- kubernetes version > 1.13.0
- helm version > 2.10.0
- a default storage class must be in kubernetes cluster
注:请确保集群中剩余可用内存 >16G
- 集群中创建名为kubesphere-system的namespace
kubectl create ns kubesphere-system - 创建集群ca证书secret
注:按照当前集群ca.crt和ca.key证书路径创建(kubeadm创建集群的证书路径一般为/etc/kubernetes/pki)
kubectl -n kubesphere-system create secret generic kubesphere-ca \ --from-file=ca.crt=/etc/kubernetes/ssl/ca.crt \ --from-file=ca.key=/etc/kubernetes/ssl/ca.key - 创建集群front-proxy-client证书secret
注:按照当前集群front-proxy-client.crt和front-proxy-client.key证书路径创建(kubeadm创建集群的证书路径一般为/etc/kubernetes/pki)
kubectl -n kubesphere-system create secret generic front-proxy-client \ --from-file=front-proxy-client.crt=/etc/kubernetes/pki/front-proxy-client.crt \ --from-file=front-proxy-client.key=/etc/kubernetes/pki/front-proxy-client.key - 部署installer job
部署日志查看:
cd deploy vim kubesphere-installer.yaml ## 编辑kubesphere-installer.yaml中kubesphere-config相关参数为当前集群参数。(若etcd无证书,设置etcd_tls_enable: False) kubectl apply -f kubesphere-installer.yamlkubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l job-name=kubesphere-installer -o jsonpath='{.items[0].metadata.name}') -f - 创建etcd证书secret
注:以集群实际etcd证书位置创建;若etcd无证书,则创建空secret
etcd无证书kubectl -n kubesphere-monitoring-system create secret generic kube-etcd-client-certs \ --from-file=etcd-client-ca.crt=/etc/ssl/etcd/ssl/ca.pem \ --from-file=etcd-client.crt=/etc/ssl/etcd/ssl/admin-node1.pem \ --from-file=etcd-client.key=/etc/ssl/etcd/ssl/admin-node1-key.pemkubectl -n kubesphere-monitoring-system create secret generic kube-etcd-client-certs