Kubernetes资源平台--ratel

没事儿随便看点东西，发现了很有趣的东西，把自己的集群跑起来玩一玩。

杜宽大佬写的系统，感觉很好用，自己搭建一遍记录一下搭建过程。

原文传送门在这里了： https://github.com/dotbalo/ratel-doc

准备工作：

有一套k8s集群。
安装了网络组件，Flannel、Calico都可以，我使用的是Calico。
安装了dashboard。所有配置文件都在/root/ratel/ 这个文件夹下。###
集群信息如下：
使用kubeadm部署的集群，3台master用haproxy做的高可用，keepalived维护了一个vip。只有一台node节点。
删除了node-role.kubernetes.io/master:NoSchedule这个污点，允许pod部署到master节点上。[root@master01 ratel]# kubectl describe nodes | grep Taint
Taints:             <none>
Taints:             <none>
Taints:             <none>
Taints:             <none>[root@master01 ~]# kubectl get nodes;
NAME           STATUS   ROLES                  AGE   VERSION
k8s-master01   Ready    control-plane,master   40d   v1.20.8
master02       Ready    control-plane,master   40d   v1.20.8
master03       Ready    control-plane,master   40d   v1.20.8
node01         Ready    <none>                 40d   v1.20.8vip: 192.168.154.200
master01: 192.168.154.151
master02: 192.168.154.152
master03: 192.168.154.153
node01: 192.168.154.161[root@master01 ~]# kubectl get svc -n kubernetes-dashboard
NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.97.187.85    <none>        8000/TCP        7h8m
kubernetes-dashboard        NodePort    10.97.232.146   <none>        443:30001/TCP   7h8m[root@master01 ratel]# kubectl cluster-info
Kubernetes control plane is running at https://192.168.154.200:16443
KubeDNS is running at https://192.168.154.200:16443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxyTo further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.###

配置文件：servers.yaml

vim servers.yaml
- serverName: 'sda1'                                  # 集群名称serverAddress: 'https://192.168.154.200:16443'      # k8s集群APIServer地址，如果是高可用，写vip即可，通过kubectl cluster-info可以查看#serverAdminUser: 'xxx'                               # 使用账号密码管理集群#serverAdminPassword: 'xxx#'serverAdminToken: 'null'                                # 使用token管理集群serverDashboardUrl: "https://192.168.154.200:30001/#"    # dashboard的url，1.x版本需要添加/#!，2.x需要添加/#production: 'false'kubeConfigPath: "/mnt/sda1.config"                   # 使用kubeconfig管理集群，是/root/.kube/config这个文件， 也是/etc/kubernetes/admin.conf 【有的版本是 admin.kubeconfig】，这里的目录部署宿主机目录，而是挂载到容器内部的目录。 kubeconfig文件放在了宿主机的/root/ratel/sda1.config harborConfig: "HarborUrl, HarborUsername, HarborPassword, HarborEmail"    # 按需要修改# 三种管理集群的方式选择一种即可：
# 使用账号密码管理集群需要配置basic auth不使用了
# 使用token管理集群，暂不支持。
# 这里选择使用kubeconfig管理集群

创建secret：

kubectl create secret generic ratel-config  --from-file=/root/ratel/sda1.config --from-file=/root/ratel/servers.yaml -n kube-system# /root/ratel/sda1.config 就是kubeconfig文件
# 是/root/.kube/config这个文件， 也是/etc/kubernetes/admin.conf 【有的版本是 admin.kubeconfig】

创建RBAC：

# 创建名为kube-users的namespace用来存放用户【serviceaccount】：
kubectl create ns kube-users# 创建ClusterRole：
vim ratel-rbac.yaml
apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "true"labels:kubernetes.io/bootstrapping: rbac-defaultsrbac.authorization.k8s.io/aggregate-to-edit: "true"name: ratel-namespace-readonlyrules:- apiGroups:- ""resources:- namespacesverbs:- get- list- watch- apiGroups:- metrics.k8s.ioresources:- podsverbs:- get- list- watch
- apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:name: ratel-pod-deleterules:- apiGroups:- ""resources:- podsverbs:- get- list- delete
- apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:name: ratel-pod-execrules:- apiGroups:- ""resources:- pods- pods/logverbs:- get- list- apiGroups:- ""resources:- pods/execverbs:- create
- apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:annotations:rbac.authorization.kubernetes.io/autoupdate: "true"name: ratel-resource-editrules:- apiGroups:- ""resources:- configmaps- persistentvolumeclaims- services- services/proxyverbs:- patch- update- apiGroups:- appsresources:- daemonsets- deployments- deployments/rollback- deployments/scale- statefulsets- statefulsets/scaleverbs:- patch- update- apiGroups:- autoscalingresources:- horizontalpodautoscalersverbs:- patch- update- apiGroups:- batchresources:- cronjobs- jobsverbs:- patch- update- apiGroups:- extensionsresources:- daemonsets- deployments- deployments/rollback- deployments/scale- ingresses- networkpoliciesverbs:- patch- update- apiGroups:- networking.k8s.ioresources:- ingresses- networkpoliciesverbs:- patch- update
- apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata:name: ratel-resource-readonlyrules:- apiGroups:- ""resources:- configmaps- endpoints- persistentvolumeclaims- pods- replicationcontrollers- replicationcontrollers/scale- serviceaccounts- servicesverbs:- get- list- watch- apiGroups:- ""resources:- bindings- events- limitranges- namespaces/status- pods/log- pods/status- replicationcontrollers/status- resourcequotas- resourcequotas/statusverbs:- get- list- watch- apiGroups:- ""resources:- namespacesverbs:- get- list- watch- apiGroups:- appsresources:- controllerrevisions- daemonsets- deployments- deployments/scale- replicasets- replicasets/scale- statefulsets- statefulsets/scaleverbs:- get- list- watch- apiGroups:- autoscalingresources:- horizontalpodautoscalersverbs:- get- list- watch- apiGroups:- batchresources:- cronjobs- jobsverbs:- get- list- watch- apiGroups:- extensionsresources:- daemonsets- deployments- deployments/scale- ingresses- networkpolicies- replicasets- replicasets/scale- replicationcontrollers/scaleverbs:- get- list- watch- apiGroups:- policyresources:- poddisruptionbudgetsverbs:- get- list- watch- apiGroups:- networking.k8s.ioresources:- networkpolicies- ingressesverbs:- get- list- watch- apiGroups:- metrics.k8s.ioresources:- podsverbs:- get- list- watch
kind: List
metadata:resourceVersion: ""selfLink: ""kubectl create -f ratel-rbac.yaml# 创建ClusterRoleBinding
vim ratel-rbac-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: ratel-namespace-readonly-sa
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: ratel-namespace-readonly
subjects:
- apiGroup: rbac.authorization.k8s.iokind: Groupname: system:serviceaccounts:kube-users     # 授权给kube-users命名空间下的所有用户kubectl create -f ratel-rbac-binding.yaml

部署ratel：

vim ratel-deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:labels:app: ratelname: ratelnamespace: kube-system
spec:replicas: 1selector:matchLabels:app: ratelstrategy:rollingUpdate:maxSurge: 1maxUnavailable: 0type: RollingUpdatetemplate:metadata:creationTimestamp: nulllabels:app: ratelspec:containers:- command:- sh- -c- ./ratel -c /mnt/servers.yamlenv:- name: TZvalue: Asia/Shanghai- name: LANGvalue: C.UTF-8- name: ProRunMode           # 运行模式，prod【日志较少】，dev【日志较多】，按需修改value: prod- name: ADMIN_USERNAME      # 登录账号，按需修改value: admin- name: ADMIN_PASSWORD        # 登录密码，按需修改value: "123456"image: registry.cn-beijing.aliyuncs.com/dotbalo/ratel:latestimagePullPolicy: AlwayslivenessProbe:failureThreshold: 2initialDelaySeconds: 10periodSeconds: 60successThreshold: 1tcpSocket:port: 8888timeoutSeconds: 2name: ratelports:- containerPort: 8888name: webprotocol: TCPreadinessProbe:failureThreshold: 2initialDelaySeconds: 10periodSeconds: 60successThreshold: 1tcpSocket:port: 8888timeoutSeconds: 2resources:limits:cpu: 500mmemory: 512Mirequests:cpu: 500mmemory: 512MivolumeMounts:- mountPath: /mntname: ratel-configdnsPolicy: ClusterFirstimagePullSecrets:- name: myregistrykeyrestartPolicy: AlwaysschedulerName: default-schedulersecurityContext: {}terminationGracePeriodSeconds: 30volumes:- name: ratel-configsecret:defaultMode: 420secretName: ratel-configkubectl apply -f ratel-deploy.yaml

创建 ratel service

vim ratel-service.yaml
apiVersion: v1
kind: Service
metadata:labels:app: ratelname: ratelnamespace: kube-system
spec:ports:- name: container-1-web-1port: 8888protocol: TCPtargetPort: 8888selector:app: rateltype: ClusterIP           # 也可以改成NodePort，直接访问service，一般clusterIP + ingress

创建Ingress：【我使用的NodePort，没有使用Ingress】

vim ratel-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:name: ratelnamespace: kube-system
spec:rules:- host: krm.test.comhttp:paths:- backend:serviceName: ratelservicePort: 8888path: /

结果：

[root@master01 ratel]# kubectl get svc -n kube-system;
NAME             TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
kube-dns         ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP   40d
metrics-server   ClusterIP   10.107.4.211   <none>        443/TCP                  40d
ratel            NodePort    10.98.164.4    <none>        8888:32065/TCP           11s访问：
http://192.168.154.200:32065/

按照文档过来还是很顺利的奥。

多集群的配置，原文里面也有奥。

慢慢再玩一玩。

传送门在这里：https://github.com/dotbalo/ratel-doc

Kubernetes资源平台--ratel相关推荐

kubernetes资源管理平台ratel
ratel是一个kubernetes集群资源管理平台,使用它可以对多种资源进行创建查看修改和删除操作,支持配置多个集群的管理. 官网:https://github.com/dotbalo/rate ...
安装Kubernets管理平台Ratel
一.Ratel是什么? Ratel是一个Kubernetes资源平台,基于管理Kubernetes的资源开发,可以管理Kubernetes的Deployment.DaemonSet.StatefulS ...
阿里PB级Kubernetes日志平台建设实践
阿里PB级Kubernetes日志平台建设实践 QCon是由InfoQ主办的综合性技术盛会,每年在伦敦.北京.纽约.圣保罗.上海.旧金山召开.有幸参加这次QCon10周年大会,作为分享嘉宾在刘宇老师的 ...
干货分享 | 阿里PB级Kubernetes日志平台建设实践
嘉宾 | 元乙随着近两年的发展,Kubernetes 早已成为容器编排领域的标准,现在非常多的企业基于 Kubernetes 构建整个微服务的开发.运维平台,而日志是其中必不可少的核心功能.本文整理 ...
kubernetes资源--RC和RS
Replication Controller(RC) RC是K8S中的另一个核心概念,应用托管在K8S后,K8S需要保证应用能够持续运行,这是RC的工作内容. 主要功能确保pod数量:RC用来管理 ...
340页11万字智慧政务大数据资源平台大数据底座数据治理建设方案
目录第一章项目概况 1.1 项目名称 1.2 项目单位 1.3 项目建设依据 1.4 项目建设内容和目标 1.4.1 建设内容 1.4.2 建设目标 1.5 项目投资估算及建设周期 1.5.1 ...
Kubernetes容器平台架构之道
1.Kubernetes容器平台架构之道 Kubernetes是一个开源容器编排平台,管理大规模分布式容器化软件应用,是云计算发展演进的一次彻底革命性的突破.Kubernetes是谷歌 ...
360开源mysql_奇虎360开源基于Kubernetes管理平台 Wayne
近日奇虎 360 宣布正式开源 Wayne ,这是一个由 360 搜索云平台团队开发的通用的.基于 Web 的 Kubernetes 多集群一站式可视化管理平台.内置了丰富多样的功能,满足企业的通用需 ...
原生Kubernetes云平台部署
Kubernetes云平台部署注意事项: 1.Linux系统CentOS_7.5.1804系统,并保持网络通畅 2.docker的版本是Docker 18.09 3.硬件配置:2GB或更多RAM,2 ...

Kubernetes资源平台--ratel

Kubernetes资源平台--ratel相关推荐

最新文章

热门文章