diff --git a/content/en/docs/installing-on-kubernetes/on-prem-kubernetes/install-ks-on-linux-airgapped.md b/content/en/docs/installing-on-kubernetes/on-prem-kubernetes/install-ks-on-linux-airgapped.md index 550766807..7f283e33a 100644 --- a/content/en/docs/installing-on-kubernetes/on-prem-kubernetes/install-ks-on-linux-airgapped.md +++ b/content/en/docs/installing-on-kubernetes/on-prem-kubernetes/install-ks-on-linux-airgapped.md @@ -1,10 +1,409 @@ --- -title: "Air-Gapped Installation" -keywords: 'kubernetes, kubesphere, air gapped, installation' -description: 'How to install KubeSphere on air-gapped Linux machines' - +title: "Air-gapped Installation" +keywords: 'Kubernetes, KubeSphere, air-gapped, installation' +description: 'How to install KubeSphere on Kubernetes in an air-gapped environment.' +linkTitle: "Air-gapped Installation" weight: 2240 --- -TBD +The air-gapped installation is almost the same as the online installation except that you must create a local registry to host Docker images. This tutorial demonstrates how to install KubeSphere on Kubernetes in an air-gapped environment. + +Before you follow the steps below, read [Prerequisites](../../../installing-on-kubernetes/introduction/prerequisites/) first. + +## Step 1: Prepare a Private Image Registry + +You can use Harbor or any other private image registries. This tutorial uses Docker registry as an example with [self-signed certificates](https://docs.docker.com/registry/insecure/#use-self-signed-certificates) (If you have your own private image registry, you can skip this step). + +### Use Self-signed Certificates + +1. Generate your own certificate by executing the following commands: + + ```bash + mkdir -p certs + ``` + + ```bash + openssl req \ + -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \ + -x509 -days 36500 -out certs/domain.crt + ``` + +2. Make sure you specify a domain name in the field `Common Name` when you are generating your own certificate. For instance, the field is set to `dockerhub.kubekey.local` in this example. + + ![self-signed-cert](/images/docs/installing-on-linux/introduction/air-gapped-installation/self-signed-cert.jpg) + +### Start Docker Registry + +Run the following commands to start the Docker registry: + +``` +docker run -d \ + --restart=always \ + --name registry \ + -v "$(pwd)"/certs:/certs \ + -v /mnt/registry:/var/lib/registry \ + -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ + -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ + -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ + -p 443:443 \ + registry:2 +``` + +{{< notice note >}} + +Docker uses `/var/lib/docker` as the default directory where all Docker related files, including images, are stored. It is recommended you add additional storage volumes with at least **100G** mounted to `/var/lib/docker` and `/mnt/registry` respectively. See [fdisk](https://www.computerhope.com/unix/fdisk.htm) command for reference. + +{{}} + +### Configure Registry + +1. Add an entry to `/etc/hosts` to map the hostname (i.e. the registry domain name; in this case, it is `dockerhub.kubekey.local`) to the private IP address of your machine as below. + + ```bash + # docker registry + 192.168.0.2 dockerhub.kubekey.local + ``` + +2. Execute the following commands to copy the certificate to a specified directory and make Docker trust it. + + ```bash + mkdir -p /etc/docker/certs.d/dockerhub.kubekey.local + ``` + + ```bash + cp certs/domain.crt /etc/docker/certs.d/dockerhub.kubesphere.local/ca.crt + ``` + + {{< notice note >}} + + The path of the certificate is related to the domain name. When you copy the path, use your actual domain name if it is different from the one set above. + + {{}} + +3. To verify whether the private registry is effective, you can copy an image to your local machine first, and use `docker push` and `docker pull` to test it. + +## Step 2: Prepare Installation Images + +As you install KubeSphere in an air-gapped environment, you need to prepare an image package containing all the necessary images in advance. + +1. Download the image list file `images-list.txt` from a machine that has access to the Internet through the following command: + + ```bash + curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.0.0/images-list.txt + ``` + + {{< notice note >}} + + This file lists images under `##+modulename` based on different modules. You can add your own images to this file following the same rule. To view the complete file, see [Appendix](../install-ks-on-linux-airgapped/#image-list-of-kubesphere-v300). + + {{}} + +2. Download `offline-installation-tool.sh`. + + ```bash + curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.0.0/offline-installation-tool.sh + ``` + +3. Make the `.sh` file executable. + + ```bash + chmod +x offline-installation-tool.sh + ``` + +4. You can execute the command `./offline-installation-tool.sh -h` to see how to use the script: + + ```bash + root@master:/home/ubuntu# ./offline-installation-tool.sh -h + Usage: + + ./offline-installation-tool.sh [-l IMAGES-LIST] [-d IMAGES-DIR] [-r PRIVATE-REGISTRY] [-v KUBERNETES-VERSION ] + + Description: + -b : save kubernetes' binaries. + -d IMAGES-DIR : the dir of files (tar.gz) which generated by `docker save`. default: /home/ubuntu/kubesphere-images + -l IMAGES-LIST : text file with list of images. + -r PRIVATE-REGISTRY : target private registry:port. + -s : save model will be applied. Pull the images in the IMAGES-LIST and save images as a tar.gz file. + -v KUBERNETES-VERSION : download kubernetes' binaries. default: v1.17.9 + -h : usage message + ``` + +5. Pull images in `offline-installation-tool.sh`. + + ```bash + ./offline-installation-tool.sh -s -l images-list.txt -d ./kubesphere-images + ``` + + {{< notice note >}} + + You can choose to pull images as needed. For example, you can delete `##k8s-images` and related images under it in `images-list.text` as you already have a Kubernetes cluster. + + {{}} + +## Step 3: Push Images to Private Registry + +Transfer your packaged image file to your local machine and execute the following command to push it to the registry. + +```bash +./offline-installation-tool.sh -l images-list.txt -d ./kubesphere-images -r dockerhub.kubekey.local +``` + +{{< notice note >}} + +The domain name is `dockerhub.kubekey.local` in the command. Make sure you use your **own registry address**. + +{{}} + +## Step 4: Download Deployment Files + +Similar to installing KubeSphere on an existing Kubernetes cluster in an online environment, you also need to download `cluster-configuration.yaml` and `kubesphere-installer.yaml` first. + +1. Execute the following commands to download these two files and transfer them to your machine that serves as the taskbox for installation. + + ```bash + curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.0.0/cluster-configuration.yaml + curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.0.0/kubesphere-installer.yaml + ``` + +2. Edit `cluster-configuration.yaml` to add your private image registry. For example, `dockerhub.kubekey.local` is the registry address in this tutorial, then use it as the value of `.spec.local_registry` as below: + + ```yaml + spec: + persistence: + storageClass: "" + authentication: + jwtSecret: "" + local_registry: dockerhub.kubekey.local # Add this line manually; make sure you use your own registry address. + ``` + + {{< notice note >}} + + You can enable pluggable components in this YAML file to explore more features of KubeSphere. Refer to [Enable Pluggle Components](../../../pluggable-components) for more details. + + {{}} + +3. Save `cluster-configuration.yaml` after you finish editing. Replace `ks-installer` with your **own registry address** with the following command: + + ```bash + sed -i 's|kubesphere/ks-installer:v3.0.0|dockerhub.kubekey.local/kubesphere/ks-installer:v3.0.0|g' kubesphere-installer.yaml + ``` + + {{< notice warning >}} + + `dockerhub.kubekey.local` is the registry address in the command. Make sure you use your own registry address. + + {{}} + + +## Step 5: Start Installation + +Execute the following commands after you make sure that all steps above are completed. + +```bash +kubectl apply -f kubesphere-installer.yaml +kubectl apply -f cluster-configuration.yaml +``` + +## Step 6: Verify Installation + +When the installation finishes, you can see the content as follows: + +```bash +##################################################### +### Welcome to KubeSphere! ### +##################################################### + +Console: http://192.168.0.2:30880 +Account: admin +Password: P@88w0rd + +NOTES: + 1. After logging into the console, please check the + monitoring status of service components in + the "Cluster Management". If any service is not + ready, please wait patiently until all components + are ready. + 2. Please modify the default password after login. + +##################################################### +https://kubesphere.io 20xx-xx-xx xx:xx:xx +##################################################### +``` + +Now, you will be able to access the web console of KubeSphere through `http://{IP}:30880` with the default account and password `admin/P@88w0rd`. + +{{< notice note >}} + +To access the console, make sure the port 30880 is opened in your security group. + +{{}} + +![kubesphere-login](https://ap3.qingstor.com/kubesphere-website/docs/login.png) + +## Appendix + +### Image List of KubeSphere v3.0.0 + +```txt +##k8s-images +kubesphere/kube-apiserver:v1.17.9 +kubesphere/kube-scheduler:v1.17.9 +kubesphere/kube-proxy:v1.17.9 +kubesphere/kube-controller-manager:v1.17.9 +kubesphere/kube-apiserver:v1.18.6 +kubesphere/kube-scheduler:v1.18.6 +kubesphere/kube-proxy:v1.18.6 +kubesphere/kube-controller-manager:v1.18.6 +kubesphere/kube-apiserver:v1.16.13 +kubesphere/kube-scheduler:v1.16.13 +kubesphere/kube-proxy:v1.16.13 +kubesphere/kube-controller-manager:v1.16.13 +kubesphere/kube-apiserver:v1.15.12 +kubesphere/kube-scheduler:v1.15.12 +kubesphere/kube-proxy:v1.15.12 +kubesphere/kube-controller-manager:v1.15.12 +kubesphere/pause:3.1 +kubesphere/pause:3.2 +kubesphere/etcd:v3.3.12 +calico/kube-controllers:v3.15.1 +calico/node:v3.15.1 +calico/cni:v3.15.1 +calico/pod2daemon-flexvol:v3.15.1 +coredns/coredns:1.6.9 +kubesphere/k8s-dns-node-cache:1.15.12 +kubesphere/node-disk-manager:0.5.0 +kubesphere/node-disk-operator:0.5.0 +kubesphere/provisioner-localpv:1.10.0 +kubesphere/linux-utils:1.10.0 +kubesphere/nfs-client-provisioner:v3.1.0-k8s1.11 + +##ks-core-images +kubesphere/ks-apiserver:v3.0.0 +kubesphere/ks-console:v3.0.0 +kubesphere/ks-controller-manager:v3.0.0 +kubesphere/ks-installer:v3.0.0 +kubesphere/etcd:v3.2.18 +kubesphere/kubectl:v1.0.0 +kubesphere/ks-upgrade:v3.0.0 +kubesphere/ks-devops:flyway-v3.0.0 +redis:5.0.5-alpine +alpine:3.10.4 +haproxy:2.0.4 +mysql:8.0.11 +nginx:1.14-alpine +minio/minio:RELEASE.2019-08-07T01-59-21Z +minio/mc:RELEASE.2019-08-07T23-14-43Z +mirrorgooglecontainers/defaultbackend-amd64:1.4 +kubesphere/nginx-ingress-controller:0.24.1 +osixia/openldap:1.3.0 +csiplugin/snapshot-controller:v2.0.1 +kubesphere/kubefed:v0.3.0 +kubesphere/tower:v0.1.0 +kubesphere/prometheus-config-reloader:v0.38.3 +kubesphere/prometheus-operator:v0.38.3 +prom/alertmanager:v0.21.0 +prom/prometheus:v2.20.1 +kubesphere/node-exporter:ks-v0.18.1 +jimmidyson/configmap-reload:v0.3.0 +kubesphere/notification-manager-operator:v0.1.0 +kubesphere/notification-manager:v0.1.0 +kubesphere/metrics-server:v0.3.7 +kubesphere/kube-rbac-proxy:v0.4.1 +kubesphere/kube-state-metrics:v1.9.6 + +##ks-logging-images +kubesphere/elasticsearch-oss:6.7.0-1 +kubesphere/elasticsearch-curator:v5.7.6 +kubesphere/fluentbit-operator:v0.2.0 +kubesphere/fluentbit-operator:migrator +kubesphere/fluent-bit:v1.4.6 +elastic/filebeat:6.7.0 +kubesphere/kube-auditing-operator:v0.1.0 +kubesphere/kube-auditing-webhook:v0.1.0 +kubesphere/kube-events-exporter:v0.1.0 +kubesphere/kube-events-operator:v0.1.0 +kubesphere/kube-events-ruler:v0.1.0 +kubesphere/log-sidecar-injector:1.1 +docker:19.03 + +##istio-images +istio/citadel:1.4.8 +istio/galley:1.4.8 +istio/kubectl:1.4.8 +istio/mixer:1.4.8 +istio/pilot:1.4.8 +istio/proxyv2:1.4.8 +istio/sidecar_injector:1.4.8 +jaegertracing/jaeger-agent:1.17 +jaegertracing/jaeger-collector:1.17 +jaegertracing/jaeger-operator:1.17.1 +jaegertracing/jaeger-query:1.17 +jaegertracing/jaeger-es-index-cleaner:1.17.1 + +##ks-devops-images +jenkins/jenkins:2.176.2 +jenkins/jnlp-slave:3.27-1 +kubesphere/jenkins-uc:v3.0.0 +kubesphere/s2ioperator:v2.1.1 +kubesphere/s2irun:v2.1.1 +kubesphere/builder-base:v2.1.0 +kubesphere/builder-nodejs:v2.1.0 +kubesphere/builder-maven:v2.1.0 +kubesphere/builder-go:v2.1.0 +kubesphere/s2i-binary:v2.1.0 +kubesphere/tomcat85-java11-centos7:v2.1.0 +kubesphere/tomcat85-java11-runtime:v2.1.0 +kubesphere/tomcat85-java8-centos7:v2.1.0 +kubesphere/tomcat85-java8-runtime:v2.1.0 +kubesphere/java-11-centos7:v2.1.0 +kubesphere/java-8-centos7:v2.1.0 +kubesphere/java-8-runtime:v2.1.0 +kubesphere/java-11-runtime:v2.1.0 +kubesphere/nodejs-8-centos7:v2.1.0 +kubesphere/nodejs-6-centos7:v2.1.0 +kubesphere/nodejs-4-centos7:v2.1.0 +kubesphere/python-36-centos7:v2.1.0 +kubesphere/python-35-centos7:v2.1.0 +kubesphere/python-34-centos7:v2.1.0 +kubesphere/python-27-centos7:v2.1.0 +kubesphere/notification:flyway_v2.1.2 +kubesphere/notification:v2.1.2 +kubesphere/alert-adapter:v3.0.0 +kubesphere/alerting-dbinit:v3.0.0 +kubesphere/alerting:v2.1.2 + +##openpitrix-images +openpitrix/generate-kubeconfig:v0.5.0 +openpitrix/openpitrix:flyway-v0.5.0 +openpitrix/openpitrix:v0.5.0 +openpitrix/release-app:v0.5.0 + +##example-images +kubesphere/examples-bookinfo-productpage-v1:1.13.0 +kubesphere/examples-bookinfo-reviews-v1:1.13.0 +kubesphere/examples-bookinfo-reviews-v2:1.13.0 +kubesphere/examples-bookinfo-reviews-v3:1.13.0 +kubesphere/examples-bookinfo-details-v1:1.13.0 +kubesphere/examples-bookinfo-ratings-v1:1.13.0 +busybox:1.31.1 +joosthofman/wget:1.0 +kubesphere/netshoot:v1.0 +nginxdemos/hello:plain-text +wordpress:4.8-apache +mirrorgooglecontainers/hpa-example:latest +java:openjdk-8-jre-alpine +fluent/fluentd:v1.4.2-2.0 +perl:latest + +##csi-images +csiplugin/csi-neonsan:v1.2.0 +csiplugin/csi-neonsan-ubuntu:v1.2.0 +csiplugin/csi-neonsan-centos:v1.2.0 +csiplugin/csi-provisioner:v1.5.0 +csiplugin/csi-attacher:v2.1.1 +csiplugin/csi-resizer:v0.4.0 +csiplugin/csi-snapshotter:v2.0.1 +csiplugin/csi-node-driver-registrar:v1.2.0 +csiplugin/csi-qingcloud:v1.2.0 +``` diff --git a/content/en/docs/installing-on-linux/introduction/air-gapped-installation.md b/content/en/docs/installing-on-linux/introduction/air-gapped-installation.md index 2f4ca54f1..807a104a5 100644 --- a/content/en/docs/installing-on-linux/introduction/air-gapped-installation.md +++ b/content/en/docs/installing-on-linux/introduction/air-gapped-installation.md @@ -161,7 +161,7 @@ As you install KubeSphere and Kubernetes on Linux, you need to prepare an image {{}} -2. Download `images-manager.sh`. +2. Download `offline-installation-tool.sh`. ```bash curl -L -O https://github.com/kubesphere/ks-installer/releases/download/v3.0.0/offline-installation-tool.sh @@ -211,7 +211,7 @@ As you install KubeSphere and Kubernetes on Linux, you need to prepare an image {{}} -6. Pull images in the file `images-list.txt`. +6. Pull images in `offline-installation-tool.sh`. ```bash ./offline-installation-tool.sh -s -l images-list.txt -d ./kubesphere-images @@ -385,7 +385,7 @@ For more information about these parameters, see [Multi-node Installation](../mu {{}} -## Start Installation +## Step 7: Start Installation You can execute the following command after you make sure that all steps above are completed. @@ -399,7 +399,7 @@ After you transfer the executable file `kk` and the folder `kubekey` that contai {{}} -## Verify the installation +## Step 8: Verify Installation When the installation finishes, you can see the content as follows: