k8s 圖形化生成yaml，告別手寫

互聯網 2021/12/29 23:38:04

標簽： io name YAML Resources 圖形化 k8s Ratel apiGroups verbs

安裝說明參數解析:serverName: 集群別名serverAddress: Kubernetes APIServer地址serverAdminUser: Kubernetes管理員賬號(需要配置basic auth)serverAdminPassword: Kubernetes管理員密碼serverAdminToken: Kubernetes管理員Token // 暫不支持serverDashboardUrl: Kubern…

安裝說明

參數解析:
        serverName: 集群別名
        serverAddress: Kubernetes APIServer地址
        serverAdminUser: Kubernetes管理員賬號(需要配置basic auth)
        serverAdminPassword: Kubernetes管理員密碼
        serverAdminToken: Kubernetes管理員Token // 暫不支持
        serverDashboardUrl: Kubernetes官方dashboard地址，1.x版本需要添加/#!，2.x需要添加/#
        kubeConfigPath: Kubernetes kube.config路徑(絕對路徑，這個路徑不是宿主機的本地路徑，而是1.2小節secret的掛載路徑，一般可以不改/mnt)
        harborConfig: 對于多集群管理的情況下，可能會存在不同的harbor倉庫，配置此參數可以在拷貝資源的時候自動替換harbor配置
    kubeConfigPath 通過secret掛載到容器的/mnt目錄或者其他目錄

創建secret

[root@master01 ratel]# vi servers.yaml
- serverName: 'test1'
  serverAddress: 'https://127.0.0.1:8443'
  #serverAdminUser: 'xxx'
  #serverAdminPassword: 'xxx#'
#  serverAdminToken: 'null'
  serverDashboardUrl: "https://172.16.1.11:30001/#"
  production: 'false'
  kubeConfigPath: "/mnt/test1.config"
  harborConfig: "HarborUrl, HarborUsername, HarborPassword, HarborEmail"

[root@master01 ratel]# kubectl create secret generic ratel-config  --from-file=test1.config  --from-file=servers.yaml -n kube-system && kubectl create ns kube-users

創建RBAC

創建權限管理namespace
[root@master01 ratel]#  kubectl create ns kube-users

然后添加如下的ClusterroleBinding
[root@master01 ratel]#  vim ratel-rbac.yaml

apiVersion: v1
items:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    labels:
      kubernetes.io/bootstrapping: rbac-defaults
      rbac.authorization.k8s.io/aggregate-to-edit: "true"
    name: ratel-namespace-readonly
  rules:
  - apiGroups:
    - ""
    resources:
    - namespaces
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - metrics.k8s.io
    resources:
    - pods
    verbs:
    - get
    - list
    - watch
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: ratel-pod-delete
  rules:
  - apiGroups:
    - ""
    resources:
    - pods
    verbs:
    - get
    - list
    - delete
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: ratel-pod-exec
  rules:
  - apiGroups:
    - ""
    resources:
    - pods
    - pods/log
    verbs:
    - get
    - list
  - apiGroups:
    - ""
    resources:
    - pods/exec
    verbs:
    - create
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    annotations:
      rbac.authorization.kubernetes.io/autoupdate: "true"
    name: ratel-resource-edit
  rules:
  - apiGroups:
    - ""
    resources:
    - configmaps
    - persistentvolumeclaims
    - services
    - services/proxy
    verbs:
    - patch
    - update
  - apiGroups:
    - apps
    resources:
    - daemonsets
    - deployments
    - deployments/rollback
    - deployments/scale
    - statefulsets
    - statefulsets/scale
    verbs:
    - patch
    - update
  - apiGroups:
    - autoscaling
    resources:
    - horizontalpodautoscalers
    verbs:
    - patch
    - update
  - apiGroups:
    - batch
    resources:
    - cronjobs
    - jobs
    verbs:
    - patch
    - update
  - apiGroups:
    - extensions
    resources:
    - daemonsets
    - deployments
    - deployments/rollback
    - deployments/scale
    - ingresses
    - networkpolicies
    verbs:
    - patch
    - update
  - apiGroups:
    - networking.k8s.io
    resources:
    - ingresses
    - networkpolicies
    verbs:
    - patch
    - update
- apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: ratel-resource-readonly
  rules:
  - apiGroups:
    - ""
    resources:
    - configmaps
    - endpoints
    - persistentvolumeclaims
    - pods
    - replicationcontrollers
    - replicationcontrollers/scale
    - serviceaccounts
    - services
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - bindings
    - events
    - limitranges
    - namespaces/status
    - pods/log
    - pods/status
    - replicationcontrollers/status
    - resourcequotas
    - resourcequotas/status
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - namespaces
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - apps
    resources:
    - controllerrevisions
    - daemonsets
    - deployments
    - deployments/scale
    - replicasets
    - replicasets/scale
    - statefulsets
    - statefulsets/scale
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - autoscaling
    resources:
    - horizontalpodautoscalers
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - batch
    resources:
    - cronjobs
    - jobs
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - extensions
    resources:
    - daemonsets
    - deployments
    - deployments/scale
    - ingresses
    - networkpolicies
    - replicasets
    - replicasets/scale
    - replicationcontrollers/scale
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - policy
    resources:
    - poddisruptionbudgets
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - networking.k8s.io
    resources:
    - networkpolicies
    - ingresses
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - metrics.k8s.io
    resources:
    - pods
    verbs:
    - get
    - list
    - watch
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
  
[root@master01 ratel]# kubectl create -f ratel-rbac.yaml

vim ratel-rbac-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ratel-namespace-readonly-sa
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ratel-namespace-readonly
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: Group
  name: system:serviceaccounts:kube-users
  
  [root@master01 ratel]#  kubectl create -f ratel-rbac-binding.yaml

部署ratel

[root@master01 ratel]# vi ratel.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: ratel
  name: ratel
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ratel
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: ratel
    spec:
      containers:
        - command:
            - sh
            - -c
            - ./ratel -c /mnt/servers.yaml
          env:
            - name: TZ
              value: Asia/Shanghai
            - name: LANG
              value: C.UTF-8
            - name: ProRunMode
              value: prod
            - name: ADMIN_USERNAME
              value: admin    # 登錄用戶
            - name: ADMIN_PASSWORD
              value: password  #登錄密碼
          image: registry.cn-beijing.aliyuncs.com/dotbalo/ratel:latest
          imagePullPolicy: Always
          livenessProbe:
            failureThreshold: 2
            initialDelaySeconds: 10
            periodSeconds: 60
            successThreshold: 1
            tcpSocket:
              port: 8888
            timeoutSeconds: 2
          name: ratel
          ports:
            - containerPort: 8888
              name: web
              protocol: TCP
          readinessProbe:
            failureThreshold: 2
            initialDelaySeconds: 10
            periodSeconds: 60
            successThreshold: 1
            tcpSocket:
              port: 8888
            timeoutSeconds: 2
          resources:
            limits:
              cpu: 500m
              memory: 512Mi
            requests:
              cpu: 500m
              memory: 512Mi
          volumeMounts:
            - mountPath: /mnt
              name: ratel-config
      dnsPolicy: ClusterFirst
      imagePullSecrets:
        - name: myregistrykey
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
      volumes:
        - name: ratel-config
          secret:
            defaultMode: 420
            secretName: ratel-config

    需要更改的內容如下:
        ProRunMode: 區別在于dev模式打印的是debug日志, 其他模式是info級別的日志, 實際使用時應該配置為非dev
        ADMIN_USERNAME: ratel自己的管理員賬號
        ADMIN_PASSWORD: ratel自己的管理員密碼
        實際使用時賬號密碼應滿足復雜性要求,因為ratel可以直接操作所有配置的資源。
        其他無需配置, 端口配置暫不支持。

[root@master01 ratel]# kubectl apply -f ratel.yaml

創建service

[root@master01 ratel]# vi ratel-service.yaml
    創建ratel Service的文件如下:
        apiVersion: v1
        kind: Service
        metadata:
          labels:
            app: ratel
          name: ratel
          namespace: kube-system
        spec:
          ports:
            - name: container-1-web-1
              port: 8888
              protocol: TCP
              targetPort: 8888
          selector:
            app: ratel
          type: NodePort
[root@master01 ratel]#  kubectl apply -f ratel-service.yaml

#參考鏈接：https://www.cnblogs.com/dukuan/p/13524622.html

關于找一找教程網

本站文章僅代表作者觀點，不代表本站立場，所有文章非營利性免費分享。
本站提供了軟件編程、網站開發技術、服務器運維、人工智能等等IT技術文章，希望廣大程序員努力學習，讓我們用科技改變世界。
[k8s 圖形化生成yaml，告別手寫]http://www.yachtsalesaustralia.com/tech/detail-277482.html

贊(0)

k8s 圖形化生成yaml，告別手寫

安裝說明

創建secret

創建RBAC

部署ratel

創建service

關于找一找教程網

相關文章

前端開發

后端開發

移動端開發

數據庫

服務器運維

人工智能

區塊鏈

游戲開發

網站運營

大數據/云計算

軟件工程

軟件/開發工具使用

資訊

k8s 圖形化生成yaml，告別手寫

安裝說明

創建secret

創建RBAC

部署ratel

創建service

關于找一找教程網

k8s 圖形化生成yaml，告別手寫