KubeSphere离线无网络环境部署

KubeSphere 是 GitHub 上的一个开源项目,是成千上万名社区用户的聚集地。很多用户都在使用 KubeSphere 运行工作负载。对于在 Linux 上的安装,KubeSphere 既可以部署在云端,也可以部署在本地环境中,例如 AWS EC2、Azure VM 和裸机等。

KubeSphere 为用户提供轻量级安装程序 KubeKey(该程序支持安装 Kubernetes、KubeSphere 及相关插件),安装过程简单而友好。KubeKey 不仅能帮助用户在线创建集群,还能作为离线安装解决方案。

前期准备所需包

#前期准备所需包

root@hello:~# wget https://github.com/kubesphere/kubekey/releases/download/v1.2.1/kubekey-v1.2.1-linux-amd64.tar.gz

root@hello:~# tar xvf kubekey-v1.2.1-linux-amd64.tar.gz

root@hello:~# ls kk

kk

root@hello:~#

root@hello:~# curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/images-list.txt

root@hello:~# curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/offline-installation-tool.sh

root@hello:~# chmod +x offline-installation-tool.sh

root@hello:~# export KKZONE=cn

root@hello:~# ./offline-installation-tool.sh -b

root@hello:~# ./offline-installation-tool.sh -s -l images-list.txt -d ./kubesphere-images

root@hello:~# curl -L -o /root/kubekey/v1.21.5/amd64/docker-20.10.8.tgz https://download.docker.com/linux/static/stable/x86_64/docker-20.10.8.tgz

root@hello:~# curl -L -o /root/kubekey/v1.21.5/amd64/crictl-v1.22.0-linux-amd64.tar.gz https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz

离线环境安装

#创建证书,注意“Common Name” 需要写域名

root@cby:~# mkdir -p certs

root@cby:~# openssl req \

> -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \

> -x509 -days 36500 -out certs/domain.crt

Generating a RSA private key

............++++

.......++++

writing new private key to 'certs/domain.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:dockerhub.kubekey.local

Email Address []:

root@cby:~#

安装docker

#安装docker

root@cby:~#

root@cby:~/package# ll

total 94776

drwxr-xr-x 2 root root     4096 Jan 12 07:17 ./

drwx------ 7 root root     4096 Jan 12 07:16 ../

-rw-r--r-- 1 root root 23703726 Jan 12 07:17 containerd.io_1.4.12-1_amd64.deb

-rw-r--r-- 1 root root 21234738 Jan 12 07:16 docker-ce_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root 40652850 Jan 12 07:16 docker-ce-cli_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root  7921036 Jan 12 07:16 docker-ce-rootless-extras_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root  3517780 Jan 12 07:16 docker-scan-plugin_0.12.0~ubuntu-focal_amd64.deb

root@cby:~/package#

root@cby:~/package# apt install ./*

部署镜像仓库

# 导入镜像

root@cby:~/cby# docker load -i registry.tar

# 启动 Docker 仓库

root@cby:~# docker run -d   --restart=always   --name registry   -v "$(pwd)"/certs:/certs   -v /mnt/registry:/var/lib/registry   -e REGISTRY_HTTP_ADDR=0.0.0.0:443   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt   -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key   -p 443:443   registry:2

#配置仓库

#在 /etc/hosts 中添加一个条目

root@cby:~# vim /etc/hosts

root@cby:~# cat /etc/hosts

3.7.191.234 dockerhub.kubekey.local

#配置免证书

root@cby:~# mkdir -p  /etc/docker/certs.d/dockerhub.kubekey.local

root@cby:~# cp certs/domain.crt  /etc/docker/certs.d/dockerhub.kubekey.local/ca.crt

root@cby:~# 

#配置免验证

root@cby:~# cat /etc/docker/daemon.json

{

   "insecure-registries":["https://dockerhub.kubekey.local"]

}

#重载配置,并重启

root@cby:~# systemctl daemon-reload

root@cby:~# systemctl restart docker

部署 KubeSphere 和 kubernetes

注意添加字段“privateRegistry”

#添加执行权限

root@cby:~#

root@cby:~# chmod +x kk

root@cby:~# chmod +x offline-installation-tool.sh

#推送镜像到私有仓库

root@cby:~# ./offline-installation-tool.sh -l images-list.txt -d ./kubesphere-images -r dockerhub.kubekey.local

root@cby:~# apt install conntrack

root@cby:~# ./kk create config --with-kubernetes v1.21.5 --with-kubesphere v3.2.1 -f config-sample.yaml

root@cby:~#

root@cby:~# vim config-sample.yaml

root@cby:~# cat config-sample.yaml

apiVersion: kubekey.kubesphere.io/v1alpha1

kind: Cluster

metadata:

  name: sample

spec:

  hosts:

  - {name: master, address: 3.7.191.234, internalAddress: 3.7.191.234, user: root, password: Cby23..}

  - {name: node1, address: 3.7.191.235, internalAddress: 3.7.191.235, user: root, password: Cby23..}

  - {name: node2, address: 3.7.191.238, internalAddress: 3.7.191.238, user: root, password: Cby23..}

  roleGroups:

    etcd:

    - master

    master:

    - node1

    worker:

    - node1

    - node2

  controlPlaneEndpoint:

    ##Internal loadbalancer for apiservers

    #internalLoadbalancer: haproxy

    domain: lb.kubesphere.local

    address: ""

    port: 6443

  kubernetes:

    version: v1.21.5

    clusterName: cluster.local

  network:

    plugin: calico

    kubePodsCIDR: 10.233.64.0/18

    kubeServiceCIDR: 10.233.0.0/18

  registry:

    registryMirrors: []

    insecureRegistries: []

    privateRegistry: dockerhub.kubekey.local

  addons: []

---

apiVersion: installer.kubesphere.io/v1alpha1

kind: ClusterConfiguration

metadata:

  name: ks-installer

  namespace: kubesphere-system

  labels:

    version: v3.2.1

spec:

  persistence:

    storageClass: ""

  authentication:

    jwtSecret: ""

  local_registry: ""

  # dev_tag: ""

  etcd:

    monitoring: false

    endpointIps: localhost

    port: 2379

    tlsEnable: true

  common:

    core:

      console:

        enableMultiLogin: true

        port: 30880

        type: NodePort

    # apiserver:

    #  resources: {}

    # controllerManager:

    #  resources: {}

    redis:

      enabled: false

      volumeSize: 2Gi

    openldap:

      enabled: false

      volumeSize: 2Gi

    minio:

      volumeSize: 20Gi

    monitoring:

      # type: external

      endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090

      GPUMonitoring:

        enabled: false

    gpu:

      kinds:

      - resourceName: "nvidia.com/gpu"

        resourceType: "GPU"

        default: true

    es:

      # master:

      #   volumeSize: 4Gi

      #   replicas: 1

      #   resources: {}

      # data:

      #   volumeSize: 20Gi

      #   replicas: 1

      #   resources: {}

      logMaxAge: 7

      elkPrefix: logstash

      basicAuth:

        enabled: false

        username: ""

        password: ""

      externalElasticsearchHost: ""

      externalElasticsearchPort: ""

  alerting:

    enabled: false

    # thanosruler:

    #   replicas: 1

    #   resources: {}

  auditing:

    enabled: false

    # operator:

    #   resources: {}

    # webhook:

    #   resources: {}

  devops:

    enabled: false

    jenkinsMemoryLim: 2Gi

    jenkinsMemoryReq: 1500Mi

    jenkinsVolumeSize: 8Gi

    jenkinsJavaOpts_Xms: 512m

    jenkinsJavaOpts_Xmx: 512m

    jenkinsJavaOpts_MaxRAM: 2g

  events:

    enabled: false

    # operator:

    #   resources: {}

    # exporter:

    #   resources: {}

    # ruler:

    #   enabled: true

    #   replicas: 2

    #   resources: {}

  logging:

    enabled: false

    containerruntime: docker

    logsidecar:

      enabled: true

      replicas: 2

      # resources: {}

  metrics_server:

    enabled: false

  monitoring:

    storageClass: ""

    # kube_rbac_proxy:

    #   resources: {}

    # kube_state_metrics:

    #   resources: {}

    # prometheus:

    #   replicas: 1

    #   volumeSize: 20Gi

    #   resources: {}

    #   operator:

    #     resources: {}

    #   adapter:

    #     resources: {}

    # node_exporter:

    #   resources: {}

    # alertmanager:

    #   replicas: 1

    #   resources: {}

    # notification_manager:

    #   resources: {}

    #   operator:

    #     resources: {}

    #   proxy:

    #     resources: {}

    gpu:

      nvidia_dcgm_exporter:

        enabled: false

        # resources: {}

  multicluster:

    clusterRole: none

  network:

    networkpolicy:

      enabled: false

    ippool:

      type: none

    topology:

      type: none

  openpitrix:

    store:

      enabled: false

  servicemesh:

    enabled: false

  kubeedge:

    enabled: false

    cloudCore:

      nodeSelector: {"node-role.kubernetes.io/worker": ""}

      tolerations: []

      cloudhubPort: "10000"

      cloudhubQuicPort: "10001"

      cloudhubHttpsPort: "10002"

      cloudstreamPort: "10003"

      tunnelPort: "10004"

      cloudHub:

        advertiseAddress:

          - ""

        nodeLimit: "100"

      service:

        cloudhubNodePort: "30000"

        cloudhubQuicNodePort: "30001"

        cloudhubHttpsNodePort: "30002"

        cloudstreamNodePort: "30003"

        tunnelNodePort: "30004"

    edgeWatcher:

      nodeSelector: {"node-role.kubernetes.io/worker": ""}

      tolerations: []

      edgeWatcherAgent:

        nodeSelector: {"node-role.kubernetes.io/worker": ""}

        tolerations: []

root@cby:~#

root@cby:~#

root@cby:~#

root@cby:~# ./kk create cluster -f config-sample.yaml

----略

#####################################################

###              Welcome to KubeSphere!           ###

#####################################################

Console: http://3.7.191.235:30880

Account: admin

Password: P@88w0rd

NOTES:

  1. After you log into the console, please check the

     monitoring status of service components in

     "Cluster Management". If any service is not

     ready, please wait patiently until all components

     are up and running.

  2. Please change the default password after login.

#####################################################

https://kubesphere.io             2022-01-12 09:42:36

#####################################################

INFO[09:42:45 UTC] Installation is complete.

Please check the result using the command:

       kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f

root@cby:~#

https://www.oiox.cn/

https://www.chenby.cn/

https://cby-chen.github.io/

https://weibo.com/u/5982474121

https://blog.csdn.net/qq_33921750

https://my.oschina.net/u/3981543

https://www.zhihu.com/people/chen-bu-yun-2

https://segmentfault.com/u/hppyvyv6/articles

https://juejin.cn/user/3315782802482007

https://space.bilibili.com/352476552/article

https://cloud.tencent.com/developer/column/93230

https://www.jianshu.com/u/0f894314ae2c

https://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/

CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》

​KubeSphere离线无网络环境部署的更多相关文章

  1. [转]无网络环境,在Windows Server 2008 R2和SQL Server 2008R2环境安装SharePoint2013 RT

    无网络环境,在Windows Server 2008 R2和SQL Server 2008R2环境安装SharePoint2013 RT,这个还有点麻烦,所以记录一下,下次遇到省得绕弯路.进入正题: ...

  2. 无网络环境下使用docker加载镜像

    无网络环境下使用docker加载镜像 你需要做的主要有3步骤:   先从一个有网络的电脑下载docker镜像 [root@localhost ~]# docker pull hub.c.163.com ...

  3. Oracle 11G单机 无网络环境静默安装

    参考文章https://blog.csdn.net/xiaoyu19910321/article/details/89856514 环境centos 7.6最小化安装 1,关闭防护墙selinux,配 ...

  4. 离线版centos8环境部署迁移监控操作笔记

    嗨咯,前两天总结记录了离线版centos8下docker的部署笔记,今天正好是2021年的最后一天,今天正好坐在本次出差回家的列车上,车上没有上面事做,索性不如把本次离线版centos8环境安装的其他 ...

  5. 无网络环境用pip安装python类包

    1.现在有网络的电脑安装相应的包 pip install django 2.安装完成后 打包 1)新建一个文件夹(package),用来存放包: 2)执行 pip list #查看安装的包 pip f ...

  6. centos7无网络环境下创建基于scratch镜像的Linux镜像,并带有Java运行环境

    一.准备 将下载好的jdk以及scratch镜像放在同一文件夹下:这里放在linux:2.0 二.导入scratch镜像 #docker load -i scratch.tar 三.创建dockerf ...

  7. 无网络环境下安装Dynamics CRM

    在安装CRM时会需要很多的组件支持,没有这些组件是没法安装的,一般我们都是选择机器联网后在线安装,但也有特殊情况确实不能联网的,可参考这篇文章 https://blogs.msdn.microsoft ...

  8. net3.5 无网络环境安装

    下载   提取码:t0dq 将下载的文件复制到复制到 C 盘的 Windows 文件夹 后请在“命令提示符(管理员)”中执行下面的命令: dism /online /Enable-Feature /F ...

  9. Linux下smokeping网络监控环境部署记录

    smokeping是一款监控网络状态和稳定性的开源软件(它是rrdtool的作者开发的),通过它可以监控到公司IDC的网络状况,如延时,丢包率,是否BGP多线等:smokeping会向目标设备和系统发 ...

  10. [转帖]无网络离线安装 vs2017

    无网络离线安装 vs2017 公司电脑禁止,只有一个老的vs2017的安装目录(之前通过 --layout 安装时生成的离线文件).找了一圈百度,没能解决问题,最后,问bing,查微软的官方网站命令, ...

随机推荐

  1. 西瓜书 5.5 编写过程(标准BP与累计BP)

    话不多说先用numpy表示出数据集 Y=['色泽','根蒂','敲声','纹理','脐部','触感','密度','含糖率','好瓜与否']D=np.array([[2,1,2,3,3,1,0.697, ...

  2. Date 对象 定时器

    日期对象 Date 概述:date是表示日期时间的对象,主要的方法是获取时间和设置日期时间. date声明 使用new Date声明 有4种方式 1.不设参数 是获取当前的本地时间 var date ...

  3. 将本地文件复制到docker 容器中

    查询容器id: docker ps 查询完整容器id docker inspect -f '{{.ID}}'短容器id cp docker cp 本地路径 完整容器ID:容器路径例: docker c ...

  4. Verilog 变量声明与数据类型一

    Verilog 变量声明与数据类型一 Verilog语法中最基本的数据类型有 线网(wire),寄存器(reg)和整数(integer)三种类型,这三种数据类型是可综合的数据类型,在Verilog 程 ...

  5. vue-固定头部-内容可滚动

     <div class="show-box">             <div class="show-top">           ...

  6. 第一个Java程序(自动关机程序)

    我的第一个程序 1.新建java工程 打开Eclipse,点击File,选择New,点击Java Project ,新建名为demo的工程,如图所示: 2.编写程序 1.打开demo工程,鼠标右键sr ...

  7. PHP做API开发该如何设计签名验证

    前言 开发过程中,我们经常会与接口打交道,有的时候是调取别人网站的接口,有的时候是为他人提供自己网站的接口,但是在这调取的过程中都离不开签名验证. 我们在设计签名验证的时候,请注意要满足以下几点: 可 ...

  8. DNS解析原理(www.baidu.com)

    QueryDns,py程序运行问题解决 关于远程访问数据库问题 这个我用NAVICAT或者是python程序连接都连不上他那个数据库(可能是数据库设定的权限没有开启?) 这个程序真的跑不起来,考虑自己 ...

  9. 数据库软件mysql的卸载及安装

    mysql安装时找了好多教程,一直安装不成功,后来终于安装成了,浅写一下教程. 首先时mysql的卸载,如果安装失败或者之前下载过旧版本,那么安装时会出现start service错误,解决方法就是将 ...

  10. 艾思最新案例分享:塔蓝物流app-物流仓储管理系统app. app开发

    塔蓝物流app是一款物流仓储管理app:主要业务范围空运,海运,进出口货物及过境货物的运输代理,包括揽物订舱,仓储(危险品除外),包装,搬运装卸,中转,流通加工,集装箱拼装拆箱(危险品除外),结算运杂 ...