参考文档:在 Linux 上以 All-in-One 模式安装 KubeSphere
1 在生产机上安装依赖
apt update && apt install socat conntrack ebtables ipset htop nfs-common -y
2 安装 KubeKey
mkdir kk && cd kk
curl -sfL https://get-kk.kubesphere.io | VERSION=v1.1.0 sh -
chmod +x ./kk && mv kk /usr/local/bin
cd .. && rm -rf kk
kk version
3 配置基于 HAProxy 的负载均衡
3.1 安装 HAProxy
apt install keepalived haproxy psmisc -y
3.2 修改 HAProxy 配置
tee /etc/haproxy/haproxy.cfg <<-'EOF'
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend kube-apiserver
bind *:16443
mode tcp
option tcplog
default_backend kube-apiserver
backend kube-apiserver
mode tcp
option tcplog
option tcp-check
balance roundrobin
default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
server kube-apiserver-1 172.21.11.201:6443 check
server kube-apiserver-2 172.21.11.202:6443 check
server kube-apiserver-3 172.21.11.203:6443 check
EOF
3.3 重启服务
systemctl daemon-reload
systemctl restart haproxy
systemctl enable haproxy
3.4 修改 KeepAlived 配置
tee /etc/keepalived/keepalived.conf <<-'EOF'
global_defs {
notification_email {
}
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}
vrrp_instance haproxy-vip {
state BACKUP
priority 100
interface eth0 # Network card
virtual_router_id 60
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
unicast_src_ip 172.21.11.201 # The IP address of this machine
unicast_peer { # The IP address of peer machines
172.21.11.202
172.21.11.203
}
virtual_ipaddress {
172.21.11.200/24 # The VIP address
}
track_script {
chk_haproxy
}
}
EOF
3.5 重启 KeepAlived 服务
systemctl daemon-reload
systemctl restart keepalived
systemctl enable keepalived
3.6 检查可用性
应当出现虚拟 IP 地址(VIP)
ip a s
4 安装 KubeSphere
如果部署机位于国内,首先执行:
export KKZONE=cn
4.1 单节点
kk create cluster --with-kubernetes v1.20.4 --with-kubesphere v3.1.0
4.2 多节点
# 创建集群配置文件
kk create config --with-kubernetes v1.20.4 --with-kubesphere v3.1.0 -f kubes.yaml
# kk create config --with-kubernetes v1.20.4 -f kubernetes.yaml
# 修改配置文件
vim kubesphere.yaml
供参考使用的配置文件
apiVersion: kubekey.kubesphere.io/v1alpha1
kind: Cluster
metadata:
name: iinfinity
spec:
hosts:
- {
name: h-1,
address: h-1.don.red,
internalAddress: 172.21.11.229,
user: root,
privateKeyPath: "/root/.ssh/id_ed25519",
}
- {
name: h-2,
address: h-2.don.red,
internalAddress: 172.21.11.231,
user: root,
privateKeyPath: "/root/.ssh/id_ed25519",
}
- {
name: h-3,
address: h-3.don.red,
internalAddress: 172.21.11.230,
user: root,
privateKeyPath: "/root/.ssh/id_ed25519",
}
roleGroups:
etcd:
- h-1
master:
- h-1
worker:
- h-2
- h-3
controlPlaneEndpoint:
domain: lb.kubesphere.local
address: "" # 172.21.11.200
port: 6443
kubernetes:
version: v1.20.4
imageRepo: kubesphere
clusterName: cluster.local
network:
plugin: calico
kubePodsCIDR: 10.233.64.0/18
kubeServiceCIDR: 10.233.0.0/18
registry:
registryMirrors: []
insecureRegistries: []
addons: []
---
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.1.0
spec:
persistence:
storageClass: ""
authentication:
jwtSecret: ""
zone: ""
local_registry: ""
etcd:
monitoring: false
endpointIps: localhost
port: 2379
tlsEnable: true
common:
redis:
enabled: false
redisVolumSize: 2Gi
openldap:
enabled: false
openldapVolumeSize: 2Gi
minioVolumeSize: 20Gi
monitoring:
endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
es:
elasticsearchMasterVolumeSize: 4Gi
elasticsearchDataVolumeSize: 20Gi
logMaxAge: 7
elkPrefix: logstash
basicAuth:
enabled: false
username: ""
password: ""
externalElasticsearchUrl: ""
externalElasticsearchPort: ""
console:
enableMultiLogin: true
port: 30880
alerting:
enabled: false
# thanosruler:
# replicas: 1
# resources: {}
auditing:
enabled: false
devops:
enabled: false
jenkinsMemoryLim: 2Gi
jenkinsMemoryReq: 1500Mi
jenkinsVolumeSize: 8Gi
jenkinsJavaOpts_Xms: 512m
jenkinsJavaOpts_Xmx: 512m
jenkinsJavaOpts_MaxRAM: 2g
events:
enabled: false
ruler:
enabled: true
replicas: 2
logging:
enabled: false
logsidecar:
enabled: false
replicas: 2
metrics_server:
enabled: false
monitoring:
storageClass: ""
prometheusMemoryRequest: 400Mi
prometheusVolumeSize: 20Gi
multicluster:
clusterRole: none
network:
networkpolicy:
enabled: false
ippool:
type: none
topology:
type: none
notification:
enabled: false
openpitrix:
store:
enabled: true
servicemesh:
enabled: false
kubeedge:
enabled: false
cloudCore:
nodeSelector: { "node-role.kubernetes.io/worker": "" }
tolerations: []
cloudhubPort: "10000"
cloudhubQuicPort: "10001"
cloudhubHttpsPort: "10002"
cloudstreamPort: "10003"
tunnelPort: "10004"
cloudHub:
advertiseAddress:
- ""
nodeLimit: "100"
service:
cloudhubNodePort: "30000"
cloudhubQuicNodePort: "30001"
cloudhubHttpsNodePort: "30002"
cloudstreamNodePort: "30003"
tunnelNodePort: "30004"
edgeWatcher:
nodeSelector: { "node-role.kubernetes.io/worker": "" }
tolerations: []
edgeWatcherAgent:
nodeSelector: { "node-role.kubernetes.io/worker": "" }
tolerations: []
创建集群
kk create cluster -f ./kubes.yaml
5 查看结果
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f