安装kubesphere
kubesphere可以打通全部的devops链路,kubesphere集成了很多套件,集群要求比较高 https://kubesphere.io
kuboard也很不错,集群要求不高 https://kuboard.cn/support/
1、简洁
kubesphere是一款面向云原声设计的开源项目,在目前主流容器调度平台kubernets智商构建的分布式多用户容器管理平台,提供简单易用的操作界面以及向导式操作方式,在降低用户使用容器调度平台学习成本的同时,极大降低开发、测试、运维的日常工作的复杂度。
2、安装前提
1、安装helm(master节点执行)
helm是kubernetes的包管理器。包管理器类似于在Ubuntu中使用的apt,centos中的yum或者python中的pip一样,能够快速查找,下载和安装软件包。Helm有客户端组件helm和服务端组件Tiller组成,能够将一组K8S资源打包统一管理,是查找、共享和使用为Kubernetes构建的软件的最佳方式。
1)安装
[root@k8s-node1 k8s]# curl -L https://git.io/get_helm.sh|bash
[root@k8s-node1 k8s]# chmod 700 get_helm.sh
[root@k8s-node1 k8s]# sh get_helm.sh
Downloading https://get.helm.sh/helm-v2.16.6-linux-amd64.tar.gz
Preparing to install helm and tiller into /usr/local/bin
helm installed into /usr/local/bin/helm
tiller installed into /usr/local/bin/tiller
Run 'helm init' to configure helm.
2)验证版本
helm version
3)创建权限(master执行)
创建helm-rbac.yaml,写入如下内容
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
应用配置:
[root@k8s-node1 k8s]# kubectl apply -f helm-rbac.yaml
serviceaccount/tiller created
clusterrolebinding.rbac.authorization.k8s.io/tiller created
2、安装Tilller(Master执行)
1、初始化
[root@k8s-node1 k8s]# helm init --service-account=tiller --tiller-image=sapcc/tiller:v2.16.3 --history-max 300
Creating /root/.helm
Creating /root/.helm/repository
Creating /root/.helm/repository/cache
Creating /root/.helm/repository/local
Creating /root/.helm/plugins
Creating /root/.helm/starters
Creating /root/.helm/cache/archive
Creating /root/.helm/repository/repositories.yaml
Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
Adding local repo with URL: http://127.0.0.1:8879/charts
$HELM_HOME has been configured at /root/.helm.
Tiller (the Helm server-side component) has been installed into your Kubernetes Cluster.
Please note: by default, Tiller is deployed with an insecure 'allow unauthenticated users' policy.
To prevent this, run `helm init` with the --tiller-tls-verify flag.
For more information on securing your installation see: https://v2.helm.sh/docs/securing_installation/
--tiller-image 指定镜像,否则会被墙,等待节点上部署的tiller完成即可。
[root@k8s-node1 k8s]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-546565776c-9sbmk 1/1 Running 3 23h
coredns-546565776c-t68mr 1/1 Running 3 23h
etcd-k8s-node1 1/1 Running 3 23h
kube-apiserver-k8s-node1 1/1 Running 3 23h
kube-controller-manager-k8s-node1 1/1 Running 3 23h
kube-flannel-ds-amd64-5xs5j 1/1 Running 4 22h
kube-flannel-ds-amd64-6xwth 1/1 Running 5 23h
kube-flannel-ds-amd64-fvnvx 1/1 Running 4 22h
kube-proxy-7tkvl 1/1 Running 3 22h
kube-proxy-mvlnk 1/1 Running 4 22h
kube-proxy-sz2vz 1/1 Running 3 23h
kube-scheduler-k8s-node1 1/1 Running 3 23h
kubernetes-dashboard-975499656-jxczv 0/1 ImagePullBackOff 0 7h45m
tiller-deploy-8cc566858-67bxb 1/1 Running 0 31s
查看集群的所有节点信息:
[root@k8s-node1 k8s]# kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
k8s-node1 Ready master 23h v1.17.3 10.0.2.15 <none> CentOS Linux 7 (Core) 3.10.0-957.12.2.el7.x86_64 docker://19.3.8
k8s-node2 Ready <none> 22h v1.17.3 10.0.2.4 <none> CentOS Linux 7 (Core) 3.10.0-957.12.2.el7.x86_64 docker://19.3.8
k8s-node3 Ready <none> 22h v1.17.3 10.0.2.5 <none> CentOS Linux 7 (Core) 3.10.0-957.12.2.el7.x86_64 docker://19.3.8
2、测试
helm install stable/nginx-ingress --name nginx-ingress
helm ls
helm delete nginx-ingress
集群已有默认的存储类型(StorageClass),若还没有准备存储请参考 安装 OpenEBS 创建 LocalPV 存储类型 用作开发测试环境。
[root@k8s-node1 k8s]# kubectl describe node k8s-node1 | grep Taint
Taints: <none>
[root@k8s-node1 k8s]# kubectl taint nodes k8s-node1 node-role.kubernetes.io/master:NoSchedule-
安装 OpenEBS
[root@k8s-node1 k8s]# kubectl apply -f https://openebs.github.io/charts/openebs-operator-1.5.0.yaml
[root@k8s-node1 k8s]# kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-7f9c544f75-7bszv 1/1 Running 0 52m
kube-system coredns-7f9c544f75-86fs9 1/1 Running 0 52m
kube-system etcd-k8s-node1 1/1 Running 0 52m
kube-system kube-apiserver-k8s-node1 1/1 Running 0 52m
kube-system kube-controller-manager-k8s-node1 1/1 Running 0 52m
kube-system kube-flannel-ds-amd64-7dz2s 1/1 Running 0 46m
kube-system kube-flannel-ds-amd64-m5hkh 1/1 Running 0 46m
kube-system kube-flannel-ds-amd64-mxbcg 1/1 Running 0 48m
kube-system kube-proxy-h57vq 1/1 Running 0 52m
kube-system kube-proxy-r2mw9 1/1 Running 0 46m
kube-system kube-proxy-xhpnz 1/1 Running 0 46m
kube-system kube-scheduler-k8s-node1 1/1 Running 0 52m
kube-system tiller-deploy-5fdc6844fb-jmg4c 1/1 Running 0 27m
openebs maya-apiserver-7f664b95bb-mc7pd 0/1 ContainerCreating 0 2m42s
openebs openebs-admission-server-889d78f96-xg6gt 0/1 ContainerCreating 0 2m42s
openebs openebs-localpv-provisioner-67bddc8568-d5b6x 0/1 ContainerCreating 0 2m42s
openebs openebs-ndm-8ljf8 0/1 ContainerCreating 0 2m42s
openebs openebs-ndm-czfj7 0/1 ContainerCreating 0 2m42s
openebs openebs-ndm-operator-5db67cd5bb-kt8wr 0/1 ContainerCreating 0 2m42s
openebs openebs-ndm-qqr7q 0/1 ContainerCreating 0 2m42s
openebs openebs-provisioner-c68bfd6d4-sf6c4 0/1 ContainerCreating 0 2m42s
openebs openebs-snapshot-operator-7ffd685677-tn79c 0/2 ContainerCreating 0 2m42s
最小化安装 KubeSphere
若集群可用 CPU > 1 Core 且可用内存 > 2 G,可以使用以下命令最小化安装 KubeSphere:
kubectl apply -f https://raw.githubusercontent.com/kubesphere/ks-installer/master/kubesphere-minimal.yaml
提示:若您的服务器提示无法访问 GitHub,可将 kubesphere-minimal.yaml 或 kubesphere-complete-setup.yaml 文件保存到本地作为本地的静态文件,再参考上述命令进行安装。
- 查看滚动刷新的安装日志,请耐心等待安装成功。
$ kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
遇到报错
Error: configmaps is forbidden: User "system:serviceaccount:kube-system:default"
cannot list configmaps in the namespace "kube-system"
依次执行以下命令:
# 在kube-system命名空间中创建tiller账户
kubectl create serviceaccount --namespace kube-system tiller
# 创建角色并授予cluster-admin权限
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
# 指定账户进行初始化,别忘了还要指定tiller镜像哦
helm init --service-account tiller --tiller-image registry.cn-hangzhou.aliyuncs.com/luhaoyuan/tiller:v2.9.0
# 最后验证一下,是否有报错,执行以下命令没报错则表示成功了
helm ls
https://kubesphere.com.cn/docs/zh-CN/appendix/install-openebs/
https://devopscube.com/install-configure-helm-kubernetes/
https://kubesphere.com.cn/docs/zh-CN/installation/install-on-k8s/
OpenPitrix
网友评论