Kubernetes CRDs: What They Are and Why They Are Useful
The ability to extend the Kubernetes API with custom resource definitions allows you to instruct Kubernetes to manage more than just containers.
Mar 2nd, 2022 6:41am by
Featured image via Pixabay
Release sponsored this post.
But by looking under the Kubernetes hood, you could see that the main component of Kubernetes is an API server and etcd data store.
Kubernetes API
Dawid Ziolkowski
Dawid has 10 years of experience as a network/systems engineer at the beginning, DevOps in between, cloud native engineer recently. He has worked for an IT outsourcing company, a research institute, telco, a hosting company and a consultancy company, so he’s gathered a lot of knowledge from different perspectives. Nowadays, he’s helping companies move to cloud and/or redesign their infrastructure for a more cloud native approach.
kubectl get pods< or kubectl get nodes, you get a list of pods or nodes. But if you try to get a list of objects that don’t exist in the Kubernetes API — like, for example, kubectl get biscuits — you’d get a response similar to this:
error: the server doesn't have a resource type "biscuits"
And that is because there is no such thing as “biscuits” defined in the Kubernetes API. Quite logical, right? Well, what if I told you that you could add a biscuits definition to your Kubernetes cluster? In fact, you can extend your Kubernetes API with any custom object you like. That’s exactly what custom resource definitions are for.
Why CRDs?
So what’s the point of adding a biscuits definition to your Kubernetes cluster? Remember when I mentioned earlier that the success of Kubernetes comes from its flexibility? The ability to extend the Kubernetes API with custom resource definitions is a really great feature that lets you do something magical. It allows you to instruct Kubernetes to manage more than just containers. Why is that such a great thing? Because CRDs together with Kubernetes operators give you almost unlimited possibilities. You can adapt Kubernetes in a way that it will take care of older parts of your infrastructure. If you do it right, you’ll be able to avoid bottlenecks and easily modernize things that normally would require long and costly redesigns.CRDs on Your Cluster
Before we dive into creating our own CRD, you need to know two things. First, creating a custom resource definition is an advanced topic. Many companies don’t even need to create any CRDs. The Kubernetes community finds interesting solutions for common problems all the time, and it’s likely that any use case you encounter probably already has a CRD you can use. And if you’re still new to Kubernetes, you definitely shouldn’t jump into CRDs before you understand the basics well. Second, as already mentioned, you don’t need to create any CRDs yourself if you don’t feel the need to. However, many Kubernetes tools will install their own CRDs, so even if you don’t create any yourself, you’ll probably still end up having some on your cluster. One example is cert-manager, a very popular Kubernetes tool for managing certificates. It installs a few CRDs on your cluster in order to do its job. If you executekubectl get clusterissuers before installation of cert-manager, your cluster won’t know what ClusterIssuers are:
error: the server doesn't have a resource type "clusterissuers"
But if you execute the same command after cert-manager installation, you’ll get the list of ClusterIssuers on your cluster.
In fact, you can list all custom resource definitions installed on your cluster by executing kubectl get crd:
$ kubectl get crd
NAME CREATED AT
addons.k3s.cattle.io 2022-01-23T12:48:31Z
helmcharts.helm.cattle.io 2022-01-23T12:48:31Z
helmchartconfigs.helm.cattle.io 2022-01-23T12:48:31Z
serverstransports.traefik.containo.us 2022-01-23T12:49:48Z
tlsoptions.traefik.containo.us 2022-01-23T12:49:48Z
ingressroutetcps.traefik.containo.us 2022-01-23T12:49:48Z
ingressroutes.traefik.containo.us 2022-01-23T12:49:48Z
tlsstores.traefik.containo.us 2022-01-23T12:49:48Z
middlewares.traefik.containo.us 2022-01-23T12:49:48Z
traefikservices.traefik.containo.us 2022-01-23T12:49:48Z
middlewaretcps.traefik.containo.us 2022-01-23T12:49:48Z
ingressrouteudps.traefik.containo.us 2022-01-23T12:49:48Z
<object>.<group> and tells me that I can execute commands like kubectl get addons, kubectl get helmcharts or kubectl get middlewares. None of them are defined in vanilla Kubernetes and are only there because they were defined as custom resource definitions.
How to Create CRDs
OK, forget about biscuits. Let’s take a look at some more realistic examples. Imagine that you want Kubernetes to somehow manage your custom routers in your data center. For that, you could create a custom resource definition similar to this one:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
# Name of your CRD. Must match the spec block below, and be in the form: <plural>.<group>
name: routers.example.com
spec:
# Group name to use for REST API: /apis/<group>/<version>
group: example.com
names:
# Plural name to be used in the URL: /apis/<group>/<version>/<plural>
plural: routers
# Singular name to be used as an alias on the CLI and for display
singular: router
# Kind is normally the CamelCased singular type. Your resource manifests use this.
kind: Router
# ShortNames allow shorter string to match your resource on the CLI
shortNames:
- rt
# Scope can be either Namespaced or Cluster-wide
scope: Cluster
versions:
- name: v1
# Each version can be enabled/disabled by Served flag.
served: true
# One and only one version must be marked as the storage version.
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
dataCenter:
type: string
rack:
type: integer
type:
type: string
enum:
- f5
- virtual
required: ["dataCenter", "rack", "type"]
required: ["spec"]
kubectl apply -f router-CRD.yaml. Once you do that, your Kubernetes cluster will already know what “router” is. Therefore, you’ll be able to execute kubectl get routers. Of course, we just applied the resource definition, not the resource itself. So kubectl get routers will return the following:
No resources found.
But as you can see, it doesn’t return this:
error: the server doesn't have a resource type "routers"
Which means we successfully added a new object to the Kubernetes API. To add an actual router resource, you can construct a YAML definition file like with any other object:
apiVersion: example.com/v1
kind: Router
metadata:
name: example-router
spec:
dataCenter: eu-1
rack: 3
type: virtual
kubectl apply - f example-router.yaml, and if you try to get the list of routers again with kubectl get routers, you should see one now:
$ kubectl get routers
NAME AGE
example-router 4s
Congratulations! You just extended the Kubernetes API.
In its current form, our CRD doesn’t do anything besides being processed and stored by the Kubernetes API.
What to Do With CRDs
You may be thinking, “OK, great, but that router doesn’t do anything!” And yes, that’s right. In its current form, our CRD doesn’t do anything besides being processed and stored by the Kubernetes API. And while there are use cases where this is enough, usually CRDs are combined with custom controllers. Custom controllers are another concept in Kubernetes that lets you actually do something with your custom resources. In our case, we would like to actually create or configure the routers in our data center. Therefore, we’d have to write a custom controller and instruct it to listen to the Kubernetes API and wait for any changes to our custom router objects. Custom controllers under the hood are just applications or scripts written in your programming language of choice. They’re deployed on the cluster as pods, and their job is to listen to the Kubernetes API and perform some actions based on defined logic.CRD vs. ConfigMap
Last but not least, by looking at CRDs, you may see some similarities with a Kubernetes built-in object, ConfigMap. And if you use CRDs without a custom controller, they may, in fact, serve a similar purpose. They both can be used to store custom configurations. However, there are noticeable differences between them. First of all, ConfigMaps by design are meant to provide configuration for your pods. They can be mounted as files or environment variables into the pod. They work well if you have well-defined config files like, for example, Apache or MySQL config. CRDs can also be consumed by pods but only by contacting the Kubernetes API. They simply have a different purpose than ConfigMaps. They’re not meant to be used to provide configuration to your pods but to extend the Kubernetes API in order to build custom automation.
Release is the simplest way to spin up even the most complicated environments. We specialize in taking your complicated application and data and making reproducible environments on-demand. Learn more at Release.com
Learn More
The latest from Release
Summary
Kubernetes’s flexibility is what made it so successful, among other things, of course. Now, you can use that flexibility by creating your own Kubernetes objects. The possibilities are almost limitless, and it’s only up to you how you’ll make use of CRDs. Come back to us for more Kubernetes articles. Here’s the Release article explaining another Kubernetes object, DaemonSets. Also, feel free to take a look at our offerings. We simplify the development process by providing Environments as a Service.
Release is the simplest way to spin up even the most complicated environments. We specialize in taking your complicated application and data and making reproducible environments on-demand. Learn more at Release.com
Learn More
The latest from Release
YOUTUBE.COM/THENEWSTACK
Tech moves fast, don't miss an episode. Subscribe to our YouTube
channel to stream all our podcasts, interviews, demos, and more.
