一 新建4台 linux主机(centos7.7)
主机配置
主机名 cpu核心 内存 硬盘
master1 4 16GB 100GB
master2 4 16GB 50GB
node1 4 16GB 50GB
node2 4 16GB 50GB
说明:master1需要安装镜像库,所以硬盘分100GB
每台主机都需要安装依赖软件
$ yum install curl openssl ebtables socat ipset conntrack yum-utils device-mapper-persistent-data lvm2 -y
$ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
$ yum makecache fast
$ yum -y install docker-ce
二 新建自己的私有镜像库
生成自签名证书
$ mkdir -p certs
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 36500 -out certs/domain.crt
生成证书时,需填写对应域名(该域名可自由设定)
启动docker registry服务
镜像数据存储到本地/mnt/registry (目录可自定义,如果镜像较多,请确保存储空间足够)
$ docker run -d \
--restart=always \
--name registry \
-v "$(pwd)"/certs:/certs \
-v /mnt/registry:/var/lib/registry \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-p 443:443 \
registry:2
配置registry(master1,master2,node1,node2都需要添加)
将registry证书域名及对应ip地址配置hosts /etc/hosts
$ echo "192.168.0.2 dockerhub.kubesphere.local" >> /etc/hosts
拷贝证书到指定目录,使docker信任该证书(该路径与证书域名有关,请按实际域名创建证书拷贝路径)
$ mkdir -p /etc/docker/certs.d/dockerhub.kubesphere.local
$ cp certs/domain.crt /etc/docker/certs.d/dockerhub.kubesphere.local/ca.crt
验证服务可用性
镜像上传成功
下载镜像成功 (node2)
提示:由于包含所有组件镜像,该压缩包较大,如果网络不佳,可能会导致下载耗时较长。也可根据文档中的镜像列表将相关镜像导入私有镜像仓库中后使用kubekey自行安装。
$ curl -Ok https://kubesphere-installer.pek3b.qingstor.com/offline/v3.0.0/kubesphere-all-v3.0.0-offline-linux-amd64.tar.gz
1 创建集群配置文件
安装包解压后进入kubesphere-all-v3.0.0-offline-linux-amd64
生成配置文件config-sample.yaml
./kk create config --with-kubesphere v3.0.0
修改配置
hosts 加入主机参数
{name: master1, address: 192.168.0.2, internalAddress: 192.168.0.2, user: root, password: Qwe12345}
{name: master2, address: 192.168.0.3, internalAddress: 192.168.0.3, user: root, password: Qwe12345}
{name: node1, address: 192.168.0.4, internalAddress: 192.168.0.4, user: root, password: Qwe12345}
{name: node2, address: 192.168.0.5, internalAddress: 192.168.0.5, user: root, password: Qwe12345}
registry插入私有仓库参数
privateRegistry: dockerhub.kubesphere.local
修改后的配置文件
apiVersion: kubekey.kubesphere.io/v1alpha1
kind: Cluster
metadata:
name: sample
spec:
hosts:
- {name: master1, address: 192.168.0.2, internalAddress: 192.168.0.2, user: root, password: Qwe12345}
- {name: master2, address: 192.168.0.3, internalAddress: 192.168.0.3, user: root, password: Qwe12345}
- {name: node1, address: 192.168.0.4, internalAddress: 192.168.0.4, user: root, password: Qwe12345}
- {name: node2, address: 192.168.0.5, internalAddress: 192.168.0.5, user: root, password: Qwe12345}
roleGroups:
etcd:
- master1
- master2
master:
- master1
- master2
worker:
- master2
- node1
- node2
controlPlaneEndpoint:
domain: lb.kubesphere.local
address: ""
port: "6443"
kubernetes:
version: v1.17.9
imageRepo: kubesphere
clusterName: cluster.local
network:
plugin: calico
kubePodsCIDR: 10.233.64.0/18
kubeServiceCIDR: 10.233.0.0/18
registry:
registryMirrors: []
insecureRegistries: []
privateRegistry: dockerhub.kubesphere.local
addons: []
---
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.0.0
spec:
local_registry: ""
persistence:
storageClass: ""
authentication:
jwtSecret: ""
etcd:
monitoring: true
endpointIps: localhost
port: 2379
tlsEnable: true
common:
es:
elasticsearchDataVolumeSize: 20Gi
elasticsearchMasterVolumeSize: 4Gi
elkPrefix: logstash
logMaxAge: 7
mysqlVolumeSize: 20Gi
minioVolumeSize: 20Gi
etcdVolumeSize: 20Gi
openldapVolumeSize: 2Gi
redisVolumSize: 2Gi
console:
enableMultiLogin: false # enable/disable multi login
port: 30880
alerting:
enabled: false
auditing:
enabled: false
devops:
enabled: false
jenkinsMemoryLim: 2Gi
jenkinsMemoryReq: 1500Mi
jenkinsVolumeSize: 8Gi
jenkinsJavaOpts_Xms: 512m
jenkinsJavaOpts_Xmx: 512m
jenkinsJavaOpts_MaxRAM: 2g
events:
enabled: false
ruler:
enabled: true
replicas: 2
logging:
enabled: false
logsidecarReplicas: 2
metrics_server:
enabled: true
monitoring:
prometheusMemoryRequest: 400Mi
prometheusVolumeSize: 20Gi
multicluster:
clusterRole: none # host | member | none
networkpolicy:
enabled: false
notification:
enabled: false
openpitrix:
enabled: false
servicemesh:
enabled: false
进入kubesphere-all-v3.0.0-offline-linux-amd64/kubesphere-images-v3.0.0
$ ./push-images.sh dockerhub.kubesphere.local
导入镜像的时间很长,请耐心等待
$ ./kk create cluster -f config-sample.yaml
输入yes
然后就是持续的安装步骤
集群安装成功
访问kubesphere,需要ACL 防火墙放通30880端口
ACL放通30880端口
防火墙放通30880端口
访问kubesphere,以admin用户登录