安装条件
如果不打算关闭防火墙,则需要按照"端口要求"文档打开相关端口。
| Service | Protocol | Action | Start Port | End Port | Notes |
|---|---|---|---|---|---|
| ssh | TCP | allow | 22 | ||
| etcd | TCP | allow | 2379 | 2380 | |
| apiserver | TCP | allow | 6443 | ||
| calico | TCP | allow | 9099 | 9100 | |
| bgp | TCP | allow | 179 | ||
| nodeport | TCP | allow | 30000 | 32767 | |
| master | TCP | allow | 10250 | 10258 | |
| dns | TCP | allow | 53 | ||
| dns | UDP | allow | 53 | ||
| local-registry | TCP | allow | 5000 | For offline environment | |
| local-apt | TCP | allow | 5080 | For offline environment | |
| rpcbind | TCP | allow | 111 | Required if NFS is used | |
| ipip | IPENCAP / IPIP | allow | Calico needs to allow the ipip protocol |
第 1 步:准备 Linux 计算机
请参阅以下硬件和操作系统的要求。
硬件推荐
| System | Minimum Requirements |
|---|---|
| Ubuntu 16.04, 18.04 | CPU: 2 Cores, Memory: 4 G, Disk Space: 40 G |
| Debian Buster, Stretch | CPU: 2 Cores, Memory: 4 G, Disk Space: 40 G |
| CentOS 7.x | CPU: 2 Cores, Memory: 4 G, Disk Space: 40 G |
| Red Hat Enterprise Linux 7 | CPU: 2 Cores, Memory: 4 G, Disk Space: 40 G |
| SUSE Linux Enterprise Server 15/openSUSE Leap 15.2 | CPU: 2 Cores, Memory: 4 G, Disk Space: 40 G |
注意
上述系统要求和以下说明用于默认最小安装,且未启用任何可选组件。如果计算机至少有 8 个内核和 16G 内存,建议您启用所有组件。
依赖项要求
库贝基可以一起安装库贝内特和库贝球。需要安装的依赖项可能根据要安装的 Kubernetes 版本而有所不同。您可以参考下面的列表,以查看是否需要提前在节点上安装相关依赖项。
| ependency | Kubernetes Version ≥ 1.18 | Kubernetes Version < 1.18 |
|---|---|---|
socat | Required | Optional but recommended |
conntrack | Required | Optional but recommended |
ebtables | Optional but recommended | Optional but recommended |
ipset | Optional but recommended | Optional but recommended |
KubeKey 以 Go 语言开发,代表全新的安装工具,以替代以前使用的基于易用的安装程序。KubeKey 为用户提供了灵活的安装选择,因为他们可以单独安装 KubeSphere 和 Kubernetes,或同时安装它们,这非常方便和高效。
网络和 DNS 要求
- 确保 中的 DNS 地址可用。否则,可能会导致群集中的 DNS 问题。
/etc/resolv.conf - 如果您的网络配置使用防火墙或安全组,则必须确保基础结构组件可以通过特定端口相互通信。建议您关闭防火墙或按照指南"网络访问"操作。
提示
-
建议您的操作系统干净(未安装任何其他软件)。否则,可能会发生冲突。
第 2 步:下载 KubeKey
使用以下命令下载 KubeKey:
wget -c https://kubesphere.io/download/kubekey-v1.0.0-linux-amd64.tar.gz -O - | tar -xz
制作可执行:kk
chmod +x kk
第 3 步:开始安装
在此快速入门教程中,您只需要执行一个命令进行安装,其模板如下所示:
./kk create cluster [--with-kubernetes version] [--with-kubesphere version]
使用已安装的 KubeSphere 创建 Kubernetes 群集。下面是一个供您参考的示例:
./kk create cluster --with-kubernetes v1.18.6 --with-kubesphere v3.0.0
通过配置文件安装
./kk create cluster -f config-sample.yaml
apiVersion: kubekey.kubesphere.io/v1alpha1
kind: Cluster
metadata:
name: example
spec:
hosts:
- {name: node1, address: 172.16.0.2, internalAddress: 172.16.0.2, port: 8022, user: ubuntu, password: Qcloud@123} # Assume that the default port for SSH is 22, otherwise add the port number after the IP address as above
- {name: node2, address: 172.16.0.3, internalAddress: 172.16.0.3, password: Qcloud@123} # the default root user
- {name: node3, address: 172.16.0.4, internalAddress: 172.16.0.4, privateKeyPath: "~/.ssh/id_rsa"} # password-less login with SSH keys
roleGroups:
etcd:
- node1
master:
- node1
- node[2:10] # the nodes from node2, node3,..., to node10
worker:
- node1
- node[10:100]
controlPlaneEndpoint:
domain: lb.kubesphere.local
address: ""
port: "6443"
kubernetes:
version: v1.17.9
imageRepo: kubesphere
clusterName: cluster.local
masqueradeAll: false # masqueradeAll tells kube-proxy to SNAT everything if using the pure iptables proxy mode. [Default: false]
maxPods: 110 # maxPods is the number of pods that can run on this Kubelet. [Default: 110]
nodeCidrMaskSize: 24 # internal network node size allocation. This is the size allocated to each node on your network. [Default: 24]
proxyMode: ipvs # mode specifies which proxy mode to use. [Default: ipvs]
network:
plugin: calico
calico:
ipipMode: Always # IPIP Mode to use for the IPv4 POOL created at start up. If set to a value other than Never, vxlanMode should be set to "Never". [Always | CrossSubnet | Never] [Default: Always]
vxlanMode: Never # VXLAN Mode to use for the IPv4 POOL created at start up. If set to a value other than Never, ipipMode should be set to "Never". [Always | CrossSubnet | Never] [Default: Never]
vethMTU: 1440 # The maximum transmission unit (MTU) setting determines the largest packet size that can be transmitted through your network. [Default: 1440]
kubePodsCIDR: 10.233.64.0/18
kubeServiceCIDR: 10.233.0.0/18
registry:
registryMirrors: []
insecureRegistries: []
privateRegistry: ""
addons: []
---
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.0.0
spec:
local_registry: ""
persistence:
storageClass: ""
authentication:
jwtSecret: ""
etcd:
monitoring: true # Whether to install etcd monitoring dashboard
endpointIps: 192.168.0.7,192.168.0.8,192.168.0.9 # etcd cluster endpointIps
port: 2379 # etcd port
tlsEnable: true
common:
mysqlVolumeSize: 20Gi # MySQL PVC size
minioVolumeSize: 20Gi # Minio PVC size
etcdVolumeSize: 20Gi # etcd PVC size
openldapVolumeSize: 2Gi # openldap PVC size
redisVolumSize: 2Gi # Redis PVC size
es: # Storage backend for logging, tracing, events and auditing.
elasticsearchMasterReplicas: 1 # total number of master nodes, it's not allowed to use even number
elasticsearchDataReplicas: 1 # total number of data nodes
elasticsearchMasterVolumeSize: 4Gi # Volume size of Elasticsearch master nodes
elasticsearchDataVolumeSize: 20Gi # Volume size of Elasticsearch data nodes
logMaxAge: 7 # Log retention time in built-in Elasticsearch, it is 7 days by default.
elkPrefix: logstash # The string making up index names. The index name will be formatted as ks-<elk_prefix>-log
# externalElasticsearchUrl:
# externalElasticsearchPort:
console:
enableMultiLogin: false # enable/disable multiple sing on, it allows an account can be used by different users at the same time.
port: 30880
alerting: # Whether to install KubeSphere alerting system. It enables Users to customize alerting policies to send messages to receivers in time with different time intervals and alerting levels to choose from.
enabled: false
auditing: # Whether to install KubeSphere audit log system. It provides a security-relevant chronological set of records,recording the sequence of activities happened in platform, initiated by different tenants.
enabled: false
devops: # Whether to install KubeSphere DevOps System. It provides out-of-box CI/CD system based on Jenkins, and automated workflow tools including Source-to-Image & Binary-to-Image
enabled: false
jenkinsMemoryLim: 2Gi # Jenkins memory limit
jenkinsMemoryReq: 1500Mi # Jenkins memory request
jenkinsVolumeSize: 8Gi # Jenkins volume size
jenkinsJavaOpts_Xms: 512m # The following three fields are JVM parameters
jenkinsJavaOpts_Xmx: 512m
jenkinsJavaOpts_MaxRAM: 2g
events: # Whether to install KubeSphere events system. It provides a graphical web console for Kubernetes Events exporting, filtering and alerting in multi-tenant Kubernetes clusters.
enabled: false
logging: # Whether to install KubeSphere logging system. Flexible logging functions are provided for log query, collection and management in a unified console. Additional log collectors can be added, such as Elasticsearch, Kafka and Fluentd.
enabled: false
logsidecarReplicas: 2
metrics_server: # Whether to install metrics-server. IT enables HPA (Horizontal Pod Autoscaler).
enabled: true
monitoring: #
prometheusReplicas: 1 # Prometheus replicas are responsible for monitoring different segments of data source and provide high availability as well.
prometheusMemoryRequest: 400Mi # Prometheus request memory
prometheusVolumeSize: 20Gi # Prometheus PVC size
alertmanagerReplicas: 1 # AlertManager Replicas
multicluster:
clusterRole: none # host | member | none # You can install a solo cluster, or specify it as the role of host or member cluster
networkpolicy: # Network policies allow network isolation within the same cluster, which means firewalls can be set up between certain instances (Pods).
enabled: false
notification: # Email Notification support for the legacy alerting system, should be enabled/disabled together with the above alerting option
enabled: false
openpitrix: # Whether to install KubeSphere Application Store. It provides an application store for Helm-based applications, and offer application lifecycle management
enabled: false
servicemesh: # Whether to install KubeSphere Service Mesh (Istio-based). It provides fine-grained traffic management, observability and tracing, and offer visualization for traffic topology
enabled: false
注意
- 支持的库伯内特版本: v1.15.12, v1.16.13, v1.17.9 (默认), v1.18.6.
- 对于一个一对一的安装,一般来说,您不需要更改任何配置。
- 默认情况下,KubeKey 将安装 OpenEBS来为开发和测试环境预配 LocalPV,这对于新用户来说非常方便。有关其他存储类,请参阅持久存储配置。
执行该命令后,将看到如下所示的表,用于环境检查。
确保已安装上述标记的组件并输入以继续。y``yes
第 4 步:验证安装
当您看到输出如下时,这意味着安装完成。
输入以下命令以检查结果。
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
输出显示 Web 控制台的 IP 地址和端口号,默认情况下,该地址和端口号通过 Web 控制台公开。现在,您可以使用默认帐户和密码 () 访问控制台。NodePort 30880``EIP:30880``admin/P@88word
#####################################################
### Welcome to KubeSphere! ###
#####################################################
Console: http://192.168.0.2:30880
Account: admin
Password: P@88w0rd
NOTES:
1. After logging into the console, please check the
monitoring status of service components in
the "Cluster Management". If any service is not
ready, please wait patiently until all components
are ready.
2. Please modify the default password after login.
#####################################################
https://kubesphere.io 20xx-xx-xx xx:xx:xx
#####################################################
注意
您可能需要在环境中绑定 EIP 并配置端口转发,以便外部用户访问控制台。此外,请确保端口 30880 在安全组中打开。
登录到控制台后,可以在组件 中检查不同组件的状态。如果要使用相关服务,可能需要等待某些组件启动并运行。还可以使用 来检查 KubeSphere 工作负载的运行状态。kubectl get pod --all-namespaces
添加节点
在使用 KubeSphere 一段时间后,可能需要使用越来越多的工作负载来扩展群集。在这种情况下,KubeSphere 提供向群集添加新节点的脚本。
使用 KubeKey 创建配置文件
./kk create config --with-kubesphere --with-kubernetes V1.18.6
以下部分演示如何添加两个节点(即 和 )使用用户作为示例。假定第一台计算机的主机名为(将以下主机名替换为您的主机名)。node1``node2``root``master1
spec:
hosts:
- {name: master1, address: 192.168.0.3, internalAddress: 192.168.0.3, user: root, password: Qcloud@123}
- {name: node1, address: 192.168.0.4, internalAddress: 192.168.0.4, user: root, password: Qcloud@123}
- {name: node2, address: 192.168.0.5, internalAddress: 192.168.0.5, user: root, password: Qcloud@123}
roleGroups:
etcd:
- master1
master:
- master1
worker:
- node1
- node2
···
执行以下命令以应用更改:
./kk add nodes -f config-sample.yaml
最后,在成功返回后,您将能够在 KubeSphere 控制台中看到新节点及其信息。从**左侧菜单****中选择"**节点"下的群集节点,或使用命令查看更改。kubectl get node
kubectl get node
NAME STATUS ROLES AGE VERSION
master1 Ready master,worker 20d v1.17.9
node1 Ready worker 31h v1.17.9
node2 Ready worker 31h v1.17.9
删除节点
您可以通过以下命令删除节点:
./kk delete node <nodeName> -f config-sample.yaml
删除集群
./kk delete cluster
如果从高级模式开始(使用配置文件删除):
./kk delete cluster [-f config-sample.yaml]
启用可插拔组件(可选)
默认情况下,上述指南仅用于最小安装。
开启应用商店
通过编辑配置文件开启
vi cluster-configuration.yaml
修改配置文件openpitrix改为true
openpitrix:
enabled: true # Change "false" to "true"
应用修改
kubectl apply -f cluster-configuration.yaml
或者通过kubectl开启应用商店
kubectl -n kubesphere-system edit cc ks-installer
打开安装的配置文件后开启应用商店
openpitrix:
enabled: true # Change "false" to "true"
开启DevOps
通过编辑配置文件开启
vi cluster-configuration.yaml
修改配置文件openpitrix改为true
devops:
enabled: true # Change "false" to "true"
应用修改
kubectl apply -f cluster-configuration.yaml
或者通过kubectl开启
kubectl -n kubesphere-system edit cc ks-installer
打开安装的配置文件后开启店
devops:
enabled: true # Change "false" to "true"
查看是否安装日志
kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
开启日志 记录
通过编辑配置文件开启
vi cluster-configuration.yaml
修改配置文件openpitrix改为true
logging:
enabled: true # Change "false" to "true"
应用修改
kubectl apply -f cluster-configuration.yaml
或者通过kubectl开启,这种方式开完保存即可,自动应用
kubectl -n kubesphere-system edit cc ks-installer
打开安装的配置文件后开启
logging:
enabled: true # Change "false" to "true"
默认情况下,如果启用日志记录,ks 安装程序将在内部安装弹性搜索。对于生产环境,如果您要启用日志记录,特别是 和 ,强烈建议您在群集配置**.yaml**中设置以下值。
es: # Storage backend for logging, tracing, events and auditing.
elasticsearchMasterReplicas: 1 # total number of master nodes, it's not allowed to use even number
elasticsearchDataReplicas: 1 # total number of data nodes
elasticsearchMasterVolumeSize: 4Gi # Volume size of Elasticsearch master nodes
elasticsearchDataVolumeSize: 20Gi # Volume size of Elasticsearch data nodes
logMaxAge: 7 # Log retention time in built-in Elasticsearch, it is 7 days by default.
elkPrefix: logstash # The string making up index names. The index name will be formatted as ks-<elk_prefix>-log
externalElasticsearchUrl: # The URL of external Elasticsearch
externalElasticsearchPort: # The port of external Elasticsearch
开启Service Mesh
通过编辑配置文件开启
vi cluster-configuration.yaml
或者通过kubectl开启,这种方式开完保存即可,自动应用
kubectl -n kubesphere-system edit cc ks-installer
修改配置文件openpitrix改为true
servicemesh:
enabled: true # Change "false" to "true"
应用修改
kubectl apply -f cluster-configuration.yaml
开启监控告警和提醒
通过编辑配置文件开启
vi cluster-configuration.yaml
或者通过kubectl开启,这种方式开完保存即可,自动应用
kubectl -n kubesphere-system edit cc ks-installer
修改配置文件openpitrix改为true
alerting:
enabled: true # Change "false" to "true"
notification:
enabled: true # Change "false" to "true"
应用修改
kubectl apply -f cluster-configuration.yaml
开启网络策略
通过编辑配置文件开启
vi cluster-configuration.yaml
或者通过kubectl开启,这种方式开完保存即可,自动应用
kubectl -n kubesphere-system edit cc ks-installer
修改配置文件openpitrix改为true
networkpolicy:
enabled: true # Change "false" to "true"
应用修改
kubectl apply -f cluster-configuration.yaml
