1. 首页
- 平台管理员首页:
支持业务空间创建、查看和删除
支持用户创建、查看、编辑、查看用户权限以及删除用户
2. 工作空间
平台管理员或工作空间管理员支持在对应工作空间下创建命名空间以及邀请用户,并具备管理这些资源的权限
3. 命名空间
命名空间下可以查看所有改命名空间下的角色和服务账号信息(资源配额、成员暂未开发)
4. 工作负载
工作负载是对整个k8s原生资源(deployment、statefulset、daemonset等)的可视化界面管控
4.1 有状态服务(deployment)
支持根据工作空间和命名空间的过滤,以及搜索和状态筛选、批量删除
创建deployment支持表单和YAML两种模式,表单的数据会自动解析到YAML中,避免用户直接接触复杂的YAML格式,简化用户学习使用k8s成本:
编辑:
支持多种挂载方式
删除:
4.2 有状态服务(statusfulset)
有状态服务的各功能通上deployment类似
4.3 守护进程(daemonset)
守护进程的各功能通上deployment类似
4.4 服务(service)
服务的各功能通上deployment类似
4.6 任务(job)
任务的各功能通上deployment类似
4.5 定时任务(cronjob)
定时任务的各功能通上deployment类似
定时任务支持对任务的暂停等功能
容器组(pod)
批量删除
容器组日志查看,支持查看指定容器、下载日志以及刷新日志,默认显示1000条数据:
5. 配置文件
5.1 配置字典(configmap)
支持创建、编辑、删除等功能
编辑
删除
5.2 保密字典(secret)
同配置字典configmap功能类似,创建时支持多种类型
6. 存储和持久化
6.1 存储类(storageclass)
6.2 持久卷(pv)
6.3 持久卷申明(pvc)
支持创建和删除
7. 节点管理
平台管理员具备节点的启停、批量启停,编辑污点和label的功能
# 8. k8s可视化管理平台kubeants部署清单(暂未整理完成)
- kubeants-controller
---
apiVersion: rbac.kubeants.io/v1beta1
kind: RoleTemplate
metadata:
name: admin
spec:
autoApply: true # 是否自动应用到新建的 namespace
namespaces: ["*"] # 适用于所有 namespace
# excludedNamespaces: ["kube-system"]
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: rbac.kubeants.io/v1beta1
kind: RoleTemplate
metadata:
name: edit
spec:
autoApply: true
namespaces: ["*"]
# namespaces: ["defualt", "kube-public", "kube-system"]
# namespaceSelector:
# matchLabels:
# kubeants.io/workspace: ws1
# excludedNamespaces: ["kube-system"]
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.kubeants.io/v1beta1
kind: RoleTemplate
metadata:
name: view
spec:
autoApply: true
namespaces: ["*"]
# excludedNamespaces: ["kube-system"]
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["get", "list", "watch"]
---
apiVersion: user.kubeants.io/v1beta1
kind: User
metadata:
name: admin
spec:
name: "admin"
email: "admin@ka.io"
phone: "138xxxxxx"
password: "Root@123"
state: "active"
---
apiVersion: workspace.kubeants.io/v1beta1
kind: Workspace
metadata:
name: "system-workspace"
spec:
clusters: ["k8s1"]
---
apiVersion: workspace.kubeants.io/v1beta1
kind: Workspace
metadata:
name: "ws1"
spec:
clusters: ["k8s1"]
- kubeants-apiserver
---
# 需要挂载当前k8s的kubeconfig
# kubectl -n kubeants-system create secret generic kubeconfig --from-file=config=.kube/config
# apiVersion: v1
# data:
# config: YXBpVmVyc2l...
# kind: Secret
# metadata:
# name: kubeconfig
# namespace: kubeants-system
# type: Opaque
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kubeants-apiserver
namespace: kubeants-system
data:
config.yaml: |-
system:
port: ":8080"
jwt:
secret: "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiSm9obiIsImFkbWluIjp0cnVlfQ.n-qvhsRi6C0zBGcKrMGv-qSZGUUssXTTbICvENxqDCjCL2ejSt62uTwemHZe4pLI_sNSr7FWEI2MKlqequemeg" # 建议只保存密钥,不要存 token 全文
expiration: 7200 # 单位:秒
log:
level: "debug" # 支持:debug、info、warn、error
format: "console" # 可选:console(开发)或 json(生产)
file: "" # 可选:写入文件的路径(默认空,即只输出到控制台)
cors:
enable: true
allowedOrigins: # 根据具体需求自行定义
- "http://localhost:9528"
- "http://localhost:8080"
- "http://localhost"
- "http://127.0.0.1:8080"
- "http://kubeants-apiserver.kubeants-system"
- "http://172.17.142.147:30001"
- "http://172.17.142.147:30002"
defaultOrigins: "*" # 默认允许的 Origin,建议开发环境使用 localhost
accessControlAllowCredentials: "true"
accessControlAllowHeaders: "Content-Type,AccessToken,X-CSRF-Token, Authorization, Token,X-Token,X-User-Id"
accessControlAllowMethods: "POST, GET, OPTIONS, DELETE, PUT, PATCH"
accessControlExposeHeaders: "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type, New-Token, New-Expires-At"
authz:
exemptResources:
- apiGroups: [""]
versions: ["v1"]
resources: ["namespaces", "persistentvolumes"]
verbs: ["get", "list", "create"]
- apiGroups: ["rbac.kubeants.io"]
resources: ["roletemplates"]
verbs: ["get", "list"]
- apiGroups: ["storage.k8s.io"]
versions: ["v1"]
resources: ["storageclasses"]
verbs: ["get", "list", "create"]
- apiGroups: ["workspace.kubeants.io"]
resources: ["*"]
verbs: ["get", "list"]
- apiGroups: ["userbinding.kubeants.io"]
versions: ["v1beta1"]
resources: ["userbindings"]
verbs: ["get", "list", "delete", "create"]
- apiGroups: ["user.kubeants.io"]
versions: ["v1beta1"] # 如果有版本号要加上
resources: ["users"]
verbs: ["get", "list", "create"]
- apiGroups: ["rbac.kubeants.io"]
resources: ["roletemplates"]
verbs: ["get", "list"]
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: kubeants-apiserver
name: kubeants-apiserver
namespace: kubeants-system
spec:
replicas: 1
selector:
matchLabels:
app: kubeants-apiserver
template:
metadata:
labels:
app: kubeants-apiserver
spec:
containers:
- image: registry.cn-hangzhou.aliyuncs.com/geray/kubeants-apiserver:v1.7.15
imagePullPolicy: IfNotPresent
name: kubeants-apiserver
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /root/.kube/config
name: kubeconfig-volume
subPath: config
- mountPath: /config.yaml
name: kubeants-apiserver
subPath: config.yaml
dnsPolicy: ClusterFirst
hostAliases:
- hostnames:
- lb.kubesphere.local
ip: 172.17.142.147
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsGroup: 0
runAsUser: 0
tolerations:
- effect: NoSchedule
key: node.kubernetes.io/memory-pressure
operator: Exists
volumes:
- name: kubeconfig-volume
secret:
defaultMode: 420
secretName: kubeconfig
- configMap:
defaultMode: 420
name: kubeants-apiserver
name: kubeants-apiserver
---
apiVersion: v1
kind: Service
metadata:
labels:
app: kubeants-apiserver
name: kubeants-apiserver
namespace: kubeants-system
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
nodePort: 30001
selector:
app: kubeants-apiserver
type: NodePort