github开源项目:https://github.com/dotbalo/ratel-doc

1.介绍
  1. Ratel是什么?
    Ratel是一个Kubernetes多集群资源管理平台,基于管理Kubernetes的资源开发,可以管理Kubernetes的Deployment、DaemonSet、StatefulSet、Service、Ingress、Pods、Nodes、CronJob等。也可以管理Kubernetes的Role、ClusterRole、Rolebinding、ClusterRoleBinding、Secret、ConfigMap、PV、PVC等。立志于基于图形界面管理所有的Kubernetes的资源。 同时具备了一些常用的功能,比如跨集群资源复制、一键项目迁移、图形化资源编辑、资源一键回滚及更新、一键式用户权限管理等,并且具备K8s不具备的功能,比如ConfigMap和Secret备份功能。

  2. Ratel和官方Kubernetes-Dashboard什么区别?
    官方的Kubernetes Dashboard可以查看Kubernetes的所有配置,包括系统资源使用情况、Pod资源使用情况也可以直接查看Pod的日志或者进入到Pod中执行命令。
    而Ratel是用于更方便创建、管理、更新Kubernetes集群中的资源,所有的资源配置都可以通过Web界面进行配置、创建,无需管理复杂的yaml或json文件,即可轻松实现Kubernetes的资源管理,同时Ratel支持多集群的图形化管理,相当于弥补了Kubernetes官方Dashboard的不足。比如ConfigMap创建,可以在Ratel中直接选择集群和Namespace,然后填入对应的Key和数据即可创建:

2.单集群的配置文件
♥多个集群就配置多个
root@k8s-master01:~/ratel# vim server.yaml
- serverName: 'study'    #集群名称
  serverAddress: 'https://192.168.58.128:6443'    #kubectl cluster-info
  #serverAdminUser: 'xxx'
  #serverAdminPassword: 'xxx#'
  serverAdminToken: 'null'
  serverDashboardUrl: "https://192.168.58.128:30099/#"    #dashboard的url
  production: 'false'    #是不是生产环境
  kubeConfigPath: "/mnt/study.config"    #一般不改
  harborConfig: "HarborUrl, HarborUsername, HarborPassword, HarborEmail"
3. 准备集群的配置文件
#集群配置文件路径
♥二进制安装
~/.kube/config
/etc/kubernetes/admin.kubeconfig

♥kubeadm安装
~/.kube/config
/etc/kubernetes/admin.conf

root@k8s-master01:~/ratel# pwd
/root/ratel
root@k8s-master01:~/ratel# cp /etc/kubernetes/admin.conf ./study.config
4.创建secret,多个集群就多个–from-file集群的配置文件
root@k8s-master01:~/ratel# kubectl create secret generic ratel-config  --from-file=study.config --from-file=servers.yaml -n kube-system
5.角色与权限配置
# 创建权限管理namespace
kubectl create ns kube-users

# 然后添加如下的ClusterroleBinding
vim ratel-rbac.yaml
apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
      rbac.authorization.k8s.io/aggregate-to-edit: "true"
    name: ratel-namespace-readonly
  rules:
  - apiGroups:
    - ""
    resources:
    - namespaces
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - metrics.k8s.io
    resources:
    - pods
    verbs:
    - get
    - list
    - watch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: ratel-pod-delete
  rules:
  - apiGroups:
    - ""
    resources:
    - pods
    verbs:
    - get
    - list
    - delete
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: ratel-pod-exec
  rules:
  - apiGroups:
    - ""
    resources:
    - pods
    - pods/log
    verbs:
    - get
    - list
  - apiGroups:
    - ""
    resources:
    - pods/exec
    verbs:
    - create
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    name: ratel-resource-edit
  rules:
  - apiGroups:
    - ""
    resources:
    - configmaps
    - persistentvolumeclaims
    - services
    - services/proxy
    verbs:
    - patch
    - update
  - apiGroups:
    - apps
    resources:
    - daemonsets
    - deployments
    - deployments/rollback
    - deployments/scale
    - statefulsets
    - statefulsets/scale
    verbs:
    - patch
    - update
  - apiGroups:
    - autoscaling
    resources:
    - horizontalpodautoscalers
    verbs:
    - patch
    - update
  - apiGroups:
    - batch
    resources:
    - cronjobs
    - jobs
    verbs:
    - patch
    - update
  - apiGroups:
    - extensions
    resources:
    - daemonsets
    - deployments
    - deployments/rollback
    - deployments/scale
    - ingresses
    - networkpolicies
    verbs:
    - patch
    - update
  - apiGroups:
    - networking.k8s.io
    resources:
    - ingresses
    - networkpolicies
    verbs:
    - patch
    - update
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: ratel-resource-readonly
  rules:
  - apiGroups:
    - ""
    resources:
    - configmaps
    - endpoints
    - persistentvolumeclaims
    - pods
    - replicationcontrollers
    - replicationcontrollers/scale
    - serviceaccounts
    - services
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - bindings
    - events
    - limitranges
    - namespaces/status
    - pods/log
    - pods/status
    - replicationcontrollers/status
    - resourcequotas
    - resourcequotas/status
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - namespaces
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - apps
    resources:
    - controllerrevisions
    - daemonsets
    - deployments
    - deployments/scale
    - replicasets
    - replicasets/scale
    - statefulsets
    - statefulsets/scale
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - autoscaling
    resources:
    - horizontalpodautoscalers
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - batch
    resources:
    - cronjobs
    - jobs
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - extensions
    resources:
    - daemonsets
    - deployments
    - deployments/scale
    - ingresses
    - networkpolicies
    - replicasets
    - replicasets/scale
    - replicationcontrollers/scale
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - policy
    resources:
    - poddisruptionbudgets
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - networking.k8s.io
    resources:
    - networkpolicies
    - ingresses
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - metrics.k8s.io
    resources:
    - pods
    verbs:
    - get
    - list
    - watch
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
  
root@k8s-master01:~/ratel# kubectl create -f ratel-rbac.yaml

vim ratel-rbac-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ratel-namespace-readonly-sa
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ratel-namespace-readonly
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:serviceaccounts:kube-users
  
root@k8s-master01:~/ratel# kubectl create -f ratel-rbac-binding.yaml
6.ratel的部署
root@k8s-master01:~/ratel# vim ratel.yaml
        apiVersion: apps/v1
        kind: Deployment
        metadata:
          labels:
            app: ratel
          name: ratel
          namespace: kube-system
        spec:
          replicas: 1
          selector:
            matchLabels:
              app: ratel
          strategy:
            rollingUpdate:
              maxSurge: 1
              maxUnavailable: 0
            type: RollingUpdate
          template:
            metadata:
              creationTimestamp: null
              labels:
                app: ratel
            spec:
              containers:
                - command:
                    - sh
                    - -c
                    - ./ratel -c /mnt/servers.yaml
                  env:
                    - name: TZ
                      value: Asia/Shanghai
                    - name: LANG
                      value: C.UTF-8
                    - name: ProRunMode
                      value: prod
                    - name: ADMIN_USERNAME
                      value: admin
                    - name: ADMIN_PASSWORD
                      value: ratel_password
                  image: registry.cn-beijing.aliyuncs.com/dotbalo/ratel:latest
                  imagePullPolicy: Always
                  livenessProbe:
                    failureThreshold: 2
                    initialDelaySeconds: 10
                    periodSeconds: 60
                    successThreshold: 1
                    tcpSocket:
                      port: 8888
                    timeoutSeconds: 2
                  name: ratel
                  ports:
                    - containerPort: 8888
                      name: web
                      protocol: TCP
                  readinessProbe:
                    failureThreshold: 2
                    initialDelaySeconds: 10
                    periodSeconds: 60
                    successThreshold: 1
                    tcpSocket:
                      port: 8888
                    timeoutSeconds: 2
                  resources:
                    limits:
                      cpu: 500m
                      memory: 512Mi
                    requests:
                      cpu: 500m
                      memory: 512Mi
                  volumeMounts:
                    - mountPath: /mnt
                      name: ratel-config
              dnsPolicy: ClusterFirst
              imagePullSecrets:
                - name: myregistrykey
              restartPolicy: Always
              schedulerName: default-scheduler
              securityContext: {}
              terminationGracePeriodSeconds: 30
              volumes:
                - name: ratel-config
                  secret:
                    defaultMode: 420
                    secretName: ratel-config

    需要更改的内容如下:
        ProRunMode: 区别在于dev模式打印的是debug日志, 其他模式是info级别的日志, 实际使用时应该配置为非dev
        ADMIN_USERNAME: ratel自己的管理员账号
        ADMIN_PASSWORD: ratel自己的管理员密码
        实际使用时账号密码应满足复杂性要求,因为ratel可以直接操作所有配置的资源。
        其他无需配置, 端口配置暂不支持。
7.ratel Service配置
root@k8s-master01:~/ratel# cat ratel_svc.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app: ratel
  name: ratel
  namespace: kube-system
spec:
  ports:
    - name: container-1-web-1
      port: 8888
      protocol: TCP
      targetPort: 8888
  selector:
    app: ratel
  type: NodePort

root@k8s-master01:~/ratel# kubectl create -f ratel_svc.yaml

# 通过svc访问
root@k8s-master01:~/ratel# kubectl get svc -n kube-system |grep ratel
ratel            NodePort    10.98.185.95    <none>        8888:31151/TCP           15m
8.访问

http://192.168.58.128:31151/
账号密码是步骤6设置的

Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐