轻松掌握在已有K8s环境上安装KubeSphere

轻松掌握在已有K8s环境上安装KubeSphere_第1张图片

官方文档地址:https://kubesphere.io/zh/docs/v3.3/quick-start/minimal-kubesphere-on-k8s/

1、基于已有K8s环境上安装KubeSphere
1、前置环境
1、安装nfs及动态存储类PV/PVC

安装默认存储类型,这里使用nfs,关于nfs的安装在PV/PVC的文章里有介绍,注意这里需要安装动态存储类PV/PVC轻松掌握在已有K8s环境上安装KubeSphere_第2张图片

2、安装监控集群指标组件metrics-server

监控集群指标组件metrics-server,如cpu的内存等。按如下安装:

kubectl apply -f metrics-server.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    k8s-app: metrics-server
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-view: "true"
  name: system:aggregated-metrics-reader
rules:
- apiGroups:
  - metrics.k8s.io
  resources:
  - pods
  - nodes
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    k8s-app: metrics-server
  name: system:metrics-server
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - nodes
  - nodes/stats
  - namespaces
  - configmaps
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server-auth-reader
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server:system:auth-delegator
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:auth-delegator
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    k8s-app: metrics-server
  name: system:metrics-server
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:metrics-server
subjects:
- kind: ServiceAccount
  name: metrics-server
  namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server
  namespace: kube-system
spec:
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    k8s-app: metrics-server
  name: metrics-server
  namespace: kube-system
spec:
  selector:
    matchLabels:
      k8s-app: metrics-server
  strategy:
    rollingUpdate:
      maxUnavailable: 0
  template:
    metadata:
      labels:
        k8s-app: metrics-server
    spec:
      containers:
      - args:
        - --cert-dir=/tmp
        - --kubelet-insecure-tls
        - --secure-port=4443
        - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
        - --kubelet-use-node-status-port
        image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/metrics-server:v0.4.3
        imagePullPolicy: IfNotPresent
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /livez
            port: https
            scheme: HTTPS
          periodSeconds: 10
        name: metrics-server
        ports:
        - containerPort: 4443
          name: https
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /readyz
            port: https
            scheme: HTTPS
          periodSeconds: 10
        securityContext:
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
        volumeMounts:
        - mountPath: /tmp
          name: tmp-dir
      nodeSelector:
        kubernetes.io/os: linux
      priorityClassName: system-cluster-critical
      serviceAccountName: metrics-server
      volumes:
      - emptyDir: {}
        name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
  labels:
    k8s-app: metrics-server
  name: v1beta1.metrics.k8s.io
spec:
  group: metrics.k8s.io
  groupPriorityMinimum: 100
  insecureSkipTLSVerify: true
  service:
    name: metrics-server
    namespace: kube-system
  version: v1beta1
  versionPriority: 100

查询相关pod已经运行起来即可:
轻松掌握在已有K8s环境上安装KubeSphere_第3张图片

2、安装 KubeSphere

如下图为官网
轻松掌握在已有K8s环境上安装KubeSphere_第4张图片
我们通过现将文件下载下来,然后需要修改修改cluster-configuration文件配置信息,在执行安装:

wget https://github.com/kubesphere/ks-installer/releases/download/v3.3.2/kubesphere-installer.yaml

wget https://github.com/kubesphere/ks-installer/releases/download/v3.3.2/cluster-configuration.yaml

修改cluster-configuration如下箭头的值为TRUE:开启对etcd的监控、修改etcd的IP地址、redis的监控、openldap为轻量级目录访问协议。

轻松掌握在已有K8s环境上安装KubeSphere_第5张图片
开启系统告警功能、开启日志审计功能;

轻松掌握在已有K8s环境上安装KubeSphere_第6张图片
开启Devops功能、集群的事件功能;轻松掌握在已有K8s环境上安装KubeSphere_第7张图片
开启日志功能、metrics-server不用打开,之前我们从安装过了(修改的阿里云镜像),如果打开会从官方下镜像,官方访问不通
轻松掌握在已有K8s环境上安装KubeSphere_第8张图片
开启网络策略、并类型为calico(一开始安装k8s时用的就是calico)

轻松掌握在已有K8s环境上安装KubeSphere_第9张图片
开启应用商店、微服务治理在这里插入图片描述
执行如下命令安装:

kubectl apply -f kubesphere-installer.yaml

kubectl apply -f cluster-configuration.yaml

官网提供了个查看安装日志的命令如下:(如果我的命令不行,可以到官网复制)

kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l 'app in (ks-install, ks-installer)' -o jsonpath='{.items[0].metadata.name}') -f

轻松掌握在已有K8s环境上安装KubeSphere_第10张图片
以上日志箭头如果有failed数量,需要检查下看下问题,否则无法进行。

整个安装需要20分钟左右,在日志里可以看到安装成功,并打印了访问地址和账号密码,可以使用任意一台机器的地址访问。如下所示:(提示每台虚拟机内存高点,处理器也分配多点,我配了8G8核处理器每台,一开始配置太低卡死导致多次安装失败。)
轻松掌握在已有K8s环境上安装KubeSphere_第11张图片
这时最好检查下所有的pod都在运行中,然后在访问,对于Imagepull的问题只需等待镜像拉去即可,镜像拉去的地址我们之前都改成了aliyun,不确定的话可以去查找下配置。其中有个Pod报的如下错误:

在这里插入图片描述
解决方法执行以下命令:(解决etcd监控证书找不到问题)

kubectl -n kubesphere-monitoring-system create secret generic kube-etcd-client-certs  --from-file=etcd-client-ca.crt=/etc/kubernetes/pki/etcd/ca.crt  --from-file=etcd-client.crt=/etc/kubernetes/pki/apiserver-etcd-client.crt  --from-file=etcd-client.key=/etc/kubernetes/pki/apiserver-etcd-client.key

等待pod全部running后,登录下图:轻松掌握在已有K8s环境上安装KubeSphere_第12张图片

你可能感兴趣的:(轻松掌握k8s,kubernetes,容器,docker)