我的书签
添加书签
移除书签在已有k8s集群中部署KubeCube
v1.1.x
在 Kubernetes 集群中部署 KubeCube
开始安装
在 Linux 机器上执行部署脚本
KUBECUBE_VERSION=v1.1
export CUSTOMIZE="true";curl -fsSL https://kubecube.nos-eastchina1.126.net/kubecube-installer/${KUBECUBE_VERSION}/entry.sh | bash
设置安装脚本参数
该安装模式下,需要修改以下参数:
INSTALL_KUBECUBE_MEMBER=“false”
MASTER_IP=”${node ip}”
${node ip} 表示你运行脚本所在 node 机器的 ip,该 node 需要可操作 kubectl
# if install kubecube on pivot clusterINSTALL_KUBECUBE_PIVOT="true"# if install k8sINSTALL_KUBERNETES="false"# there are four node mode below:# "master" : node will be installed as a master of cluster# "node-join-master" : node will be install as a worker of cluster to join master# "control-plane-master" : node will be installed as a master to control plane of cluster# "node-join-control-plane" : node will be installed as a master to join control planeNODE_MODE="master"# zone has two choice# 1. "cn" : in mainland# 2. "others" : out of mainlandZONE="cn"# k8s version you want to install# support now is: 1.20.9, 1.19.13, 1.18.20, 1.21.2KUBERNETES_VERSION="1.20.9"# +optional# must be set when NODE_MODE="control-plane-master"# or "node-join-control-plane"CONTROL_PLANE_ENDPOINT="" #{ip}:{port} , dns######################################################################## member cluster config# used when INSTALL_KUBECUBE_MEMBER="true"######################################################################## if install kubecube on member clusterINSTALL_KUBECUBE_MEMBER="false"# +optional# KUBECUBE_HOST must be set when as a member cluster to# join pivot cluster, the value is pivot node ipKUBECUBE_HOST=""# +optional# must be set when INSTALL_KUBECUBE_MEMBER="true"# this value is the name of member cluster you# want to take overMEMBER_CLUSTER_NAME=""######################################################################## ssh config# used when NODE_MODE="node-join-master" or node-join-control-plane######################################################################## +optional# master ip means master node ip of clusterMASTER_IP=""# +optional# the user who can access master node, it can be emptySSH_USER="root"# +optional# the port specified to access master node, it can be emptySSH_PORT=22# +optional# must be empty when ACCESS_PRIVATE_KEY_PATH set# password for master user to access master nodeACCESS_PASSWORD=""# +optional# must be empty when ACCESS_PASSWORD set# ACCESS_PRIVATE_KEY for master user to access master nodeACCESS_PRIVATE_KEY_PATH="/root/.ssh/id_rsa"######################################################################## offline config# used when offline install choose, must lift offline pkg first#######################################################################OFFLINE_INSTALL="false"OFFLINE_PKG_PATH=""
等待部署完成
KubeCube 部署完成后,请根据提示信息登陆 console 管理页面
使用 admin 账户登陆 console
⚠️请在登陆后修改 admin 用户的密码
v1.0.x
在 Kubernetes 集群中部署 KubeCube
⚠️修改 Kubernetes API-Server 配置
必要性
KubeCube 对多集群提供统一的认证和鉴权服务,需要使用 k8s api-server 的 auth-webhook 能力来做拓展。
KubeCube 提供对 k8s-apiserver 日志进行审计的能力,这需要为 k8s api-server 指定审计服务后端。
修改操作
如果您的 k8s api-server 服务是以 deployment 形式运行的,请直接修改 deployment ;如果您的 k8s api-server 服务是以 static pod 形式运行的,您需要修改对应的 manifest 文件,它的文件路径通常为 /etc/kubernetes/manifests/kube-apiserver.yaml ,修改内容如下:
apiVersion: v1kind: Podmetadata:name: kube-apiservernamespace: kube-systemspec:containers:- command:- kube-apiserver- --audit-log-format=json- --audit-log-maxage=10- --audit-log-maxbackup=10- --audit-log-maxsize=100- --audit-log-path=/var/log/audit- --audit-policy-file=/etc/cube/audit/audit-policy.yaml- --audit-webhook-config-file=/etc/cube/audit/audit-webhook.config- --authentication-token-webhook-config-file=/etc/cube/warden/webhook.configname: kube-apiservervolumeMounts:- mountPath: /var/log/auditname: audit-log- mountPath: /etc/cubename: cubereadOnly: truevolumes:- hostPath:path: /var/log/audittype: DirectoryOrCreatename: audit-log- hostPath:path: /etc/cubetype: DirectoryOrCreatename: cube
开始安装
在 Linux 机器上执行部署脚本
KUBECUBE_VERSION=v1.0
export CUSTOMIZE="true";curl -fsSL https://kubecube.nos-eastchina1.126.net/kubecube-installer/${KUBECUBE_VERSION}/entry.sh | bash
设置安装脚本参数
该安装模式下,需要修改以下参数:
INSTALL_KUBECUBE_MEMBER=“false”
MASTER_IP=”${node ip}”
${node ip} 表示你运行脚本所在 node 机器的 ip,该 node 需要可操作 kubectl
# if install kubecube on pivot clusterINSTALL_KUBECUBE_PIVOT="true"# if install kubecube on member clusterINSTALL_KUBECUBE_MEMBER="false"# if install k8sINSTALL_KUBERNETES="false"# there are four node mode below:# "master" : node will be installed as a master of cluster# "node-join-master" : node will be install as a worker of cluster to join master# "control-plane-master" : node will be installed as a master to control plane of cluster# "node-join-control-plane" : node will be installed as a master to join control planeNODE_MODE="master"# +optional# must be set when INSTALL_KUBECUBE_MEMBER="true"# this value is the name of member cluster you# want to take overMEMBER_CLUSTER_NAME=""# +optional# must be set when NODE_MODE="control-plane-master"# or "node-join-control-plane"CONTROL_PLANE_ENDPOINT="" #{ip}:{port} , dns# master ip means master node ip of clusterMASTER_IP="x.x.x.x"# +optional# KUBECUBE_HOST must be set when as a member cluster to# join pivot cluster, the value is pivot node ipKUBECUBE_HOST=""# zone has two choice# 1. "cn" : in mainland# 2. "others" : out of mainlandZONE="cn"# k8s version you want to installKUBERNETES_VERSION="1.20.9"# +optional# the user who can access master node, it can be empty# when NODE_MODE="master" or "control-plane-master"SSH_USER="root"# +optional# the port specified to access master node, it can be empty# when NODE_MODE="master" or "control-plane-master"SSH_PORT=22# +optional# must be empty when ACCESS_PRIVATE_KEY_PATH set# password for master user to access master nodeACCESS_PASSWORD=""# +optional# must be empty when ACCESS_PASSWORD set# ACCESS_PRIVATE_KEY for master user to access master nodeACCESS_PRIVATE_KEY_PATH="/root/.ssh/id_rsa"
等待部署完成
KubeCube 部署完成后,请根据提示信息登陆 console 管理页面
使用 admin 账户登陆 console
⚠️请在登陆后修改 admin 用户的密码
最后修改 December 20, 2021 : release-v1.1.0:install-guide (5f0c959c)
