3.4 KiB
3.4 KiB
name: implementing-k8s-ops
description: Guides implementation of K8S operation proxy in rmdc-watchdog for executing Kubernetes API calls including logs, exec, scale, restart, delete, get, and apply actions. Use when adding new K8S actions or modifying execution logic. Keywords: kubernetes, k8s, operator, logs, exec, scale, restart, deployment, pod.
argument-hint: ": logs | exec | scale | restart | delete | get | apply | new-action"
allowed-tools:
- Read
- Glob
- Grep
- Bash
- Edit
- Write
Implementing K8S Operations
rmdc-watchdog 作为K8S操作代理,执行来自 exchange-hub 下发的K8S指令。
动态上下文注入
# 查看K8S客户端实现
!`cat rmdc-watchdog/pkg/k8s/client.go`
# 查找现有action处理
!`grep -n "case \"" rmdc-watchdog/internal/service/k8s_service.go`
Plan
根据 $ARGUMENTS 确定操作类型:
| Action | 目标资源 | 关键参数 |
|---|---|---|
| logs | Pod | container, tail_lines, follow |
| exec | Pod | container, command[], timeout |
| scale | Deployment/StatefulSet | scale_count |
| restart | Deployment/StatefulSet | - |
| delete | 任意资源 | - |
| get | 任意资源 | output_format |
| apply | 任意资源 | yaml_content |
产物清单:
pkg/k8s/client.go- K8S API调用封装internal/service/k8s_service.go- K8S服务逻辑internal/handler/k8s_handler.go- K8S请求处理
决策点:
- 新action是否需要额外参数?→ 更新 K8sExecCommand 结构
- 是否涉及敏感操作?→ 需添加审计日志
- 是否需要超时控制?→ 使用 context.WithTimeout
Verify
- 操作白名单:仅允许 logs/exec/scale/restart/delete/get/apply
- 超时处理:所有K8S API调用必须设置timeout
- 结果格式:ExecResult包含command_id, status, exit_code, output, error, duration
- 日志截断:tail_lines限制,避免大日志阻塞
- 权限边界:仅操作项目namespace内资源
- 执行上报:结果通过MQTT
wdd/RDMC/message/up上报
# 验证K8S客户端
!`cd rmdc-watchdog && go test ./pkg/k8s/... -v`
# 验证K8S服务
!`cd rmdc-watchdog && go test ./internal/service/... -v -run TestK8s`
Execute
添加新K8S操作
- 扩展K8S Client
// pkg/k8s/client.go
func (c *Client) NewAction(namespace, name string, params Params) (string, error) {
ctx, cancel := context.WithTimeout(context.Background(), time.Duration(params.Timeout)*time.Second)
defer cancel()
// K8S API调用
}
- 添加Service分支
// internal/service/k8s_service.go
case "new-action":
output, err = s.k8sClient.NewAction(cmd.Namespace, cmd.Name, params)
- 更新指令结构(如需)
type K8sExecCommand struct {
// 新增字段
NewParam string `json:"new_param,omitempty"`
}
- 同步exchange-hub指令定义
Pitfalls
- Namespace逃逸:必须校验操作仅限项目namespace
- 超时未设置:K8S API调用卡住会阻塞整个handler
- 大日志OOM:logs操作未设置tail_lines导致内存溢出
- exec命令注入:command[]需过滤危险命令
- follow日志未清理:流式日志需session管理,用户停止时清理
- 结果丢失:执行完成必须通过MQTT上报,失败重试