前言
又回到最初的起点了,今天尝试KubeSphere 文档v3.1.1中的离线安装。
那么问题来了,为什么一开始不用这个文档?感觉官方其实没有写清楚应该用哪个或者说哪个已经不再使用了。 这个就很纠结了,所以昨天应该是采坑了,希望这次一切顺利吧。
机器列表
三台机器,两台用于部署,一台用于下载安装包。
role | ip | hostname | desc |
---|---|---|---|
master | 192.168.3.65 | node1 | 主节点 |
worker、registry | 192.168.3.66 | node2 | 工作、镜像 |
packer | 192.168.3.64 | packer | 可联网下载软件包 |
一、 所有机器离线安装docker-ce
docker-ce部分我直接拷贝现成文档进来了
wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.2.tgz
tar xvf docker-20.10.2.tgz
cd docker-20.10.2
sudo cp docker/* /usr/bin/
sudo dockerd &
docker info
将docker注册成系统服务
sudo vi /usr/lib/systemd/system/docker.service
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
ExecStart=/usr/bin/dockerd
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
<<<end file
systemctl start/stop docker
systemctl enable/disable docker
二、node2 离线安装docker-compose/harbor
$ curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
$ chmod +x /usr/local/bin/docker-compose
$ ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
$ chmod +x /usr/bin/docker-compose
$ docker-compose --version
docker-compose version 1.24.1, build 1110ad01
$ wget -c https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.2-rc1.tgz
$ tar zxvf harbor-offline-installer-v1.8.2-rc1.tgz
$ cd harbor
$ mkdir -p certs
$ openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 36500 -out certs/domain.crt
#当您生成自己的证书时,请确保在字段 Common Name 中指定一个域名。例如,本示例中该字段被指定为 dockerhub.kubekey.local
Generating a 4096 bit RSA private key
..............++
......................++
writing new private key to 'certs/domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:dockerhub.kubekey.local
Email Address []:
vim harbor.yml,注意域名、证书地址、密码的修改。
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: dockerhub.kubekey.local
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /root/harbor/certs/domain.crt
private_key: /root/harbor/certs/domain.key
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: 123456
...
#启用配置及载入images,只有执行了以下操作才能离线载入images
./prepare # 如果有二次修改harbor.yml文件,请执行使配置文件生效
./install.sh --help #查看启动参数
./install.sh --with-chartmuseum # 加载chart
后台运行
#用safari 访问网站测试:https://dockerhub.kubekey.local/
docker-compose up -d
docker-compose down
设置所有机器的host增加dockerhub.kubekey.local
cat /etc/hosts
#新增如下行...
192.168.3.66 dockerhub.kubekey.local
设置静态库拉取安全校验
#docker从私有镜像库pull/push镜像问题
vim /etc/docker/daemon.json
....
{
"insecure-registries": ["dockerhub.kubekey.local"]
}
<<<file end
#重启服务
service docker restart
packer 下载脚本及镜像
#下载kk,没错这里不是v2.1而是v1.1.1
wget https://github.com/kubesphere/kubekey/releases/download/v2.1.1/kubekey-v1.1.1-linux-amd64.tar.gz
tar xvf kubekey-v1.1.1-linux-amd64.tar.gz
#下载imagelist
curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.1.1/images-list.txt
#下载offline-installation-tool.sh
curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.1.1/offline-installation-tool.sh
chmod +x offline-installation-tool.sh
#下载 Kubernetes 二进制文件
export KKZONE=cn;./offline-installation-tool.sh -b -v v1.17.9
#拉取images文件
./offline-installation-tool.sh -s -l images-list.txt -d ./kubesphere-images
#创建公共仓库命名
vim create_project_harbor.sh
>>>>文件开始
#!/usr/bin/env bash
set -x
set -e
url="https://dockerhub.kubekey.local" #修改url的值为https://dockerhub.kubekey.local
user="admin"
passwd="123456"
harbor_projects=(library
kubesphereio
kubesphere
calico
coredns
openebs
csiplugin
minio
mirrorgooglecontainers
osixia
prom
thanosio
jimmidyson
grafana
elastic
istio
jaegertracing
jenkins
weaveworks
openpitrix
joosthofman
nginxdemos
fluent
kubeedge
)
for project in "${harbor_projects[@]}"; do
echo "creating $project"
#curl -u "${user}:${passwd}" -X POST -H "Content-Type: application/json" "${url}/api/v2.0/projects" -d "{ \"project_name\": \"${project}\", \"public\": true}" -k #curl命令末尾加上 -k
curl -u "${user}:${passwd}" -X POST -H "Content-Type: application/json" "${url}/api/projects" -d "{\"project_name\":\"${project}\",\"metadata\":{\"public\":\"true\",\"enable_content_trust\":\"false\",\"prevent_vul\":\"false\",\"auto_scan\":\"false\"}}" -k #curl命令末尾加上 -k
done
<<<文件结束
#执行harbor项目创建
sh create_project_harbor.sh
创建后的效果如下:
继续其他设置
#设置docker客户端登陆授权
docker login dockerhub.kubekey.local
admin 123456
#实际会生成一个/root/.docker/config.json,后续就无需登陆了
#推送到私有仓库
./offline-installation-tool.sh -l images-list.txt -d ./kubesphere-images -r dockerhub.kubekey.local
#如果你能看到如下,恭喜你成功了。
Loaded image: kubesphere/kube-events-exporter:v0.1.0
kubesphere/kube-apiserver:v1.20.6
dockerhub.kubekey.local/kubesphere/kube-apiserver:v1.20.6
The push refers to repository [dockerhub.kubekey.local/kubesphere/kube-apiserver]
d88bc16e0414: Pushed
a06ec64d2560: Pushed
28699c71935f: Pushed
v1.20.6: digest: sha256:d21627934fb7546255475a7ab4472ebc1ae7952cc7ee31509ee630376c3eea03 size: 949
安装前确认
稳妥起见,把所有机器的docker、docker镜像仓库及必备软件安装好:
#需要先安装docker-ce
#安装其他必须组件
yum install socat conntrack ebtables ipset
#docker从私有镜像库pull/push镜像问题
vim /etc/docker/daemon.json
....
{
"insecure-registries": ["dockerhub.kubekey.local"]
}
<<<file end
#重启服务
service docker restart
#设置docker客户端登陆授权
docker login dockerhub.kubekey.local
admin 123456
执行安装
#创建配置文件
./kk create config --with-kubernetes v1.17.9 --with-kubesphere v3.1.1 -f config.yaml
# 注意修改配置的点1:dockerhub.kubekey.local设置为harbor的地址
# 注意修改配置的点2:hosts设置为自己想部署的机器
cat config.yaml
文件开始>>>>
#最后修改如下:
apiVersion: kubekey.kubesphere.io/v1alpha1
kind: Cluster
metadata:
name: sample
spec:
hosts:
- {name: node1, address: 192.168.3.65, internalAddress: 192.168.3.65, user: root, password: "123456" }
- {name: node2, address: 192.168.3.66, internalAddress: 192.168.3.66, user: root, password: "123456" }
roleGroups:
etcd:
- node1
master:
- node1
worker:
- node1
- node2
controlPlaneEndpoint:
domain: lb.kubesphere.local
address: ""
port: 6443
kubernetes:
version: v1.17.9
imageRepo: kubesphere
clusterName: cluster.local
network:
plugin: calico
kubePodsCIDR: 10.233.64.0/18
kubeServiceCIDR: 10.233.0.0/18
registry:
registryMirrors: []
insecureRegistries: []
privateRegistry: dockerhub.kubekey.local # Add the private image registry address here.
addons: []
---
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.1.1
spec:
persistence:
storageClass: ""
authentication:
jwtSecret: ""
zone: ""
local_registry: ""
etcd:
monitoring: false
endpointIps: localhost
port: 2379
tlsEnable: true
common:
redis:
enabled: false
redisVolumSize: 2Gi
openldap:
enabled: false
openldapVolumeSize: 2Gi
minioVolumeSize: 20Gi
monitoring:
endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
es:
elasticsearchMasterVolumeSize: 4Gi
elasticsearchDataVolumeSize: 20Gi
logMaxAge: 7
elkPrefix: logstash
basicAuth:
enabled: false
username: ""
password: ""
externalElasticsearchUrl: ""
externalElasticsearchPort: ""
console:
enableMultiLogin: true
port: 30880
alerting:
enabled: false
# thanosruler:
# replicas: 1
# resources: {}
auditing:
enabled: false
devops:
enabled: false
jenkinsMemoryLim: 2Gi
jenkinsMemoryReq: 1500Mi
jenkinsVolumeSize: 8Gi
jenkinsJavaOpts_Xms: 512m
jenkinsJavaOpts_Xmx: 512m
jenkinsJavaOpts_MaxRAM: 2g
events:
enabled: false
ruler:
enabled: true
replicas: 2
logging:
enabled: false
logsidecar:
enabled: true
replicas: 2
metrics_server:
enabled: false
monitoring:
storageClass: ""
prometheusMemoryRequest: 400Mi
prometheusVolumeSize: 20Gi
multicluster:
clusterRole: none
network:
networkpolicy:
enabled: false
ippool:
type: none
topology:
type: none
notification:
enabled: false
openpitrix:
store:
enabled: false
servicemesh:
enabled: false
kubeedge:
enabled: false
cloudCore:
nodeSelector: {"node-role.kubernetes.io/worker": ""}
tolerations: []
cloudhubPort: "10000"
cloudhubQuicPort: "10001"
cloudhubHttpsPort: "10002"
cloudstreamPort: "10003"
tunnelPort: "10004"
cloudHub:
advertiseAddress:
- ""
nodeLimit: "100"
service:
cloudhubNodePort: "30000"
cloudhubQuicNodePort: "30001"
cloudhubHttpsNodePort: "30002"
cloudstreamNodePort: "30003"
tunnelNodePort: "30004"
edgeWatcher:
nodeSelector: {"node-role.kubernetes.io/worker": ""}
tolerations: []
edgeWatcherAgent:
nodeSelector: {"node-role.kubernetes.io/worker": ""}
tolerations: []
<<<文件结束
#执行安装
./kk create cluster -f config.yaml
##安装确认
+-------+------+------+---------+----------+-------+-------+-----------+----------+------------+-------------+------------------+--------------+
| name | sudo | curl | openssl | ebtables | socat | ipset | conntrack | docker | nfs client | ceph client | glusterfs client | time |
+-------+------+------+---------+----------+-------+-------+-----------+----------+------------+-------------+------------------+--------------+
| node2 | y | y | y | y | y | y | y | 20.10.16 | y | | y | PDT 22:50:07 |
| node1 | y | y | y | y | y | y | y | 20.10.16 | y | | y | PDT 22:50:07 |
+-------+------+------+---------+----------+-------+-------+-----------+----------+------------+-------------+------------------+--------------+
This is a simple check of your environment.
Before installation, you should ensure that your machines meet all requirements specified at
https://github.com/kubesphere/kubekey#requirements-and-recommendations
Continue this installation? [yes/no]: yes
#如果出现如下,恭喜你安装完毕:
#####################################################
### Welcome to KubeSphere! ###
#####################################################
Console: http://192.168.3.65:30880
Account: admin
Password: P@88w0rd
NOTES:
1. After you log into the console, please check the
monitoring status of service components in
"Cluster Management". If any service is not
ready, please wait patiently until all components
are up and running.
2. Please change the default password after login.
#####################################################
https://kubesphere.io 2022-06-03 22:58:43
#####################################################
INFO[22:58:52 PDT] Installation is complete.
Please check the result using the command:
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
查看效果
http://192.168.3.65:30880/clusters/default/overview
总结
1、kk要使用v1.1.1版本
2、参考最新文档版本 https://v3-1.docs.kubesphere.io/zh/docs/installing-on-linux/introduction/air-gapped-installation/
3、kubesphere 比其他 kubernates 集群安装的优势在于它可它包含了 一些丰富的镜像迁移脚本,并且它内置了应用商店,我们可以非常方便集成其他应用。
4、镜像仓库我们一定要独立设置,方便于镜像的集中存储及管理。如果k8s集群有问题,那我们的镜像其实没有任何影响的。
5、kubesphere 是目前来说,支持自行所需镜像的k8s离线部署最优的解决方案。
参考资料
harbor安装和使用文档
https://blog.51cto.com/u_15127502/2655378
Docker 解决Error response from daemon https://blog.csdn.net/wto882dim/article/details/84260863
V3.1.1 离线安装
https://v3-1.docs.kubesphere.io/zh/docs/installing-on-linux/introduction/air-gapped-installation/
Harbor安装
https://blog.csdn.net/shawn210/article/details/98068165
CentOS7下离线安装KubeSphere3.0集群
https://cloud.tencent.com/developer/article/1802614