---
title: "使用 Puppet 管理 Kubernetes Pod、Service 和 Replication Controller"
date: 2015-12-17
slug: managing-kubernetes-pods-services-and-replication-controllers-with-puppet
---
<!--
title: " Managing Kubernetes Pods, Services and Replication Controllers with Puppet "
date: 2015-12-17
slug: managing-kubernetes-pods-services-and-replication-controllers-with-puppet
url: /blog/2015/12/Managing-Kubernetes-Pods-Services-And-Replication-Controllers-With-Puppet
-->

<!--
_Today’s guest post is written by Gareth Rushgrove, Senior Software Engineer at Puppet Labs, a leader in IT automation. Gareth tells us about a new Puppet module that helps manage resources in Kubernetes.&nbsp;_

People familiar with [Puppet](https://github.com/puppetlabs/puppet)&nbsp;might have used it for managing files, packages and users on host computers. But Puppet is first and foremost a configuration management tool, and config management is a much broader discipline than just managing host-level resources. A good definition of configuration management is that it aims to solve four related problems: identification, control, status accounting and verification and audit. These problems exist in the operation of any complex system, and with the new [Puppet Kubernetes module](https://forge.puppetlabs.com/garethr/kubernetes)&nbsp;we’re starting to look at how we can solve those problems for Kubernetes.
-->

_今天的嘉宾帖子是由 IT 自动化领域的领导者 Puppet Labs 的高级软件工程师 Gareth Rushgrove 撰写的。Gareth告诉我们一个新的 Puppet 模块，它帮助管理 Kubernetes 中的资源。_

熟悉[Puppet]的人(https://github.com/puppetlabs/puppet)可能使用它来管理主机上的文件、包和用户。但是Puppet首先是一个配置管理工具，配置管理是一个比管理主机级资源更广泛的规程。配置管理的一个很好的定义是它旨在解决四个相关的问题：标识、控制、状态核算和验证审计。这些问题存在于任何复杂系统的操作中，并且有了新的[Puppet Kubernetes module](https://forge.puppetlabs.com/garethr/kubernetes)，我们开始研究如何为 Kubernetes 解决这些问题。

<!--
### The Puppet Kubernetes Module

The Puppet Kubernetes module currently assumes you already have a Kubernetes cluster [up and running](http://kubernetes.io/gettingstarted/).&nbsp;Its focus is on managing the resources in Kubernetes, like Pods, Replication Controllers and Services, not (yet) on managing the underlying kubelet or etcd services. Here’s a quick snippet of code describing a Pod in Puppet’s DSL.
-->

### Puppet Kubernetes 模块

Puppet kubernetes 模块目前假设您已经有一个 kubernetes 集群 [启动并运行]](http://kubernetes.io/gettingstarted/)。它的重点是管理 Kubernetes中的资源，如 Pods、Replication Controllers 和 Services，而不是（现在）管理底层的 kubelet 或 etcd services。下面是描述 Puppet’s DSL 中一个 Pod 的简短代码片段。

<!--
```
kubernetes_pod { 'sample-pod':
  ensure => present,
  metadata => {
    namespace => 'default',
  },
  spec => {
    containers => [{
      name => 'container-name',
      image => 'nginx',
    }]
  },
```
}
-->

```
kubernetes_pod { 'sample-pod':
  ensure => present,
  metadata => {
    namespace => 'default',
  },
  spec => {
    containers => [{
      name => 'container-name',
      image => 'nginx',
    }]
  },
}
```
<!--
If you’re familiar with the YAML file format, you’ll probably recognise the structure immediately. The interface is intentionally identical to aid conversion between different formats — in fact, the code powering this is autogenerated from the Kubernetes API Swagger definitions. Running the above code, assuming we save it as pod.pp, is as simple as:


```
puppet apply pod.pp
```
-->

如果您熟悉 YAML 文件格式，您可能会立即识别该结构。 该接口故意采取相同的格式以帮助在不同格式之间进行转换 — 事实上，为此提供支持的代码是从Kubernetes API Swagger自动生成的。 运行上面的代码，假设我们将其保存为 pod.pp，就像下面这样简单：


```
puppet apply pod.pp
```

<!--
Authentication uses the standard kubectl configuration file. You can find complete [installation instructions in the module's README](https://github.com/garethr/garethr-kubernetes/blob/master/README.md).

Kubernetes has several resources, from Pods and Services to Replication Controllers and Service Accounts. You can see an example of the module managing these resources in the [Kubernetes guestbook sample in Puppet](https://puppetlabs.com/blog/kubernetes-guestbook-example-puppet)&nbsp;post. This demonstrates converting the canonical hello-world example to use Puppet code.  -->

身份验证使用标准的 kubectl 配置文件。您可以在模块的自述文件中找到完整的[README](https://github.com/garethr/garethr-kubernetes/blob/master/README.md)。

Kubernetes 有很多资源，来自 Pods、 Services、 Replication Controllers 和 Service Accounts。您可以在[Puppet 中的 kubernetes 留言簿示例](https://puppetlabs.com/blog/kubernetes-guestbook-example-puppet)文章中看到管理这些资源的模块示例。这演示了如何将规范的 hello-world 示例转换为使用 Puppet代码。

<!--
One of the main advantages of using Puppet for this, however, is that you can create your own higher-level and more business-specific interfaces to Kubernetes-managed applications. For instance, for the guestbook, you could create something like the following:


```
guestbook { 'myguestbook':
  redis_slave_replicas => 2,
  frontend_replicas => 3,
  redis_master_image => 'redis',
  redis_slave_image => 'gcr.io/google_samples/gb-redisslave:v1',
  frontend_image => 'gcr.io/google_samples/gb-frontend:v3',
}
```
-->

然而，使用 Puppet 的一个主要优点是，您可以创建自己的更高级别和更特定于业务的接口，以连接 kubernetes 管理的应用程序。例如，对于留言簿，可以创建如下内容：

```
guestbook { 'myguestbook':
  redis_slave_replicas => 2,
  frontend_replicas => 3,
  redis_master_image => 'redis',
  redis_slave_image => 'gcr.io/google_samples/gb-redisslave:v1',
  frontend_image => 'gcr.io/google_samples/gb-frontend:v3',
}
```

<!--
You can read more about using Puppet’s defined types, and see lots more code examples, in the Puppet blog post, [Building Your Own Abstractions for Kubernetes in Puppet](https://puppetlabs.com/blog/building-your-own-abstractions-kubernetes-puppet).


### Conclusions

The advantages of using Puppet rather than just the standard YAML files and kubectl are:
-->

您可以在Puppet博客文章[在 Puppet 中为 Kubernetes 构建自己的抽象](https://puppetlabs.com/blog/building-your-own-abstractions-kubernetes-puppet)中阅读更多关于使用 Puppet 定义的类型的信息，并看到更多的代码示例。


### 结论

使用 Puppet 而不仅仅是使用标准的 YAML 文件和 kubectl 的优点是：

<!--
- The ability to create your own abstractions to cut down on repetition and craft higher-level user interfaces, like the guestbook example above.&nbsp;
- Use of Puppet’s development tools for validating code and for writing unit tests.&nbsp;
- Integration with other tools such as Puppet Server, for ensuring that your model in code matches the state of your cluster, and with PuppetDB for storing reports and tracking changes.
- The ability to run the same code repeatedly against the Kubernetes API, to detect any changes or remediate configuration drift.&nbsp;
-->

- 能够创建自己的抽象，以减少重复和设计更高级别的用户界面，如上面的留言簿示例。
- 使用 Puppet 的开发工具验证代码和编写单元测试。
- 与 Puppet Server 等其他工具配合，以确保代码中的模型与集群的状态匹配，并与 PuppetDB 配合工作，以存储报告和跟踪更改。
- 能够针对 Kubernetes API 重复运行相同的代码，以检测任何更改或修正配置。

<!--
It’s also worth noting that most large organisations will have very heterogenous environments, running a wide range of software and operating systems. Having a single toolchain that unifies those discrete systems can make adopting new technology like Kubernetes much easier.
-->

值得注意的是，大多数大型组织都将拥有非常异构的环境，运行各种各样的软件和操作系统。拥有统一这些离散系统的单一工具链可以使采用 Kubernetes 等新技术变得更加容易。

<!--
It’s safe to say that Kubernetes provides an excellent set of primitives on which to build cloud-native systems. And with Puppet, you can address some of the operational and configuration management issues that come with running any complex system in production. [Let us know](mailto:gareth@puppetlabs.com)&nbsp;what you think if you try the module out, and what else you’d like to see supported in the future.

&nbsp;-&nbsp;Gareth Rushgrove, Senior Software Engineer, Puppet Labs
-->

可以肯定地说，Kubernetes提供了一组优秀的组件来构建云原生系统。使用 Puppet，您可以解决在生产中运行任何复杂系统所带来的一些操作和配置管理问题。[告诉我们](mailto:gareth@puppetlabs.com)如果您试用了该模块，您会有什么想法，以及您希望在将来看到哪些支持。


Gareth Rushgrove，Puppet Labs 高级软件工程师