KubeSphere离线无网络环境部署

KubeSphere 是 GitHub 上的一个开源项目,是成千上万名社区用户的聚集地。很多用户都在使用 KubeSphere 运行工作负载。对于在 Linux 上的安装,KubeSphere 既可以部署在云端,也可以部署在本地环境中,例如 AWS EC2、Azure VM 和裸机等。

KubeSphere 为用户提供轻量级安装程序 KubeKey(该程序支持安装 Kubernetes、KubeSphere 及相关插件),安装过程简单而友好。KubeKey 不仅能帮助用户在线创建集群,还能作为离线安装解决方案。

前期准备所需包

#前期准备所需包

root@hello:~# wget https://github.com/kubesphere/kubekey/releases/download/v1.2.1/kubekey-v1.2.1-linux-amd64.tar.gz

root@hello:~# tar xvf kubekey-v1.2.1-linux-amd64.tar.gz

root@hello:~# ls kk

kk

root@hello:~#

root@hello:~# curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/images-list.txt

root@hello:~# curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/offline-installation-tool.sh

root@hello:~# chmod +x offline-installation-tool.sh

root@hello:~# export KKZONE=cn

root@hello:~# ./offline-installation-tool.sh -b

root@hello:~# ./offline-installation-tool.sh -s -l images-list.txt -d ./kubesphere-images

root@hello:~# curl -L -o /root/kubekey/v1.21.5/amd64/docker-20.10.8.tgz https://download.docker.com/linux/static/stable/x86_64/docker-20.10.8.tgz

root@hello:~# curl -L -o /root/kubekey/v1.21.5/amd64/crictl-v1.22.0-linux-amd64.tar.gz https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz

离线环境安装

#创建证书,注意“Common Name” 需要写域名

root@cby:~# mkdir -p certs

root@cby:~# openssl req \

> -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \

> -x509 -days 36500 -out certs/domain.crt

Generating a RSA private key

............++++

.......++++

writing new private key to 'certs/domain.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:dockerhub.kubekey.local

Email Address []:

root@cby:~#

安装docker

#安装docker

root@cby:~#

root@cby:~/package# ll

total 94776

drwxr-xr-x 2 root root     4096 Jan 12 07:17 ./

drwx------ 7 root root     4096 Jan 12 07:16 ../

-rw-r--r-- 1 root root 23703726 Jan 12 07:17 containerd.io_1.4.12-1_amd64.deb

-rw-r--r-- 1 root root 21234738 Jan 12 07:16 docker-ce_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root 40652850 Jan 12 07:16 docker-ce-cli_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root  7921036 Jan 12 07:16 docker-ce-rootless-extras_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root  3517780 Jan 12 07:16 docker-scan-plugin_0.12.0~ubuntu-focal_amd64.deb

root@cby:~/package#

root@cby:~/package# apt install ./*

部署镜像仓库

# 导入镜像

root@cby:~/cby# docker load -i registry.tar

# 启动 Docker 仓库

root@cby:~# docker run -d   --restart=always   --name registry   -v "$(pwd)"/certs:/certs   -v /mnt/registry:/var/lib/registry   -e REGISTRY_HTTP_ADDR=0.0.0.0:443   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt   -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key   -p 443:443   registry:2

#配置仓库

#在 /etc/hosts 中添加一个条目

root@cby:~# vim /etc/hosts

root@cby:~# cat /etc/hosts

3.7.191.234 dockerhub.kubekey.local

#配置免证书

root@cby:~# mkdir -p  /etc/docker/certs.d/dockerhub.kubekey.local

root@cby:~# cp certs/domain.crt  /etc/docker/certs.d/dockerhub.kubekey.local/ca.crt

root@cby:~# 

#配置免验证

root@cby:~# cat /etc/docker/daemon.json

{

   "insecure-registries":["https://dockerhub.kubekey.local"]

}

#重载配置,并重启

root@cby:~# systemctl daemon-reload

root@cby:~# systemctl restart docker

部署 KubeSphere 和 kubernetes

注意添加字段“privateRegistry”

#添加执行权限

root@cby:~#

root@cby:~# chmod +x kk

root@cby:~# chmod +x offline-installation-tool.sh

#推送镜像到私有仓库

root@cby:~# ./offline-installation-tool.sh -l images-list.txt -d ./kubesphere-images -r dockerhub.kubekey.local

root@cby:~# apt install conntrack

root@cby:~# ./kk create config --with-kubernetes v1.21.5 --with-kubesphere v3.2.1 -f config-sample.yaml

root@cby:~#

root@cby:~# vim config-sample.yaml

root@cby:~# cat config-sample.yaml

apiVersion: kubekey.kubesphere.io/v1alpha1

kind: Cluster

metadata:

  name: sample

spec:

  hosts:

  - {name: master, address: 3.7.191.234, internalAddress: 3.7.191.234, user: root, password: Cby23..}

  - {name: node1, address: 3.7.191.235, internalAddress: 3.7.191.235, user: root, password: Cby23..}

  - {name: node2, address: 3.7.191.238, internalAddress: 3.7.191.238, user: root, password: Cby23..}

  roleGroups:

    etcd:

    - master

    master:

    - node1

    worker:

    - node1

    - node2

  controlPlaneEndpoint:

    ##Internal loadbalancer for apiservers

    #internalLoadbalancer: haproxy

    domain: lb.kubesphere.local

    address: ""

    port: 6443

  kubernetes:

    version: v1.21.5

    clusterName: cluster.local

  network:

    plugin: calico

    kubePodsCIDR: 10.233.64.0/18

    kubeServiceCIDR: 10.233.0.0/18

  registry:

    registryMirrors: []

    insecureRegistries: []

    privateRegistry: dockerhub.kubekey.local

  addons: []

---

apiVersion: installer.kubesphere.io/v1alpha1

kind: ClusterConfiguration

metadata:

  name: ks-installer

  namespace: kubesphere-system

  labels:

    version: v3.2.1

spec:

  persistence:

    storageClass: ""

  authentication:

    jwtSecret: ""

  local_registry: ""

  # dev_tag: ""

  etcd:

    monitoring: false

    endpointIps: localhost

    port: 2379

    tlsEnable: true

  common:

    core:

      console:

        enableMultiLogin: true

        port: 30880

        type: NodePort

    # apiserver:

    #  resources: {}

    # controllerManager:

    #  resources: {}

    redis:

      enabled: false

      volumeSize: 2Gi

    openldap:

      enabled: false

      volumeSize: 2Gi

    minio:

      volumeSize: 20Gi

    monitoring:

      # type: external

      endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090

      GPUMonitoring:

        enabled: false

    gpu:

      kinds:

      - resourceName: "nvidia.com/gpu"

        resourceType: "GPU"

        default: true

    es:

      # master:

      #   volumeSize: 4Gi

      #   replicas: 1

      #   resources: {}

      # data:

      #   volumeSize: 20Gi

      #   replicas: 1

      #   resources: {}

      logMaxAge: 7

      elkPrefix: logstash

      basicAuth:

        enabled: false

        username: ""

        password: ""

      externalElasticsearchHost: ""

      externalElasticsearchPort: ""

  alerting:

    enabled: false

    # thanosruler:

    #   replicas: 1

    #   resources: {}

  auditing:

    enabled: false

    # operator:

    #   resources: {}

    # webhook:

    #   resources: {}

  devops:

    enabled: false

    jenkinsMemoryLim: 2Gi

    jenkinsMemoryReq: 1500Mi

    jenkinsVolumeSize: 8Gi

    jenkinsJavaOpts_Xms: 512m

    jenkinsJavaOpts_Xmx: 512m

    jenkinsJavaOpts_MaxRAM: 2g

  events:

    enabled: false

    # operator:

    #   resources: {}

    # exporter:

    #   resources: {}

    # ruler:

    #   enabled: true

    #   replicas: 2

    #   resources: {}

  logging:

    enabled: false

    containerruntime: docker

    logsidecar:

      enabled: true

      replicas: 2

      # resources: {}

  metrics_server:

    enabled: false

  monitoring:

    storageClass: ""

    # kube_rbac_proxy:

    #   resources: {}

    # kube_state_metrics:

    #   resources: {}

    # prometheus:

    #   replicas: 1

    #   volumeSize: 20Gi

    #   resources: {}

    #   operator:

    #     resources: {}

    #   adapter:

    #     resources: {}

    # node_exporter:

    #   resources: {}

    # alertmanager:

    #   replicas: 1

    #   resources: {}

    # notification_manager:

    #   resources: {}

    #   operator:

    #     resources: {}

    #   proxy:

    #     resources: {}

    gpu:

      nvidia_dcgm_exporter:

        enabled: false

        # resources: {}

  multicluster:

    clusterRole: none

  network:

    networkpolicy:

      enabled: false

    ippool:

      type: none

    topology:

      type: none

  openpitrix:

    store:

      enabled: false

  servicemesh:

    enabled: false

  kubeedge:

    enabled: false

    cloudCore:

      nodeSelector: {"node-role.kubernetes.io/worker": ""}

      tolerations: []

      cloudhubPort: "10000"

      cloudhubQuicPort: "10001"

      cloudhubHttpsPort: "10002"

      cloudstreamPort: "10003"

      tunnelPort: "10004"

      cloudHub:

        advertiseAddress:

          - ""

        nodeLimit: "100"

      service:

        cloudhubNodePort: "30000"

        cloudhubQuicNodePort: "30001"

        cloudhubHttpsNodePort: "30002"

        cloudstreamNodePort: "30003"

        tunnelNodePort: "30004"

    edgeWatcher:

      nodeSelector: {"node-role.kubernetes.io/worker": ""}

      tolerations: []

      edgeWatcherAgent:

        nodeSelector: {"node-role.kubernetes.io/worker": ""}

        tolerations: []

root@cby:~#

root@cby:~#

root@cby:~#

root@cby:~# ./kk create cluster -f config-sample.yaml

----略

#####################################################

###              Welcome to KubeSphere!           ###

#####################################################

Console: http://3.7.191.235:30880

Account: admin

Password: P@88w0rd

NOTES:

  1. After you log into the console, please check the

     monitoring status of service components in

     "Cluster Management". If any service is not

     ready, please wait patiently until all components

     are up and running.

  2. Please change the default password after login.

#####################################################

https://kubesphere.io             2022-01-12 09:42:36

#####################################################

INFO[09:42:45 UTC] Installation is complete.

Please check the result using the command:

       kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f

root@cby:~#

https://www.oiox.cn/

https://www.chenby.cn/

https://cby-chen.github.io/

https://weibo.com/u/5982474121

https://blog.csdn.net/qq_33921750

https://my.oschina.net/u/3981543

https://www.zhihu.com/people/chen-bu-yun-2

https://segmentfault.com/u/hppyvyv6/articles

https://juejin.cn/user/3315782802482007

https://space.bilibili.com/352476552/article

https://cloud.tencent.com/developer/column/93230

https://www.jianshu.com/u/0f894314ae2c

https://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/

CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》

​KubeSphere离线无网络环境部署的更多相关文章

  1. [转]无网络环境,在Windows Server 2008 R2和SQL Server 2008R2环境安装SharePoint2013 RT

    无网络环境,在Windows Server 2008 R2和SQL Server 2008R2环境安装SharePoint2013 RT,这个还有点麻烦,所以记录一下,下次遇到省得绕弯路.进入正题: ...

  2. 无网络环境下使用docker加载镜像

    无网络环境下使用docker加载镜像 你需要做的主要有3步骤:   先从一个有网络的电脑下载docker镜像 [root@localhost ~]# docker pull hub.c.163.com ...

  3. Oracle 11G单机 无网络环境静默安装

    参考文章https://blog.csdn.net/xiaoyu19910321/article/details/89856514 环境centos 7.6最小化安装 1,关闭防护墙selinux,配 ...

  4. 离线版centos8环境部署迁移监控操作笔记

    嗨咯,前两天总结记录了离线版centos8下docker的部署笔记,今天正好是2021年的最后一天,今天正好坐在本次出差回家的列车上,车上没有上面事做,索性不如把本次离线版centos8环境安装的其他 ...

  5. 无网络环境用pip安装python类包

    1.现在有网络的电脑安装相应的包 pip install django 2.安装完成后 打包 1)新建一个文件夹(package),用来存放包: 2)执行 pip list #查看安装的包 pip f ...

  6. centos7无网络环境下创建基于scratch镜像的Linux镜像,并带有Java运行环境

    一.准备 将下载好的jdk以及scratch镜像放在同一文件夹下:这里放在linux:2.0 二.导入scratch镜像 #docker load -i scratch.tar 三.创建dockerf ...

  7. 无网络环境下安装Dynamics CRM

    在安装CRM时会需要很多的组件支持,没有这些组件是没法安装的,一般我们都是选择机器联网后在线安装,但也有特殊情况确实不能联网的,可参考这篇文章 https://blogs.msdn.microsoft ...

  8. net3.5 无网络环境安装

    下载   提取码:t0dq 将下载的文件复制到复制到 C 盘的 Windows 文件夹 后请在“命令提示符(管理员)”中执行下面的命令: dism /online /Enable-Feature /F ...

  9. Linux下smokeping网络监控环境部署记录

    smokeping是一款监控网络状态和稳定性的开源软件(它是rrdtool的作者开发的),通过它可以监控到公司IDC的网络状况,如延时,丢包率,是否BGP多线等:smokeping会向目标设备和系统发 ...

  10. [转帖]无网络离线安装 vs2017

    无网络离线安装 vs2017 公司电脑禁止,只有一个老的vs2017的安装目录(之前通过 --layout 安装时生成的离线文件).找了一圈百度,没能解决问题,最后,问bing,查微软的官方网站命令, ...

随机推荐

  1. 上分准备 VP Codeforces Round #762 (Div. 3) 4题ABCE

    +00:02 +00:16 +01:08   +02:07 VP 情况  4/8 ABCE ,赛时排名可以到823,什么时候我可以上个青 B 本想写个map的二分的,发现自己不会,写了个普普通通的二分 ...

  2. 【python】第二模块 步骤一 第二课、数据库表的相关操作

    第二课.数据库表的相关操作 一.课程介绍 1.1 课程介绍 学习目标 管理逻辑库和数据表 创建.删除.修改逻辑库和数据表 了解常用的数据类型和约束 字符串.整数.浮点数.精确数字.日期.枚举.主要约束 ...

  3. Python生态工具

    Python内置小工具 1秒钟启动一个下载服务器 在实际工作中,时常会有这样的一个需求:将文件传给其他同事.将文件传给同事本身并不是一个很繁琐的工作,现在的聊天工具一般都支持文件传输.但是,如果需要传 ...

  4. 学生管理系统CLI版

    学生管理系统CLI版 学生类 package com.itheima_03; public class Student { String sid; String name; String age; S ...

  5. Ubuntu常用命令(二)

    clash 启动 #.clash -d . sudo /home/lizhenyun/clash/clash -d /home/lizhenyun/clash/ deb包安装 sudo dpkg -i ...

  6. Cookie 设置 添加 删除 修改

    置cookie 如果设置domin    后面的域名前面就会有.  <script>//设置cookiefunction setCookie(cname, cvalue, exdays)  ...

  7. 量化交易-可视化展示(grafana)

    先上图 简单的实现了一下,效果还好,可玩性强 大概部署mysql+grafana step 1: 服务器:阿里云,ucloud啥的随意,配置也不需要什么,我的是阿里云1核1GB,足以 我用的ubunt ...

  8. SQL Server 手工 锁表、查询被锁表、解锁相关语句

    SQL Server 手工 锁表.查询被锁表.解锁相关语句 --锁表(其它事务不能读.更新.删除) BEGIN TRAN SELECT * FROM <表名> WITH(TABLOCKX) ...

  9. 微信公众号授权登录,整合spring security

    公司的业务需求,对接了微信公众号授权,通过微信公众号的接口拿到用户信息进行业务系统的登录,话不多说上代码,我的实现方式是整合了spingSecurity 首先是接口 @PostMapping(&quo ...

  10. LNK2001 无法解析的外部符号 "int const ROUND"

    今天在写代码时出现了这个错误,网上的解决方法都不合适 我的代码是这样,在一个cpp里申明了一个常量 //data.cpp const int ROUND = 3; 然后在一个头文件里申明为全局变量 / ...