github开源项目:https://github.com/dotbalo/ratel-doc
1.介绍
-
Ratel是什么?
Ratel是一个Kubernetes多集群资源管理平台,基于管理Kubernetes的资源开发,可以管理Kubernetes的Deployment、DaemonSet、StatefulSet、Service、Ingress、Pods、Nodes、CronJob等。也可以管理Kubernetes的Role、ClusterRole、Rolebinding、ClusterRoleBinding、Secret、ConfigMap、PV、PVC等。立志于基于图形界面管理所有的Kubernetes的资源。 同时具备了一些常用的功能,比如跨集群资源复制、一键项目迁移、图形化资源编辑、资源一键回滚及更新、一键式用户权限管理等,并且具备K8s不具备的功能,比如ConfigMap和Secret备份功能。 -
Ratel和官方Kubernetes-Dashboard什么区别?
官方的Kubernetes Dashboard可以查看Kubernetes的所有配置,包括系统资源使用情况、Pod资源使用情况也可以直接查看Pod的日志或者进入到Pod中执行命令。
而Ratel是用于更方便创建、管理、更新Kubernetes集群中的资源,所有的资源配置都可以通过Web界面进行配置、创建,无需管理复杂的yaml或json文件,即可轻松实现Kubernetes的资源管理,同时Ratel支持多集群的图形化管理,相当于弥补了Kubernetes官方Dashboard的不足。比如ConfigMap创建,可以在Ratel中直接选择集群和Namespace,然后填入对应的Key和数据即可创建:
2.单集群的配置文件
♥多个集群就配置多个
root@k8s-master01:~/ratel# vim server.yaml
- serverName: 'study' #集群名称
serverAddress: 'https://192.168.58.128:6443' #kubectl cluster-info
#serverAdminUser: 'xxx'
#serverAdminPassword: 'xxx#'
serverAdminToken: 'null'
serverDashboardUrl: "https://192.168.58.128:30099/#" #dashboard的url
production: 'false' #是不是生产环境
kubeConfigPath: "/mnt/study.config" #一般不改
harborConfig: "HarborUrl, HarborUsername, HarborPassword, HarborEmail"
3. 准备集群的配置文件
#集群配置文件路径
♥二进制安装
~/.kube/config
/etc/kubernetes/admin.kubeconfig
♥kubeadm安装
~/.kube/config
/etc/kubernetes/admin.conf
root@k8s-master01:~/ratel# pwd
/root/ratel
root@k8s-master01:~/ratel# cp /etc/kubernetes/admin.conf ./study.config
4.创建secret,多个集群就多个–from-file集群的配置文件
root@k8s-master01:~/ratel# kubectl create secret generic ratel-config --from-file=study.config --from-file=servers.yaml -n kube-system
5.角色与权限配置
# 创建权限管理namespace
kubectl create ns kube-users
# 然后添加如下的ClusterroleBinding
vim ratel-rbac.yaml
apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
kubernetes.io/bootstrapping: rbac-defaults
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: ratel-namespace-readonly
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- get
- list
- watch
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ratel-pod-delete
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- delete
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ratel-pod-exec
rules:
- apiGroups:
- ""
resources:
- pods
- pods/log
verbs:
- get
- list
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
name: ratel-resource-edit
rules:
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- services
- services/proxy
verbs:
- patch
- update
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- deployments/rollback
- deployments/scale
- statefulsets
- statefulsets/scale
verbs:
- patch
- update
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- patch
- update
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- patch
- update
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- deployments/rollback
- deployments/scale
- ingresses
- networkpolicies
verbs:
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- networkpolicies
verbs:
- patch
- update
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ratel-resource-readonly
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- pods
- replicationcontrollers
- replicationcontrollers/scale
- serviceaccounts
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- bindings
- events
- limitranges
- namespaces/status
- pods/log
- pods/status
- replicationcontrollers/status
- resourcequotas
- resourcequotas/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- controllerrevisions
- daemonsets
- deployments
- deployments/scale
- replicasets
- replicasets/scale
- statefulsets
- statefulsets/scale
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- deployments/scale
- ingresses
- networkpolicies
- replicasets
- replicasets/scale
- replicationcontrollers/scale
verbs:
- get
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- metrics.k8s.io
resources:
- pods
verbs:
- get
- list
- watch
kind: List
metadata:
resourceVersion: ""
selfLink: ""
root@k8s-master01:~/ratel# kubectl create -f ratel-rbac.yaml
vim ratel-rbac-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ratel-namespace-readonly-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ratel-namespace-readonly
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:kube-users
root@k8s-master01:~/ratel# kubectl create -f ratel-rbac-binding.yaml
6.ratel的部署
root@k8s-master01:~/ratel# vim ratel.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: ratel
name: ratel
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: ratel
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: ratel
spec:
containers:
- command:
- sh
- -c
- ./ratel -c /mnt/servers.yaml
env:
- name: TZ
value: Asia/Shanghai
- name: LANG
value: C.UTF-8
- name: ProRunMode
value: prod
- name: ADMIN_USERNAME
value: admin
- name: ADMIN_PASSWORD
value: ratel_password
image: registry.cn-beijing.aliyuncs.com/dotbalo/ratel:latest
imagePullPolicy: Always
livenessProbe:
failureThreshold: 2
initialDelaySeconds: 10
periodSeconds: 60
successThreshold: 1
tcpSocket:
port: 8888
timeoutSeconds: 2
name: ratel
ports:
- containerPort: 8888
name: web
protocol: TCP
readinessProbe:
failureThreshold: 2
initialDelaySeconds: 10
periodSeconds: 60
successThreshold: 1
tcpSocket:
port: 8888
timeoutSeconds: 2
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 500m
memory: 512Mi
volumeMounts:
- mountPath: /mnt
name: ratel-config
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: myregistrykey
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: ratel-config
secret:
defaultMode: 420
secretName: ratel-config
需要更改的内容如下:
ProRunMode: 区别在于dev模式打印的是debug日志, 其他模式是info级别的日志, 实际使用时应该配置为非dev
ADMIN_USERNAME: ratel自己的管理员账号
ADMIN_PASSWORD: ratel自己的管理员密码
实际使用时账号密码应满足复杂性要求,因为ratel可以直接操作所有配置的资源。
其他无需配置, 端口配置暂不支持。
7.ratel Service配置
root@k8s-master01:~/ratel# cat ratel_svc.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: ratel
name: ratel
namespace: kube-system
spec:
ports:
- name: container-1-web-1
port: 8888
protocol: TCP
targetPort: 8888
selector:
app: ratel
type: NodePort
root@k8s-master01:~/ratel# kubectl create -f ratel_svc.yaml
# 通过svc访问
root@k8s-master01:~/ratel# kubectl get svc -n kube-system |grep ratel
ratel NodePort 10.98.185.95 <none> 8888:31151/TCP 15m
8.访问
http://192.168.58.128:31151/
账号密码是步骤6设置的
902
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
