🚀 优质资源分享 🚀
学习路线指引(点击解锁) | 知识定位 | 人群定位 |
---|---|---|
🧡 Python实战微信订餐小程序 🧡 | 进阶级 | 本课程是python flask+微信小程序的完美结合,从项目搭建到腾讯云部署上线,打造一个全栈订餐系统。 |
💛Python量化交易实战💛 | 入门级 | 手把手带你打造一个易扩展、更安全、效率更高的量化交易系统 |
Overview
What is Kubernetes aggregation
Kubernetes apiserver aggregation AA 是Kubernetes提供的一种扩展API的方法,目前并没有GA
Difference between CRD and AA
众所周知,kubernetes扩展API的方法大概为三种:CRD、AA、手动扩展源码。根据CNCF分享中Min Kim说的AA更关注于实践,而用户无需了解底层的原理,这里使用过 kubebuilder
, code-generator
的用户是很能体会到这点。官方也给出了CRD与AA的区别
API Access Control
Authentication
- CR: All strategies supported. Configured by root apiserver.
- AA: Supporting all root apiserver’s authenticating strategies but it has to be done via authentication token review api except for authentication proxy which will cause an extra cost of network RTT.
Authorization
- CR: All strategies supported. Configured by root apiserver.
- AA: Delegating authorization requests to root apiserver via SubjectAccessReview api. Note that this approach will also cost a network RTT.
Admission Control
- CR: You could extend via dynamic admission control webhook (which is costing network RTT).
- AA: While You can develop and customize your own admission controller which is dedicated to your AA. While You can’t reuse root-apiserver’s built-in admission controllers nomore.
API Schema
Note: CR’s integration with OpenAPI schema is being enhanced in the future releases and it will have a stronger integration with OpenAPI mechanism.
Validating
- CR: (landed in 1.12) Defined via OpenAPIv3 Schema grammar. more
- AA: You can customize any validating flow you want.
Conversion