Razee
0.0.10
Razee 是一个由 IBM 开发的开源项目,用于自动化和管理跨集群、环境和云提供商的 Kubernetes 资源部署,并可视化资源的部署信息,以便您可以监控部署过程并查找部署问题更快。
请参阅以下链接开始使用 Razee:
查看 Razee 的主要功能以及如何利用它们来管理集群的 Kubernetes 资源部署。
Razee 由 RazeeDash、RazeeDeployables 和 RazeeDeploy 三个模块组成,这些模块松散耦合且可以独立使用。借助 RazeeDash,您可以动态创建 Kubernetes 资源的实时清单,并使用强大的过滤器和警报功能来可视化配置信息并更快地解决部署过程中的问题。 RazeeDeploy 组件旨在通过模板化 Kubernetes 资源、对资源和集群进行分组以及为这些分组定义规则来简化多集群部署,以便您可以创建跨集群、环境和云实施的灵活配置。
| 成分 | 描述 |
|---|---|
| 守望者 | Watch Keeper 负责检索 Kubernetes 资源的配置信息并将该数据发送到 RazeeDash API。要使用 Watch Keeper,只需在集群中安装此组件并将razee/watch-resource标签添加到您要监控的所有资源即可。添加标签后,Watch Keeper 会从 Kubernetes API 服务器检索配置信息,并立即将此数据发送到 RazeeDash API。这个过程每小时重复一次。此外,Watch Keeper 会向您的资源添加一个 Kubernetes 事件观察程序,以便当您的资源配置发生更改时,Kubernetes 会通知 Watch Keeper。 |
| RazeeDash API | RazeeDash API 是一项从 Watch Keeper 接收 Kubernetes 资源配置和资源定义的服务。发送到 RazeeDash API 的数据会自动存储在 MongoDB 中。 |
| 拉兹达什 | RazeeDash 可视化 Watch Keeper 检索到的数据,并动态创建集群中 Kubernetes 资源的清单。您可以使用智能筛选和警报功能来分析这些数据并快速识别和解决部署过程中的问题。 |
| 集群订阅 | ClusterSubscription 是 Razee 部署,用于监视 Razee 中的订阅以检查集群的活动订阅是否存在。如果找到订阅,则会从 Razee 中提取关联版本的 Kubernetes 资源并自动应用到集群中。 |
| 成分 | 描述 |
|---|---|
| Razee部署核心 | RazeeDeploy Core 是一个在集群中运行的持续交付工具,您可以使用它来设置 RazeeDeploy 组件的CustomResourceDefinitions (CRD)、Kubernetes 控制器和依赖项。 |
| RazeeDeploy Delta | RazeeDeploy Delta 是 RazeeDeploy Core 的一个组件,它在集群中运行,并使 RazeeDeploy 组件的自定义资源定义和 Kubernetes 控制器保持最新。 |
| 远程资源和远程资源 S3 | RemoteResource 和 RemoteResourceS3 是自定义资源定义和控制器,可用于自动部署存储在源存储库中的 Kubernetes 资源。每次进行更新时,无需在每个集群、环境或跨云中手动应用这些 YAML 文件,只需在远程资源中定义源存储库并在集群中创建远程资源即可。远程资源控制器自动连接到您的源存储库,下载 Kubernetes 配置文件并将该文件应用到您的集群。 |
| 小胡子模板 | MustacheTemplate 是一个自定义资源定义和控制器,用于定义环境变量,可用于替换其他 Kubernetes YAML 文件中的 YAML 文件片段。例如,使用 Mustache 模板的环境变量来构建远程资源的 URL,以便您可以指向要部署的应用程序版本。 |
| 特征标志集LD | FeatureFlagSetLD 是一个自定义资源定义和控制器,用于自动从 Launch Darkly 检索功能标志值。通过功能标志,您可以控制将哪些代码部署到集群,并跨集群、环境或云管理多个版本的 Kubernetes 资源。 |
| 管理集 | ManagedSet 是一个自定义资源定义和控制器,用于对要创建的 Kubernetes 资源进行分组并同时应用于集群。 |
| Kubernetes 实用程序 | Kubernetes 实用程序是一个npm包,可用于简化与 Kubernetes 的通信。 |
要在集群中部署 Razee,您的集群必须满足以下要求:
首先通过运行以下命令在集群中安装 razeedeploy-delta:
kubectl apply -f https://github.com/razee-io/Razee/releases/latest/download/razeedeploy.yaml输出示例:
namespace/razeedeploy created
serviceaccount/razeedeploy-sa created
clusterrole.rbac.authorization.k8s.io/razeedeploy-admin-cr configured
clusterrolebinding.rbac.authorization.k8s.io/razeedeploy-rb configured
job.batch/razeedeploy-job created
kubectl get deploy -n razeedeploy
NAME READY UP-TO-DATE AVAILABLE AGE
remoteresource-controller 1/1 1 1 56s在集群中安装 RazeeDash 组件。要存储发送到 RazeeDash API 的数据,您必须设置 MongoDB 实例。您可以选择使用提供的razeedash-all-in-one.yaml文件来设置 RazeeDash 和单个 MongoDB 实例,或者使用集群中运行的现有 MongoDB 实例来设置 RazeeDash。注意:如果您的某个集群中已经有正在运行的 RazeeDash 实例,而只想将另一个集群添加到清单列表中,则可以跳过此步骤并继续在集群中安装 Watchkeeper 组件。
要安装 RazeeDash 和单个 MongoDB 实例:
kubectl apply -f https://github.com/razee-io/Razee/releases/latest/download/razeedash-all-in-one.yaml输出示例:
persistentvolume/mongo-pv-volume created
persistentvolumeclaim/mongo-pv-claim created
deployment.apps/mongo created
service/mongo created
secret/razeedash-secret created
remoteresource.deploy.razee.io/razeedash created
service/razeedash-lb created
service/razeedash-api-lb created要使用现有的 MongoDB 实例:
为 mongo_url 创建 razeedash 密钥。将下面的命令替换为实际的用户名和密码以及 mongo-0、mongo-1 和 mongo-3 的 3 个主机实例以及正确的端口。确保 mongo URL 的末尾有/razeedash?ssl=true 。
例子 :
kubectl -n razee create secret generic razeedash-secret --from-literal " mongo_url=mongodb://username:password@mongo‑0:27017,mongo‑1:27017,mongo‑2:27017/razeedash?ssl=true "
kubectl apply -f https://github.com/razee-io/Razee/releases/latest/download/razeedash.yaml等待razeedash-api部署完成。如果您选择使用上一步中提供的razeedash-all-in-one.yaml文件创建 RazeeDash,则会在集群中创建一个 MongoDB 实例并连接到 RazeeDash API 实例。 MongoDB 的设置需要几分钟才能完成,并且可能会导致 RazeeDash API 部署中出现间歇性MongoNetworkError错误。当 MongoDB 完全设置完毕后,Kubernetes 会自动完成 RazeeDash API 实例的设置。
kubectl logs deploy/razeedash-api -n razee如果 MongoDB 尚未设置,则输出示例:
> [email protected] start /usr/src
> node app/index.js
(node:16) UnhandledPromiseRejectionWarning: MongoNetworkError: getaddrinfo
ENOTFOUND mongo
at Socket. < anonymous > (/usr/src/node_modules/mongodb-core/lib/connection/connect.js:287:16)
at Object.onceWrapper (events.js:284:20)
at Socket.emit (events.js:196:13)
at emitErrorNT (internal/streams/destroy.js:91:8)
at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
at processTicksAndRejections (internal/process/task_queues.js:84:9)
(node:16) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch (). (rejection id: 1)
(node:16) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.RazeeDash API 完全设置后的输出示例:
> [email protected] start /usr/src
> node app/index.js
{ " name " : " apollo/subscription " , " parseUA " :false, " excludes " :[ " referer " , " url " , " body " , " short-body " ], " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " Apollo streaming servic e is configured on redisUrl: redis://redis-service:6379/0 " , " time " : " 2020-06-03T21:57:16.021Z " , " v " :0}
{ " name " : " apollo/subscription " , " parseUA " :false, " excludes " :[ " referer " , " url " , " body " , " short-body " ], " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " Apollo streaming is ena bled on redis endpoint redis-service:6379 " , " time " : " 2020-06-03T21:57:17.062Z " , " v " :0}
{ " name " : " / " , " parseUA " :false, " excludes " :[ " referer " , " url " , " body " , " short-body " ], " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " Created new collection users index users " , " time " : " 2020-06-03T21:57:17.222Z " , " v " :0}
{ " name " : " / " , " parseUA " :false, " excludes " :[ " referer " , " url " , " body " , " short-body " ], " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " Created new View clusterStatsView " , " time " : " 2020-06-03T21:57:17.239Z " , " v " :0}
{ " name " : " / " , " parseUA " :false, " excludes " :[ " referer " , " url " , " body " , " short-body " ], " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " Created new View resourceStatsView " , " time " : " 2020-06-03T21:57:17.241Z " , " v " :0}
{ " name " : " apollo/models " , " parseUA " :false, " excludes " :[ " referer " , " url " , " body " , " short-body " ], " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " SetupDistributedCollections r eceived modelName=resources for DB mongodb://mongo:27017/razeedash " , " time " : " 2020-06-03T21:57:17.284Z " , " v " :0}
{ " name " : " apollo/models " , " parseUA " :false, " excludes " :[ " referer " , " url " , " body " , " short-body " ], " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " SetupDistributedCollections r eceived modelName=orgs for DB mongodb://mongo:27017/razeedash " , " time " : " 2020-06-03T21:57:17.295Z " , " v " :0}
{ " name " : " apollo/models " , " parseUA " :false, " excludes " :[ " referer " , " url " , " body " , " short-body " ], " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " SetupDistributedCollections:c lusters - received modelName=clusters for DB mongodb://mongo:27017/razeedash " , " time " : " 2020-06-03T21:57:17.297Z " , " v " :0}
{ " name " : " apollo " , " parseUA " :false, " excludes " :[ " referer " , " url " , " short-body " , " user-agent " , " req " , " res " ], " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " Initialize apollo application for default auth " , " time " : " 2020-06-03T21:57:17.298Z " , " v " :0}
{ " name " : " apollo " , " parseUA " :false, " excludes " :[ " referer " , " url " , " short-body " , " user-agent " , " req " , " res " ], " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " [] Apollo server c ustom plugin are loaded. " , " time " : " 2020-06-03T21:57:17.299Z " , " v " :0}
{ " name " : " razeedash-api " , " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " ? razeedash-api listening on port 3333/api " , " time " : " 2020-06-03T21:57:17.723Z " , " v " :0}
{ " name " : " apollo " , " parseUA " :false, " excludes " :[ " referer " , " url " , " short-body " , " user-agent " , " req " , " res " ], " hostname " : " razeedash-api-7bd66669b7-jj2vj " , " pid " :17, " level " :30, " msg " : " ? Apollo server listening on http://[::]:3333/graphql " , " time " : " 2020-06-03T21:57:17.734Z " , " v " :0}检索在 RazeeDash API 设置期间自动创建的razeedash-lb和razeedash-api-lb负载均衡器服务的外部 IP 地址。 razeedash-lb充当 RazeeDash 实例的公共端点, razeedash-api-lb充当 RazeeDash API 实例的公共端点。通过使用分配的公共 IP 地址,您可以构建用于访问 RazeeDash 和 RazeeDash API 组件的公共 URL。要完成 RazeeDash 的设置,这两个 URL 必须存储在 RazeeDash 配置映射中。使用以下 Bash 命令检索公共 IP 地址、构建公共 URL 并将 URL 存储在 RazeeDash 配置映射中。您还可以执行 Bash 脚本bin/kc_create_razeedash_config.sh 。请注意,您必须在 RazeeDash 配置映射中的root_url和razeedash_api_url末尾添加尾随/ 。
# Amazon EKS uses host names, IBM Cloud Kubernetes Service uses Ingress IP addresses. This handle both.
RAZEEDASH_LB_IP= $( kubectl get service razeedash-lb -n razee -o jsonpath= " {.status.loadBalancer.ingress[*].ip} " )
RAZEEDASH_API_LB_IP= $( kubectl get service razeedash-api-lb -n razee -o jsonpath= " {.status.loadBalancer.ingress[*].ip} " )
RAZEEDASH_LB_HOSTNAME= $( kubectl get service razeedash-lb -n razee -o jsonpath= " {.status.loadBalancer.ingress[*].hostname} " )
RAZEEDASH_API_LB_HOSTNAME= $( kubectl get service razeedash-api-lb -n razee -o jsonpath= " {.status.loadBalancer.ingress[*].hostname} " )
RAZEEDASH_LB= ${RAZEEDASH_LB_HOSTNAME} && [[ " ${RAZEEDASH_LB_IP} " != " " ]] && RAZEEDASH_LB= ${RAZEEDASH_LB_IP}
RAZEEDASH_API_LB= ${RAZEEDASH_API_LB_HOSTNAME} && [[ " ${RAZEEDASH_API_LB_IP} " != " " ]] && RAZEEDASH_API_LB= ${RAZEEDASH_API_LB_IP}
kubectl create configmap razeedash-config -n razee
--from-literal=root_url=http:// " ${RAZEEDASH_LB} " :8080/
--from-literal=razeedash_api_url=http:// " ${RAZEEDASH_API_LB} " :8081/验证所有 Razee 组件均已部署并在 CLI 输出的READY列中显示1/1 。
kubectl get deployments -n razee输出示例:
NAME READY UP-TO-DATE AVAILABLE AGE
featureflagsetld-controller 1/1 1 1 53m
managedset-controller 1/1 1 1 53m
mongo 1/1 1 1 34m
mustachetemplate-controller 1/1 1 1 53m
razeedash 1/1 1 1 25m
razeedash-api 1/1 1 1 25m
razeedeploy-delta 1/1 1 1 53m
remoteresource-controller 1/1 1 1 53m
remoteresources3-controller 1/1 1 1 53m打开 RazeeDash 欢迎屏幕。
open http:// " ${RAZEEDASH_LB} " :8080在 GitHub、GitHub Enterprise 或 Bitbucket 中为 RazeeDash 创建OAuth应用程序。
从 RazeeDash 欢迎屏幕中,选择要在其中创建OAuth应用程序的工具磁贴。
按照弹出窗口中的说明创建OAuth应用程序。
单击“保存配置” 。
在 RazeeDash 欢迎屏幕中,单击使用 <integration_tool> 登录。
按照弹出窗口中的说明授予 RazeeDash 访问您选择的集成工具的权限。
如果您需要重置任何OAuth凭据,那么您可以通过打开实例的 mongo shell 并运行来重新开始
> use razeedash
> db.meteor_accounts_loginServiceConfiguration.remove({})在要监控的每个集群中安装 Watch Keeper。安装 Watch Keeper 的集群可以与安装 RazeeDash 的集群不同。
在 RazeeDash 控制台中,点击注册。
单击“管理” 。
复制安装 Razee Agent kubectl命令。
在要监控的集群中运行命令来创建 Watch Keeper 组件。如果您在安装 RazeeDash 的同一集群中安装 Watch Keeper,您会看到一些消息,表明集群中已存在某些 Watch Keeper 组件。您可以忽略这些消息。
kubectl create -f http:// < razeedash-api-lb_external_IP > :8081/api/install/cluster ? orgKey=orgApiKey- < org_api_key >安装 RazeeDash 的集群的示例输出:
deployment.apps/remoteresource-controller created
configmap/watch-keeper-config created
secret/watch-keeper-secret created
remoteresource.deploy.razee.io/watch-keeper-rr created
Error from server (AlreadyExists): error when creating
" http://4e0ef59e-us-south.lb.appdomain.cloud:8081/api/install/cluster?
orgKey=orgApiKey-d52b52fc-38ae-4da0-b187-6e097e5bfe5c " : namespaces
" razee " already exists
Error from server (AlreadyExists): customresourcedefinitions.
apiextensions.k8s.io " remoteresources.deploy.razee.io " already exists
Error from server (AlreadyExists): error when creating
" http://4e0ef59e-us-south.lb.appdomain.cloud:8081/api/install/cluster?
orgKey=orgApiKey-d52b52fc-38ae-4da0-b187-6e097e5bfe5c " : namespaces
" razee " already exists
Error from server (AlreadyExists): error when creating
" http://4e0ef59e-us-south.lb.appdomain.cloud:8081/api/install/cluster?
orgKey=orgApiKey-d52b52fc-38ae-4da0-b187-6e097e5bfe5c " : serviceaccounts
" razeedeploy-sa " already exists
Error from server (AlreadyExists): error when creating
" http://4e0ef59e-us-south.lb.appdomain.cloud:8081/api/install/cluster?
orgKey=orgApiKey-d52b52fc-38ae-4da0-b187-6e097e5bfe5c " : clusterroles.
rbac.authorization.k8s.io " razeedeploy-admin-cr " already exists
Error from server (AlreadyExists): error when creating
" http://4e0ef59e-us-south.lb.appdomain.cloud:8081/api/install/cluster?
orgKey=orgApiKey-d52b52fc-38ae-4da0-b187-6e097e5bfe5c " :
clusterrolebindings.rbac.authorization.k8s.io " razeedeploy-rb " already exists
Error from server (AlreadyExists): error when creating
" http://4e0ef59e-us-south.lb.appdomain.cloud:8081/api/install/cluster?
orgKey=orgApiKey-d52b52fc-38ae-4da0-b187-6e097e5bfe5c " : configmaps
" razeedeploy-delta-resource-uris " already exists
Error from server (AlreadyExists): error when creating
" http://4e0ef59e-us-south.lb.appdomain.cloud:8081/api/install/cluster?
orgKey=orgApiKey-d52b52fc-38ae-4da0-b187-6e097e5bfe5c " : deployments.apps
" razeedeploy-delta " already exists未安装 RazeeDash 的集群的示例输出:
configmap/watch-keeper-config created
secret/watch-keeper-secret created
clusterrole.rbac.authorization.k8s.io/cluster-reader created
serviceaccount/watch-keeper-sa created
clusterrolebinding.rbac.authorization.k8s.io/watch-keeper-rb created
networkpolicy.networking.k8s.io/watch-keeper-deny-ingress created
deployment.apps/watch-keeper created
Error from server (AlreadyExists): namespaces " razee " already exists等待 Watch Keeper 部署完成。
kubectl get deployment -n razee | grep watch-keeper输出示例:
watch-keeper 1/1 1 1 2m5s在 RazeeDash 控制台中,单击RazeeDash打开 RazeeDash 详细信息页面并验证您是否可以看到 Watch Keeper Pod 的部署信息。
通过在集群中设置 Watch Keeper,您可以检索要监控的其他 Kubernetes 资源的部署信息。数据会自动发送到 RazeeDash API,您可以使用 RazeeDash 访问、监控和分析这些数据。
通过在以下信息详细级别中进行选择来确定您希望 Watch Keeper 检索哪些信息:
lite :检索 Kubernetes 资源配置的metadata和status部分。detail :检索 Kubernetes 资源的所有配置数据,但忽略环境变量以及配置映射和机密的data部分。debug :检索 Kubernetes 资源的所有配置数据,包括环境变量和data 。配置映射和秘密部分。此信息可能包含敏感信息,因此请谨慎使用此选项。将razee/watch-resource标签添加到要监控的所有 Kubernetes 资源的标签部分,并指定信息详细级别。例如,如果您想监控 Kubernetes 部署,请使用以下命令。将标签添加到资源后,Watch Keeper 会自动扫描您的资源并将数据发送到 RazeeDash API。然后,您的资源每小时扫描一次。此外,Watch Keeper 会向您的资源添加一个 Kubernetes 事件观察程序,以便当您的资源配置发生更改时,Kubernetes 会通知 Watch Keeper。
kubectl edit deployment < deployment_name >YAML 文件示例:
apiVersion : extensions/v1beta1
kind : Deployment
metadata :
annotations :
deployment.kubernetes.io/revision : " 1 "
kubectl.kubernetes.io/last-applied-configuration : |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app":"myapp"},"name":"expandpvc","namespace":"default"},"spec":{"selector":{"matchLabels":{"app":"myapp"}},"template":{"metadata":{"labels":{"app":"myapp"}},"spec":{"con
