15308555518/ website
1
0
Fork 0
mirror of https://github.com/kubesphere/website.git synced 2025-12-26 00:12:48 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #3236 from zhuxiujuan28/docs 

【documentation】add https doc & remove whizard and notification-history docs
This commit is contained in:
KubeSphere CI Bot 2025-03-04 18:45:41 +08:00 committed by GitHub
parent e3461d4e1f 7060b5909a
commit 2dfde98614
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
27 changed files with 966 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

466
content/en/docs/v4.1/02-quickstart/02-access-kubesphere-via-https.adoc Normal file
View File

@ -0,0 +1,466 @@
---
title: "Access KubeSphere Console via Domain Name"
keywords: "Kubernetes, {ks_product-en}, Domain Access, TLS"
description: "Learn how to access KubeSphere console via custom domain name."
weight: 02
---
This section explains how to access the {ks_product-en} web console using a custom domain name. To achieve this, you need to configure TLS access using cert-manager.
== Prerequisites
- Kubernetes is installed.
- link:https://helm.sh/docs/intro/install/[Helm] is installed (for installing cert-manager and ingress-nginx).
- {ks_product-en} is installed or ready to be installed.
== Step 1: Install NGINX Ingress Controller
If you haven't installed link:https://kubernetes.github.io/ingress-nginx/[NGINX Ingress Controller], follow these steps.
[source,bash]
----
# Add ingress-nginx repository
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
# Update repository
helm repo update
# Install ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--version 4.2.5
# Verify installation
kubectl -n ingress-nginx get svc ingress-nginx-controller
# Check IngressClass
kubectl get ingressclass
----
== Step 2: Install cert-manager
link:https://cert-manager.io/docs/[cert-manager] is a Kubernetes native certificate management controller that helps automate the management and issuance of TLS certificates.
[source,bash]
----
# Add cert-manager repository
helm repo add jetstack https://charts.jetstack.io
# Update repository
helm repo update
# Install cert-manager
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.12.0 \
--set installCRDs=true
# Verify installation
kubectl get pods -n cert-manager
----
== Step 3: Configure TLS for KubeSphere
=== Method 1: Configure TLS during KubeSphere installation
If you haven't installed KubeSphere yet, you can configure TLS during installation. The following command uses cert-manager to generate a self-signed certificate.
[source,bash]
----
helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.3.tgz \
--set portal.hostname=kubesphere.my.org \ # Replace kubesphere.my.org with your custom domain
--set portal.https.port=30880 \
--set ingress.enabled=true \
--set ingress.tls.source=generation \
--set ingress.ingressClassName=nginx
----
[.admon.note,cols="a"]
|===
|Note
|
For more information about these parameters, please refer to link:../../03-installation-and-upgrade/02-install-kubesphere/05-appendix/[Advanced Configuration of KubeSphere Core].
|===
=== Method 2: Manually configure self-signed TLS after KubeSphere installation
If KubeSphere is already installed, you need to manually configure TLS.
[source,bash]
----
# Create Issuer
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: self-signed
namespace: kubesphere-system
spec:
selfSigned: {}
EOF
----
[source,bash]
----
# Create Certificate
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kubesphere-tls-certs
namespace: kubesphere-system
spec:
duration: 2160h # 90 days
# Start renewal 15 days before expiration
renewBefore: 360h # 15 days (15 * 24 hours)
dnsNames:
- kubesphere.my.org # Replace with your custom domain
issuerRef:
group: cert-manager.io
kind: Issuer
name: self-signed
secretName: kubesphere-tls-certs
usages:
- digital signature
- key encipherment
EOF
----
[source,bash]
----
# Create Ingress
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: self-signed
cert-manager.io/issuer-kind: Issuer
name: ks-console
namespace: kubesphere-system
spec:
ingressClassName: nginx
rules:
- host: kubesphere.my.org # Replace with your custom domain
http:
paths:
- backend:
service:
name: ks-console
port:
number: 80
pathType: ImplementationSpecific
tls:
- hosts:
- kubesphere.my.org # Replace with your custom domain
secretName: kubesphere-tls-certs
EOF
----
=== Method 3: Manually configure Let's Encrypt certificate after KubeSphere installation
If KubeSphere is already installed, you can also manually configure Let's Encrypt to issue certificates.
[.admon.attention,cols="a"]
|===
|Attention
|
. Domain requirements: For HTTP-01 challenge, your domain must be publicly accessible and port 80 must be open.
. Let's Encrypt limitations:
- Certificate validity is fixed at 90 days
- There are limits on the number of certificates that can be issued per domain per week
- For testing, it's recommended to use Let's Encrypt's staging environment:
+
https://acme-staging-v02.api.letsencrypt.org/directoryStaging
|===
[source,bash]
----
# Create Let's Encrypt Issuer (HTTP-01 challenge)
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# Let's Encrypt production API
server: https://acme-v02.api.letsencrypt.org/directory
# Your email for receiving certificate expiration notices
email: your-email@example.com
privateKeySecretRef:
name: letsencrypt-prod-account-key
solvers:
- http01:
ingress:
class: nginx
EOF
----
[source,bash]
----
# Create certificate to issue certificate using Let's Encrypt:
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kubesphere-tls-certs
namespace: kubesphere-system
spec:
# Let's Encrypt certificate validity is fixed at 90 days and cannot be modified through this field
# Start renewal 30 days before expiration
renewBefore: 720h # 30 days
dnsNames:
- kubesphere.my.org # Replace with your custom domain
issuerRef:
group: cert-manager.io
kind: ClusterIssuer # Use ClusterIssuer
name: letsencrypt-prod
secretName: kubesphere-tls-certs
usages:
- digital signature
- key encipherment
EOF
----
[source,bash]
----
# Create Ingress
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
cert-manager.io/issuer-kind: ClusterIssuer
name: ks-console
namespace: kubesphere-system
spec:
ingressClassName: nginx
rules:
- host: kubesphere.my.org # Replace with your custom domain
http:
paths:
- backend:
service:
name: ks-console
port:
number: 80
pathType: ImplementationSpecific
tls:
- hosts:
- kubesphere.my.org # Replace with your custom domain
secretName: kubesphere-tls-certs
EOF
----
**Verify Configuration**
Check certificate issuance status:
[source,bash]
----
kubectl describe certificate kubesphere-tls-certs -n kubesphere-system
----
View certificate issuance process:
[source,bash]
----
kubectl get challenges,orders,certificaterequests -n kubesphere-system
----
== Step 4: Verify TLS Configuration
. Check if certificate is successfully issued.
+
--
[source,bash]
----
kubectl get certificate -n kubesphere-system
----
Example output:
[source,bash]
----
NAME READY SECRET AGE
kubesphere-tls-certs True kubesphere-tls-certs 110s
----
--
. Check Ingress configuration.
+
--
[source,bash]
----
kubectl get ingress -n kubesphere-system
----
Example output:
[source,bash]
----
NAME CLASS HOSTS ADDRESS PORTS AGE
ks-console nginx kubesphere.my.org 80, 443 1m30s
----
--
. Test HTTPS access using curl.
+
--
[source,bash]
----
INGRESS_IP=$(kubectl -n ingress-nginx get svc ingress-nginx-controller -o jsonpath={.spec.clusterIP})
curl --resolve kubesphere.my.org:443:$INGRESS_IP https://kubesphere.my.org -k
----
[.admon.attention,cols="a"]
|===
|Attention
|
Replace `kubesphere.my.org` with your custom domain.
|===
Example output:
[source,bash]
----
Redirecting to <a href="/login">/login</a>.
----
--
== Step 5: Access {ks_product-en} Web Console
When using custom DNS, if you want to access the {ks_product-en} web console from other machines using the domain name, you need to perform the following additional steps.
. Set Service to use NodePort mode.
+
[source,bash]
----
kubectl -n ingress-nginx patch svc ingress-nginx-controller -p '{"spec": {"type": "NodePort"}}'
----
. View Service information.
+
[source,bash]
----
kubectl -n ingress-nginx get svc ingress-nginx-controller
----
. Get HTTPS access address.
+
--
[source,bash]
----
echo https://kubesphere.my.org:$(kubectl -n ingress-nginx get svc ingress-nginx-controller -o jsonpath='{.spec.ports[?(@.port==443)].nodePort}')
----
[.admon.attention,cols="a"]
|===
|Attention
|
Replace `kubesphere.my.org` with your custom domain.
|===
Example output (your address may differ):
[source,bash]
----
https://kubesphere.my.org:31655
----
--
. Get node IP.
+
[source,bash]
----
kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}'
----
. On the machine accessing the {ks_product-en} web console, add DNS for node IP.
+
--
[source,bash]
----
vim /etc/hosts
----
Add node IP and domain.
[source,bash]
----
<Node IP> kubesphere.my.org
----
[.admon.attention,cols="a"]
|===
|Attention
|
Replace `kubesphere.my.org` with your custom domain.
|===
--
. If everything is configured correctly, you should be able to access the {ks_product-en} web console using the HTTPS address obtained above, such as https://kubesphere.my.org:31655.
== Troubleshooting
=== Certificate Not Issued Successfully
Check certificate status:
[source,bash]
----
kubectl describe certificate -n kubesphere-system
----
Check cert-manager logs:
[source,bash]
----
kubectl logs -n cert-manager -l app=cert-manager
----
=== Ingress Configuration Issues
Check Ingress configuration:
[source,bash]
----
kubectl describe ingress -n kubesphere-system
----
Check Ingress controller logs:
[source,bash]
----
kubectl logs -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx
----
== Uninstallation
Uninstall cert-manager
[source,bash]
----
helm uninstall cert-manager -n cert-manager
kubectl delete crd certificaterequests.cert-manager.io certificates.cert-manager.io challenges.acme.cert-manager.io clusterissuers.cert-manager.io issuers.cert-manager.io orders.acme.cert-manager.io
----
Uninstall NGINX Ingress Controller
[source,bash]
----
helm uninstall ingress-nginx -n ingress-nginx
----

2
content/en/docs/v4.1/02-quickstart/02-install-an-extension.adoc → content/en/docs/v4.1/02-quickstart/03-install-an-extension.adoc
View File

@ -2,7 +2,7 @@
title: "Install and Use Extensions"
keywords: "Kubernetes, KubeSphere, quick start, install extensions, example, DevOps, extension features"
description: "Introduce all extensions and demonstrate how to install them."
weight: 02
weight: 03
---

2
content/en/docs/v4.1/02-quickstart/03-control-user-permissions.adoc → content/en/docs/v4.1/02-quickstart/04-control-user-permissions.adoc
View File

@ -3,7 +3,7 @@ title: "Control User Permissions"
linkTitle: "Create Workspaces, Projects, Users, and Roles"
keywords: "Kubernetes, KubeSphere, Quick Start, User Permissions"
description: "Learn how to create users and control their permissions by roles in workspaces and projects."
weight: 03
weight: 04
---
ifeval::["{file_output_type}" == "html"]

2
content/en/docs/v4.1/02-quickstart/05-deploy-wordpress.adoc
View File

@ -22,7 +22,7 @@ image:/images/ks-qkcp/zh/v4.1/WordPress.png[]
== Prerequisites
* Prepare a project (e.g., **demo-project**) and a user (e.g., **project-regular**). The user should have been invited to the project and has the **operator** role in it. For more information, please refer to link:../03-control-user-permissions/[Control User Permissions].
* Prepare a project (e.g., **demo-project**) and a user (e.g., **project-regular**). The user should have been invited to the project and has the **operator** role in it. For more information, please refer to link:../04-control-user-permissions/[Control User Permissions].
* **KubeSphere Service Mesh** should have been installed and enabled.

2
content/en/docs/v4.1/02-quickstart/06-deploy-bookinfo.adoc
View File

@ -33,7 +33,7 @@ image:/images/ks-qkcp/zh/v4.1/bookinfo.png[]
== Prerequisites
* Prepare a project (e.g., **demo-project**) and a user (e.g., **project-regular**). The user should have been invited to the project and has the **operator** role in it. For more information, please refer to link:../03-control-user-permissions/[Control User Permissions].
* Prepare a project (e.g., **demo-project**) and a user (e.g., **project-regular**). The user should have been invited to the project and has the **operator** role in it. For more information, please refer to link:../04-control-user-permissions/[Control User Permissions].
* **KubeSphere Service Mesh** and **KubeSphere Gateway** should have been installed and enabled.

2
content/en/docs/v4.1/02-quickstart/07-canary-release-example.adoc
View File

@ -11,7 +11,7 @@ This method allows for efficient testing of performance and reliability, helping
== Prerequisites
* Prepare a project (e.g., **demo-project**) and a user (e.g., **project-regular**). The user should have been invited to the project and has the **operator** role in it. For more information, please refer to link:../03-control-user-permissions/[Control User Permissions].
* Prepare a project (e.g., **demo-project**) and a user (e.g., **project-regular**). The user should have been invited to the project and has the **operator** role in it. For more information, please refer to link:../04-control-user-permissions/[Control User Permissions].
* **KubeSphere Service Mesh** and **KubeSphere Gateway** should have been installed and enabled.

2
content/en/docs/v4.1/11-use-extensions/01-devops/03-how-to-use/01-devops-project-management.adoc
View File

@ -9,7 +9,7 @@ This section demonstrates how to create and manage DevOps projects.
== Prerequisites
* A workspace and a user (**project-admin**) have been created. Invite this user to the workspace and assign them the **workspace-self-provisioner** role. For more information, see link:../../../../02-quickstart/03-control-user-permissions[Control User Permissions].
* A workspace and a user (**project-admin**) have been created. Invite this user to the workspace and assign them the **workspace-self-provisioner** role. For more information, see link:../../../../02-quickstart/04-control-user-permissions[Control User Permissions].
* **DevOps** must have been installed and enabled.

12
content/en/docs/v4.1/11-use-extensions/05-observability-platform/01-platform-services/01-intro.adoc
View File

@ -8,7 +8,7 @@ The WhizardTelemetry Platform Service is the common service for all extensions o
**Configuration:**
* Modify the extension configuration of WhizardTelemetry Platform Service in conjunction with WhizardTelemetry Monitoring to enable the Whizard Observability Center. For more information, see link:../../07-whizard/01-enable-whizard/[Whizard Observability Center].
// * Modify the extension configuration of WhizardTelemetry Platform Service in conjunction with WhizardTelemetry Monitoring to enable the Whizard Observability Center. For more information, see link:../../07-whizard/01-enable-whizard/[Whizard Observability Center].
* When configuring the OpenSearch log receivers for WhizardTelemetry Logging, WhizardTelemetry Auditing, WhizardTelemetry Events, and notification history, if you need to use multiple OpenSearch databases, configure them as follows.
+
@ -112,13 +112,3 @@ whizard-telemetry:
username: admin
password: admin
----
// //note
// [.admon.note,cols="a"]
// |===
// |说明
// |
// 修改 WhizardTelemetry 平台服务的扩展组件配置,可配合 WhizardTelemetry 监控扩展组件,启用 Whizard 可观测中心。有关更多信息,请参阅 link:../../07-whizard/01-enable-whizard/[Whizard 可观测中心]。
// |===

3
content/en/docs/v4.1/11-use-extensions/05-observability-platform/05-monitoring/_index.adoc
View File

@ -10,7 +10,8 @@ This section introduces how to use the "WhizardTelemetry Monitoring" extension.
WhizardTelemetry Monitoring is an extension that provides monitoring functions in the WhizardTelemetry Observability Platform, including the Whizard Observability Center. It provides multi-tenant perspective cloud-native resource monitoring capabilities, including real-time and historical data display of core monitoring metrics for objects such as multiple clusters, nodes, workloads, GPU, and K8s control planes.
This section only introduces the monitoring functions in a single-cluster environment. For alerting functions in a single-cluster environment, see link:../06-alerting[WhizardTelemetry Alerting]. For monitoring and alerting functions in a multi-cluster environment, see link:../07-whizard[Whizard Observability Center].
This section only introduces the monitoring functions in a single-cluster environment. For alerting functions in a single-cluster environment, see link:../06-alerting[WhizardTelemetry Alerting].
// For monitoring and alerting functions in a multi-cluster environment, see link:../07-whizard[Whizard Observability Center].
After installing the "WhizardTelemetry Monitoring" extension, the **Monitoring & Alerting** option will be displayed in the left navigation pane of the cluster and project, and services under application workloads in the cluster and project will support **Edit Monitoring Exporter**. The following pages will also display relevant monitoring metrics data:

3
content/en/docs/v4.1/11-use-extensions/05-observability-platform/06-alerting/03-rule-groups/_index.adoc
View File

@ -16,7 +16,8 @@ After creating a rule group, the system can generate alerts when specific monito
|Note
|
- {ks_product-en} provides built-in rule groups for clusters, and also supports custom rule groups. If the Whizard Observability Center is enabled, built-in rule groups can only be managed in the Whizard Observability Center. For more information, see link:../../07-whizard/05-alert-management/01-rule-groups/[Whizard Rule Groups].
- {ks_product-en} provides built-in rule groups for clusters, and also supports custom rule groups.
// If the Whizard Observability Center is enabled, built-in rule groups can only be managed in the Whizard Observability Center. For more information, see link:../../07-whizard/05-alert-management/01-rule-groups/[Whizard Rule Groups].
- In projects, only custom rule groups are supported.
|===

1
content/en/docs/v4.1/11-use-extensions/05-observability-platform/07-whizard/_index.adoc
View File

@ -3,6 +3,7 @@ title: "Whizard Observability Center"
keywords: "Kubernetes, {ks_product-en}, platform management, Whizard Observability Center"
description: "Describes how to use the Whizard Observability Center."
weight: 08
draft: true
layout: "second"
---

1
content/en/docs/v4.1/11-use-extensions/05-observability-platform/11-notifications/04-notification-history/_index.adoc
View File

@ -3,5 +3,6 @@ title: "Notification History"
keywords: "Kubernetes, {ks_product-en}, platform settings, notification history"
description: "Describes how to view notification history."
weight: 04
draft: true
layout: "second"
---

4
content/en/docs/v4.1/_index.adoc
View File

@ -17,11 +17,11 @@ sectionLink:
list:
- /docs/v4.1/02-quickstart/01-install-kubesphere.adoc
- /docs/v4.1/03-installation-and-upgrade/02-install-kubesphere/02-install-kubernetes-and-kubesphere.adoc
- /docs/v4.1/02-quickstart/03-control-user-permissions.adoc
- /docs/v4.1/02-quickstart/04-control-user-permissions.adoc
- docs/v4.1/03-installation-and-upgrade/02-install-kubesphere/04-offline-installation.adoc
- /docs/v4.1/03-installation-and-upgrade/05-add-and-delete-cluster-nodes/01-add-cluster-nodes.adoc
- /docs/v4.1/07-cluster-management/10-multi-cluster-management
- /docs/v4.1/02-quickstart/02-install-an-extension.adoc
- /docs/v4.1/02-quickstart/03-install-an-extension.adoc
- /docs/v4.1/10-toolbox/01-use-kubectl-tool.adoc
- docs/v4.1/11-use-extensions/01-devops/03-how-to-use/02-pipelines/01-create-a-pipeline-using-graphical-editing-panel.adoc
- docs/v4.1/11-use-extensions/01-devops/03-how-to-use/02-pipelines/02-create-a-pipeline-using-jenkinsfile.adoc

466
content/zh/docs/v4.1/02-quickstart/02-access-kubesphere-via-https.adoc Normal file
View File

@ -0,0 +1,466 @@
---
title: "通过域名访问 KubeSphere 控制台"
keywords: "Kubernetes, {ks_product}, 域名访问, TLS"
description: "了解如何通过域名访问 KubeSphere 控制台。"
weight: 02
---
本节介绍如何通过自定义域名访问{ks_product_left} Web 控制台。为实现此目的,您需要使用 cert-manager 配置 TLS 访问。
== 前提条件
- 已安装 Kubernetes 集群。
- link:https://helm.sh/zh/docs/intro/install/[已安装 Helm](用于安装 cert-manager 和 ingress-nginx
- 已安装{ks_product_both}或准备安装{ks_product_left}。
== 步骤 1安装 NGINX Ingress Controller
如果您尚未安装 link:https://kubernetes.github.io/ingress-nginx/[NGINX Ingress Controller],请按照以下步骤安装。
[source,bash]
----
# 添加 ingress-nginx 仓库
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
# 更新仓库
helm repo update
# 安装 ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx \
--create-namespace \
--version 4.2.5
# 验证安装结果
kubectl -n ingress-nginx get svc ingress-nginx-controller
# 检查 IngressClass
kubectl get ingressclass
----
== 步骤 2安装 cert-manager
link:https://cert-manager.io/docs/[cert-manager] 是一个 Kubernetes 原生的证书管理控制器,可以帮助您自动化 TLS 证书的管理和签发。
[source,bash]
----
# 添加 cert-manager 仓库
helm repo add jetstack https://charts.jetstack.io
# 更新仓库
helm repo update
# 安装 cert-manager
helm install cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.12.0 \
--set installCRDs=true
# 验证安装结果
kubectl get pods -n cert-manager
----
== 步骤 3为 KubeSphere 配置 TLS
=== 方法 1安装 KubeSphere 时,配置 TLS
如果您尚未安装 KubeSphere可以在安装时配置 TLS。以下命令采用 cert-manager 生成自签证书。
[source,bash]
----
helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.3.tgz \
--set portal.hostname=kubesphere.my.org \ # 将 kubesphere.my.org 替换为您的自定义域名
--set portal.https.port=30880 \
--set ingress.enabled=true \
--set ingress.tls.source=generation \
--set ingress.ingressClassName=nginx
----
[.admon.note,cols="a"]
|===
|说明
|
以上参数的更多信息,请参阅 link:../../03-installation-and-upgrade/02-install-kubesphere/05-appendix/[KubeSphere Core 高级配置]。
|===
=== 方法 2安装 KubeSphere 后手动配置自签名TLS
如果已安装 KubeSphere需手动配置 TLS。
[source,bash]
----
# 创建 Issuer
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: self-signed
namespace: kubesphere-system
spec:
selfSigned: {}
EOF
----
[source,bash]
----
# 创建 Certificate
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kubesphere-tls-certs
namespace: kubesphere-system
spec:
duration: 2160h # 90天
# 设置在证书到期前15天开始更新
renewBefore: 360h # 15天 (15 * 24小时)
dnsNames:
- kubesphere.my.org # 替换为您的自定义域名
issuerRef:
group: cert-manager.io
kind: Issuer
name: self-signed
secretName: kubesphere-tls-certs
usages:
- digital signature
- key encipherment
EOF
----
[source,bash]
----
# 创建 Ingress
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: self-signed
cert-manager.io/issuer-kind: Issuer
name: ks-console
namespace: kubesphere-system
spec:
ingressClassName: nginx
rules:
- host: kubesphere.my.org # 替换为您的自定义域名
http:
paths:
- backend:
service:
name: ks-console
port:
number: 80
pathType: ImplementationSpecific
tls:
- hosts:
- kubesphere.my.org # 替换为您的自定义域名
secretName: kubesphere-tls-certs
EOF
----
=== 方法 3安装 KubeSphere 后,手动配置 Let's Encrypt 签发证书
如果已安装 KubeSphere也可手动配置 Let's Encrypt 签发证书。
[.admon.attention,cols="a"]
|===
|注意
|
. 域名要求:对于 HTTP-01 challenge您的域名必须能够从公网访问且 80 端口必须开放。
. Let's Encrypt 限制:
- 证书有效期固定为 90 天
- 每个域名每周可以签发的证书有数量限制
- 测试时建议使用 Let's Encrypt 的 staging 环境:
+
https://acme-staging-v02.api.letsencrypt.org/directoryStaging
|===
[source,bash]
----
#创建 Let's Encrypt Issuer (HTTP-01 challenge)
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# Let's Encrypt 生产环境 API
server: https://acme-v02.api.letsencrypt.org/directory
# 您的邮箱,用于接收证书过期通知
email: your-email@example.com
privateKeySecretRef:
name: letsencrypt-prod-account-key
solvers:
- http01:
ingress:
class: nginx
EOF
----
[source,bash]
----
# 创建 Certificate 资源,使用 Let's Encrypt 签发证书:
cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kubesphere-tls-certs
namespace: kubesphere-system
spec:
# Let's Encrypt 证书有效期固定为90天无法通过此字段修改
# 设置在证书到期前30天开始更新
renewBefore: 720h # 30天
dnsNames:
- kubesphere.my.org # 替换为您的自定义域名
issuerRef:
group: cert-manager.io
kind: ClusterIssuer # 使用 ClusterIssuer
name: letsencrypt-prod
secretName: kubesphere-tls-certs
usages:
- digital signature
- key encipherment
EOF
----
[source,bash]
----
# 创建 Ingress
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
cert-manager.io/issuer-kind: ClusterIssuer
name: ks-console
namespace: kubesphere-system
spec:
ingressClassName: nginx
rules:
- host: kubesphere.my.org # 替换为您的自定义域名
http:
paths:
- backend:
service:
name: ks-console
port:
number: 80
pathType: ImplementationSpecific
tls:
- hosts:
- kubesphere.my.org # 替换为您的自定义域名
secretName: kubesphere-tls-certs
EOF
----
**验证配置结果**
验证证书签发状态:
[source,bash]
----
kubectl describe certificate kubesphere-tls-certs -n kubesphere-system
----
查看证书签发过程:
[source,bash]
----
kubectl get challenges,orders,certificaterequests -n kubesphere-system
----
== 步骤 4验证 TLS 配置
. 检查证书是否成功签发。
+
--
[source,bash]
----
kubectl get certificate -n kubesphere-system
----
输出示例如下:
[source,bash]
----
NAME READY SECRET AGE
kubesphere-tls-certs True kubesphere-tls-certs 110s
----
--
. 检查 Ingress 配置。
+
--
[source,bash]
----
kubectl get ingress -n kubesphere-system
----
输出示例如下:
[source,bash]
----
NAME CLASS HOSTS ADDRESS PORTS AGE
ks-console nginx kubesphere.my.org 80, 443 1m30s
----
--
. 使用 curl 测试 HTTPS 访问。
+
--
[source,bash]
----
INGRESS_IP=$(kubectl -n ingress-nginx get svc ingress-nginx-controller -o jsonpath={.spec.clusterIP})
curl --resolve kubesphere.my.org:443:$INGRESS_IP https://kubesphere.my.org -k
----
[.admon.attention,cols="a"]
|===
|注意
|
将 kubesphere.my.org 替换为您的自定义域名。
|===
输出示例如下:
[source,bash]
----
Redirecting to <a href="/login">/login</a>.
----
--
== 步骤 5访问{ks_product_left} Web 控制台
在使用自定义 DNS 的情况下,如果要在其他机器使用域名访问{ks_product_left} Web 控制台,还需要执行以下步骤。
. 设置 Service 使用 NodePort 模式。
+
[source,bash]
----
kubectl -n ingress-nginx patch svc ingress-nginx-controller -p '{"spec": {"type": "NodePort"}}'
----
. 查询 Service 信息。
+
[source,bash]
----
kubectl -n ingress-nginx get svc ingress-nginx-controller
----
. 获取 https 访问地址。
+
--
[source,bash]
----
echo https://kubesphere.my.org:$(kubectl -n ingress-nginx get svc ingress-nginx-controller -o jsonpath='{.spec.ports[?(@.port==443)].nodePort}')
----
[.admon.attention,cols="a"]
|===
|注意
|
将 kubesphere.my.org 替换为您的自定义域名。
|===
输出示例如下(您的访问地址可能不同):
[source,bash]
----
https://kubesphere.my.org:31655
----
--
. 获取节点 IP。
+
[source,bash]
----
kubectl get nodes -o jsonpath='{.items[0].status.addresses[?(@.type=="InternalIP")].address}'
----
. 在访问{ks_product_both}控制台的机器上添加节点 IP 的 DNS以配置域名解析规则。
+
--
[source,bash]
----
vim /etc/hosts
----
添加节点 IP 和域名。
[source,bash]
----
<Node IP> kubesphere.my.org
----
[.admon.attention,cols="a"]
|===
|注意
|
将 kubesphere.my.org 替换为您的自定义域名。
|===
--
. 如果一切配置正确,您将能够通过第 3 步获取的 https 访问地址,如 https://kubesphere.my.org:31655 访问{ks_product_left} Web 控制台。
== 故障排除
=== 证书未成功签发
检查证书状态:
[source,bash]
----
kubectl describe certificate -n kubesphere-system
----
检查 cert-manager 日志:
[source,bash]
----
kubectl logs -n cert-manager -l app=cert-manager
----
=== Ingress 配置问题
检查 Ingress 配置:
[source,bash]
----
kubectl describe ingress -n kubesphere-system
----
检查 Ingress 控制器日志:
[source,bash]
----
kubectl logs -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx
----
== 卸载
卸载 cert-manager
[source,bash]
----
helm uninstall cert-manager -n cert-manager
kubectl delete crd certificaterequests.cert-manager.io certificates.cert-manager.io challenges.acme.cert-manager.io clusterissuers.cert-manager.io issuers.cert-manager.io orders.acme.cert-manager.io
----
卸载 NGINX Ingress Controller
[source,bash]
----
helm uninstall ingress-nginx -n ingress-nginx
----

2
content/zh/docs/v4.1/02-quickstart/02-install-an-extension.adoc → content/zh/docs/v4.1/02-quickstart/03-install-an-extension.adoc
View File

@ -2,7 +2,7 @@
title: "安装并使用扩展组件"
keywords: "Kubernetes, KubeSphere, 快速入门, 安装组件, 示例, DevOps, 扩展组件功能"
description: "介绍所有扩展组件,并演示如何安装扩展组件。"
weight: 02
weight: 03
---

2
content/zh/docs/v4.1/02-quickstart/03-control-user-permissions.adoc → content/zh/docs/v4.1/02-quickstart/04-control-user-permissions.adoc
View File

@ -3,7 +3,7 @@ title: "控制用户权限"
linkTitle: "创建企业空间、项目、用户和角色"
keywords: "Kubernetes, KubeSphere, 快速入门, 用户, 权限"
description: "介绍如何创建用户,并使用企业空间、项目和角色控制用户的访问权限。"
weight: 03
weight: 04
---
ifeval::["{file_output_type}" == "html"]

2
content/zh/docs/v4.1/02-quickstart/05-deploy-wordpress.adoc
View File

@ -22,7 +22,7 @@ image:/images/ks-qkcp/zh/v4.1/WordPress.png[]
== 前提条件
* 准备一个项目(例如 **demo-project**)和一个已邀请到该项目的用户(例如 **project-regular**)。该用户在项目中应具有 **operator** 角色。有关更多信息请参阅link:../03-control-user-permissions/[控制用户权限]。
* 准备一个项目(例如 **demo-project**)和一个已邀请到该项目的用户(例如 **project-regular**)。该用户在项目中应具有 **operator** 角色。有关更多信息请参阅link:../04-control-user-permissions/[控制用户权限]。
* {ks_product_right}平台需要安装并启用 **KubeSphere 服务网格**扩展组件。

2
content/zh/docs/v4.1/02-quickstart/06-deploy-bookinfo.adoc
View File

@ -33,7 +33,7 @@ image:/images/ks-qkcp/zh/v4.1/bookinfo.png[]
== 前提条件
* 准备一个项目(例如 **demo-project**)和一个已邀请到该项目的用户(例如 **project-regular**)。该用户在项目中应具有 **operator** 角色。有关更多信息请参阅link:../03-control-user-permissions/[控制用户权限]。
* 准备一个项目(例如 **demo-project**)和一个已邀请到该项目的用户(例如 **project-regular**)。该用户在项目中应具有 **operator** 角色。有关更多信息请参阅link:../04-control-user-permissions/[控制用户权限]。
* {ks_product_right}平台需要安装并启用 **KubeSphere 服务网格**和 **KubeSphere 网关**扩展组件。

2
content/zh/docs/v4.1/02-quickstart/07-canary-release-example.adoc
View File

@ -11,7 +11,7 @@ weight: 07
== 前提条件
* 准备一个项目(例如 **demo-project**)和一个已邀请到该项目的用户(例如 **project-regular**)。该用户在项目中应具有 **operator** 角色。有关更多信息请参阅link:../03-control-user-permissions/[控制用户权限]。
* 准备一个项目(例如 **demo-project**)和一个已邀请到该项目的用户(例如 **project-regular**)。该用户在项目中应具有 **operator** 角色。有关更多信息请参阅link:../04-control-user-permissions/[控制用户权限]。
* {ks_product_right}平台需要安装并启用 **KubeSphere 服务网格**和 **KubeSphere 网关**扩展组件。

7
content/zh/docs/v4.1/07-cluster-management/10-multi-cluster-management/01-clusters/09-remove-a-member-cluster.adoc
View File

@ -69,11 +69,10 @@ include::../../../../_custom/platformManagement/extensionManagement/extensionMan
+
--
// Bash
include::../../../../../_ks_components/code/bash.adoc[]
[source,bash]
----
kubectl delete cluster <cluster name>
include::../../../../../_ks_components/code/codeEnd.adoc[]
----
--

2
content/zh/docs/v4.1/11-use-extensions/01-devops/03-how-to-use/01-devops-project-management.adoc
View File

@ -10,7 +10,7 @@ weight: 01
== 前提条件
ifeval::["{file_output_type}" == "html"]
* 已创建一个企业空间和一个用户 (**project-admin**),需要邀请该用户至该企业空间并赋予 **workspace-self-provisioner** 角色。有关更多信息请参阅link:../../../../02-quickstart/03-control-user-permissions[控制用户权限]。
* 已创建一个企业空间和一个用户 (**project-admin**),需要邀请该用户至该企业空间并赋予 **workspace-self-provisioner** 角色。有关更多信息请参阅link:../../../../02-quickstart/04-control-user-permissions[控制用户权限]。
endif::[]
ifeval::["{file_output_type}" == "pdf"]

14
content/zh/docs/v4.1/11-use-extensions/05-observability-platform/01-platform-services/01-intro.adoc
View File

@ -8,7 +8,7 @@ WhizardTelemetry 平台服务是 WhizardTelemetry 可观测平台中各扩展组
**配置说明:**
* 修改 WhizardTelemetry 平台服务的扩展组件配置,可配合 WhizardTelemetry 监控扩展组件,启用 Whizard 可观测中心。有关更多信息,请参阅 link:../../07-whizard/01-enable-whizard/[Whizard 可观测中心]。
// * 修改 WhizardTelemetry 平台服务的扩展组件配置,可配合 WhizardTelemetry 监控扩展组件,启用 Whizard 可观测中心。有关更多信息,请参阅 link:../../07-whizard/01-enable-whizard/[Whizard 可观测中心]。
* 为 WhizardTelemetry 日志、WhizardTelemetry 审计、WhizardTelemetry 事件、以及通知历史配置 OpenSearch 日志接收器时,如果需要使用多个 OpenSearch 数据库,可以按如下配置。
// 有关组件配置的更多信息请参阅扩展中心“WhizardTelemetry 平台服务”扩展组件的详情页说明。
@ -112,14 +112,4 @@ whizard-telemetry:
basicAuth: true
username: admin
password: admin
----
// //note
// [.admon.note,cols="a"]
// |===
// |说明
// |
// 修改 WhizardTelemetry 平台服务的扩展组件配置,可配合 WhizardTelemetry 监控扩展组件,启用 Whizard 可观测中心。有关更多信息,请参阅 link:../../07-whizard/01-enable-whizard/[Whizard 可观测中心]。
// |===
----

3
content/zh/docs/v4.1/11-use-extensions/05-observability-platform/05-monitoring/_index.adoc
View File

@ -11,7 +11,8 @@ layout: "second"
WhizardTelemetry 监控是 WhizardTelemetry 可观测平台中提供监控功能的扩展组件,其中包含了 Whizard 可观测中心。可提供多租户视角的云原生资源监控能力, 包括针对多集群、节点、工作负载、GPU、K8s 控制面等对象的核心监控指标实时和历史数据展示等功能。
本节仅介绍单集群环境下的监控功能。有关单集群的告警功能,请参阅 link:../06-alerting[WhizardTelemetry 告警]。有关多集群的监控和告警功能,请参阅 link:../07-whizard[Whizard 可观测中心]。
本节仅介绍单集群环境下的监控功能。有关单集群的告警功能,请参阅 link:../06-alerting[WhizardTelemetry 告警]。
// 有关多集群的监控和告警功能,请参阅 link:../07-whizard[Whizard 可观测中心]。
安装“WhizardTelemetry 监控”扩展组件后,集群和项目的左侧导航栏将显示**监控告警**选项,集群和项目中应用负载下的服务将支持**编辑监控导出器**,以下页面也将显示相关监控指标的数据:

3
content/zh/docs/v4.1/11-use-extensions/05-observability-platform/06-alerting/03-rule-groups/_index.adoc
View File

@ -16,7 +16,8 @@ layout: "second"
|说明
|
- {ks_product_right}为集群提供了内置规则组,同时也支持自定义规则组。若已启用 Whizard 可观测中心,内置规则组只能在 Whizard 可观测中心中进行管理。有关更多信息,请参阅 link:../../07-whizard/05-alert-management/01-rule-groups/[Whizard 规则组]。
- {ks_product_right}为集群提供了内置规则组,同时也支持自定义规则组。
// 若已启用 Whizard 可观测中心,内置规则组只能在 Whizard 可观测中心中进行管理。有关更多信息,请参阅 link:../../07-whizard/05-alert-management/01-rule-groups/[Whizard 规则组]。
- 在项目中,只支持自定义规则组。
|===

1
content/zh/docs/v4.1/11-use-extensions/05-observability-platform/07-whizard/_index.adoc
View File

@ -4,6 +4,7 @@ keywords: "Kubernetes, {ks_product}, 平台管理, Whizard 可观测中心"
description: "介绍如何使用 Whizard 可观测中心功能。"
weight: 07
layout: "second"
draft: true
---

1
content/zh/docs/v4.1/11-use-extensions/05-observability-platform/11-notifications/04-notification-history/_index.adoc
View File

@ -3,5 +3,6 @@ title: "通知历史"
keywords: "Kubernetes, {ks_product}, 平台设置, 通知历史"
description: "介绍如何查看通知历史记录。"
weight: 04
draft: true
layout: "second"
---

4
content/zh/docs/v4.1/_index.adoc
View File

@ -17,11 +17,11 @@ sectionLink:
list:
- /docs/v4.1/02-quickstart/01-install-kubesphere.adoc
- /docs/v4.1/03-installation-and-upgrade/02-install-kubesphere/02-install-kubernetes-and-kubesphere.adoc
- /docs/v4.1/02-quickstart/03-control-user-permissions.adoc
- /docs/v4.1/02-quickstart/04-control-user-permissions.adoc
- docs/v4.1/03-installation-and-upgrade/02-install-kubesphere/04-offline-installation.adoc
- /docs/v4.1/03-installation-and-upgrade/05-add-and-delete-cluster-nodes/01-add-cluster-nodes.adoc
- /docs/v4.1/07-cluster-management/10-multi-cluster-management
- /docs/v4.1/02-quickstart/02-install-an-extension.adoc
- /docs/v4.1/02-quickstart/03-install-an-extension.adoc
- /docs/v4.1/10-toolbox/01-use-kubectl-tool.adoc
- docs/v4.1/11-use-extensions/01-devops/03-how-to-use/02-pipelines/01-create-a-pipeline-using-graphical-editing-panel.adoc
- docs/v4.1/11-use-extensions/01-devops/03-how-to-use/02-pipelines/02-create-a-pipeline-using-jenkinsfile.adoc