDLE_IMG)
        CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) ifneq ($(origin CATALOG_BASE_IMG), undefined) FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) endif
        .PHONY: catalog-build
        catalog-build: opm
        	$(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT)
        
        .PHONY: catalog-push
        catalog-push: ## Push the catalog image.
        	$(MAKE) docker-push IMG=$(CATALOG_IMG)
      2. 如果要更新基于 Go 的 Operator 项目,还要添加以下 Makefile 变量:

        例 5.8. Makefile 变量

        OS = $(shell go env GOOS)
        ARCH = $(shell go env GOARCH)
    6. 对于基于 Go 的 Operator 项目,将 Makefile 中的 SHELL 变量设置为系统 bash 二进制文件。

      导入 setup-envtest.sh 脚本需要 bash,因此 SHELL 变量必须设置为带有错误选项的 bash

      例 5.9. Makefile diff

      else GOBIN=$(shell go env GOBIN)
      endif
      +# Setting SHELL to bash allows bash commands to be executed by recipes.
      +# This is a requirement for 'setup-envtest.sh' in the test target.
      +# Options are set to exit when a recipe line exits non-zero or a piped command fails.
      +SHELL = /usr/bin/env bash -o pipefail
      +.SHELLFLAGS = -ec
      + all: build
  4. 对于基于 Go 的 Operator 项目,通过更改 go.mod 文件中的以下条目,将 controller-runtime 升级到 v0.8.3,将 Kubernetes 依赖项升级到 v0.20.2,然后重新构建项目:

    例 5.10. go.mod 文件

    ...
    	k8s.io/api v0.20.2
    	k8s.io/apimachinery v0.20.2
    	k8s.io/client-go v0.20.2
    	sigs.k8s.io/controller-runtime v0.8.3
  5. system:controller-manager 服务帐户添加到您的项目。现在,operator-sdk init 命令生成了非默认服务帐户 controller-manager,以改进在共享命名空间中安装的 Operator 的安全性。要将此服务帐户添加到现有项目中,请按照以下步骤执行:

    1. 在文件中创建 ServiceAccount 定义:

      例 5.11. config/rbac/service_account.yaml file

      apiVersion: v1
      kind: ServiceAccount
      metadata:
        name: controller-manager
        namespace: system
    2. 将服务帐户添加到 RBAC 资源列表中:

      $ echo "- service_account.yaml" >> config/rbac/kustomization.yaml
    3. 更新引用 Operator 服务帐户的所有 RoleBindingClusterRoleBinding 对象:

      $ find config/rbac -name *_binding.yaml -exec sed -i -E 's/  name: default/  name: controller-manager/g' {} \;
    4. 将服务帐户名称添加到管理器部署的 spec.template.spec.serviceAccountName 字段:

      $ sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml
    5. 验证更改是否类似以下 diffs:

      例 5.12. config/manager/manager.yaml 文件 diff

      ...
                 requests:
                   cpu: 100m
                   memory: 20Mi
      +      serviceAccountName: controller-manager
             terminationGracePeriodSeconds: 10

      例 5.13. config/rbac/auth_proxy_role_binding.yaml 文件 diff

      ...
         name: proxy-role
       subjects:
       - kind: ServiceAccount
      -  name: default
      +  name: controller-manager
         namespace: system

      例 5.14. config/rbac/kustomization.yaml 文件 diff

       resources:
      +- service_account.yaml
       - role.yaml
       - role_binding.yaml
       - leader_election_role.yaml

      例 5.15. config/rbac/leader_election_role_binding.yaml 文件 diff

      ...
         name: leader-election-role
       subjects:
       - kind: ServiceAccount
      -  name: default
      +  name: controller-manager
         namespace: system

      例 5.16. config/rbac/role_binding.yaml 文件 diff

      ...
         name: manager-role
       subjects:
       - kind: ServiceAccount
      -  name: default
      +  name: controller-manager
         namespace: system

      例 5.17. config/rbac/service_account.yaml 文件 diff

      +apiVersion: v1
      +kind: ServiceAccount
      +metadata:
      +  name: controller-manager
      +  namespace: system
  6. config/manifests/kustomization.yaml 文件进行以下更改:

    1. 添加 Kustomize 补丁,从集群服务版本(CSV)中删除 cert-manager volumevolumeMount 对象。

      因为 Operator Lifecycle Manager(OLM)尚不支持 cert-manager,因此添加了 JSON 补丁来删除这个卷并挂载,以便 OLM 可以为 Operator 创建和管理证书。

      config/manifests/kustomization.yaml 文件中添加以下行:

      例 5.18. config/manifests/kustomization.yaml file

      patchesJson6902:
      - target:
          group: apps
          version: v1
          kind: Deployment
          name: controller-manager
          namespace: system
        patch: |-
          # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs.
          # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment.
          - op: remove
            path: /spec/template/spec/containers/1/volumeMounts/0
          # Remove the "cert" volume, since OLM will create and mount a set of certs.
          # Update the indices in this path if adding or removing volumes in the manager's Deployment.
          - op: remove
            path: /spec/template/spec/volumes/0
    2. 可选: 对于基于 Ansible 和 Helm 的 Operator 项目,使用组件配置配置 ansible-operatorhelm-operator。要添加这个选项,请按照以下步骤执行:

      1. 创建以下文件:

        例 5.19. config/default/manager_config_patch.yaml file

        apiVersion: apps/v1
        kind: Deployment
        metadata:
          name: controller-manager
          namespace: system
        spec:
          template:
            spec:
              containers:
              - name: manager
                args:
                - "--config=controller_manager_config.yaml"
                volumeMounts:
                - name: manager-config
                  mountPath: /controller_manager_config.yaml
                  subPath: controller_manager_config.yaml
              volumes:
              - name: manager-config
                configMap:
                  name: manager-config
      2. 创建以下文件:

        例 5.20. config/manager/controller_manager_config.yaml 文件

        apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
        kind: ControllerManagerConfig
        health:
          healthProbeBindAddress: :6789
        metrics:
          bindAddress: 127.0.0.1:8080
        
        leaderElection:
          leaderElect: true
          resourceName: <resource_name>
      3. 通过将以下更改应用到 resources 来更新 config/default/kustomization.yaml 文件:

        例 5.21. config/default/kustomization.yaml 文件

          resources:
          ...
          - manager_config_patch.yaml
      4. 通过应用以下更改来更新 config/manager/kustomization.yaml 文件:

        例 5.22. config/manager/kustomization.yaml 文件

          generatorOptions:
            disableNameSuffixHash: true
        
          configMapGenerator:
          - files:
            - controller_manager_config.yaml
            name: manager-config
          apiVersion: kustomize.config.k8s.io/v1beta1
          kind: Kustomization
          images:
          - name: controller
            newName: quay.io/example/memcached-operator
            newTag: v0.0.1
    3. 可选:在 config/default/kustomization.yaml 文件中添加管理器配置补丁。

      当最初添加配置文件支持时,生成的 --config 标志不会添加到 ansible-operatorhelm-operator 二进制文件,因此它目前无法正常工作。--config 标志支持按文件配置两个二进制文件 ; 这种配置方法仅适用于底层控制器管理器,而不适用于整个 Operator。

      要使用配置文件配置 Operator 部署,对 config/default/kustomization.yaml 文件进行更改,如下 diff 所示:

      例 5.23. config/default/kustomization.yaml 文件 diff

      # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line.
      \- manager_auth_proxy_patch.yaml
      +# Mount the controller config file for loading manager configurations
      +# through a ComponentConfig type
      +- manager_config_patch.yaml

      标志可按原样使用,或者用于覆盖配置文件值。

  7. 对于基于 Ansible 和 Helm 的 Operator 项目,通过对 config/rbac/leader_election_role.yaml 文件进行以下更改,为领导选举添加角色规则:

    例 5.24. config/rbac/leader_election_role.yaml 文件

    - apiGroups:
      - coordination.k8s.io
      resources:
      - leases
      verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
  8. 对于基于 Ansible 的 Operator 项目,请更新 Ansible 集合。

    requirements.yml 文件中,将 community.kubernetesversion 字段更改为 1.2.1,将 operator_sdk.utilversion 字段更改为 0.2.0

  9. config/default/manager_auth_proxy_patch.yaml 文件进行以下更改:

    • 对于基于 Ansible 的 Operator 项目,将 --health-probe-bind-address=:6789 参数添加到 config/default/manager_auth_proxy_patch.yaml 文件中:

      例 5.25. config/default/manager_auth_proxy_patch.yaml 文件

      spec:
        template:
          spec:
            containers:
            - name: manager
              args:
              - "--health-probe-bind-address=:6789"
              ...
    • 对于基于 Helm 的 Operator 项目:

      1. --health-probe-bind-address=:8081 参数添加到 config/default/manager_auth_proxy_patch.yaml 文件:

        例 5.26. config/default/manager_auth_proxy_patch.yaml 文件

        spec:
          template:
            spec:
              containers:
              - name: manager
                args:
                - "--health-probe-bind-address=:8081"
                ...
      2. 将已弃用的标志 --enable-leader-election 替换为 --leader-elect,将已弃用的标志 --metrics-addr 替换为 --metrics-bind-address
  10. config/prometheus/monitor.yaml 文件进行以下更改:

    1. 将方案、令牌和 TLS 配置添加到 Prometheus ServiceMonitor 指标端点。

      当在 manager pod 上指定 https 端口时,/metrics 端点实际上没有被配置为通过 HTTPS 提供,因为没有设置 tlsConfig。因为 kube-rbac-proxy 将这个端点作为管理器 sidecar 保护,因此使用挂载到 pod 的服务帐户令牌默认修正了这个问题。

      将更改应用到 config/prometheus/monitor.yaml 文件,如下所示:

      例 5.27. config/prometheus/monitor.yaml 文件 diff

      spec:
         endpoints:
           - path: /metrics
             port: https
      +      scheme: https
      +      bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
      +      tlsConfig:
      +        insecureSkipVerify: true
         selector:
           matchLabels:
             control-plane: controller-manager
      注意

      如果您从项目中删除了 kube-rbac-proxy,请确保使用正确的 TLS 配置保护 /metrics 端点。

  11. 确保现有的依赖资源具有所有者注解。

    对于基于 Ansible 的 Operator 项目,集群范围的依赖资源和依赖资源上的所有者引用注解 没有被正确应用。一个临时解决方案是手动添加这些注解。在这个问题被修复后将不再需要。

  12. 弃用软件包清单的支持。

    Operator Framework 在以后的版本中删除了对 Operator 软件包清单格式的支持。作为持续弃用过程的一部分,operator-sdk generate packagemanifestsoperator-sdk run packagemanifests 命令现已弃用。要将软件包清单迁移到捆绑包中,可以使用 operator-sdk pkgman-to-bundle 命令。

    运行 operator-sdk pkgman-to-bundle --help 命令,并参阅"Migrating package manifest projects to bundle format"以了解更多详细信息。

  13. 更新 Operator 的终结器名称。

    Kubernetes 文档 给出的终结器名称格式为:

    <qualified_group>/<finalizer_name>

    虽然之前记录的 Operator SDK 格式为:

    <finalizer_name>.<qualified_group>

    如果您的 Operator 使用任何名称与不正确的格式匹配的终结器,请将其更改为与官方格式匹配。例如,finalizer.cache.example.com 必须改为 cache.example.com/finalizer

您的 Operator 项目现在与 Operator SDK v1.8.0 兼容。