当前位置: 首页 > news >正文

kubesphere

news 2026/5/29 3:04:40

安装前检测防火墙,selinux是否关闭

还要先创metrics,nfd-storage(改ip)

kubectl patch cc ks-installer -n kubesphere-system --type merge -p '{"spec":{"persistence":{"enable":false}}}'

kubectl delete pods --all -n kubesphere-system

(重复安装时可能需要)

kubectl delete clusterrole ks-installer
kubectl delete clusterrolebinding ks-installer

cat > full-rbac.yaml << 'EOF'
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ks-installer
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ks-installer
subjects:
- kind: ServiceAccount
name: ks-installer
namespace: kubesphere-system
roleRef:
kind: ClusterRole
name: ks-installer
apiGroup: rbac.authorization.k8s.io
EOF

kubectl apply -f full-rbac.yaml

config.yaml

apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
version: v3.3.2
spec:
persistence:
storageClass: ""
authentication:
jwtSecret: ""
local_registry: ""
etcd:
monitoring: true
endpointIps: 192.168.255.91
port: 2379
tlsEnable: true
common:
redis:
enabled: true
openldap:
enabled: true
minioVolumeSize: 20Gi
openldapVolumeSize: 2Gi
redisVolumSize: 2Gi
monitoring:
endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
es:
elasticsearchMasterVolumeSize: 4Gi
elasticsearchDataVolumeSize: 20Gi
logMaxAge: 7
elkPrefix: logstash
basicAuth:
enabled: false
username: ""
password: ""
externalElasticsearchUrl: ""
externalElasticsearchPort: ""
console:
enableMultiLogin: true
port: 30880
alerting:
enabled: true
auditing:
enabled: true
devops:
enabled: true
jenkinsMemoryLim: 2Gi
jenkinsMemoryReq: 1500Mi
jenkinsVolumeSize: 8Gi
jenkinsJavaOpts_Xms: 512m
jenkinsJavaOpts_Xmx: 512m
jenkinsJavaOpts_MaxRAM: 2g
events:
enabled: true
ruler:
enabled: true
replicas: 2
logging:
enabled: true
logsidecar:
enabled: true
replicas: 2
metrics_server:
enabled: false
monitoring:
storageClass: ""
prometheusMemoryRequest: 400Mi
prometheusVolumeSize: 20Gi
multicluster:
clusterRole: none
network:
networkpolicy:
enabled: true
ippool:
type: calico
topology:
type: none
openpitrix:
store:
enabled: true
servicemesh:
enabled: true
kubeedge:
enabled: true
cloudCore:
nodeSelector: {"node-role.kubernetes.io/worker": ""}
tolerations: []
cloudhubPort: "10000"
cloudhubQuicPort: "10001"
cloudhubHttpsPort: "10002"
cloudstreamPort: "10003"
tunnelPort: "10004"
cloudHub:
advertiseAddress:
- ""
nodeLimit: "100"
service:
cloudhubNodePort: "30000"
cloudhubQuicNodePort: "30001"
cloudhubHttpsNodePort: "30002"
cloudstreamNodePort: "30003"
tunnelNodePort: "30004"
edgeWatcher:
nodeSelector: {"node-role.kubernetes.io/worker": ""}
tolerations: []
edgeWatcherAgent:
nodeSelector: {"node-role.kubernetes.io/worker": ""}
tolerations: []

install.yaml

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: clusterconfigurations.installer.kubesphere.io
spec:
group: installer.kubesphere.io
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- metadata
- spec
type: object
served: true
storage: true
subresources:
status: {}
scope: Namespaced
names:
plural: clusterconfigurations
singular: clusterconfiguration
kind: ClusterConfiguration
shortNames:
- cc

---
apiVersion: v1
kind: Namespace
metadata:
name: kubesphere-system

---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ks-installer
namespace: kubesphere-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ks-installer
rules:
- apiGroups:
- ""
resources:
- '*'
verbs:
- '*'
- apiGroups:
- apps
resources:
- '*'
verbs:
- '*'
- apiGroups:
- extensions
resources:
- '*'
verbs:
- '*'
- apiGroups:
- batch
resources:
- '*'
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- apiregistration.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- tenant.kubesphere.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- certificates.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- devops.kubesphere.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- '*'
verbs:
- '*'
- apiGroups:
- logging.kubesphere.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- jaegertracing.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- storage.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- admissionregistration.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- policy
resources:
- '*'
verbs:
- '*'
- apiGroups:
- autoscaling
resources:
- '*'
verbs:
- '*'
- apiGroups:
- networking.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- config.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- iam.kubesphere.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- notification.kubesphere.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- auditing.kubesphere.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- events.kubesphere.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- core.kubefed.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- installer.kubesphere.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- storage.kubesphere.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- security.istio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- monitoring.kiali.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- kiali.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- kubeedge.kubesphere.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- types.kubefed.io
resources:
- '*'
verbs:
- '*'

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ks-installer
subjects:
- kind: ServiceAccount
name: ks-installer
namespace: kubesphere-system
roleRef:
kind: ClusterRole
name: ks-installer
apiGroup: rbac.authorization.k8s.io

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ks-installer
namespace: kubesphere-system
labels:
app: ks-install
spec:
replicas: 1
selector:
matchLabels:
app: ks-install
template:
metadata:
labels:
app: ks-install
spec:
serviceAccountName: ks-installer
containers:
- name: installer
image: registry.cn-beijing.aliyuncs.com/kubesphereio/ks-installer:v3.3.2
imagePullPolicy: "Always"
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 20m
memory: 100Mi
volumeMounts:
- mountPath: /etc/localtime
name: host-time
volumes:
- hostPath:
path: /etc/localtime
type: ""
name: host-time

http://www.jsqmd.com/news/850983/

相关文章:

  • 从跟跑向领跑跨越,炎怀科技携自主研发TPS导热仪、高精度热台首次亮相2026主动散热与被动散热技术产业大会
  • 从零搭建水文监测数据平台:基于SL651协议与Node-RED的实时解析与可视化
  • 福建旧黄金回收旧银饰回收PT950铂金回收钻戒回收金银铂钻回收高价多少钱一克同城价格查询上门上门估价闲置变现转让靠谱权威排行榜 - 检测回收中心
  • 深圳人注意了!黄金回收报价高不等于到手多,这篇避坑指南帮你省下几千块 - 润富黄金珠宝行
  • 终极跨平台GUI解决方案:深入解析VcXsrv Windows X Server完整技术指南
  • 别再只懂104了!从风扇到芯片,手把手拆解电容在电路里的5种‘隐藏用法’
  • ARM SME指令集UMLSL多向量运算详解
  • 3步掌握ComfyUI-Impact-Pack:让AI图像细节从模糊到惊艳的终极指南
  • GPT-4o vs Claude 3.5 vs DeepSeek:测试工程师该如何选拔大模型?
  • 天龙八部GM工具终极指南:5分钟掌握游戏数据管理核心技巧
  • Flutter状态管理选型指南:Provider、Bloc、Riverpod,我的项目到底该用哪个?
  • LaTeX子图排版避坑指南:为什么你的图总对不齐?从原理到实战一次讲清
  • CAN DBC文件实战:手把手教你用CANdb++为OBD诊断信号建模(含Value Tables技巧)
  • 不同发质护发素推荐:针对染烫受损发质的精选 - 速递信息
  • 涨跌停板制度是什么
  • Vue.js + Ant Design 实战:手把手教你搭建一个可拖拽的仓库平面图编辑器
  • 传统RPA的边界与突破:AI Agent、融合平台、低代码三类替代方案技术解析
  • 保姆级教程:用perf_analyzer和model-analyzer榨干你的Triton Server模型性能(附避坑指南)
  • 别再乱用默认设置了!LabVIEW子VI重入属性实战详解(共享副本 vs 预分配)
  • ABB机器人程序模块属性(NOSTEPIN/READONLY等)实战配置指南:保护代码与调试效率的平衡术
  • 面向对象编程(OOP)三大特性:封装、继承、多态
  • 深度学习架构可视化新范式:Neural-Network-Architecture-Diagrams如何重塑神经网络设计工作流
  • MSP430微控制器:超低功耗设计、事件驱动编程与嵌入式开发实战
  • MeMo:当记忆本身变成一个模型
  • Parallels Desktop 26 详细安装教程:从下载到配置一气呵成 - 雨林谷
  • [具身智能-798]:NAV2 底层速度指令执行层(ros_controller 动作执行层)超详细通俗详解 + 实战示例
  • 如何快速掌握HTTrack:免费网站离线下载工具的终极指南
  • 意图共鸣科技《AI记忆链商业化白皮书2.0》技术解析:可审计AI架构与记录黑盒的设计思路
  • OpenClaw 完全指南:从部署到实战,一文搞懂 2026 最火开源 AI Agent
  • 从74HC374到ISP1016:拆解TEC-4数据通路实验背后的芯片与数字逻辑设计