离线安装

KubeKey 是一个用于部署 Kubernetes 集群的开源轻量级工具。它提供了一种灵活、快速、便捷的方式来仅安装 Kubernetes/K3s,或同时安装 Kubernetes/K3s 和 KubeSphere,以及其他云原生插件。除此之外,它也是扩展和升级集群的有效工具。

KubeKey v2.1.0 版本新增了清单(manifest)和制品(artifact)的概念,为用户离线部署 Kubernetes 集群提供了一种解决方案。manifest 是一个描述当前 Kubernetes 集群信息和定义 artifact 制品中需要包含哪些内容的文本文件。在过去,用户需要准备部署工具,镜像 tar 包和其他相关的二进制文件,每位用户需要部署的 Kubernetes 版本和需要部署的镜像都是不同的。现在使用 KubeKey,用户只需使用清单 manifest 文件来定义将要离线部署的集群环境需要的内容,再通过该 manifest 来导出制品 artifact 文件即可完成准备工作。离线部署时只需要 KubeKey 和 artifact 就可快速、简单的在环境中部署镜像仓库和 Kubernetes 集群。

前提条件

要开始进行多节点安装,您需要参考如下示例准备至少三台主机。

主机 IP主机名称角色
192.168.0.2node1联网主机用于源集群打包使用。已部署 Kubernetes v1.22.10 和 KubeSphere v3.3.0
192.168.0.3node2离线环境主节点
192.168.0.4node3离线环境镜像仓库节点

部署准备

  1. 执行以下命令下载 KubeKey v2.2.1 并解压:

    GitHub Release Page 下载 KubeKey 或者直接运行以下命令。

    1. curl -sfL https://get-kk.kubesphere.io | VERSION=v2.2.1 sh -

    首先运行以下命令,以确保您从正确的区域下载 KubeKey。

    1. export KKZONE=cn

    运行以下命令来下载 KubeKey:

    1. curl -sfL https://get-kk.kubesphere.io | VERSION=v2.2.1 sh -
  2. 在源集群中使用 KubeKey 创建 manifest。支持下面 2 种方式:

    • (推荐)在已创建的集群中执行 KubeKey 命令生成该文件。
    1. ./kk create manifest
    • 根据模版手动创建并编写该文件。关于更多信息,请参阅 manifest-example
  3. 执行以下命令在源集群中修改 manifest 配置:

    1. vim manifest.yaml
    1. ---
    2. apiVersion: kubekey.kubesphere.io/v1alpha2
    3. kind: Manifest
    4. metadata:
    5. name: sample
    6. spec:
    7. arches:
    8. - amd64
    9. operatingSystems:
    10. - arch: amd64
    11. type: linux
    12. id: centos
    13. version: "7"
    14. repository:
    15. iso:
    16. localPath:
    17. url: https://github.com/kubesphere/kubekey/releases/download/v2.2.1/centos7-rpms-amd64.iso
    18. - arch: amd64
    19. type: linux
    20. id: ubuntu
    21. version: "20.04"
    22. repository:
    23. iso:
    24. localPath:
    25. url: https://github.com/kubesphere/kubekey/releases/download/v2.2.1/ubuntu-20.04-debs-amd64.iso
    26. kubernetesDistributions:
    27. - type: kubernetes
    28. version: v1.22.10
    29. components:
    30. helm:
    31. version: v3.6.3
    32. cni:
    33. version: v0.9.1
    34. etcd:
    35. version: v3.4.13
    36. ## For now, if your cluster container runtime is containerd, KubeKey will add a docker 20.10.8 container runtime in the below list.
    37. ## The reason is KubeKey creates a cluster with containerd by installing a docker first and making kubelet connect the socket file of containerd which docker contained.
    38. containerRuntimes:
    39. - type: docker
    40. version: 20.10.8
    41. crictl:
    42. version: v1.22.0
    43. ##
    44. docker-registry:
    45. version: "2"
    46. harbor:
    47. version: v2.4.1
    48. docker-compose:
    49. version: v2.2.2
    50. images:
    51. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-apiserver:v1.22.10
    52. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-controller-manager:v1.22.10
    53. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-proxy:v1.22.10
    54. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-scheduler:v1.22.10
    55. - registry.cn-beijing.aliyuncs.com/kubesphereio/pause:3.5
    56. - registry.cn-beijing.aliyuncs.com/kubesphereio/coredns:1.8.0
    57. - registry.cn-beijing.aliyuncs.com/kubesphereio/cni:v3.20.0
    58. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-controllers:v3.20.0
    59. - registry.cn-beijing.aliyuncs.com/kubesphereio/node:v3.20.0
    60. - registry.cn-beijing.aliyuncs.com/kubesphereio/pod2daemon-flexvol:v3.20.0
    61. - registry.cn-beijing.aliyuncs.com/kubesphereio/typha:v3.20.0
    62. - registry.cn-beijing.aliyuncs.com/kubesphereio/flannel:v0.12.0
    63. - registry.cn-beijing.aliyuncs.com/kubesphereio/provisioner-localpv:2.10.1
    64. - registry.cn-beijing.aliyuncs.com/kubesphereio/linux-utils:2.10.0
    65. - registry.cn-beijing.aliyuncs.com/kubesphereio/haproxy:2.3
    66. - registry.cn-beijing.aliyuncs.com/kubesphereio/nfs-subdir-external-provisioner:v4.0.2
    67. - registry.cn-beijing.aliyuncs.com/kubesphereio/k8s-dns-node-cache:1.15.12
    68. - registry.cn-beijing.aliyuncs.com/kubesphereio/ks-installer:v3.3.0
    69. - registry.cn-beijing.aliyuncs.com/kubesphereio/ks-apiserver:v3.3.0
    70. - registry.cn-beijing.aliyuncs.com/kubesphereio/ks-console:v3.3.0
    71. - registry.cn-beijing.aliyuncs.com/kubesphereio/ks-controller-manager:v3.3.0
    72. - registry.cn-beijing.aliyuncs.com/kubesphereio/kubectl:v1.20.0
    73. - registry.cn-beijing.aliyuncs.com/kubesphereio/kubectl:v1.21.0
    74. - registry.cn-beijing.aliyuncs.com/kubesphereio/kubectl:v1.22.0
    75. - registry.cn-beijing.aliyuncs.com/kubesphereio/kubefed:v0.8.1
    76. - registry.cn-beijing.aliyuncs.com/kubesphereio/tower:v0.2.0
    77. - registry.cn-beijing.aliyuncs.com/kubesphereio/minio:RELEASE.2019-08-07T01-59-21Z
    78. - registry.cn-beijing.aliyuncs.com/kubesphereio/mc:RELEASE.2019-08-07T23-14-43Z
    79. - registry.cn-beijing.aliyuncs.com/kubesphereio/snapshot-controller:v4.0.0
    80. - registry.cn-beijing.aliyuncs.com/kubesphereio/nginx-ingress-controller:v1.1.0
    81. - registry.cn-beijing.aliyuncs.com/kubesphereio/defaultbackend-amd64:1.4
    82. - registry.cn-beijing.aliyuncs.com/kubesphereio/metrics-server:v0.4.2
    83. - registry.cn-beijing.aliyuncs.com/kubesphereio/redis:5.0.14-alpine
    84. - registry.cn-beijing.aliyuncs.com/kubesphereio/haproxy:2.0.25-alpine
    85. - registry.cn-beijing.aliyuncs.com/kubesphereio/alpine:3.14
    86. - registry.cn-beijing.aliyuncs.com/kubesphereio/openldap:1.3.0
    87. - registry.cn-beijing.aliyuncs.com/kubesphereio/netshoot:v1.0
    88. - registry.cn-beijing.aliyuncs.com/kubesphereio/cloudcore:v1.9.2
    89. - registry.cn-beijing.aliyuncs.com/kubesphereio/iptables-manager:v1.9.2
    90. - registry.cn-beijing.aliyuncs.com/kubesphereio/edgeservice:v0.2.0
    91. - registry.cn-beijing.aliyuncs.com/kubesphereio/openpitrix-jobs:v3.2.1
    92. - registry.cn-beijing.aliyuncs.com/kubesphereio/devops-apiserver:v3.3.0
    93. - registry.cn-beijing.aliyuncs.com/kubesphereio/devops-controller:v3.3.0
    94. - registry.cn-beijing.aliyuncs.com/kubesphereio/devops-tools:v3.3.0
    95. - registry.cn-beijing.aliyuncs.com/kubesphereio/ks-jenkins:v3.3.0-2.319.1
    96. - registry.cn-beijing.aliyuncs.com/kubesphereio/inbound-agent:4.10-2
    97. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-base:v3.2.2
    98. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-nodejs:v3.2.0
    99. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-maven:v3.2.0
    100. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-maven:v3.2.1-jdk11
    101. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-python:v3.2.0
    102. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.0
    103. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.16
    104. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.17
    105. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.18
    106. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-base:v3.2.2-podman
    107. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-nodejs:v3.2.0-podman
    108. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-maven:v3.2.0-podman
    109. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-maven:v3.2.1-jdk11-podman
    110. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-python:v3.2.0-podman
    111. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.0-podman
    112. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.16-podman
    113. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.17-podman
    114. - registry.cn-beijing.aliyuncs.com/kubesphereio/builder-go:v3.2.2-1.18-podman
    115. - registry.cn-beijing.aliyuncs.com/kubesphereio/s2ioperator:v3.2.1
    116. - registry.cn-beijing.aliyuncs.com/kubesphereio/s2irun:v3.2.0
    117. - registry.cn-beijing.aliyuncs.com/kubesphereio/s2i-binary:v3.2.0
    118. - registry.cn-beijing.aliyuncs.com/kubesphereio/tomcat85-java11-centos7:v3.2.0
    119. - registry.cn-beijing.aliyuncs.com/kubesphereio/tomcat85-java11-runtime:v3.2.0
    120. - registry.cn-beijing.aliyuncs.com/kubesphereio/tomcat85-java8-centos7:v3.2.0
    121. - registry.cn-beijing.aliyuncs.com/kubesphereio/tomcat85-java8-runtime:v3.2.0
    122. - registry.cn-beijing.aliyuncs.com/kubesphereio/java-11-centos7:v3.2.0
    123. - registry.cn-beijing.aliyuncs.com/kubesphereio/java-8-centos7:v3.2.0
    124. - registry.cn-beijing.aliyuncs.com/kubesphereio/java-8-runtime:v3.2.0
    125. - registry.cn-beijing.aliyuncs.com/kubesphereio/java-11-runtime:v3.2.0
    126. - registry.cn-beijing.aliyuncs.com/kubesphereio/nodejs-8-centos7:v3.2.0
    127. - registry.cn-beijing.aliyuncs.com/kubesphereio/nodejs-6-centos7:v3.2.0
    128. - registry.cn-beijing.aliyuncs.com/kubesphereio/nodejs-4-centos7:v3.2.0
    129. - registry.cn-beijing.aliyuncs.com/kubesphereio/python-36-centos7:v3.2.0
    130. - registry.cn-beijing.aliyuncs.com/kubesphereio/python-35-centos7:v3.2.0
    131. - registry.cn-beijing.aliyuncs.com/kubesphereio/python-34-centos7:v3.2.0
    132. - registry.cn-beijing.aliyuncs.com/kubesphereio/python-27-centos7:v3.2.0
    133. - registry.cn-beijing.aliyuncs.com/kubesphereio/argocd:v2.3.3
    134. - registry.cn-beijing.aliyuncs.com/kubesphereio/argocd-applicationset:v0.4.1
    135. - registry.cn-beijing.aliyuncs.com/kubesphereio/dex:v2.30.2
    136. - registry.cn-beijing.aliyuncs.com/kubesphereio/redis:6.2.6-alpine
    137. - registry.cn-beijing.aliyuncs.com/kubesphereio/configmap-reload:v0.5.0
    138. - registry.cn-beijing.aliyuncs.com/kubesphereio/prometheus:v2.34.0
    139. - registry.cn-beijing.aliyuncs.com/kubesphereio/prometheus-config-reloader:v0.55.1
    140. - registry.cn-beijing.aliyuncs.com/kubesphereio/prometheus-operator:v0.55.1
    141. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-rbac-proxy:v0.11.0
    142. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-state-metrics:v2.3.0
    143. - registry.cn-beijing.aliyuncs.com/kubesphereio/node-exporter:v1.3.1
    144. - registry.cn-beijing.aliyuncs.com/kubesphereio/alertmanager:v0.23.0
    145. - registry.cn-beijing.aliyuncs.com/kubesphereio/thanos:v0.25.2
    146. - registry.cn-beijing.aliyuncs.com/kubesphereio/grafana:8.3.3
    147. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-rbac-proxy:v0.8.0
    148. - registry.cn-beijing.aliyuncs.com/kubesphereio/notification-manager-operator:v1.4.0
    149. - registry.cn-beijing.aliyuncs.com/kubesphereio/notification-manager:v1.4.0
    150. - registry.cn-beijing.aliyuncs.com/kubesphereio/notification-tenant-sidecar:v3.2.0
    151. - registry.cn-beijing.aliyuncs.com/kubesphereio/elasticsearch-curator:v5.7.6
    152. - registry.cn-beijing.aliyuncs.com/kubesphereio/elasticsearch-oss:6.8.22
    153. - registry.cn-beijing.aliyuncs.com/kubesphereio/fluentbit-operator:v0.13.0
    154. - registry.cn-beijing.aliyuncs.com/kubesphereio/docker:19.03
    155. - registry.cn-beijing.aliyuncs.com/kubesphereio/fluent-bit:v1.8.11
    156. - registry.cn-beijing.aliyuncs.com/kubesphereio/log-sidecar-injector:1.1
    157. - registry.cn-beijing.aliyuncs.com/kubesphereio/filebeat:6.7.0
    158. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-events-operator:v0.4.0
    159. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-events-exporter:v0.4.0
    160. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-events-ruler:v0.4.0
    161. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-auditing-operator:v0.2.0
    162. - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-auditing-webhook:v0.2.0
    163. - registry.cn-beijing.aliyuncs.com/kubesphereio/pilot:1.11.1
    164. - registry.cn-beijing.aliyuncs.com/kubesphereio/proxyv2:1.11.1
    165. - registry.cn-beijing.aliyuncs.com/kubesphereio/jaeger-operator:1.27
    166. - registry.cn-beijing.aliyuncs.com/kubesphereio/jaeger-agent:1.27
    167. - registry.cn-beijing.aliyuncs.com/kubesphereio/jaeger-collector:1.27
    168. - registry.cn-beijing.aliyuncs.com/kubesphereio/jaeger-query:1.27
    169. - registry.cn-beijing.aliyuncs.com/kubesphereio/jaeger-es-index-cleaner:1.27
    170. - registry.cn-beijing.aliyuncs.com/kubesphereio/kiali-operator:v1.38.1
    171. - registry.cn-beijing.aliyuncs.com/kubesphereio/kiali:v1.38
    172. - registry.cn-beijing.aliyuncs.com/kubesphereio/busybox:1.31.1
    173. - registry.cn-beijing.aliyuncs.com/kubesphereio/nginx:1.14-alpine
    174. - registry.cn-beijing.aliyuncs.com/kubesphereio/wget:1.0
    175. - registry.cn-beijing.aliyuncs.com/kubesphereio/hello:plain-text
    176. - registry.cn-beijing.aliyuncs.com/kubesphereio/wordpress:4.8-apache
    177. - registry.cn-beijing.aliyuncs.com/kubesphereio/hpa-example:latest
    178. - registry.cn-beijing.aliyuncs.com/kubesphereio/java:openjdk-8-jre-alpine
    179. - registry.cn-beijing.aliyuncs.com/kubesphereio/fluentd:v1.4.2-2.0
    180. - registry.cn-beijing.aliyuncs.com/kubesphereio/perl:latest
    181. - registry.cn-beijing.aliyuncs.com/kubesphereio/examples-bookinfo-productpage-v1:1.16.2
    182. - registry.cn-beijing.aliyuncs.com/kubesphereio/examples-bookinfo-reviews-v1:1.16.2
    183. - registry.cn-beijing.aliyuncs.com/kubesphereio/examples-bookinfo-reviews-v2:1.16.2
    184. - registry.cn-beijing.aliyuncs.com/kubesphereio/examples-bookinfo-details-v1:1.16.2
    185. - registry.cn-beijing.aliyuncs.com/kubesphereio/examples-bookinfo-ratings-v1:1.16.3
    186. - registry.cn-beijing.aliyuncs.com/kubesphereio/scope:1.13.0
    187. registry:
    188. auths: {}

    备注

    • 若需要导出的 artifact 文件中包含操作系统依赖文件(如:conntarck、chrony 等),可在 operationSystem 元素中的 .repostiory.iso.url 中配置相应的 ISO 依赖文件下载地址或者提前下载 ISO 包到本地在 localPath 里填写本地存放路径并删除 url 配置项。

    • 开启 harbordocker-compose 配置项,为后面通过 KubeKey 自建 harbor 仓库推送镜像使用。

    • 默认创建的 manifest 里面的镜像列表从 docker.io 获取。

    • 可根据实际情况修改 manifest-sample.yaml 文件的内容,用于之后导出期望的 artifact 文件。

    • 您可以访问 https://github.com/kubesphere/kubekey/releases/tag/v2.2.1 下载 ISO 文件。

  4. 从源集群中导出制品 artifact。

    执行以下命令:

    1. ./kk artifact export -m manifest-sample.yaml -o kubesphere.tar.gz

    依次运行以下命令:

    1. export KKZONE=cn
    2. ./kk artifact export -m manifest-sample.yaml -o kubesphere.tar.gz

    备注

    制品(artifact)是一个根据指定的 manifest 文件内容导出的包含镜像 tar 包和相关二进制文件的 tgz 包。在 KubeKey 初始化镜像仓库、创建集群、添加节点和升级集群的命令中均可指定一个 artifact,KubeKey 将自动解包该 artifact 并在执行命令时直接使用解包出来的文件。

    • 导出时请确保网络连接正常。

    • KubeKey 会解析镜像列表中的镜像名,若镜像名中的镜像仓库需要鉴权信息,可在 manifest 文件中的 .registry.auths 字段中进行配置。

离线安装集群

  1. 将下载的 KubeKey 和制品 artifact 通过 U 盘等介质拷贝至离线环境安装节点。

  2. 执行以下命令创建离线集群配置文件:

    1. ./kk create config --with-kubesphere v3.3.0 --with-kubernetes v1.22.10 -f config-sample.yaml
  3. 执行以下命令修改配置文件:

    1. vim config-sample.yaml

    备注

    • 按照实际离线环境配置修改节点信息。
    • 必须指定 registry 仓库部署节点(用于 KubeKey 部署自建 Harbor 仓库)。
    • registry 里必须指定 type 类型为 harbor,否则默认安装 docker registry。
    1. apiVersion: kubekey.kubesphere.io/v1alpha2
    2. kind: Cluster
    3. metadata:
    4. name: sample
    5. spec:
    6. hosts:
    7. - {name: master, address: 192.168.149.133, internalAddress: 192.168.149.133, user: root, password: "[email protected]"}
    8. - {name: node1, address: 192.168.149.134, internalAddress: 192.168.149.134, user: root, password: "[email protected]"}
    9. roleGroups:
    10. etcd:
    11. - master
    12. control-plane:
    13. - master
    14. worker:
    15. - node1
    16. # 如需使用 kk 自动部署镜像仓库,请设置该主机组 (建议仓库与集群分离部署,减少相互影响)
    17. registry:
    18. - node1
    19. controlPlaneEndpoint:
    20. ## Internal loadbalancer for apiservers
    21. # internalLoadbalancer: haproxy
    22. domain: lb.kubesphere.local
    23. address: ""
    24. port: 6443
    25. kubernetes:
    26. version: v1.21.5
    27. clusterName: cluster.local
    28. network:
    29. plugin: calico
    30. kubePodsCIDR: 10.233.64.0/18
    31. kubeServiceCIDR: 10.233.0.0/18
    32. ## multus support. https://github.com/k8snetworkplumbingwg/multus-cni
    33. multusCNI:
    34. enabled: false
    35. registry:
    36. # 如需使用 kk 部署 harbor, 可将该参数设置为 harbor,不设置该参数且需使用 kk 创建容器镜像仓库,将默认使用docker registry。
    37. type: harbor
    38. # 如使用 kk 部署的 harbor 或其他需要登录的仓库,可设置对应仓库的auths,如使用 kk 创建的 docker registry 仓库,则无需配置该参数。
    39. # 注意:如使用 kk 部署 harbor,该参数请于 harbor 启动后设置。
    40. #auths:
    41. # "dockerhub.kubekey.local":
    42. # username: admin
    43. # password: Harbor12345
    44. # 设置集群部署时使用的私有仓库
    45. privateRegistry: ""
    46. namespaceOverride: ""
    47. registryMirrors: []
    48. insecureRegistries: []
    49. addons: []
  4. 执行以下命令安装镜像仓库:

    1. ./kk init registry -f config-sample.yaml -a kubesphere.tar.gz

    备注

    命令中的参数解释如下:

    • config-sample.yaml 指离线环境集群的配置文件。

    • kubesphere.tar.gz 指源集群打包出来的 tar 包镜像。

  5. 创建 Harbor 项目。

    备注

    由于 Harbor 项目存在访问控制(RBAC)的限制,即只有指定角色的用户才能执行某些操作。如果您未创建项目,则镜像不能被推送到 Harbor。Harbor 中有两种类型的项目:

    • 公共项目(Public):任何用户都可以从这个项目中拉取镜像。
    • 私有项目(Private):只有作为项目成员的用户可以拉取镜像。

    Harbor 管理员账号:admin,密码:Harbor12345。Harbor 安装文件在 /opt/harbor , 如需运维 Harbor,可至该目录下。

    方法 1:执行脚本创建 Harbor 项目。

    a. 执行以下命令下载指定脚本初始化 Harbor 仓库:

    1. curl -O https://raw.githubusercontent.com/kubesphere/ks-installer/master/scripts/create_project_harbor.sh

    b. 执行以下命令修改脚本配置文件:

    1. vim create_project_harbor.sh
    1. #!/usr/bin/env bash
    2. # Copyright 2018 The KubeSphere Authors.
    3. #
    4. # Licensed under the Apache License, Version 2.0 (the "License");
    5. # you may not use this file except in compliance with the License.
    6. # You may obtain a copy of the License at
    7. #
    8. # http://www.apache.org/licenses/LICENSE-2.0
    9. #
    10. # Unless required by applicable law or agreed to in writing, software
    11. # distributed under the License is distributed on an "AS IS" BASIS,
    12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. # See the License for the specific language governing permissions and
    14. # limitations under the License.
    15. url="https://dockerhub.kubekey.local" #修改url的值为https://dockerhub.kubekey.local
    16. user="admin"
    17. passwd="Harbor12345"
    18. harbor_projects=(library
    19. kubesphereio
    20. kubesphere
    21. calico
    22. coredns
    23. openebs
    24. csiplugin
    25. minio
    26. mirrorgooglecontainers
    27. osixia
    28. prom
    29. thanosio
    30. jimmidyson
    31. grafana
    32. elastic
    33. istio
    34. jaegertracing
    35. jenkins
    36. weaveworks
    37. openpitrix
    38. joosthofman
    39. nginxdemos
    40. fluent
    41. kubeedge
    42. )
    43. for project in "${harbor_projects[@]}"; do
    44. echo "creating $project"
    45. curl -u "${user}:${passwd}" -X POST -H "Content-Type: application/json" "${url}/api/v2.0/projects" -d "{ \"project_name\": \"${project}\", \"public\": true}" -k #curl命令末尾加上 -k
    46. done

    备注

    • 修改 url 的值为 https://dockerhub.kubekey.local

    • 需要指定仓库项目名称和镜像列表的项目名称保持一致。

    • 脚本末尾 curl 命令末尾加上 -k

    c. 执行以下命令创建 Harbor 项目:

    1. chmod +x create_project_harbor.sh
    1. ./create_project_harbor.sh

    方法 2:登录 Harbor 仓库创建项目。将项目设置为公开以便所有用户都能够拉取镜像。关于如何创建项目,请参阅创建项目

    harbor-login-7

  6. 再次执行以下命令修改集群配置文件:

    1. vim config-sample.yaml
    1. ...
    2. registry:
    3. type: harbor
    4. auths:
    5. "dockerhub.kubekey.local":
    6. username: admin
    7. password: Harbor12345
    8. privateRegistry: "dockerhub.kubekey.local"
    9. namespaceOverride: "kubesphereio"
    10. registryMirrors: []
    11. insecureRegistries: []
    12. addons: []

    备注

    • 新增 auths 配置增加 dockerhub.kubekey.local 和账号密码。
    • privateRegistry 增加 dockerhub.kubekey.local
    • namespaceOverride 增加 kubesphereio
  7. 执行以下命令安装 KubeSphere 集群:

    1. ./kk create cluster -f config-sample.yaml -a kubesphere.tar.gz --with-packages

    参数解释如下:

    • config-sample.yaml:离线环境集群的配置文件。
    • kubesphere.tar.gz:源集群打包出来的 tar 包镜像。
    • --with-packages:若需要安装操作系统依赖,需指定该选项。
  8. 执行以下命令查看集群状态:

    1. kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l 'app in (ks-install, ks-installer)' -o jsonpath='{.items[0].metadata.name}') -f

    安装完成后,您会看到以下内容:

    1. **************************************************
    2. #####################################################
    3. ### Welcome to KubeSphere! ###
    4. #####################################################
    5. Console: http://192.168.149.133:30880
    6. Account: admin
    7. Password: [email protected]
    8. NOTES
    9. 1. After you log into the console, please check the
    10. monitoring status of service components in
    11. the "Cluster Management". If any service is not
    12. ready, please wait patiently until all components
    13. are up and running.
    14. 1. Please change the default password after login.
    15. #####################################################
    16. https://kubesphere.io 2022-02-28 23:30:06
    17. #####################################################
  9. 通过 http://{IP}:30880 使用默认帐户和密码 admin/[[email protected]](https://kubesphere.io/cdn-cgi/l/email-protection) 访问 KubeSphere 的 Web 控制台。

    kubesphere-login

    备注

    要访问控制台,请确保在您的安全组中打开端口 30880。