This guide walks you throungh the steps of KubeSphere minimal installation on Google Kubernetes Engine, it also applies to installing on your existing K8s cluster.
What is KubeSphere
KubeSphere is an enterprise-grade multi-tenant container platform that built on Kubernetes, it’s an open source project that supports installing on Linux and Kubernetes. It provides an easy-to-use UI for users to manage Kubernetes resources with a few clicks, which reduces the learning curve and empowers the DevOps teams. It greatly reduces the complexity of the daily work of development, testing, operation and maintenance, aiming to alleviate the pain points of Kubernetes’ storage, network, security and ease of use, etc.
Prepare a GKE cluster
At first, a standard Kubernetes in GKE is a prerequisite of installing KubeSphere, we’ve created a GKE cluster with 1.14.8-gke.17
in this demo, and choosed the n1-standard-2 (2 vCPU, 7.5 GB memory)
and 3 nodes in Machine configuration.
Note:
n1-standard-2 (2 vCPU, 7.5 GB memory)
is only the minimal requirements that is used for the minimal installation, it’s recommended to choose higher machine configuration for production environment.
n1-standard-2 (2 vCPU, 7.5 GB memory)
is only used for minimal installation, KubeSphere 2.1 has decoupled several feature components, which supports installing these pluggable components in an easy way, you have to prepare enough machine configuration before you enable pluggable components, see Enabling pluggable components installation.
- Supported Kubernetes version:
1.13.0 ≤ K8s version < 1.16
.
Create Tiller Service Account
KubeSphere requires Helm (>= v2.10.0, excluding v2.16.0) to trigger the installation. By default, Tiller is not ready on GKE, thus we need to install Tiller in advance.
When GKE cluster is ready, we can connenct to Cloud Shell.
Here, we create helm-rbac.yaml
in GKE as following:
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tiller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
Let’s create these resources using kubectl:
$ kubectl apply -f helm-rbac.yaml
Deploy Tiller
Initialize helm using the following command.
$ helm init --service-account=tiller --tiller-image=gcr.io/kubernetes-helm/tiller:v2.14.1 --history-max 300
Check the Tiller status using kubectl, when it display 1/1
that means you are ready to continue.
$ kubectl get deployment tiller-deploy -n kube-system
Install KubeSphere
Install KubeSphere using kubectl, this command is only trigger the minimal installation by default:
$ kubectl apply -f https://raw.githubusercontent.com/kubesphere/ks-installer/master/kubesphere-minimal.yaml
Verify the real-time logs, when you see the following outputs, congratulation! You can access KubeSphere in your browser.
$ kubectl logs -n kubesphere-system $(kubectl get pod -n kubesphere-system -l app=ks-install -o jsonpath='{.items[0].metadata.name}') -f
#####################################################
### Welcome to KubeSphere! ###
#####################################################
Console: http://10.128.0.34:30880
Account: admin
Password: P@88w0rd
NOTES:
1. After logging into the console, please check the
monitoring status of service components in
the "Cluster Status". If the service is not
ready, please wait patiently. You can start
to use when all components are ready.
2. Please modify the default password after login.
#####################################################
Access KubeSphere console
In this guide, we’ll show you how to access KubeSphere console by changing service type to LoadBalancer
.
Select Services & Ingress
> ks-console
, then click EDIT
and modify the service type from NodePort
to LoadBalancer
.
Now, you can access KubeSphere Console using the Endpoints that was generated by GKE.
Note: In addition to changing the service type to LoadBalancer, you can also access KubeSphere console via
NodeIP:NodePort
, you may need to allow port30880
in firewall rules.
Log in to KubeSphere console using default account admin / P@88w0rd
, you’ll be able to see its dashboard.
Enable Pluggable Components
The above installation is only used for minimal installation by default, execute following command to enable more pluggable components installation, make sure your cluster has enough CPU and memory in advance.
For enabling DevOps, OpenPitrix and etcd monitoring installation, you have to create CA and etcd certificates in advance, see ks-installer for complete guide.
$ kubectl edit cm -n kubesphere-system ks-installer