Last updated:

Air-gapped Installation

This section explains how to use KubeKey to create an image package in a connected environment and deploy Kubernetes and KubeSphere in an air-gapped environment.

Prerequisites

Prepare at least three hosts as shown below.

Host IP	Host Name	Role
192.168.0.2	node1	Internet-connected host, used to create image packages
192.168.0.3	master	Control plane node of the air-gapped environment
192.168.0.4	node2	Image registry node of the air-gapped environment (can be ignored if you already have an image registry)

Host IP

Host Name

Role

192.168.0.2

node1

Internet-connected host, used to create image packages

192.168.0.3

master

Control plane node of the air-gapped environment

192.168.0.4

node2

Image registry node of the air-gapped environment (can be ignored if you already have an image registry)

Install socat and conntrack on master and node2.
apt install socat conntrack -y
If the cluster nodes use other operating systems, replace apt with the corresponding package manager for the operating system.

Get Version Information and Image List

Visit https://get-images.kubesphere.io/
Select the extensions you want to deploy.
Enter your email address.
Click Get Image List.

Check your email to get the latest version information of KubeSphere and the image list files.

Image list files are as follows:

File Name Description

File Name	Description
`kubesphere-images.txt`	Contains all images related to KubeSphere and extensions, as well as their image addresses on Huawei Cloud. You can use the list in this file to synchronize images to your offline registry.
`kk-manifest.yaml`	Contains all images related to KubeSphere and extensions, which can be used to quickly build image packages with `kk`.
`kk-manifest-mirror.yaml`	Contains all images related to KubeSphere and extensions on Huawei Cloud’s image registry. You can use this manifest file to build image packages when DockerHub access is restricted.

kubesphere-images.txt

Contains all images related to KubeSphere and extensions, as well as their image addresses on Huawei Cloud. You can use the list in this file to synchronize images to your offline registry.

kk-manifest.yaml

Contains all images related to KubeSphere and extensions, which can be used to quickly build image packages with kk.

kk-manifest-mirror.yaml

Contains all images related to KubeSphere and extensions on Huawei Cloud’s image registry. You can use this manifest file to build image packages when DockerHub access is restricted.

Build Image Package

1. Install KubeKey

Run the following command to install KubeKey.

After the download is complete, the KubeKey binary file kk will be generated in the current directory.

curl -sSL https://get-kk.kubesphere.io | sh -

2. Create Manifest File

Note

Note
If you only want to use `kk` to package KubeSphere images into the air-gapped environment, you can directly use the manifest file received in the email to Build Image Package. No need to create or edit the manifest file.

If you only want to use kk to package KubeSphere images into the air-gapped environment, you can directly use the manifest file received in the email to Build Image Package. No need to create or edit the manifest file.

If you want to use kk to deploy Kubernetes and the image registry, follow the steps below:

If you have restricted access to DockerHub, run the following command to replace the Kubernetes image address with the Alibaba Cloud registry.
```
export KKZONE=cn
```

Create the manifests file.

# If you need to use kk to deploy the image registry offline, add --with-registry to package the installation files for the image registry
./kk create manifest --with-kubernetes v1.26.12 --with-registry

This command will create a manifest-sample.yaml file.

3. Edit Manifest File

If you want to use kk to deploy Kubernetes and the image registry, add the KubeSphere image list obtained from the email to the newly created manifest file.

Open the manifest file.
```
vi manifest-sample.yaml
```

Copy the image list from kk-manifest.yaml or kk-manifest-mirror.yaml (if DockerHub access is restricted) and add it to the newly created manifest-sample.yaml file.

Note
The image list in the following manifest file is for example only. Please get the latest image list through https://get-images.kubesphere.io/.

Note

The image list in the following manifest file is for example only. Please get the latest image list through https://get-images.kubesphere.io/.

apiVersion: kubekey.kubesphere.io/v1alpha2
kind: Manifest
metadata:
  name: sample
spec:
  arches:
  - amd64
  operatingSystems: []
  kubernetesDistributions:
  - type: kubernetes
    version: v1.26.12
  components:
    helm:
      version: v3.14.3
    cni:
      version: v1.2.0
    etcd:
      version: v3.5.13
    containerRuntimes:
    - type: docker
      version: 24.0.9
    - type: containerd
      version: 1.7.13
    calicoctl:
      version: v3.27.4
    crictl:
      version: v1.29.0
    docker-registry:
      version: "2"
    harbor:
      version: v2.10.1
    docker-compose:
      version: v2.26.1
  images:
  - registry.cn-beijing.aliyuncs.com/kubesphereio/pause:3.9
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-apiserver:v1.26.12
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-controller-manager:v1.26.12
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-scheduler:v1.26.12
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-proxy:v1.26.12
  - registry.cn-beijing.aliyuncs.com/kubesphereio/coredns:1.9.3
  - registry.cn-beijing.aliyuncs.com/kubesphereio/k8s-dns-node-cache:1.22.20
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-controllers:v3.27.4
  - registry.cn-beijing.aliyuncs.com/kubesphereio/cni:v3.27.4
  - registry.cn-beijing.aliyuncs.com/kubesphereio/node:v3.27.4
  - registry.cn-beijing.aliyuncs.com/kubesphereio/pod2daemon-flexvol:v3.27.4
  - registry.cn-beijing.aliyuncs.com/kubesphereio/typha:v3.27.4
  - registry.cn-beijing.aliyuncs.com/kubesphereio/provisioner-localpv:3.3.0
  - registry.cn-beijing.aliyuncs.com/kubesphereio/linux-utils:3.3.0
  - registry.cn-beijing.aliyuncs.com/kubesphereio/haproxy:2.9.6-alpine
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-vip:v0.7.2
  ## ks-core
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/ks-apiserver:v4.1.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/ks-console:v4.1.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/ks-controller-manager:v4.1.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubectl:v1.27.16
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/redis:7.2.4-alpine
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/haproxy:2.9.6-alpine
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/ks-extensions-museum:v1.1.2
  ## devops
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/devops-apiserver:v4.1.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/devops-controller:v4.1.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/devops-tools:v4.1.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/devops-jenkins:v4.1.2-2.346.3
  - swr.cn-southwest-2.myhuaweicloud.com/ks/jenkins/inbound-agent:4.10-2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-base:v3.2.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-nodejs:v3.2.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-maven:v3.2.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-maven:v3.2.1-jdk11
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-python:v3.2.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-go:v3.2.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-go:v3.2.2-1.16
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-go:v3.2.2-1.17
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-go:v3.2.2-1.18
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-base:v3.2.2-podman
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-nodejs:v3.2.0-podman
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-maven:v3.2.0-podman
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-maven:v3.2.1-jdk11-podman
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-python:v3.2.0-podman
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-go:v3.2.0-podman
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-go:v3.2.2-1.16-podman
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-go:v3.2.2-1.17-podman
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/builder-go:v3.2.2-1.18-podman
  - swr.cn-southwest-2.myhuaweicloud.com/ks/argoproj/argocd:v2.3.3
  - swr.cn-southwest-2.myhuaweicloud.com/ks/argoproj/argocd-applicationset:v0.4.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/dexidp/dex:v2.30.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/library/redis:6.2.6-alpine
  ## gatekeeper
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/gatekeeper-extension-apiserver:v1.0.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubectl:v1.27.12
  - swr.cn-southwest-2.myhuaweicloud.com/ks/openpolicyagent/gatekeeper:v3.14.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/openpolicyagent/gatekeeper-crds:v3.14.0
  ## gateway
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/nginx-ingress-controller:v1.4.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/gateway-apiserver:v1.0.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/gateway-controller-manager:v1.0.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubectl:v1.27.16
  ## grafana
  - swr.cn-southwest-2.myhuaweicloud.com/ks/curlimages/curl:7.85.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/grafana/grafana:10.4.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/library/busybox:1.31.1
  ## kubeedge
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubeedge/iptables-manager:v1.13.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubeedge/cloudcore:v1.13.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubeedge/controller-manager:v1.13.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubeedge-proxy:v0.4.1
  ## kubefed
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubefed-extension:v1.0.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubefed:v0.8.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubectl:v1.27.4
  ## loki
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubectl:v1.27.12
  - swr.cn-southwest-2.myhuaweicloud.com/ks/grafana/loki:3.0.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/grafana/loki-helm-test:ewelch-distributed-helm-chart-17db5ee
  - swr.cn-southwest-2.myhuaweicloud.com/ks/grafana/loki-canary:3.0.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/nginxinc/nginx-unprivileged:1.24-alpine
  - swr.cn-southwest-2.myhuaweicloud.com/ks/library/memcached:1.6.23-alpine
  - swr.cn-southwest-2.myhuaweicloud.com/ks/prom/memcached-exporter:v0.14.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kiwigrid/k8s-sidecar:1.24.3
  - swr.cn-southwest-2.myhuaweicloud.com/ks/minio/minio:RELEASE.2022-09-17T00-09-45Z
  - swr.cn-southwest-2.myhuaweicloud.com/ks/minio/mc:RELEASE.2022-09-16T09-16-47Z
  ## metrics-server
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/metrics-server:v0.7.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/addon-resizer:1.8.20
  ## network
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/network-extension-apiserver:v1.1.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/network-extension-controller:v1.1.0
  ## openpitrix
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/apps-manage:v2.0.1
  ## opensearch
  - swr.cn-southwest-2.myhuaweicloud.com/ks/opensearchproject/opensearch:2.8.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/library/busybox:1.35.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/opensearch-curator:v0.0.5
  - swr.cn-southwest-2.myhuaweicloud.com/ks/opensearchproject/opensearch-dashboards:2.8.0
  ## servicemesh
  - swr.cn-southwest-2.myhuaweicloud.com/ks/istio/pilot:1.16.5
  - swr.cn-southwest-2.myhuaweicloud.com/ks/istio/proxyv2:1.16.5
  - swr.cn-southwest-2.myhuaweicloud.com/ks/istio/istioctl:1.16.5
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubectl:v1.27.4
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kiali-operator:v1.59.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kiali:v1.59
  - swr.cn-southwest-2.myhuaweicloud.com/ks/jaegertracing/jaeger-operator:1.35.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/jaegertracing/jaeger-agent:1.35
  - swr.cn-southwest-2.myhuaweicloud.com/ks/jaegertracing/jaeger-collector:1.35
  - swr.cn-southwest-2.myhuaweicloud.com/ks/jaegertracing/jaeger-query:1.35
  - swr.cn-southwest-2.myhuaweicloud.com/ks/jaegertracing/jaeger-es-index-cleaner:1.35
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/servicemesh-apiserver:v0.1.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/servicemesh-controller-manager:v0.1.0
  ## storage-utils
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/storageclass-accessor:v0.2.5
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/snapshot-controller:v4.2.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/snapshotclass-controller:v0.0.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/pvc-autoresizer:v0.3.1
  ## tower
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/tower:v0.2.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/tower-extension:v1.0.0
  ## vector
  - swr.cn-southwest-2.myhuaweicloud.com/ks/timberio/vector:0.39.0-debian
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubectl:v1.27.12
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/vector-config:v0.2.1
  ## whizard-alerting
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/whizard-alerting-apiserver:v1.0.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/whizard-alerting-controller-manager:v1.0.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/thanosio/thanos:v0.36.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubectl:v1.27.12
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/cortex-tenant:v1.12.5
  - swr.cn-southwest-2.myhuaweicloud.com/ks/prometheus-operator/prometheus-config-reloader:v0.75.1
  ## whizard-events
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kube-events-exporter:v0.8.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/jimmidyson/configmap-reload:v0.9.0
  ## whizard-logging
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubectl:v1.27.12
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/log-sidecar-injector:v1.3.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/jimmidyson/configmap-reload:v0.9.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/elastic/filebeat:6.7.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/timberio/vector:0.39.0-debian
  - swr.cn-southwest-2.myhuaweicloud.com/ks/library/alpine:3.14
  ## whizard-monitoring
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubectl:v1.27.12
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kube-state-metrics:v2.12.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubespheredev/kube-webhook-certgen:v20221220-controller-v1.5.1-58-g787ea74b6
  - swr.cn-southwest-2.myhuaweicloud.com/ks/thanosio/thanos:v0.36.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/brancz/kube-rbac-proxy:v0.18.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/prometheus-operator/prometheus-config-reloader:v0.75.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/prometheus-operator/prometheus-operator:v0.75.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/prometheus/node-exporter:v1.8.1
  - swr.cn-southwest-2.myhuaweicloud.com/ks/prometheus/prometheus:v2.51.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/dcgm-exporter:3.3.5-3.4.0-ubuntu22.04
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/process-exporter:0.5.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/nginxinc/nginx-unprivileged:1.24
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/calico-exporter:v0.3.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/whizard-monitoring-helm-init:v0.1.0
  ## whizard-notification
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kubectl:v1.27.12
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/kube-rbac-proxy:v0.11.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/alertmanager-proxy:v0.2.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/notification-manager-operator:v2.5.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/notification-manager:v2.5.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/notification-tenant-sidecar:v4.0.2
  - swr.cn-southwest-2.myhuaweicloud.com/ks/prometheus/alertmanager:v0.27.0
  - swr.cn-southwest-2.myhuaweicloud.com/ks/prometheus-operator/prometheus-config-reloader:v0.75.1
  ## whizard-telemetry
  - swr.cn-southwest-2.myhuaweicloud.com/ks/kubesphere/whizard-telemetry-apiserver:v1.2.2

  registry:
    auths: {}

4. Build Image Package

Run the following command to build an image package containing the images of ks-core and all extensions.

./kk artifact export -m manifest-sample.yaml -o kubesphere.tar.gz

After successful execution, the following message will be displayed:

Pipeline[ArtifactExportPipeline] execute successfully

5. Download Helm Chart of KubeSphere Core

Install helm.

curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

Download the Helm Chart package of KubeSphere Core.
VERSION=1.1.3 # Chart version helm fetch https://charts.kubesphere.io/main/ks-core-${VERSION}.tgz
This is an example version. Please visit https://get-images.kubesphere.io or KubeSphere GitHub repository to check the latest chart version.

Air-gapped Deployment

1. Preparations

Sync the three files from the internet-connected host node1 to the master node in the air-gapped environment.

kk
kubesphere.tar.gz
ks-core-1.1.3.tgz

2. Create Configuration File

Create a configuration file for the air-gapped cluster.
```
./kk create config --with-kubernetes v1.26.12
```

Modify the configuration file.

vi config-sample.yaml

Note

Note
Modify the node information according to the actual configuration of the air-gapped environment. Specify the node where the `registry` to deploy, used for KubeKey to deploy the Harbor registry. In `registry`, the value of `type` can be specified as `harbor`. Otherwise, the docker registry is installed by default. For Kubernetes v1.24+, it is recommended to set `containerManager` to `containerd`.

Modify the node information according to the actual configuration of the air-gapped environment.
Specify the node where the registry to deploy, used for KubeKey to deploy the Harbor registry.
In registry, the value of type can be specified as harbor. Otherwise, the docker registry is installed by default.
For Kubernetes v1.24+, it is recommended to set containerManager to containerd.

Below is an example configuration file. For more information on how to configure each parameter, please refer to this document.

apiVersion: kubekey.kubesphere.io/v1alpha2
kind: Cluster
metadata:
  name: sample
spec:
  hosts:
  - {name: master, address: 192.168.0.3, internalAddress: 192.168.0.3, user: root, password: "<REPLACE_WITH_YOUR_ACTUAL_PASSWORD>"}
  - {name: node2, address: 192.168.0.4, internalAddress: 192.168.0.4, user: root, password: "<REPLACE_WITH_YOUR_ACTUAL_PASSWORD>"}
  roleGroups:
    etcd:
    - master
    control-plane:
    - master
    worker:
    - node2
    # If you want to use kk to automatically deploy the image registry, set this host group (it is recommended to deploy the registry separately from the cluster to reduce mutual influence)
    # If you want to deploy harbor and the containerManager is containerd, since deploying harbor depends on docker, it is recommended to deploy harbor on a separate node
    registry:
    - node2
  controlPlaneEndpoint:
    ## Internal loadbalancer for apiservers
    # internalLoadbalancer: haproxy

    domain: lb.kubesphere.local
    address: ""
    port: 6443
  kubernetes:
    version: v1.26.12
    containerManager: containerd
  network:
    plugin: calico
    kubePodsCIDR: 10.233.64.0/18
    kubeServiceCIDR: 10.233.0.0/18
    ## multus support. https://github.com/k8snetworkplumbingwg/multus-cni
    multusCNI:
      enabled: false
  registry:
    # If you want to use kk to deploy harbor, you can set this parameter to harbor; if this parameter is not set and you need to use kk to create an image registry, it will default to using the docker registry.
    # type: harbor
    # If you use the harbor deployed by kk or other registries that require login, you should configure the auths parameter for the corresponding registry; if you use the default docker registry created by kk, you do not need to configure the auths parameter.
    auths:
      "dockerhub.kubekey.local":
        # Specify the harbor username and password when deploying harbor
        # username: admin
        # password: Harbor12345
        skipTLSVerify: true
    # Set the private registry address used for cluster deployment. If you already have an image registry, replace it with your actual image registry address.
    # If the image package contains the original dockerhub images (i.e., the image addresses in the manifest file are docker.io/***), you can set this parameter to dockerhub.kubekey.local/ks, indicating that all images will be pushed to the harbor project named ks.
    privateRegistry: "dockerhub.kubekey.local"
    # If the Kubernetes images used when building the image package are from the Alibaba Cloud registry, configure this parameter. If dockerhub images are used, you do not need to configure this parameter.
    namespaceOverride: "kubesphereio"
    registryMirrors: []
    insecureRegistries: []
  addons: []

3. Create Image Registry

Note
If you already have an image registry, you can skip this step.

Note

If you already have an image registry, you can skip this step.

Run the following command to create the image registry.

./kk init registry -f config-sample.yaml -a kubesphere.tar.gz

config-sample.yaml is the configuration file for the air-gapped cluster.
kubesphere.tar.gz is the installation package containing the images of ks-core and all extensions.

If the following message is displayed, the image registry has been created successfully.

Pipeline[InitRegistryPipeline] execute successfully

4. Create Harbor Projects (if the Image Registry is Harbor)

Note

Note
As Harbor adopts the Role-based Access Control (RBAC) mechanism, which means that only specified users can perform certain operations. Therefore, you must create a project before pushing images to Harbor. Harbor supports two types of projects: Public Project: Any user can pull images from the project. Private Project: Only project members can pull images from the project. Harbor admin account: admin, password: Harbor12345. The harbor installation files are in the `/opt/harbor` directory, where you can perform maintenance on harbor.

As Harbor adopts the Role-based Access Control (RBAC) mechanism, which means that only specified users can perform certain operations. Therefore, you must create a project before pushing images to Harbor. Harbor supports two types of projects:

Public Project: Any user can pull images from the project.
Private Project: Only project members can pull images from the project.

Harbor admin account: admin, password: Harbor12345.

The harbor installation files are in the /opt/harbor directory, where you can perform maintenance on harbor.

Run the following command to create Harbor projects.

Create the configuration script.

vi create_project_harbor.sh

#!/usr/bin/env bash

# Copyright 2018 The KubeSphere Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

url="https://dockerhub.kubekey.local"  # or modify to the actual image registry address
user="admin"
passwd="Harbor12345"

harbor_projects=(
        ks
        kubesphere
        kubesphereio
        coredns
        calico
        flannel
        cilium
        hybridnetdev
        kubeovn
        openebs
        library
        plndr
        jenkins
        argoproj
        dexidp
        openpolicyagent
        curlimages
        grafana
        kubeedge
        nginxinc
        prom
        kiwigrid
        minio
        opensearchproject
        istio
        jaegertracing
        timberio
        prometheus-operator
        jimmidyson
        elastic
        thanosio
        brancz
        prometheus
)

for project in "${harbor_projects[@]}"; do
    echo "creating $project"
    curl -u "${user}:${passwd}" -X POST -H "Content-Type: application/json" "${url}/api/v2.0/projects" -d "{ \"project_name\": \"${project}\", \"public\": true}" -k  # Note to add -k at the end of the curl command
done

Create Harbor projects.

chmod +x create_project_harbor.sh

./create_project_harbor.sh

5. Install Kubernetes

Run the following command to create the Kubernetes cluster:

./kk create cluster -f config-sample.yaml -a kubesphere.tar.gz --with-local-storage

Note

Note
Specifying the --with-local-storage parameter will default to deploying `openebs localpv`. If you need to connect to other storage, you can install it later after the Kubernetes cluster is deployed.

Specifying the --with-local-storage parameter will default to deploying openebs localpv. If you need to connect to other storage, you can install it later after the Kubernetes cluster is deployed.

If the following message is displayed, the Kubernetes cluster has been created successfully.

Pipeline[CreateclusterPipeline] execute successfully
Installation is complete.

6. Install KubeSphere

Install KubeSphere.

helm upgrade --install -n kubesphere-system --create-namespace ks-core ks-core-1.1.3.tgz \
     --set global.imageRegistry=dockerhub.kubekey.local/ks \
     --set extension.imageRegistry=dockerhub.kubekey.local/ks \
     --set ksExtensionRepository.image.tag=v1.1.2 \
     --debug \
     --wait

Note

Note
`ksExtensionRepository.image.tag` is the Extensions Museum version obtained earlier (i.e., the latest extension repository version displayed on https://get-images.kubesphere.io/). If you need to deploy high availability in KubeSphere, add `--set ha.enabled=true,redisHA.enabled=true` to the command.

ksExtensionRepository.image.tag is the Extensions Museum version obtained earlier (i.e., the latest extension repository version displayed on https://get-images.kubesphere.io/).
If you need to deploy high availability in KubeSphere, add --set ha.enabled=true,redisHA.enabled=true to the command.

If the following message is displayed, KubeSphere has been installed successfully:

NOTES:
Thank you for choosing KubeSphere Helm Chart.

Please be patient and wait for several seconds for the KubeSphere deployment to complete.

1. Wait for Deployment Completion

    Confirm that all KubeSphere components are running by executing the following command:

    kubectl get pods -n kubesphere-system
2. Access the KubeSphere Console

    Once the deployment is complete, you can access the KubeSphere console using the following URL:

    http://192.168.6.6:30880

3. Login to KubeSphere Console

    Use the following credentials to log in:

    Account: admin
    Password: P@88w0rd

NOTE: It is highly recommended to change the default password immediately after the first login.
For additional information and details, please visit https://kubesphere.io.

From the successful information, retrieve the Console, Account, and Password parameters to obtain the IP address of the KubeSphere web console, the admin username, and the admin password. Use a web browser to log in to the KubeSphere web console.

Note

Depending on your hardware and network environment, you may need to configure traffic forwarding rules and open port 30880 in the firewall.

Note
Depending on your hardware and network environment, you may need to configure traffic forwarding rules and open port 30880 in the firewall.

Feedback

Was this page Helpful?

Receive the latest news, articles and updates from KubeSphere

Thanks for the feedback. If you have a specific question about how to use KubeSphere, ask it on Slack. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.

Previous : Install Kubernetes and KubeSphere on Linux Next : Appendix: Advanced Configuration of KubeSphere Core

What’s on this Page