KubeSphere离线无网络环境部署
KubeSphere离线无网络环境部署
KubeSphere 是 GitHub 上的一个开源项目,是成千上万名社区用户的聚集地。很多用户都在使用 KubeSphere 运行工作负载。对于在 Linux 上的安装,KubeSphere 既可以部署在云端,也可以部署在本地环境中,例如 AWS EC2、Azure VM 和裸机等。
KubeSphere 为用户提供轻量级安装程序 KubeKey(该程序支持安装 Kubernetes、KubeSphere 及相关插件),安装过程简单而友好。KubeKey 不仅能帮助用户在线创建集群,还能作为离线安装解决方案。
前期准备所需包
#前期准备所需包
root@hello:~# wget https://github.com/kubesphere/kubekey/releases/download/v1.2.1/kubekey-v1.2.1-linux-amd64.tar.gz
root@hello:~# tar xvf kubekey-v1.2.1-linux-amd64.tar.gz
root@hello:~# ls kk
kk
root@hello:~#
root@hello:~# curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/images-list.txt
root@hello:~# curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/offline-installation-tool.sh
root@hello:~# chmod +x offline-installation-tool.sh
root@hello:~# export KKZONE=cn
root@hello:~# ./offline-installation-tool.sh -b
root@hello:~# ./offline-installation-tool.sh -s -l images-list.txt -d ./kubesphere-images
root@hello:~# curl -L -o /root/kubekey/v1.21.5/amd64/docker-20.10.8.tgz https://download.docker.com/linux/static/stable/x86_64/docker-20.10.8.tgz
root@hello:~# curl -L -o /root/kubekey/v1.21.5/amd64/crictl-v1.22.0-linux-amd64.tar.gz https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz离线环境安装
#创建证书,注意“Common Name” 需要写域名
root@cby:~# mkdir -p certs
root@cby:~# openssl req \
> -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
> -x509 -days 36500 -out certs/domain.crt
Generating a RSA private key
............++++
.......++++
writing new private key to 'certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:dockerhub.kubekey.local
Email Address []:
root@cby:~#安装docker
#安装docker
root@cby:~#
root@cby:~/package# ll
total 94776
drwxr-xr-x 2 root root 4096 Jan 12 07:17 ./
drwx------ 7 root root 4096 Jan 12 07:16 ../
-rw-r--r-- 1 root root 23703726 Jan 12 07:17 containerd.io_1.4.12-1_amd64.deb
-rw-r--r-- 1 root root 21234738 Jan 12 07:16 docker-ce_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb
-rw-r--r-- 1 root root 40652850 Jan 12 07:16 docker-ce-cli_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb
-rw-r--r-- 1 root root 7921036 Jan 12 07:16 docker-ce-rootless-extras_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb
-rw-r--r-- 1 root root 3517780 Jan 12 07:16 docker-scan-plugin_0.12.0~ubuntu-focal_amd64.deb
root@cby:~/package#
root@cby:~/package# apt install ./*部署镜像仓库
# 导入镜像
root@cby:~/cby# docker load -i registry.tar
# 启动 Docker 仓库
root@cby:~# docker run -d --restart=always --name registry -v "$(pwd)"/certs:/certs -v /mnt/registry:/var/lib/registry -e REGISTRY_HTTP_ADDR=0.0.0.0:443 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -p 443:443 registry:2
#配置仓库
#在 /etc/hosts 中添加一个条目
root@cby:~# vim /etc/hosts
root@cby:~# cat /etc/hosts
3.7.191.234 dockerhub.kubekey.local
#配置免证书
root@cby:~# mkdir -p /etc/docker/certs.d/dockerhub.kubekey.local
root@cby:~# cp certs/domain.crt /etc/docker/certs.d/dockerhub.kubekey.local/ca.crt
root@cby:~#
#配置免验证
root@cby:~# cat /etc/docker/daemon.json
{
"insecure-registries":["https://dockerhub.kubekey.local"]
}
#重载配置,并重启
root@cby:~# systemctl daemon-reload
root@cby:~# systemctl restart docker部署 KubeSphere 和 kubernetes
注意添加字段“privateRegistry”
#添加执行权限
root@cby:~#
root@cby:~# chmod +x kk
root@cby:~# chmod +x offline-installation-tool.sh
#推送镜像到私有仓库
root@cby:~# ./offline-installation-tool.sh -l images-list.txt -d ./kubesphere-images -r dockerhub.kubekey.local
root@cby:~# apt install conntrack
root@cby:~# ./kk create config --with-kubernetes v1.21.5 --with-kubesphere v3.2.1 -f config-sample.yaml
root@cby:~#
root@cby:~# vim config-sample.yaml
root@cby:~# cat config-sample.yaml
apiVersion: kubekey.kubesphere.io/v1alpha1
kind: Cluster
metadata:
name: sample
spec:
hosts:
- {name: master, address: 3.7.191.234, internalAddress: 3.7.191.234, user: root, password: Cby23..}
- {name: node1, address: 3.7.191.235, internalAddress: 3.7.191.235, user: root, password: Cby23..}
- {name: node2, address: 3.7.191.238, internalAddress: 3.7.191.238, user: root, password: Cby23..}
roleGroups:
etcd:
- master
master:
- node1
worker:
- node1
- node2
controlPlaneEndpoint:
##Internal loadbalancer for apiservers
#internalLoadbalancer: haproxy
domain: lb.kubesphere.local
address: ""
port: 6443
kubernetes:
version: v1.21.5
clusterName: cluster.local
network:
plugin: calico
kubePodsCIDR: 10.233.64.0/18
kubeServiceCIDR: 10.233.0.0/18
registry:
registryMirrors: []
insecureRegistries: []
privateRegistry: dockerhub.kubekey.local
addons: []
---
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.2.1
spec:
persistence:
storageClass: ""
authentication:
jwtSecret: ""
local_registry: ""
# dev_tag: ""
etcd:
monitoring: false
endpointIps: localhost
port: 2379
tlsEnable: true
common:
core:
console:
enableMultiLogin: true
port: 30880
type: NodePort
# apiserver:
# resources: {}
# controllerManager:
# resources: {}
redis:
enabled: false
volumeSize: 2Gi
openldap:
enabled: false
volumeSize: 2Gi
minio:
volumeSize: 20Gi
monitoring:
# type: external
endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
GPUMonitoring:
enabled: false
gpu:
kinds:
- resourceName: "nvidia.com/gpu"
resourceType: "GPU"
default: true
es:
# master:
# volumeSize: 4Gi
# replicas: 1
# resources: {}
# data:
# volumeSize: 20Gi
# replicas: 1
# resources: {}
logMaxAge: 7
elkPrefix: logstash
basicAuth:
enabled: false
username: ""
password: ""
externalElasticsearchHost: ""
externalElasticsearchPort: ""
alerting:
enabled: false
# thanosruler:
# replicas: 1
# resources: {}
auditing:
enabled: false
# operator:
# resources: {}
# webhook:
# resources: {}
devops:
enabled: false
jenkinsMemoryLim: 2Gi
jenkinsMemoryReq: 1500Mi
jenkinsVolumeSize: 8Gi
jenkinsJavaOpts_Xms: 512m
jenkinsJavaOpts_Xmx: 512m
jenkinsJavaOpts_MaxRAM: 2g
events:
enabled: false
# operator:
# resources: {}
# exporter:
# resources: {}
# ruler:
# enabled: true
# replicas: 2
# resources: {}
logging:
enabled: false
containerruntime: docker
logsidecar:
enabled: true
replicas: 2
# resources: {}
metrics_server:
enabled: false
monitoring:
storageClass: ""
# kube_rbac_proxy:
# resources: {}
# kube_state_metrics:
# resources: {}
# prometheus:
# replicas: 1
# volumeSize: 20Gi
# resources: {}
# operator:
# resources: {}
# adapter:
# resources: {}
# node_exporter:
# resources: {}
# alertmanager:
# replicas: 1
# resources: {}
# notification_manager:
# resources: {}
# operator:
# resources: {}
# proxy:
# resources: {}
gpu:
nvidia_dcgm_exporter:
enabled: false
# resources: {}
multicluster:
clusterRole: none
network:
networkpolicy:
enabled: false
ippool:
type: none
topology:
type: none
openpitrix:
store:
enabled: false
servicemesh:
enabled: false
kubeedge:
enabled: false
cloudCore:
nodeSelector: {"node-role.kubernetes.io/worker": ""}
tolerations: []
cloudhubPort: "10000"
cloudhubQuicPort: "10001"
cloudhubHttpsPort: "10002"
cloudstreamPort: "10003"
tunnelPort: "10004"
cloudHub:
advertiseAddress:
- ""
nodeLimit: "100"
service:
cloudhubNodePort: "30000"
cloudhubQuicNodePort: "30001"
cloudhubHttpsNodePort: "30002"
cloudstreamNodePort: "30003"
tunnelNodePort: "30004"
edgeWatcher:
nodeSelector: {"node-role.kubernetes.io/worker": ""}
tolerations: []
edgeWatcherAgent:
nodeSelector: {"node-role.kubernetes.io/worker": ""}
tolerations: []
root@cby:~#
root@cby:~#
root@cby:~#
root@cby:~# ./kk create cluster -f config-sample.yaml
----略
#####################################################
### Welcome to KubeSphere! ###
#####################################################
Console: http://3.7.191.235:30880
Account: admin
Password: P@88w0rd
NOTES:
1. After you log into the console, please check the
monitoring status of service components in
"Cluster Management". If any service is not
ready, please wait patiently until all components
are up and running.
2. Please change the default password after login.
#####################################################
https://kubesphere.io 2022-01-12 09:42:36
#####################################################
INFO[09:42:45 UTC] Installation is complete.
Please check the result using the command:
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
root@cby:~#
https://www.oiox.cn/
https://www.chenby.cn/
https://cby-chen.github.io/
https://weibo.com/u/5982474121
https://blog.csdn.net/qq_33921750
https://my.oschina.net/u/3981543
https://www.zhihu.com/people/chen-bu-yun-2
https://segmentfault.com/u/hppyvyv6/articles
https://juejin.cn/user/3315782802482007
https://space.bilibili.com/352476552/article
https://cloud.tencent.com/developer/column/93230
https://www.jianshu.com/u/0f894314ae2c
https://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/
CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
KubeSphere离线无网络环境部署的更多相关文章
- [转]无网络环境,在Windows Server 2008 R2和SQL Server 2008R2环境安装SharePoint2013 RT
无网络环境,在Windows Server 2008 R2和SQL Server 2008R2环境安装SharePoint2013 RT,这个还有点麻烦,所以记录一下,下次遇到省得绕弯路.进入正题: ...
- 无网络环境下使用docker加载镜像
无网络环境下使用docker加载镜像 你需要做的主要有3步骤: 先从一个有网络的电脑下载docker镜像 [root@localhost ~]# docker pull hub.c.163.com ...
- Oracle 11G单机 无网络环境静默安装
参考文章https://blog.csdn.net/xiaoyu19910321/article/details/89856514 环境centos 7.6最小化安装 1,关闭防护墙selinux,配 ...
- 离线版centos8环境部署迁移监控操作笔记
嗨咯,前两天总结记录了离线版centos8下docker的部署笔记,今天正好是2021年的最后一天,今天正好坐在本次出差回家的列车上,车上没有上面事做,索性不如把本次离线版centos8环境安装的其他 ...
- 无网络环境用pip安装python类包
1.现在有网络的电脑安装相应的包 pip install django 2.安装完成后 打包 1)新建一个文件夹(package),用来存放包: 2)执行 pip list #查看安装的包 pip f ...
- centos7无网络环境下创建基于scratch镜像的Linux镜像,并带有Java运行环境
一.准备 将下载好的jdk以及scratch镜像放在同一文件夹下:这里放在linux:2.0 二.导入scratch镜像 #docker load -i scratch.tar 三.创建dockerf ...
- 无网络环境下安装Dynamics CRM
在安装CRM时会需要很多的组件支持,没有这些组件是没法安装的,一般我们都是选择机器联网后在线安装,但也有特殊情况确实不能联网的,可参考这篇文章 https://blogs.msdn.microsoft ...
- net3.5 无网络环境安装
下载 提取码:t0dq 将下载的文件复制到复制到 C 盘的 Windows 文件夹 后请在“命令提示符(管理员)”中执行下面的命令: dism /online /Enable-Feature /F ...
- Linux下smokeping网络监控环境部署记录
smokeping是一款监控网络状态和稳定性的开源软件(它是rrdtool的作者开发的),通过它可以监控到公司IDC的网络状况,如延时,丢包率,是否BGP多线等:smokeping会向目标设备和系统发 ...
- [转帖]无网络离线安装 vs2017
无网络离线安装 vs2017 公司电脑禁止,只有一个老的vs2017的安装目录(之前通过 --layout 安装时生成的离线文件).找了一圈百度,没能解决问题,最后,问bing,查微软的官方网站命令, ...
随机推荐
- hbuliter x 连接雷电模拟器
adb 路径 E:\HBuilderX\plugins\launcher\tools\adbs 也可以配置环境变量 配置环境变量:将adb.exe所在路径,放在Path中计算机(右键)→属性→高级系 ...
- Vue2路由跳转传参,获取路由参数,Vue监听路由
1 this.$router.push({ 2 // name:路由组件名 3 name: routeName, 4 query: { 5 mapId:this.mapId 6 } 7 }) 8 9 ...
- AES加密 php7版本 openssl_encrypt 遇到的坑
与前端对接api ,解密不了前端加密的数据. 问题描述: 1.前端用 cryptojs 加密的 密钥是24位 , 2.后端用的php7的 openssl_encrypt 同密钥来进行解密,发现解密 ...
- yugong诠释
整个迁移方案,分为两部分: 全量迁移 增量迁移 过程描述: 增量数据收集 (创建oracle表的增量物化视图) 进行全量复制 进行增量复制 (并行进行数据校验) 原库停写,切到新库 回滚方案: 开启新 ...
- java 将Excel数据读取到ListMap
将Excel数据读取到ListMap /** * 将Excel数据读取到ListMap * @param file */ public static List<Map<String, Ob ...
- 图模导入原理之 SVG图形基础与图形导入
一.svg图形基础 PMS图形中,图形svg文件内容一般由两部分组成: 1.<defs>标签中定义的是图元信息,即各种不同设备不同状态的图元应该如何显示: 2.各种<XXXXXX_L ...
- Pytorch Chain-Rules
Derivative Rules \[\begin{aligned} &\frac{\delta E}{\delta w^1_{jk}}=\frac{\delta E}{\delta O_k^ ...
- 部门mysql操作
use test_db; -- 删除表 drop table if exists t1_profit; drop table if exists t1_salgrade; drop table i ...
- Error parsing HTTP request header 控制台报错分析与解决
控制台报错信息: org.apache.coyote.http11.AbstractHttp11Processor process 信息: Error parsing HTTP request hea ...
- Ubuntu 20.04 使用deb包安装mysql
Ubuntu 20.04 使用deb包安装mysql 1.环境 WSL2 + Ubuntu 20.04 2.下载mysql的Ubuntu / Debian安装包 MySQL :: Download M ...