我的书签
添加书签
移除书签Air-gapped Installation
The air-gapped installation is almost the same as the online installation except it creates a local registry to host the Docker images. We will demonstrate how to install KubeSphere and Kubernetes on air-gapped environment.
Step 1: Prepare Linux Hosts
Please see the requirements for hardware and operating system shown below. To get started with multi-node installation, you need to prepare at least three hosts according to the following requirements.
System Requirements
| Systems | Minimum Requirements (Each node) |
|---|---|
| Ubuntu 16.04, 18.04 | CPU: 2 Cores, Memory: 4 G, Disk Space: 40 G |
| Debian Buster, Stretch | CPU: 2 Cores, Memory: 4 G, Disk Space: 40 G |
| CentOS 7.x | CPU: 2 Cores, Memory: 4 G, Disk Space: 40 G |
| Red Hat Enterprise Linux 7 | CPU: 2 Cores, Memory: 4 G, Disk Space: 40 G |
| SUSE Linux Enterprise Server 15/openSUSE Leap 15.2 | CPU: 2 Cores, Memory: 4 G, Disk Space: 40 G |
Note
Installer will use /var/lib/docker as the default directory where all Docker related files, including the images, are stored. We recommend you to add additional storage to a disk with at least 100G mounted at /var/lib/docker and /mnt/registry respectively. See fdisk command for reference.
Node Requirements
Important
- It’s recommended that your OS be clean (without any other software installed). Otherwise, there may be conflicts.
- Ensure your disk of each node is at least 100G.
- All nodes must be accessible through
SSH. - Time synchronization for all nodes.
sudo/curl/opensslshould be used in all nodes.dockermust be installed by yourself in an offline environment.
KubeKey can install Kubernetes and KubeSphere together. The dependency that needs to be installed may be different based on the Kubernetes version to be installed. You can refer to the list below to see if you need to install relevant dependencies on your node in advance.
| Dependency | Kubernetes Version ≥ 1.18 | Kubernetes Version < 1.18 |
|---|---|---|
socat | Required | Optional but recommended |
conntrack | Required | Optional but recommended |
ebtables | Optional but recommended | Optional but recommended |
ipset | Optional but recommended | Optional but recommended |
Network and DNS Requirements
- Make sure the DNS address in
/etc/resolv.confis available. Otherwise, it may cause some issues of DNS in clusters. - If your network configuration uses Firewall or Security Group, you must ensure infrastructure components can communicate with each other through specific ports. It’s recommended that you turn off the firewall or follow the guide Network Access.
Example Machines
This example includes three hosts as below with the master node serving as the taskbox.
| Host IP | Host Name | Role |
|---|---|---|
| 192.168.0.2 | master | master, etcd |
| 192.168.0.3 | node1 | worker |
| 192.168.0.4 | node2 | worker |
Step 2: Prepare a Private Image Registry
You can use Harbor or any other private image registries, we take Docker registry as an example, using self-signed certificates (If you have your own private image registry, you can skip this step).
Use self-signed certificates
Generate your own certificate:
mkdir -p certs
openssl req \-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \-x509 -days 36500 -out certs/domain.crt
Be sure to specify a domain name in the field Common Name when you are generating your own certificate, for example, we use dockerhub.kubesphere.local in this example:
Start Docker Registry
Run the following command to start the Docker registry:
docker run -d \--restart=always \--name registry \-v "$(pwd)"/certs:/certs \-v /mnt/registry:/var/lib/registry \-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \-p 443:443 \registry:2
Configure the Access
TBD
