KubeSphere离线无网络环境部署

KubeSphere 是 GitHub 上的一个开源项目,是成千上万名社区用户的聚集地。很多用户都在使用 KubeSphere 运行工作负载。对于在 Linux 上的安装,KubeSphere 既可以部署在云端,也可以部署在本地环境中,例如 AWS EC2、Azure VM 和裸机等。

KubeSphere 为用户提供轻量级安装程序 KubeKey(该程序支持安装 Kubernetes、KubeSphere 及相关插件),安装过程简单而友好。KubeKey 不仅能帮助用户在线创建集群,还能作为离线安装解决方案。

前期准备所需包

#前期准备所需包

root@hello:~# wget https://github.com/kubesphere/kubekey/releases/download/v1.2.1/kubekey-v1.2.1-linux-amd64.tar.gz

root@hello:~# tar xvf kubekey-v1.2.1-linux-amd64.tar.gz

root@hello:~# ls kk

kk

root@hello:~#

root@hello:~# curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/images-list.txt

root@hello:~# curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.2.1/offline-installation-tool.sh

root@hello:~# chmod +x offline-installation-tool.sh

root@hello:~# export KKZONE=cn

root@hello:~# ./offline-installation-tool.sh -b

root@hello:~# ./offline-installation-tool.sh -s -l images-list.txt -d ./kubesphere-images

root@hello:~# curl -L -o /root/kubekey/v1.21.5/amd64/docker-20.10.8.tgz https://download.docker.com/linux/static/stable/x86_64/docker-20.10.8.tgz

root@hello:~# curl -L -o /root/kubekey/v1.21.5/amd64/crictl-v1.22.0-linux-amd64.tar.gz https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-linux-amd64.tar.gz

离线环境安装

#创建证书,注意“Common Name” 需要写域名

root@cby:~# mkdir -p certs

root@cby:~# openssl req \

> -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \

> -x509 -days 36500 -out certs/domain.crt

Generating a RSA private key

............++++

.......++++

writing new private key to 'certs/domain.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:dockerhub.kubekey.local

Email Address []:

root@cby:~#

安装docker

#安装docker

root@cby:~#

root@cby:~/package# ll

total 94776

drwxr-xr-x 2 root root     4096 Jan 12 07:17 ./

drwx------ 7 root root     4096 Jan 12 07:16 ../

-rw-r--r-- 1 root root 23703726 Jan 12 07:17 containerd.io_1.4.12-1_amd64.deb

-rw-r--r-- 1 root root 21234738 Jan 12 07:16 docker-ce_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root 40652850 Jan 12 07:16 docker-ce-cli_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root  7921036 Jan 12 07:16 docker-ce-rootless-extras_5%3a20.10.12~3-0~ubuntu-focal_amd64.deb

-rw-r--r-- 1 root root  3517780 Jan 12 07:16 docker-scan-plugin_0.12.0~ubuntu-focal_amd64.deb

root@cby:~/package#

root@cby:~/package# apt install ./*

部署镜像仓库

# 导入镜像

root@cby:~/cby# docker load -i registry.tar

# 启动 Docker 仓库

root@cby:~# docker run -d   --restart=always   --name registry   -v "$(pwd)"/certs:/certs   -v /mnt/registry:/var/lib/registry   -e REGISTRY_HTTP_ADDR=0.0.0.0:443   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt   -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key   -p 443:443   registry:2

#配置仓库

#在 /etc/hosts 中添加一个条目

root@cby:~# vim /etc/hosts

root@cby:~# cat /etc/hosts

3.7.191.234 dockerhub.kubekey.local

#配置免证书

root@cby:~# mkdir -p  /etc/docker/certs.d/dockerhub.kubekey.local

root@cby:~# cp certs/domain.crt  /etc/docker/certs.d/dockerhub.kubekey.local/ca.crt

root@cby:~# 

#配置免验证

root@cby:~# cat /etc/docker/daemon.json

{

   "insecure-registries":["https://dockerhub.kubekey.local"]

}

#重载配置,并重启

root@cby:~# systemctl daemon-reload

root@cby:~# systemctl restart docker

部署 KubeSphere 和 kubernetes

注意添加字段“privateRegistry”

#添加执行权限

root@cby:~#

root@cby:~# chmod +x kk

root@cby:~# chmod +x offline-installation-tool.sh

#推送镜像到私有仓库

root@cby:~# ./offline-installation-tool.sh -l images-list.txt -d ./kubesphere-images -r dockerhub.kubekey.local

root@cby:~# apt install conntrack

root@cby:~# ./kk create config --with-kubernetes v1.21.5 --with-kubesphere v3.2.1 -f config-sample.yaml

root@cby:~#

root@cby:~# vim config-sample.yaml

root@cby:~# cat config-sample.yaml

apiVersion: kubekey.kubesphere.io/v1alpha1

kind: Cluster

metadata:

  name: sample

spec:

  hosts:

  - {name: master, address: 3.7.191.234, internalAddress: 3.7.191.234, user: root, password: Cby23..}

  - {name: node1, address: 3.7.191.235, internalAddress: 3.7.191.235, user: root, password: Cby23..}

  - {name: node2, address: 3.7.191.238, internalAddress: 3.7.191.238, user: root, password: Cby23..}

  roleGroups:

    etcd:

    - master

    master:

    - node1

    worker:

    - node1

    - node2

  controlPlaneEndpoint:

    ##Internal loadbalancer for apiservers

    #internalLoadbalancer: haproxy

    domain: lb.kubesphere.local

    address: ""

    port: 6443

  kubernetes:

    version: v1.21.5

    clusterName: cluster.local

  network:

    plugin: calico

    kubePodsCIDR: 10.233.64.0/18

    kubeServiceCIDR: 10.233.0.0/18

  registry:

    registryMirrors: []

    insecureRegistries: []

    privateRegistry: dockerhub.kubekey.local

  addons: []

---

apiVersion: installer.kubesphere.io/v1alpha1

kind: ClusterConfiguration

metadata:

  name: ks-installer

  namespace: kubesphere-system

  labels:

    version: v3.2.1

spec:

  persistence:

    storageClass: ""

  authentication:

    jwtSecret: ""

  local_registry: ""

  # dev_tag: ""

  etcd:

    monitoring: false

    endpointIps: localhost

    port: 2379

    tlsEnable: true

  common:

    core:

      console:

        enableMultiLogin: true

        port: 30880

        type: NodePort

    # apiserver:

    #  resources: {}

    # controllerManager:

    #  resources: {}

    redis:

      enabled: false

      volumeSize: 2Gi

    openldap:

      enabled: false

      volumeSize: 2Gi

    minio:

      volumeSize: 20Gi

    monitoring:

      # type: external

      endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090

      GPUMonitoring:

        enabled: false

    gpu:

      kinds:

      - resourceName: "nvidia.com/gpu"

        resourceType: "GPU"

        default: true

    es:

      # master:

      #   volumeSize: 4Gi

      #   replicas: 1

      #   resources: {}

      # data:

      #   volumeSize: 20Gi

      #   replicas: 1

      #   resources: {}

      logMaxAge: 7

      elkPrefix: logstash

      basicAuth:

        enabled: false

        username: ""

        password: ""

      externalElasticsearchHost: ""

      externalElasticsearchPort: ""

  alerting:

    enabled: false

    # thanosruler:

    #   replicas: 1

    #   resources: {}

  auditing:

    enabled: false

    # operator:

    #   resources: {}

    # webhook:

    #   resources: {}

  devops:

    enabled: false

    jenkinsMemoryLim: 2Gi

    jenkinsMemoryReq: 1500Mi

    jenkinsVolumeSize: 8Gi

    jenkinsJavaOpts_Xms: 512m

    jenkinsJavaOpts_Xmx: 512m

    jenkinsJavaOpts_MaxRAM: 2g

  events:

    enabled: false

    # operator:

    #   resources: {}

    # exporter:

    #   resources: {}

    # ruler:

    #   enabled: true

    #   replicas: 2

    #   resources: {}

  logging:

    enabled: false

    containerruntime: docker

    logsidecar:

      enabled: true

      replicas: 2

      # resources: {}

  metrics_server:

    enabled: false

  monitoring:

    storageClass: ""

    # kube_rbac_proxy:

    #   resources: {}

    # kube_state_metrics:

    #   resources: {}

    # prometheus:

    #   replicas: 1

    #   volumeSize: 20Gi

    #   resources: {}

    #   operator:

    #     resources: {}

    #   adapter:

    #     resources: {}

    # node_exporter:

    #   resources: {}

    # alertmanager:

    #   replicas: 1

    #   resources: {}

    # notification_manager:

    #   resources: {}

    #   operator:

    #     resources: {}

    #   proxy:

    #     resources: {}

    gpu:

      nvidia_dcgm_exporter:

        enabled: false

        # resources: {}

  multicluster:

    clusterRole: none

  network:

    networkpolicy:

      enabled: false

    ippool:

      type: none

    topology:

      type: none

  openpitrix:

    store:

      enabled: false

  servicemesh:

    enabled: false

  kubeedge:

    enabled: false

    cloudCore:

      nodeSelector: {"node-role.kubernetes.io/worker": ""}

      tolerations: []

      cloudhubPort: "10000"

      cloudhubQuicPort: "10001"

      cloudhubHttpsPort: "10002"

      cloudstreamPort: "10003"

      tunnelPort: "10004"

      cloudHub:

        advertiseAddress:

          - ""

        nodeLimit: "100"

      service:

        cloudhubNodePort: "30000"

        cloudhubQuicNodePort: "30001"

        cloudhubHttpsNodePort: "30002"

        cloudstreamNodePort: "30003"

        tunnelNodePort: "30004"

    edgeWatcher:

      nodeSelector: {"node-role.kubernetes.io/worker": ""}

      tolerations: []

      edgeWatcherAgent:

        nodeSelector: {"node-role.kubernetes.io/worker": ""}

        tolerations: []

root@cby:~#

root@cby:~#

root@cby:~#

root@cby:~# ./kk create cluster -f config-sample.yaml

----略

#####################################################

###              Welcome to KubeSphere!           ###

#####################################################

Console: http://3.7.191.235:30880

Account: admin

Password: P@88w0rd

NOTES:

  1. After you log into the console, please check the

     monitoring status of service components in

     "Cluster Management". If any service is not

     ready, please wait patiently until all components

     are up and running.

  2. Please change the default password after login.

#####################################################

https://kubesphere.io             2022-01-12 09:42:36

#####################################################

INFO[09:42:45 UTC] Installation is complete.

Please check the result using the command:

       kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f

root@cby:~#

https://www.oiox.cn/

https://www.chenby.cn/

https://cby-chen.github.io/

https://weibo.com/u/5982474121

https://blog.csdn.net/qq_33921750

https://my.oschina.net/u/3981543

https://www.zhihu.com/people/chen-bu-yun-2

https://segmentfault.com/u/hppyvyv6/articles

https://juejin.cn/user/3315782802482007

https://space.bilibili.com/352476552/article

https://cloud.tencent.com/developer/column/93230

https://www.jianshu.com/u/0f894314ae2c

https://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/

CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》

​KubeSphere离线无网络环境部署的更多相关文章

  1. [转]无网络环境,在Windows Server 2008 R2和SQL Server 2008R2环境安装SharePoint2013 RT

    无网络环境,在Windows Server 2008 R2和SQL Server 2008R2环境安装SharePoint2013 RT,这个还有点麻烦,所以记录一下,下次遇到省得绕弯路.进入正题: ...

  2. 无网络环境下使用docker加载镜像

    无网络环境下使用docker加载镜像 你需要做的主要有3步骤:   先从一个有网络的电脑下载docker镜像 [root@localhost ~]# docker pull hub.c.163.com ...

  3. Oracle 11G单机 无网络环境静默安装

    参考文章https://blog.csdn.net/xiaoyu19910321/article/details/89856514 环境centos 7.6最小化安装 1,关闭防护墙selinux,配 ...

  4. 离线版centos8环境部署迁移监控操作笔记

    嗨咯,前两天总结记录了离线版centos8下docker的部署笔记,今天正好是2021年的最后一天,今天正好坐在本次出差回家的列车上,车上没有上面事做,索性不如把本次离线版centos8环境安装的其他 ...

  5. 无网络环境用pip安装python类包

    1.现在有网络的电脑安装相应的包 pip install django 2.安装完成后 打包 1)新建一个文件夹(package),用来存放包: 2)执行 pip list #查看安装的包 pip f ...

  6. centos7无网络环境下创建基于scratch镜像的Linux镜像,并带有Java运行环境

    一.准备 将下载好的jdk以及scratch镜像放在同一文件夹下:这里放在linux:2.0 二.导入scratch镜像 #docker load -i scratch.tar 三.创建dockerf ...

  7. 无网络环境下安装Dynamics CRM

    在安装CRM时会需要很多的组件支持,没有这些组件是没法安装的,一般我们都是选择机器联网后在线安装,但也有特殊情况确实不能联网的,可参考这篇文章 https://blogs.msdn.microsoft ...

  8. net3.5 无网络环境安装

    下载   提取码:t0dq 将下载的文件复制到复制到 C 盘的 Windows 文件夹 后请在“命令提示符(管理员)”中执行下面的命令: dism /online /Enable-Feature /F ...

  9. Linux下smokeping网络监控环境部署记录

    smokeping是一款监控网络状态和稳定性的开源软件(它是rrdtool的作者开发的),通过它可以监控到公司IDC的网络状况,如延时,丢包率,是否BGP多线等:smokeping会向目标设备和系统发 ...

  10. [转帖]无网络离线安装 vs2017

    无网络离线安装 vs2017 公司电脑禁止,只有一个老的vs2017的安装目录(之前通过 --layout 安装时生成的离线文件).找了一圈百度,没能解决问题,最后,问bing,查微软的官方网站命令, ...

随机推荐

  1. Array 方法总结

    会改变自身的方法: 返回新数组的长度,改变原数组 1.push 2.pop 3.shift 4.unshif 返回新数组,改变原数组 5.reverse 6.sort 按字符串在字典中的顺序排序 自定 ...

  2. 论MVC架构设计及其应用

    论MVC架构设计及其应用 张紫诺1 (1. 位石家庄铁道大学,河北 石家庄 050000) 摘要:随着信息化建设的发展,人们愈发需要考虑采用一种良好的架构实现快速构建企业应用程序的目标.而MVC架构正 ...

  3. Gabor滤波(个人学习)

    Gabor滤波 1.优点 Gabor小波与人类视觉系统中简单细胞的视觉刺激响应非常相似.在提取目标的局部空间和频率与信息方面具有良好的特性. 对于图像的边缘敏感,能够提供良好的方向选择和尺度选择.因此 ...

  4. 使用fontmin,压缩字体文件,从十几M到几kb,只选择需要使用的文字

    字体文件压缩fontmin,大幅压缩字体文件 快速熟练fontmin的使用,只需要在代码中配置文章中需要用到的文字,可以大幅度缩减代码大小 安装 npm install fontmin 目录结构 sr ...

  5. jsp第十周

    数据库test 中建个表 stu(stuid 主键 自动增长 ,用户名,密码,年龄) 1.设计一个注册页面,实现用户注册功能2.设计一个登陆页面,实现用户名密码登陆3.两个页面可以互相超链接 Base ...

  6. K-th occurrence (后缀自动机上合并权值线段树+树上倍增)

    K-th occurrence (后缀自动机上合并权值线段树+树上倍增)   You are given a string SSS consisting of only lowercase engli ...

  7. Spring校验:@Validated和@Valid区别

    结论: Spring validation验证框架对入参实体进行嵌套验证必须在相应属性(字段)加上@Valid而不是@Validated Spring Validation验证框架对参数的验证机制提供 ...

  8. 图的基本操作 (c语言)

    图的基本操作:创建 删除 遍历 创建:邻接矩阵和邻接表 十字链表 下面代码是邻接矩阵的定义和邻接表的创建 遍历:深度优先遍历(一条路走到黑) 广度优先遍历(树的层次遍历) 具体代码: #include ...

  9. JavaScript for in循环,for of循环

    一.JavaScript for/in 语句循环遍历对象的属性 var person={fname:"Bill",lname:"Gates",age:56}; ...

  10. ansible介绍与简单的使用

    在roles下建立site.yml文件#site.yml - hosts: webservers remote_user: root roles: - websrvs - dbsrvs#将文件拷贝到f ...