--- name: implementing-k8s-ops description: Guides implementation of K8S operation proxy in rmdc-watchdog for executing Kubernetes API calls including logs, exec, scale, restart, delete, get, and apply actions. Use when adding new K8S actions or modifying execution logic. Keywords: kubernetes, k8s, operator, logs, exec, scale, restart, deployment, pod. argument-hint: ": logs | exec | scale | restart | delete | get | apply | new-action" allowed-tools: - Read - Glob - Grep - Bash - Edit - Write --- # Implementing K8S Operations rmdc-watchdog 作为K8S操作代理,执行来自 exchange-hub 下发的K8S指令。 ## 动态上下文注入 ```bash # 查看K8S客户端实现 !`cat rmdc-watchdog/pkg/k8s/client.go` # 查找现有action处理 !`grep -n "case \"" rmdc-watchdog/internal/service/k8s_service.go` ``` ## Plan 根据 `$ARGUMENTS` 确定操作类型: | Action | 目标资源 | 关键参数 | |--------|----------|----------| | logs | Pod | container, tail_lines, follow | | exec | Pod | container, command[], timeout | | scale | Deployment/StatefulSet | scale_count | | restart | Deployment/StatefulSet | - | | delete | 任意资源 | - | | get | 任意资源 | output_format | | apply | 任意资源 | yaml_content | **产物清单**: - `pkg/k8s/client.go` - K8S API调用封装 - `internal/service/k8s_service.go` - K8S服务逻辑 - `internal/handler/k8s_handler.go` - K8S请求处理 **决策点**: 1. 新action是否需要额外参数?→ 更新 K8sExecCommand 结构 2. 是否涉及敏感操作?→ 需添加审计日志 3. 是否需要超时控制?→ 使用 context.WithTimeout ## Verify - [ ] 操作白名单:仅允许 logs/exec/scale/restart/delete/get/apply - [ ] 超时处理:所有K8S API调用必须设置timeout - [ ] 结果格式:ExecResult包含command_id, status, exit_code, output, error, duration - [ ] 日志截断:tail_lines限制,避免大日志阻塞 - [ ] 权限边界:仅操作项目namespace内资源 - [ ] 执行上报:结果通过MQTT `wdd/RDMC/message/up` 上报 ```bash # 验证K8S客户端 !`cd rmdc-watchdog && go test ./pkg/k8s/... -v` # 验证K8S服务 !`cd rmdc-watchdog && go test ./internal/service/... -v -run TestK8s` ``` ## Execute ### 添加新K8S操作 1. **扩展K8S Client** ```go // pkg/k8s/client.go func (c *Client) NewAction(namespace, name string, params Params) (string, error) { ctx, cancel := context.WithTimeout(context.Background(), time.Duration(params.Timeout)*time.Second) defer cancel() // K8S API调用 } ``` 2. **添加Service分支** ```go // internal/service/k8s_service.go case "new-action": output, err = s.k8sClient.NewAction(cmd.Namespace, cmd.Name, params) ``` 3. **更新指令结构(如需)** ```go type K8sExecCommand struct { // 新增字段 NewParam string `json:"new_param,omitempty"` } ``` 4. **同步exchange-hub指令定义** ## Pitfalls 1. **Namespace逃逸**:必须校验操作仅限项目namespace 2. **超时未设置**:K8S API调用卡住会阻塞整个handler 3. **大日志OOM**:logs操作未设置tail_lines导致内存溢出 4. **exec命令注入**:command[]需过滤危险命令 5. **follow日志未清理**:流式日志需session管理,用户停止时清理 6. **结果丢失**:执行完成必须通过MQTT上报,失败重试 ## Reference - [K8S操作类型](reference/k8s-actions.md) - [指令结构定义](reference/command-structure.md)