KubeSphere离线无网络环境部署

KubeSphere 是 GitHub 上的一个开源项目,是成千上万名社区用户的聚集地。很多用户都在使用 KubeSphere 运行工作负载。对于在 Linux 上的安装,KubeSphere 既可以部署在云端,也可以部署在本地环境中,例如 AWS EC2、Azure VM 和裸机等。

KubeSphere 为用户提供轻量级安装程序 KubeKey(该程序支持安装 Kubernetes、KubeSphere 及相关插件),安装过程简单而友好。KubeKey 不仅能帮助用户在线创建集群,还能作为离线安装解决方案。

前期准备所需包

#前期准备所需包

root@hello:~# wget https://github.com/kubesphere/kubekey/releases/download/v1.2.1/kubekey-v1.2.1-linux-amd64.tar.gz

root@hello:~# tar xvf kubekey-v1.2.1-linux-amd64.tar.gz

root@hello:~# ls kk

kk

root@hello:~#

root@hello:~# curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/images-list.txt

root@hello:~# curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/offline-installation-tool.sh

root@hello:~# chmod +x offline-installation-tool.sh

root@hello:~# export KKZONE=cn

root@hello:~# ./offline-installation-tool.sh -b

root@hello:~# ./offline-installation-tool.sh -s -l images-list.txt -d ./kubesphere-images

root@hello:~# curl -L -o /root/kubekey/v1.21.5/amd64/docker-20.10.8.tgz https://download.docker.com/linux/static/stable/x86_64/docker-20.10.8.tgz

root@hello:~# curl -L -o /root/kubekey/v1.21.5/amd64/crictl-v1.22.0-linux-amd64.tar.gz https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz

离线环境安装

#创建证书,注意“Common Name” 需要写域名

root@cby:~# mkdir -p certs

root@cby:~# openssl req \

> -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \

> -x509 -days 36500 -out certs/domain.crt

Generating a RSA private key

............++++

.......++++

writing new private key to 'certs/domain.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:dockerhub.kubekey.local

Email Address []:

root@cby:~#

安装docker

#安装docker

root@cby:~#

root@cby:~/package# ll

total 94776

drwxr-xr-x 2 root root     4096 Jan 12 07:17 ./

drwx------ 7 root root     4096 Jan 12 07:16 ../

-rw-r--r-- 1 root root 23703726 Jan 12 07:17 containerd.io_1.4.12-1_amd64.deb

-rw-r--r-- 1 root root 21234738 Jan 12 07:16 docker-ce_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root 40652850 Jan 12 07:16 docker-ce-cli_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root  7921036 Jan 12 07:16 docker-ce-rootless-extras_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root  3517780 Jan 12 07:16 docker-scan-plugin_0.12.0~ubuntu-focal_amd64.deb

root@cby:~/package#

root@cby:~/package# apt install ./*

部署镜像仓库

# 导入镜像

root@cby:~/cby# docker load -i registry.tar

# 启动 Docker 仓库

root@cby:~# docker run -d   --restart=always   --name registry   -v "$(pwd)"/certs:/certs   -v /mnt/registry:/var/lib/registry   -e REGISTRY_HTTP_ADDR=0.0.0.0:443   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt   -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key   -p 443:443   registry:2

#配置仓库

#在 /etc/hosts 中添加一个条目

root@cby:~# vim /etc/hosts

root@cby:~# cat /etc/hosts

3.7.191.234 dockerhub.kubekey.local

#配置免证书

root@cby:~# mkdir -p  /etc/docker/certs.d/dockerhub.kubekey.local

root@cby:~# cp certs/domain.crt  /etc/docker/certs.d/dockerhub.kubekey.local/ca.crt

root@cby:~# 

#配置免验证

root@cby:~# cat /etc/docker/daemon.json

{

   "insecure-registries":["https://dockerhub.kubekey.local"]

}

#重载配置,并重启

root@cby:~# systemctl daemon-reload

root@cby:~# systemctl restart docker

部署 KubeSphere 和 kubernetes

注意添加字段“privateRegistry”

#添加执行权限

root@cby:~#

root@cby:~# chmod +x kk

root@cby:~# chmod +x offline-installation-tool.sh

#推送镜像到私有仓库

root@cby:~# ./offline-installation-tool.sh -l images-list.txt -d ./kubesphere-images -r dockerhub.kubekey.local

root@cby:~# apt install conntrack

root@cby:~# ./kk create config --with-kubernetes v1.21.5 --with-kubesphere v3.2.1 -f config-sample.yaml

root@cby:~#

root@cby:~# vim config-sample.yaml

root@cby:~# cat config-sample.yaml

apiVersion: kubekey.kubesphere.io/v1alpha1

kind: Cluster

metadata:

  name: sample

spec:

  hosts:

  - {name: master, address: 3.7.191.234, internalAddress: 3.7.191.234, user: root, password: Cby23..}

  - {name: node1, address: 3.7.191.235, internalAddress: 3.7.191.235, user: root, password: Cby23..}

  - {name: node2, address: 3.7.191.238, internalAddress: 3.7.191.238, user: root, password: Cby23..}

  roleGroups:

    etcd:

    - master

    master:

    - node1

    worker:

    - node1

    - node2

  controlPlaneEndpoint:

    ##Internal loadbalancer for apiservers

    #internalLoadbalancer: haproxy

    domain: lb.kubesphere.local

    address: ""

    port: 6443

  kubernetes:

    version: v1.21.5

    clusterName: cluster.local

  network:

    plugin: calico

    kubePodsCIDR: 10.233.64.0/18

    kubeServiceCIDR: 10.233.0.0/18

  registry:

    registryMirrors: []

    insecureRegistries: []

    privateRegistry: dockerhub.kubekey.local

  addons: []

---

apiVersion: installer.kubesphere.io/v1alpha1

kind: ClusterConfiguration

metadata:

  name: ks-installer

  namespace: kubesphere-system

  labels:

    version: v3.2.1

spec:

  persistence:

    storageClass: ""

  authentication:

    jwtSecret: ""

  local_registry: ""

  # dev_tag: ""

  etcd:

    monitoring: false

    endpointIps: localhost

    port: 2379

    tlsEnable: true

  common:

    core:

      console:

        enableMultiLogin: true

        port: 30880

        type: NodePort

    # apiserver:

    #  resources: {}

    # controllerManager:

    #  resources: {}

    redis:

      enabled: false

      volumeSize: 2Gi

    openldap:

      enabled: false

      volumeSize: 2Gi

    minio:

      volumeSize: 20Gi

    monitoring:

      # type: external

      endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090

      GPUMonitoring:

        enabled: false

    gpu:

      kinds:

      - resourceName: "nvidia.com/gpu"

        resourceType: "GPU"

        default: true

    es:

      # master:

      #   volumeSize: 4Gi

      #   replicas: 1

      #   resources: {}

      # data:

      #   volumeSize: 20Gi

      #   replicas: 1

      #   resources: {}

      logMaxAge: 7

      elkPrefix: logstash

      basicAuth:

        enabled: false

        username: ""

        password: ""

      externalElasticsearchHost: ""

      externalElasticsearchPort: ""

  alerting:

    enabled: false

    # thanosruler:

    #   replicas: 1

    #   resources: {}

  auditing:

    enabled: false

    # operator:

    #   resources: {}

    # webhook:

    #   resources: {}

  devops:

    enabled: false

    jenkinsMemoryLim: 2Gi

    jenkinsMemoryReq: 1500Mi

    jenkinsVolumeSize: 8Gi

    jenkinsJavaOpts_Xms: 512m

    jenkinsJavaOpts_Xmx: 512m

    jenkinsJavaOpts_MaxRAM: 2g

  events:

    enabled: false

    # operator:

    #   resources: {}

    # exporter:

    #   resources: {}

    # ruler:

    #   enabled: true

    #   replicas: 2

    #   resources: {}

  logging:

    enabled: false

    containerruntime: docker

    logsidecar:

      enabled: true

      replicas: 2

      # resources: {}

  metrics_server:

    enabled: false

  monitoring:

    storageClass: ""

    # kube_rbac_proxy:

    #   resources: {}

    # kube_state_metrics:

    #   resources: {}

    # prometheus:

    #   replicas: 1

    #   volumeSize: 20Gi

    #   resources: {}

    #   operator:

    #     resources: {}

    #   adapter:

    #     resources: {}

    # node_exporter:

    #   resources: {}

    # alertmanager:

    #   replicas: 1

    #   resources: {}

    # notification_manager:

    #   resources: {}

    #   operator:

    #     resources: {}

    #   proxy:

    #     resources: {}

    gpu:

      nvidia_dcgm_exporter:

        enabled: false

        # resources: {}

  multicluster:

    clusterRole: none

  network:

    networkpolicy:

      enabled: false

    ippool:

      type: none

    topology:

      type: none

  openpitrix:

    store:

      enabled: false

  servicemesh:

    enabled: false

  kubeedge:

    enabled: false

    cloudCore:

      nodeSelector: {"node-role.kubernetes.io/worker": ""}

      tolerations: []

      cloudhubPort: "10000"

      cloudhubQuicPort: "10001"

      cloudhubHttpsPort: "10002"

      cloudstreamPort: "10003"

      tunnelPort: "10004"

      cloudHub:

        advertiseAddress:

          - ""

        nodeLimit: "100"

      service:

        cloudhubNodePort: "30000"

        cloudhubQuicNodePort: "30001"

        cloudhubHttpsNodePort: "30002"

        cloudstreamNodePort: "30003"

        tunnelNodePort: "30004"

    edgeWatcher:

      nodeSelector: {"node-role.kubernetes.io/worker": ""}

      tolerations: []

      edgeWatcherAgent:

        nodeSelector: {"node-role.kubernetes.io/worker": ""}

        tolerations: []

root@cby:~#

root@cby:~#

root@cby:~#

root@cby:~# ./kk create cluster -f config-sample.yaml

----略

#####################################################

###              Welcome to KubeSphere!           ###

#####################################################

Console: http://3.7.191.235:30880

Account: admin

Password: P@88w0rd

NOTES:

  1. After you log into the console, please check the

     monitoring status of service components in

     "Cluster Management". If any service is not

     ready, please wait patiently until all components

     are up and running.

  2. Please change the default password after login.

#####################################################

https://kubesphere.io             2022-01-12 09:42:36

#####################################################

INFO[09:42:45 UTC] Installation is complete.

Please check the result using the command:

       kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f

root@cby:~#

https://www.oiox.cn/

https://www.chenby.cn/

https://cby-chen.github.io/

https://weibo.com/u/5982474121

https://blog.csdn.net/qq_33921750

https://my.oschina.net/u/3981543

https://www.zhihu.com/people/chen-bu-yun-2

https://segmentfault.com/u/hppyvyv6/articles

https://juejin.cn/user/3315782802482007

https://space.bilibili.com/352476552/article

https://cloud.tencent.com/developer/column/93230

https://www.jianshu.com/u/0f894314ae2c

https://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/

CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》

​KubeSphere离线无网络环境部署的更多相关文章

  1. [转]无网络环境,在Windows Server 2008 R2和SQL Server 2008R2环境安装SharePoint2013 RT

    无网络环境,在Windows Server 2008 R2和SQL Server 2008R2环境安装SharePoint2013 RT,这个还有点麻烦,所以记录一下,下次遇到省得绕弯路.进入正题: ...

  2. 无网络环境下使用docker加载镜像

    无网络环境下使用docker加载镜像 你需要做的主要有3步骤:   先从一个有网络的电脑下载docker镜像 [root@localhost ~]# docker pull hub.c.163.com ...

  3. Oracle 11G单机 无网络环境静默安装

    参考文章https://blog.csdn.net/xiaoyu19910321/article/details/89856514 环境centos 7.6最小化安装 1,关闭防护墙selinux,配 ...

  4. 离线版centos8环境部署迁移监控操作笔记

    嗨咯,前两天总结记录了离线版centos8下docker的部署笔记,今天正好是2021年的最后一天,今天正好坐在本次出差回家的列车上,车上没有上面事做,索性不如把本次离线版centos8环境安装的其他 ...

  5. 无网络环境用pip安装python类包

    1.现在有网络的电脑安装相应的包 pip install django 2.安装完成后 打包 1)新建一个文件夹(package),用来存放包: 2)执行 pip list #查看安装的包 pip f ...

  6. centos7无网络环境下创建基于scratch镜像的Linux镜像,并带有Java运行环境

    一.准备 将下载好的jdk以及scratch镜像放在同一文件夹下:这里放在linux:2.0 二.导入scratch镜像 #docker load -i scratch.tar 三.创建dockerf ...

  7. 无网络环境下安装Dynamics CRM

    在安装CRM时会需要很多的组件支持,没有这些组件是没法安装的,一般我们都是选择机器联网后在线安装,但也有特殊情况确实不能联网的,可参考这篇文章 https://blogs.msdn.microsoft ...

  8. net3.5 无网络环境安装

    下载   提取码:t0dq 将下载的文件复制到复制到 C 盘的 Windows 文件夹 后请在“命令提示符(管理员)”中执行下面的命令: dism /online /Enable-Feature /F ...

  9. Linux下smokeping网络监控环境部署记录

    smokeping是一款监控网络状态和稳定性的开源软件(它是rrdtool的作者开发的),通过它可以监控到公司IDC的网络状况,如延时,丢包率,是否BGP多线等:smokeping会向目标设备和系统发 ...

  10. [转帖]无网络离线安装 vs2017

    无网络离线安装 vs2017 公司电脑禁止,只有一个老的vs2017的安装目录(之前通过 --layout 安装时生成的离线文件).找了一圈百度,没能解决问题,最后,问bing,查微软的官方网站命令, ...

随机推荐

  1. Vue的学习(2)

    Vue.js的模板语法 1.数据绑定的最常见的方法是插值法,写法{{}} 2.输出html代码,命令为v-html 例如: <div id="app"> <p v ...

  2. Hadoop高可用集群存在的一些共性问题

    Hadoop高可用集群存在的一些共性问题 1.NameNode 偶然性挂掉 问题原因: 用群启脚本启动HA集群,启动过程中NameNode要依赖于JournalNode,所以在启动过程中, ​ Nam ...

  3. 关于git错误:Git未能顺利结束(退出码 128)的解决办法

    如图: 问题原因: 主要是:用户名.邮箱.用户密钥跟github官网上配置的不一致 https://blog.csdn.net/weixin_52517585/article/details/1269 ...

  4. api进阶Day1文件的创建、删除、访问、设置过滤器并查询。目录的删除、创建。

    文件的创建: package file; import java.io.File; import java.io.IOException; /* create:创建 new:新 file:文件 使用F ...

  5. maven工程入门

    1. 为什么要使用maven? 毕业开始工作,项目组用的maven-spring开发的,不得不了解一下,看过很多介绍,其中maven最大的特点就是 管理jar包和版本管理 (参考:https://ww ...

  6. vscode设置终端主题,设置终端选中颜色

    vscode定义主题色官网: https://code.visualstudio.com/api/references/theme-color#integrated-terminal-colors 问 ...

  7. Java代码结构

    Java代码结构 顺序结构 Java的基本结构为顺序结构,除非特别指明,否则从上到下一句一句执行 选择结构 if单选择结构 if(condition){ doSomething(); } if双选择结 ...

  8. 关于Lua中的面向对象实现

    写在前面 最近在琢磨"Lua热重载",在测试中发现我之前对Lua中的面向对象实现有一些理解发生变化,这里记录一下. 本文提到的面向对象实现来自云风. 类实现 <Lua程序设计 ...

  9. 基于Extjs web设计器

    通过从左边的树拖入字段到右边,编辑字段属性,在界面所见即所得 进入链接 http://www.e-ipd.com:8080/crk/public/login.aspx?ReturnUrl=%2fcrk ...

  10. LeetCode86 分隔链表

    idea: 烦死了,这个题一直因为创立的指针为空,或者接入结点方法不对,结果将两个小链表搞混乱了,不过具体思路ok.将小值结点成一组,大值结点成一组,最后在首尾相连,实现起来也比较简单 /**  *  ...