K8S 系列:安装 KubeSphere

Photo by Avel Chuklanov / Unsplash

参考文档:在 Linux 上以 All-in-One 模式安装 KubeSphere

1 在生产机上安装依赖

apt update && apt install socat conntrack ebtables ipset htop nfs-common -y

2 安装 KubeKey

mkdir kk && cd kk
curl -sfL https://get-kk.kubesphere.io | VERSION=v1.1.0 sh -
chmod +x ./kk && mv kk /usr/local/bin
cd .. && rm -rf kk
kk version

3 配置基于 HAProxy 的负载均衡

3.1 安装 HAProxy

apt install keepalived haproxy psmisc -y

3.2 修改 HAProxy 配置

tee /etc/haproxy/haproxy.cfg <<-'EOF'
global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http
        
frontend kube-apiserver
  bind *:16443
  mode tcp
  option tcplog
  default_backend kube-apiserver
   
backend kube-apiserver
    mode tcp
    option tcplog
    option tcp-check
    balance roundrobin
    default-server inter 10s downinter 5s rise 2 fall 2 slowstart 60s maxconn 250 maxqueue 256 weight 100
    server kube-apiserver-1 172.21.11.201:6443 check
    server kube-apiserver-2 172.21.11.202:6443 check
    server kube-apiserver-3 172.21.11.203:6443 check
EOF

3.3 重启服务

systemctl daemon-reload
systemctl restart haproxy
systemctl enable haproxy

3.4 修改 KeepAlived 配置

tee /etc/keepalived/keepalived.conf <<-'EOF'
global_defs {
  notification_email {
  }
  router_id LVS_DEVEL
  vrrp_skip_check_adv_addr
  vrrp_garp_interval 0
  vrrp_gna_interval 0
}
   
vrrp_script chk_haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 2
}
   
vrrp_instance haproxy-vip {
  state BACKUP
  priority 100
  interface eth0                # Network card
  virtual_router_id 60
  advert_int 1
  authentication {
    auth_type PASS
    auth_pass 1111
  }
  unicast_src_ip 172.21.11.201  # The IP address of this machine
  unicast_peer {                # The IP address of peer machines
    172.21.11.202
    172.21.11.203
  }
   
  virtual_ipaddress {
    172.21.11.200/24            # The VIP address
  }
   
  track_script {
    chk_haproxy
  }
}
EOF

3.5 重启 KeepAlived 服务

systemctl daemon-reload
systemctl restart keepalived
systemctl enable keepalived

3.6 检查可用性

应当出现虚拟 IP 地址(VIP)
ip a s

4 安装 KubeSphere

如果部署机位于国内,首先执行:

export KKZONE=cn

4.1 单节点

kk create cluster --with-kubernetes v1.20.4 --with-kubesphere v3.1.0

4.2 多节点

# 创建集群配置文件
kk create config --with-kubernetes v1.20.4 --with-kubesphere v3.1.0 -f kubes.yaml
# kk create config --with-kubernetes v1.20.4 -f kubernetes.yaml
# 修改配置文件
vim kubesphere.yaml

供参考使用的配置文件

apiVersion: kubekey.kubesphere.io/v1alpha1
kind: Cluster
metadata:
  name: iinfinity
spec:
  hosts:
    - {
        name: h-1,
        address: h-1.don.red,
        internalAddress: 172.21.11.229,
        user: root,
        privateKeyPath: "/root/.ssh/id_ed25519",
      }
    - {
        name: h-2,
        address: h-2.don.red,
        internalAddress: 172.21.11.231,
        user: root,
        privateKeyPath: "/root/.ssh/id_ed25519",
      }
    - {
        name: h-3,
        address: h-3.don.red,
        internalAddress: 172.21.11.230,
        user: root,
        privateKeyPath: "/root/.ssh/id_ed25519",
      }
  roleGroups:
    etcd:
      - h-1
    master:
      - h-1
    worker:
      - h-2
      - h-3
  controlPlaneEndpoint:
    domain: lb.kubesphere.local
    address: "" # 172.21.11.200
    port: 6443
  kubernetes:
    version: v1.20.4
    imageRepo: kubesphere
    clusterName: cluster.local
  network:
    plugin: calico
    kubePodsCIDR: 10.233.64.0/18
    kubeServiceCIDR: 10.233.0.0/18
  registry:
    registryMirrors: []
    insecureRegistries: []
  addons: []

---
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
  name: ks-installer
  namespace: kubesphere-system
  labels:
    version: v3.1.0
spec:
  persistence:
    storageClass: ""
  authentication:
    jwtSecret: ""
  zone: ""
  local_registry: ""
  etcd:
    monitoring: false
    endpointIps: localhost
    port: 2379
    tlsEnable: true
  common:
    redis:
      enabled: false
    redisVolumSize: 2Gi
    openldap:
      enabled: false
    openldapVolumeSize: 2Gi
    minioVolumeSize: 20Gi
    monitoring:
      endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
    es:
      elasticsearchMasterVolumeSize: 4Gi
      elasticsearchDataVolumeSize: 20Gi
      logMaxAge: 7
      elkPrefix: logstash
      basicAuth:
        enabled: false
        username: ""
        password: ""
      externalElasticsearchUrl: ""
      externalElasticsearchPort: ""
  console:
    enableMultiLogin: true
    port: 30880
  alerting:
    enabled: false
    # thanosruler:
    #   replicas: 1
    #   resources: {}
  auditing:
    enabled: false
  devops:
    enabled: false
    jenkinsMemoryLim: 2Gi
    jenkinsMemoryReq: 1500Mi
    jenkinsVolumeSize: 8Gi
    jenkinsJavaOpts_Xms: 512m
    jenkinsJavaOpts_Xmx: 512m
    jenkinsJavaOpts_MaxRAM: 2g
  events:
    enabled: false
    ruler:
      enabled: true
      replicas: 2
  logging:
    enabled: false
    logsidecar:
      enabled: false
      replicas: 2
  metrics_server:
    enabled: false
  monitoring:
    storageClass: ""
    prometheusMemoryRequest: 400Mi
    prometheusVolumeSize: 20Gi
  multicluster:
    clusterRole: none
  network:
    networkpolicy:
      enabled: false
    ippool:
      type: none
    topology:
      type: none
  notification:
    enabled: false
  openpitrix:
    store:
      enabled: true
  servicemesh:
    enabled: false
  kubeedge:
    enabled: false
    cloudCore:
      nodeSelector: { "node-role.kubernetes.io/worker": "" }
      tolerations: []
      cloudhubPort: "10000"
      cloudhubQuicPort: "10001"
      cloudhubHttpsPort: "10002"
      cloudstreamPort: "10003"
      tunnelPort: "10004"
      cloudHub:
        advertiseAddress:
          - ""
        nodeLimit: "100"
      service:
        cloudhubNodePort: "30000"
        cloudhubQuicNodePort: "30001"
        cloudhubHttpsNodePort: "30002"
        cloudstreamNodePort: "30003"
        tunnelNodePort: "30004"
    edgeWatcher:
      nodeSelector: { "node-role.kubernetes.io/worker": "" }
      tolerations: []
      edgeWatcherAgent:
        nodeSelector: { "node-role.kubernetes.io/worker": "" }
        tolerations: []

创建集群

kk create cluster -f ./kubes.yaml

5 查看结果

kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
IInfinity

IInfinity

大道虽简,知易行难。
CN