Rapid deployment of kubesphere container platform
1. Environmental description
- master :10.10.12.171
- worker1:10.10.12.172
- worker2:10.10.12.173
- Kubeoperator:10.10. 12.170 (install ansible and deploy kubesphere software to kubesphere cluster through kubeoperator. It is required that the root directory needs at least 200g to store the required installation package)
All servers adopt CentOS 7.0 Version 6, minimum installation mode, each server has a spare disk for deploying CEPH
The / dev / SDB disk is used here to install the CEPH cluster
2. Environmental preparation (all nodes)
2.1 turn off the firewall
systemctl stop firewalld
systemctl disable firewalld
2.2 close swap
swapoff -a
sed -i '/ swap / s/^/#/' /etc/fstab
2.3 closing SELinux
setenforce 0
sed -i '/=enforcing/ s/enforcing/disabled/' /etc/selinux/config
2.4 installation of required software
yum -y install net-tools sshpass unzip lrzsz vim
2.5 setting server hostname
Hostnamectl set hostname * * * (corresponding to each server)3. Install relevant components
Kubeoperator Description: install the ansible tool on the kubeoperator, and install kubernetes and kubesphere container platform on the three initial servers of the kubesphere cluster through the kubeoperator tool.
3.1 login to kubeoperator server
ssh 10.10.12.170
3.2 copy the required software to the / TMP / tmp directory under kubeoperator
3.3 add execution permission to shell script file
chmod +x prepare.sh
3.4 modify prepare according to the actual environment SH content
vim /tmp/tmp/prepare.sh
- installerIp: kubeoperatorip address
- cephPublicNetwork: CEPH segment
- cephPublicNetworkCard: CEPH cluster physical machine network card name
- cephDisk: CEPH drive letter name
Note: the CEPH cluster uses root login uniformly and the password is changeme_ one hundred and twenty-three
3.5 execute prepare sh
sh /tmp/tmp/prepare.sh
Preliminary preparation is completed (the whole process is about 1 minute)
3.6 execute deploy docker SH, install docker
cd /tmp/tmp/devops/
sh deploy-docker.sh
3.7 execute deploy harbor SH, install harbor image warehouse
sh deploy-harbor.sh
The whole process lasted about 10 minutes
When the ansible script is completed, open the web browser and enter:https://10.10.12.170
- Account No.: admin
- Password: Harbor 12345
Harbor contains the required kubesphere installation package
3.8 execute deploy kubeoperator SH, install kubeoperator
sh deploy-kubeoperator.sh
When the ansible script is completed, open the web browser and enter:http://172.16.12.249:8888
- Account No.: admin
- password: [email protected]
3.9 execute deploy CEPH SH, install CEPH
cd /tmp/tmp/ceph/
sh deploy-ceph.sh
(about 18 minutes)
If an error is reported when task [CEPH dashboard: create dashboard admin user] executes,Ignore this exception
The CEPH dashboard account password can be created using the following commands. After creation, you can log in to the dashboard using admin / admin to view and manage CEPH
echo "admin" > /tmp/file
ceph dashboard ac-user-create admin -i /tmp/file administrator
It should also be noted that at the end of installationInstall Ceph Dashboard : In Progress (0:02:20)Indicates that the dashboard is still initializing. You need to wait for port 9443 to start (check with the following command) before proceeding to the next step
netstat -ntpl | grep 9443
4. Configure kubeoperator
4.1 setting system IP
Fill in kubeoperatorIP address
4.2 create host login credentials
establishLogin credentials required for host login
4.3 creating hosts
- Name: fill in the host name
- IP: fill in the host physical IP
- Port: fill in SSH port
- Credentials: select root’s password credentials
After filling in the three hosts, wait for initialization, and it will be displayed after initialization is completednormalstate
4.3 creating kubesphere cluster
4.3. 1 create resources
Click Project – click kubeoperator administrator
Add resource host
4.3. 2 create a cluster
Cluster — > Add
4.3. 3 cluster information
4.3. 4 advanced options
The picture parameters are for reference only and can be deployed according to the actual situation
4.3. 5 node information
4.3. 6 confirmation information
Wait for cluster installation for about 50 minutes
If there is an error, you can click Retry to try again
4.3. 7 view log
You can find the installation progress Log here
4.4 log in to kubesphere
http://10.10.12.171:30880
- Account No.: admin
- password: [email protected]
5. Kubesphere configuration
5.1 creating enterprise spaces, projects, accounts, and roles
This quick start demonstrates how to create enterprise spaces, roles, and user accounts.
5.1. 1 create an account
After installing kubesphere, you need to add users with different roles to the platform so that they can work at different levels for their authorized resources. At the beginning, the system has only one account admin by default, with the platform admin role. In this step, you will create an account user manager, and then use user manager to create a new account.
1. Use the default account and password (admin)/ [email protected] )Log in to the web console as admin.
- For security reasons, it is strongly recommended that you change your password when you log in to the console for the first time. To change the password, select personal settings from the drop-down menu in the upper right corner, and set a new password in password settings. You can also modify the console language in personal settings.
-
image.png
2. After logging into the console, click platform management in the upper left corner, and then select access control.
In account roles, there are four available built-in roles, as shown below. The first account to be created next will be assigned the users manager role.
| Built in role | describe |
|---|---|
| workspaces-manager | The enterprise space administrator manages all enterprise spaces on the platform. |
| users-manager | User administrator, which manages all users of the platform. |
| platform-regular | Ordinary users of the platform do not have any resource operation permission before being invited to join the enterprise space or cluster |
| platform-admin | Platform administrator can manage all resources in the platform. |
Built in roles are automatically created by kubesphere and cannot be edited or deleted.
3. In account management, click create. In the pop-up window, provide all the necessary information (marked with *), and then select users manager in the role field. Please refer to the example below.
When finished, clickdetermine。 The newly created account will appear in theAccount managementIn the account list.
4. Switch accounts, log in again with user manager, and create the following four new accounts, which will be used in other tutorials.
To log out of the account, click the user name in the upper right corner, and then selectLogout。
| account | role | describe |
|---|---|---|
| ws-manager | workspaces-manager | Create and manage all enterprise spaces. |
| ws-admin | platform-regular | Manage all resources in the specified enterprise space (in this example, this account is used to invite new members to join the enterprise space). |
| platform-admin | platform-regular | Create and manage projects and Devops projects, and invite new members to join the project. |
| project-regular | platform-regular | Project regular will be invited to the project or Devops project by project admin. This account will be used to create workloads, pipelines, and other resources in the specified project. |
5. View the four accounts created.
5.1. 2 create enterprise space
You need to create an enterprise space using the account WS manager created in the previous step. As the basic logical unit for managing projects, Devops projects and organizational members, enterprise space is the foundation of kubesphere multi tenant system.
-
1. Log in to kubesphere as WS manager, which has the permission to manage all enterprise spaces on the platform. Click platform management in the upper left corner and select access control. In the enterprise space, you can see that only one default enterprise space, system workspace, is listed, in which system related components and services are running. You cannot delete the enterprise space.
image.png -
2. Click the on the rightestablish, name the new enterprise space demo workspace, and set the user ws admin as the enterprise space administrator, as shown in the following figure:
image.pngWhen finished, clickestablish。
If you have enabledMulti cluster function, you need to create space for the enterpriseAssign one or more available clustersSo that the project can be created in the cluster.
- 3. Log out of the console and log in again as WS admin. stayEnterprise space settingsIn, selectEnterprise member, and then clickInvite members。
- 4. Invite project admin and project regular to enter the enterprise space and grant them the roles of workspace self provider and workspace viewer respectively.
Format of actual role name: < workspace name > – < role name >. For example, in an enterprise space called demo workspace, the actual role name of the role viewer is demo workspace viewer.
- 5. Add project admin and project regular to the enterprise space and click OK. In enterprise members, you can see the three members listed.
| account | role | describe |
|---|---|---|
| ws-admin | workspace-admin | Manage all resources in the specified enterprise space (in this example, this account is used to invite new members to join the enterprise space). |
| platform-admin | workspace-self-provisioner | Create and manage projects and Devops projects, and invite new members to join the project. |
| project-regular | workspace-viewer | Project regular will be invited to the project or Devops project by project admin. This account will be used to create workloads, pipelines, and other resources in the specified project. |
5.1. 3 create project
In this step, you need to create the project using the account project admin created in the previous step. Projects in kubesphere have the same namespace as those in kubernetes, providing virtual isolation of resources. For more information, seeNamespace。
- 1. Log in to kubesphere as project admin and clickproject managementClickestablish。
- 2. Enter the project name (e.g. demo project) and clickdetermineWhen finished, you can also add aliases and descriptions for the project.
- 3. Inproject managementClick the newly created item to view its details.
- 4. At the beginning of the projectoverviewPage, project quota is not set by default. You can clickset upAnd specify resource requests and limits as needed (for example, CPU and memory limits are set to 1 core and 1000 GI respectively).
- 5. Invite project regular to the project and grant the user the operator role. Please refer to the figure below for specific steps.
Users with the operator role are project maintainers and can manage resources in the project other than users and roles.
- 6. Creatingroute(that is, ingress in kubernetes), you need to enable the gateway of the project. The gateway runs in the projectNGINX Ingresscontroller. To set up a gateway, go toProject settingsMediumadvanced setting, and then clickSet gateway。 The account project admin is still used in this step.
- 7. Select access methodNodePort, and then clickpreservation。
- 8. InInternet accessNext, you can see the gateway address and HTTP / HTTPS port on the page.
5.1. 4 create roles
After completing the above steps, you have learned that different roles can be granted to different levels of users. The roles used in the previous steps are built-in roles provided by kubesphere. In this step, you will learn how to create custom roles to meet your work needs.
-
1. Log in to the console as admin again and go toaccess control 。
-
2.Account roleFour system roles are listed in and cannot be deleted or edited. clickestablishAnd setRole identifier。 In this example, you will create a role called roles manager.
clickEdit permissionscontinue.
- 3. Inaccess control In, select the permissions that the role has. For example, this example selectsAccount view、Role managementandRole view。 clickdetermineFinish creating.
- 4. The newly created roles will be listed inAccount roleYou can click the three points on the right to edit them.
- 5. InAccount managementIn, add a new account and grant it the roles manager role. You can also change the role of the existing account to roles manager by editing.
5.2 create and deploy WordPress
Introduction to WordPress
WordPress (written in PHP language) is a free and open source content management system. Users can use WordPress to build their own websites. The complete WordPress application includes the following kubernetes objects, with MySQL as the back-end database.
preparation
You need to prepare a project regular account and assign the account operator role in a project (the user has been invited to participate in the project). For more information, see 5.1 creating enterprise spaces, projects, accounts and roles.
5.2. 1 create key
Create MySQL key
Environment variable WordPress_ DB_ Password is the password to connect to the WordPress database. In this step, you need to create a key to save the environment variables that will be used in the MySQL pod template.
- 1. Log in to the kubesphere console with the project regular account, access the demo project details page and navigate toConfiguration center。 staysecret keyClick the on the rightestablish。
- 2. Enter basic information (for example, name it MySQL secret) and clicknext step。 On the next page, selecttypebydefaultThen click add data to add key value pairs. Enter the key MySQL as shown below_ ROOT_ Password and value 123456, click √ in the lower right corner to confirm. When finished, clickestablishButton to continue.
Create WordPress key
Follow the same steps above to create a WordPress key named WordPress secret, and enter the key WordPress_ DB_ Password and value 123456. The created key is displayed in the list as follows:
5.2. 2 create storage volume
- 1. Access the storage volume under storage management and click create.
-
2. Enter the basic information of the volume (for example, name it WordPress PVC), and then clicknext step。
-
3. InStorage volume settingsYou need to select an availableStorage type, and setAccess modeandStorage volume capacity。 You can directly use the default values shown below, clicknext stepcontinue.
- 4. Foradvanced setting, you do not need to add additional configuration for the current step, clickestablishJust finish.
5.2. 3 create an application
Add MySQL backend component
- 1. Navigate toApplication loadLowerapplication, selectSelf made application, and then clickBuild self-made applications。
- 2. Enter basic information (for example, enter WordPress in the application name column), and then clicknext step。
- 3. InService componentClickAdd serviceTo set up components in the application.
-
4. Set the service type of the component asStateful service。
-
5. Enter the name of the stateful service (e.g. MySQL) and clicknext step。
- 6. InContainer mirroringClickAdd container image。
- 7. Enter MySQL: 5.6 in the search box and pressenter key, and then clickUse default port。 Since the configuration has not been set, please do not click the √ button in the lower right corner.
In advanced settings, please ensure that the memory limit is not less than 1000 mi, otherwise MySQL may not start due to insufficient memory.
- 8. Scroll down toenvironment variable, clickReference profileorkey 。 Enter the name MySQL_ ROOT_ Password, and then select the resource MySQL secret and the key MySQL created in the previous steps_ ROOT_ Password, click √ to save the configuration after completion, and finally click next to continue.
- 9. SelectionMount storageMediumAdd storage volume template, enterStorage volume name(MySQL) andMount path(mode: read / write, path: / var / lib / MySQL), as follows:
After completion, click √ to save the settings and clicknext stepcontinue.
- 10. Inadvanced settingIn, you can click directlyadd to, you can also select other options as needed.
- 11. Now the MySQL component has been added, as shown below:
Add WordPress front-end components
- 12. Click againAdd service, this timeStateless service。 Enter the name WordPress and clicknext step。
- 13. Similar to the above steps, clickAdd container image, enter WordPress: 4.8-apache in the search bar and pressenter key, and then clickUse default port。
- 14. Scroll down toenvironment variable, clickReference profile or key。 Two environment variables need to be added here. Please enter the values according to the following screenshot:
- For WordPress_ DB_ Password, select the WordPress secret and WordPress created in step 1_ DB_ PASSWORD。
- clickAdd environment variable, enter WordPress respectively_ DB_ Host and MySQL are used as keys and values.
Click √ to save the configuration, and then click next to continue.
- 15. InMount storageClickAdd storage volume, and selectExisting storage volume。
- 16. Select WordPress PVC created in the previous step, set the mode to read / write, and enter the mount path / var / www / HTML. Click √ save and then clicknext stepcontinue.
- 17. Inadvanced settingIn, you can click directlyadd toCreate a service, or select other options as needed.
- 18. Now, the front-end assembly has also been set up. clicknext stepcontinue.
- 19. You can set routing rules here (apply routing ingress), or click directlyestablish。
- 20. After creation, the application will be displayed in the following list.
5.2. 4 verification resources
stayIn workload, check separatelydeployandStateful replica setStatus of wordpress-v1 and mysql-v1. If their running status is shown in the figure below, it means that WordPress has been successfully created.
5.2. 5. Access WordPress through nodeport
- 1. To access services outside the cluster, first navigate toservice。 After clicking the three points on the right side of WordPress, selectEdit Internet access。
- 2. InAccess modeSelect nodeport and clickdetermine。
- 3. Click the service to enter the details page, and you can see the exposed ports.
- 4. Access this application through {node IP}: {nodeport}. You can see the following figure:
