在 Linux 上以 All-in-One 模式安装 kubernetes v1.22.12 kubesphere v3.4.1

KubeSphere4.1安装文档

在 Kubernetes 上快速安装 KubeSphere

在 Linux 上以 All-in-One 模式安装 kubernetes v1.22.12 kubesphere v3.4.1

官方文档：在 Linux 上以 All-in-One 模式安装 KubeSphere

1. 下载文件 KubeKey
   git地址Releases · kubesphere/kubekey
   或

curl -sfL https://get-kk.kubesphere.io | VERSION=v3.1.6 sh -

或者自己下载上传然后解压

tar xvf kubekey-v3.1.6-linux-amd64.tar.gz

2. 为 kk 添加可执行权限：

chmod +x kk

安装相关依赖

sudo yum install -y conntrack-tools socat

3. 开始安装
   备注：如果访问 GitHub/Googleapis 受限，请登录任意集群节点，执行以下命令设置下载区域：

   export KKZONE=cn
   

在本快速入门教程中，您只需执行一个命令即可进行安装，其模板如下所示：

./kk create cluster [--with-kubernetes version] [--with-kubesphere version]

若要同时安装 Kubernetes 和 KubeSphere，可参考以下示例命令：

./kk create cluster --with-kubernetes v1.22.12 --with-kubesphere v3.4.1

如果要使用配置文件创建
指定kubesphere版本

./kk create config --with-kubesphere v3.4.1

修改配置文件后根据配置文件开始安装

./kk create cluster -f config-sample.yaml

4. 验证安装结果

kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l 'app in (ks-install, ks-installer)' -o jsonpath='{.items[0].metadata.name}') -f

输出以下信息则表示安装成功

#####################################################
###              Welcome to KubeSphere!           ###
#####################################################
Console: http://192.168.0.2:30880
Account: admin
Password: P@88w0rd

备注：安装过程中出现可能出现一些镜像拉去不下来等信息，使用kubectl get pod -A查看pod状态，如果有镜像拉取失败则自己手动拉取后重新执行第三步内容，实测2核4G centos7.9执行过程耗时20分钟左右(根据网络情况各不相同)

指定镜像仓库地址

apiVersion: kubekey.kubesphere.io/v1alpha2
kind: Cluster
metadata:name: sample
spec:hosts:- {name: node1, address: 192.168.21.232, internalAddress: 192.168.21.232, user: root, password: "123456"}- {name: node2, address: 192.168.21.233, internalAddress: 192.168.21.233, user: root, password: "123456"}roleGroups:etcd:- node1control-plane: - node1worker:- node1- node2controlPlaneEndpoint:## Internal loadbalancer for apiservers # internalLoadbalancer: haproxydomain: lb.kubesphere.localaddress: ""port: 6443kubernetes:version: v1.23.17clusterName: cluster.localautoRenewCerts: truecontainerManager: dockeretcd:type: kubekeynetwork:plugin: calicokubePodsCIDR: 10.233.64.0/18kubeServiceCIDR: 10.233.0.0/18## multus support. https://github.com/k8snetworkplumbingwg/multus-cnimultusCNI:enabled: falseregistry:privateRegistry: "registry.cn-beijing.aliyuncs.com" # 使用阿里云镜像namespaceOverride: "kubesphereio" # 阿里云镜像 KubeSphere 官方 namespaceregistryMirrors: []insecureRegistries: []addons: []
---
apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:name: ks-installernamespace: kubesphere-systemlabels:version: 3.4.1
spec:persistence:storageClass: ""authentication:jwtSecret: ""local_registry: ""# dev_tag: ""etcd:monitoring: falseendpointIps: localhostport: 2379tlsEnable: truecommon:core:console:enableMultiLogin: trueport: 30880type: NodePort# apiserver:#  resources: {}# controllerManager:#  resources: {}redis:enabled: falseenableHA: falsevolumeSize: 2Giopenldap:enabled: falsevolumeSize: 2Giminio:volumeSize: 20Gimonitoring:# type: externalendpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090GPUMonitoring:enabled: falsegpu:kinds:- resourceName: "nvidia.com/gpu"resourceType: "GPU"default: truees:# master:#   volumeSize: 4Gi#   replicas: 1#   resources: {}# data:#   volumeSize: 20Gi#   replicas: 1#   resources: {}enabled: falselogMaxAge: 7elkPrefix: logstashbasicAuth:enabled: falseusername: ""password: ""externalElasticsearchHost: ""externalElasticsearchPort: ""opensearch:# master:#   volumeSize: 4Gi#   replicas: 1#   resources: {}# data:#   volumeSize: 20Gi#   replicas: 1#   resources: {}enabled: truelogMaxAge: 7opensearchPrefix: whizardbasicAuth:enabled: trueusername: "admin"password: "admin"externalOpensearchHost: ""externalOpensearchPort: ""dashboard:enabled: falsealerting:enabled: false# thanosruler:#   replicas: 1#   resources: {}auditing:enabled: false# operator:#   resources: {}# webhook:#   resources: {}devops:enabled: falsejenkinsCpuReq: 0.5jenkinsCpuLim: 1jenkinsMemoryReq: 4GijenkinsMemoryLim: 4GijenkinsVolumeSize: 16Gievents:enabled: false# operator:#   resources: {}# exporter:#   resources: {}ruler:enabled: truereplicas: 2#   resources: {}logging:enabled: falselogsidecar:enabled: truereplicas: 2# resources: {}metrics_server:enabled: falsemonitoring:storageClass: ""node_exporter:port: 9100# resources: {}# kube_rbac_proxy:#   resources: {}# kube_state_metrics:#   resources: {}# prometheus:#   replicas: 1#   volumeSize: 20Gi#   resources: {}#   operator:#     resources: {}# alertmanager:#   replicas: 1#   resources: {}# notification_manager:#   resources: {}#   operator:#     resources: {}#   proxy:#     resources: {}gpu:nvidia_dcgm_exporter:enabled: false# resources: {}multicluster:clusterRole: nonenetwork:networkpolicy:enabled: falseippool:type: nonetopology:type: noneopenpitrix:store:enabled: falseservicemesh:enabled: falseistio:components:ingressGateways:- name: istio-ingressgatewayenabled: falsecni:enabled: falseedgeruntime:enabled: falsekubeedge:enabled: falsecloudCore:cloudHub:advertiseAddress:- ""service:cloudhubNodePort: "30000"cloudhubQuicNodePort: "30001"cloudhubHttpsNodePort: "30002"cloudstreamNodePort: "30003"tunnelNodePort: "30004"# resources: {}# hostNetWork: falseiptables-manager:enabled: truemode: "external"# resources: {}# edgeService:#   resources: {}gatekeeper:enabled: false# controller_manager:#   resources: {}# audit:#   resources: {}terminal:timeout: 600zone: ""

开启DevOps项目管理(使用流水线)

官方文档：KubeSphere DevOps 系统

我是all-in-one部署所以需要再安装后启用

1. 以 admin 用户登录控制台，点击左上角的平台管理，选择集群管理。

2. 点击定制资源定义，在搜索栏中输入 clusterconfiguration，点击搜索结果查看其详细页面。

3. 在自定义资源中，点击 ks-installer 右侧的 ，选择编辑 YAML。

4. 在该 YAML 文件中，搜索 devops，将 enabled 的 false 改为 true。完成后，点击右下角的确定，保存配置。

   devops:enabled: true # 将“false”更改为“true”。
   

5. 在 kubectl 中执行以下命令检查安装过程：

   kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l 'app in (ks-install, ks-installer)' -o jsonpath='{.items[0].metadata.name}') -f
   

流水线示例

//这个当本是推送到私有镜像仓库，可以配置为凭证或者机器人进行验证，这里为了方便直接写的明文
//如果不需要推送 直接移除中间的步骤去掉环境变量相关内容即可
//不同项目直接替换项目名称即可

pipeline {agent {node {label 'maven'}}environment{REGISTRY='10.168.1.170:81'HARBOR_NAMESPACE='k8s'APP_NAME="gateway-${BRANCH_NAME}-${BUILD_ID}:${GIT_COMMIT}"}stages {stage('镜像构建') {agent nonesteps {container('maven') {sh 'env'sh 'docker build -t $APP_NAME .'}}}stage('镜像推送') {agent nonesteps {container('maven') {sh "docker tag $APP_NAME $REGISTRY/$HARBOR_NAMESPACE/$APP_NAME"sh 'docker login -u admin -p 123456 $REGISTRY'sh "docker push $REGISTRY/$HARBOR_NAMESPACE/$APP_NAME"sh 'docker rmi $APP_NAME'}}}stage('k8s部署'){agent nonesteps {container('maven') {sh "envsubst < ./deployment.yaml > ./deployment-substituted.yaml"sh "cat ./deployment-substituted.yaml"sh "kubectl apply -f ./deployment-substituted.yaml"}}}// stage('镜像清理'){//   agent none//   steps {//     container('maven') {//       dir('VueFront') {//         sh '''//         if docker images | grep "$GIT_PREVIOUS_COMMIT"; then//           docker rmi vuefront-$BRANCH_NAME:$GIT_PREVIOUS_COMMIT//         else//           echo "镜像 vuefront-$BRANCH_NAME:$GIT_PREVIOUS_COMMIT 不存在，跳过删除"//         fi//         '''//       }//     }//   }// }}
}

工作负载、服务、路由 示例

从上到下分别是  工作负载、服务、路由  三个模板示例
工作负载中的images与上边流水线的示例相同即可，如果使用私有镜像仓库不用修改，如果使用本地镜像则移除$REGISTRY/$HARBOR_NAMESPACE/

apiVersion: apps/v1
kind: Deployment
metadata:name: gatewaynamespace: giteelabels:app: gatewayversion: v1
spec:replicas: 1selector:matchLabels:app: gatewayversion: v1template:metadata:labels:app: gatewayversion: v1spec:containers:- name: gatewayimage: $REGISTRY/$HARBOR_NAMESPACE/$APP_NAMEports:- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:name: gatewaynamespace: giteelabels:app: gatewayservice: gateway
spec:ports:- port: 80name: httpselector:app: gateway
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:name: gatewaynamespace: giteeannotations:kubernetes.io/ingress.class: nginx
spec:rules: - host: k8s.gateway.comhttp:paths:- path: /pathType: Prefixbackend:service:name: gatewayport:number: 80

流水线中k8s权限问题

提示：

+ kubectl apply -f deployment-substituted.yaml
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "apps/v1, Resource=deployments", GroupVersionKind: "apps/v1, Kind=Deployment"
Name: "gateway", Namespace: "gitee"
from server for: "deployment-substituted.yaml": deployments.apps "gateway" is forbidden: User "system:serviceaccount:kubesphere-devops-worker:default" cannot get resource "deployments" in API group "apps" in the namespace "gitee"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "/v1, Resource=services", GroupVersionKind: "/v1, Kind=Service"
Name: "gateway", Namespace: "gitee"
from server for: "deployment-substituted.yaml": services "gateway" is forbidden: User "system:serviceaccount:kubesphere-devops-worker:default" cannot get resource "services" in API group "" in the namespace "gitee"
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "networking.k8s.io/v1, Resource=ingresses", GroupVersionKind: "networking.k8s.io/v1, Kind=Ingress"
Name: "gateway", Namespace: "gitee"
from server for: "deployment-substituted.yaml": ingresses.networking.k8s.io "gateway" is forbidden: User "system:serviceaccount:kubesphere-devops-worker:default" cannot get resource "ingresses" in API group "networking.k8s.io" in the namespace "gitee"
script returned exit code 1

在任意节点中将下边的保存为account.yaml，执行

kubectl apply -f account.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:name: kubesphere-devops-worker-installer-binding
roleRef:apiGroup: rbac.authorization.k8s.iokind: ClusterRolename: ks-installer
subjects:
- kind: ServiceAccountname: defaultnamespace: kubesphere-devops-worker

卸载 KubeSphere 和 Kubernetes

如需删除集群，请执行以下命令
如果是按照快速入门 (All-in-One) 安装的 KubeSphere：

./kk delete cluster

如果是使用高级模式安装的 KubeSphere（使用配置文件创建）：

./kk delete cluster [-f config-sample.yaml]