richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7971 Commits
29 Branches
81 Tags
149 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
kubespray/docs/operations/offline-environment.md

154 lines
7.3 KiB
Raw Permalink Normal View History

Improve air-gap installation instructions (#6234)
4 years ago
Update offline-environment.md (#9481) This makes it more readable by explaining clearly what files are necessary to be downloaded in advance from online environment.
2 years ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
Update offline-environment.md (#9481) This makes it more readable by explaining clearly what files are necessary to be downloaded in advance from online environment.
2 years ago
Improve air-gap installation instructions (#6234)
4 years ago
Optimize the document for readability (#9730) Signed-off-by: Fish-pro <zechun.chen@daocloud.io>
1 year ago
Improve air-gap installation instructions (#6234)
4 years ago
Update offline-environment.md (#9481) This makes it more readable by explaining clearly what files are necessary to be downloaded in advance from online environment.
2 years ago
Fix pathes of offline tool on the doc (#9486) If clicking the links, we faced NotFound page at the time. This fixes the issue by specifying full pathes instead.
2 years ago
Improve air-gap installation instructions (#6234)
4 years ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
Improve air-gap installation instructions (#6234)
4 years ago
Expose offline install overrides in inventory (#6728) * Expose offline install overrides in inventory * Remove not recommended warning
4 years ago
Improve air-gap installation instructions (#6234)
4 years ago
Add github container registry (#10265)
1 year ago
Improve air-gap installation instructions (#6234)
4 years ago
etcd arch can support arm64 and amd64 (#9421)
2 years ago
Improve air-gap installation instructions (#6234)
4 years ago
Download Calico KDD CRDs (#7372) * Download Calico KDD CRDs * Replace kustomize with lineinfile and use ansible assemble module * Replace find+lineinfile by sed in shell module to avoid nested loop * add condition on sed * use block for kdd tasks + remove supernumerary kdd manifest apply in start "Start Calico resources"
3 years ago
docs: Update offline-environment.md for containerd (#8520) (#8523) * Add containerd/runc/nerdctl download url * Add insecure registries configuration for containerd
2 years ago
Fix containerd config_path mirrors and remove nerdctl insecure_registry (#10196) * Fix containerd_registries in config_path for mirrors and remove nerdctl global insecure_registry setting * Make containerd hosts.toml mode 0640 * Add containerd_registries_mirrors and keep containerd_registries to pass packet_debian11-calico-upgrade
1 year ago
Improve air-gap installation instructions (#6234)
4 years ago
Rocky Linux support (#8095) * Add Rocky as a known OS * Make sure Rocky includes bootstrap-centos.yml * Update docs with Rocky Linux * Rocky Linux wireguard and EPEL * Rocky Linux in the list of supported distributions
3 years ago
containerd,docker: stop installing extras repo on CentOS/RHEL (#7203) This was introduced in 143e2272ff9d85ba81bfa8c4a67f29994d898d79 Extra repo is enabled by default in CentOS, and is not the right repo for EL8 Instead of adding a CentOS repo to RHEL, enable the needed RHEL repos with rhsm_repository For RHEL 7, we need the "extras" repo for container-selinux For RHEL 8, we need the "appstream" repo for container-selinux, ipvsadm and socat Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
3 years ago
Improve air-gap installation instructions (#6234)
4 years ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
Fix the path of download.yml (#10711) Signed-off-by: tu1h <lihai.tu@daocloud.io>
11 months ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
Optimize the document for readability (#9730) Signed-off-by: Fish-pro <zechun.chen@daocloud.io>
1 year ago
Add 'system-packages' tag to control installing packages from OS repositories (#10872)
5 months ago
Improve air-gap installation instructions (#6234)
4 years ago
Expose offline install overrides in inventory (#6728) * Expose offline install overrides in inventory * Remove not recommended warning
4 years ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
Expose offline install overrides in inventory (#6728) * Expose offline install overrides in inventory * Remove not recommended warning
4 years ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
Improve air-gap installation instructions (#6234)
4 years ago
Optimize the document for readability (#9730) Signed-off-by: Fish-pro <zechun.chen@daocloud.io>
1 year ago
Improve air-gap installation instructions (#6234)
4 years ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
Improve air-gap installation instructions (#6234)
4 years ago
fix: with_item to with_dict (#9729) Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
1 year ago
Expose offline install overrides in inventory (#6728) * Expose offline install overrides in inventory * Remove not recommended warning
4 years ago
  1. # Offline environment
  3. In case your servers don't have access to the internet directly (for example
  4. when deploying on premises with security constraints), you need to get the
  5. following artifacts in advance from another environment where has access to the internet.
  7. * Some static files (zips and binaries)
  8. * OS packages (rpm/deb files)
  9. * Container images used by Kubespray. Exhaustive list depends on your setup
  10. * [Optional] Python packages used by Kubespray (only required if your OS doesn't provide all python packages/versions
  11. listed in `requirements.txt`)
  12. * [Optional] Helm chart files (only required if `helm_enabled=true`)
  14. Then you need to setup the following services on your offline environment:
  16. * an HTTP reverse proxy/cache/mirror to serve some static files (zips and binaries)
  17. * an internal Yum/Deb repository for OS packages
  18. * an internal container image registry that need to be populated with all container images used by Kubespray
  19. * [Optional] an internal PyPi server for python packages used by Kubespray
  20. * [Optional] an internal Helm registry for Helm chart files
  22. You can get artifact lists with [generate_list.sh](/contrib/offline/generate_list.sh) script.
  23. In addition, you can find some tools for offline deployment under [contrib/offline](/contrib/offline/README.md).
  25. ## Configure Inventory
  27. Once all artifacts are accessible from your internal network, **adjust** the following variables
  28. in [your inventory](/inventory/sample/group_vars/all/offline.yml) to match your environment:
  30. ```yaml
  31. # Registry overrides
  32. kube_image_repo: "{{ registry_host }}"
  33. gcr_image_repo: "{{ registry_host }}"
  34. docker_image_repo: "{{ registry_host }}"
  35. quay_image_repo: "{{ registry_host }}"
  36. github_image_repo: "{{ registry_host }}"
  38. kubeadm_download_url: "{{ files_repo }}/kubernetes/{{ kube_version }}/kubeadm"
  39. kubectl_download_url: "{{ files_repo }}/kubernetes/{{ kube_version }}/kubectl"
  40. kubelet_download_url: "{{ files_repo }}/kubernetes/{{ kube_version }}/kubelet"
  41. # etcd is optional if you **DON'T** use etcd_deployment=host
  42. etcd_download_url: "{{ files_repo }}/kubernetes/etcd/etcd-{{ etcd_version }}-linux-{{ image_arch }}.tar.gz"
  43. cni_download_url: "{{ files_repo }}/kubernetes/cni/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
  44. crictl_download_url: "{{ files_repo }}/kubernetes/cri-tools/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
  45. # If using Calico
  46. calicoctl_download_url: "{{ files_repo }}/kubernetes/calico/{{ calico_ctl_version }}/calicoctl-linux-{{ image_arch }}"
  47. # If using Calico with kdd
  48. calico_crds_download_url: "{{ files_repo }}/kubernetes/calico/{{ calico_version }}.tar.gz"
  49. # Containerd
  50. containerd_download_url: "{{ files_repo }}/containerd-{{ containerd_version }}-linux-{{ image_arch }}.tar.gz"
  51. runc_download_url: "{{ files_repo }}/runc.{{ image_arch }}"
  52. nerdctl_download_url: "{{ files_repo }}/nerdctl-{{ nerdctl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
  53. # Insecure registries for containerd
  54. containerd_registries_mirrors:
  55. - prefix: "{{ registry_addr }}"
  56. mirrors:
  57. - host: "{{ registry_host }}"
  58. capabilities: ["pull", "resolve"]
  59. skip_verify: true
  61. # CentOS/Redhat/AlmaLinux/Rocky Linux
  62. ## Docker / Containerd
  63. docker_rh_repo_base_url: "{{ yum_repo }}/docker-ce/$releasever/$basearch"
  64. docker_rh_repo_gpgkey: "{{ yum_repo }}/docker-ce/gpg"
  66. # Fedora
  67. ## Docker
  68. docker_fedora_repo_base_url: "{{ yum_repo }}/docker-ce/{{ ansible_distribution_major_version }}/{{ ansible_architecture }}"
  69. docker_fedora_repo_gpgkey: "{{ yum_repo }}/docker-ce/gpg"
  70. ## Containerd
  71. containerd_fedora_repo_base_url: "{{ yum_repo }}/containerd"
  72. containerd_fedora_repo_gpgkey: "{{ yum_repo }}/docker-ce/gpg"
  74. # Debian
  75. ## Docker
  76. docker_debian_repo_base_url: "{{ debian_repo }}/docker-ce"
  77. docker_debian_repo_gpgkey: "{{ debian_repo }}/docker-ce/gpg"
  78. ## Containerd
  79. containerd_debian_repo_base_url: "{{ ubuntu_repo }}/containerd"
  80. containerd_debian_repo_gpgkey: "{{ ubuntu_repo }}/containerd/gpg"
  81. containerd_debian_repo_repokey: 'YOURREPOKEY'
  83. # Ubuntu
  84. ## Docker
  85. docker_ubuntu_repo_base_url: "{{ ubuntu_repo }}/docker-ce"
  86. docker_ubuntu_repo_gpgkey: "{{ ubuntu_repo }}/docker-ce/gpg"
  87. ## Containerd
  88. containerd_ubuntu_repo_base_url: "{{ ubuntu_repo }}/containerd"
  89. containerd_ubuntu_repo_gpgkey: "{{ ubuntu_repo }}/containerd/gpg"
  90. containerd_ubuntu_repo_repokey: 'YOURREPOKEY'
  91. ```
  93. For the OS specific settings, just define the one matching your OS.
  94. If you use the settings like the one above, you'll need to define in your inventory the following variables:
  96. * `registry_host`: Container image registry. If you _don't_ use the same repository path for the container images that
  97. the ones defined
  98. in [kubesprays-defaults's role defaults](https://github.com/kubernetes-sigs/kubespray/blob/master/roles/kubespray-defaults/defaults/main/download.yml)
  99. , you need to override the `*_image_repo` for these container images. If you want to make your life easier, use the
  100. same repository path, you won't have to override anything else.
  101. * `registry_addr`: Container image registry, but only have [domain or ip]:[port].
  102. * `files_repo`: HTTP webserver or reverse proxy that is able to serve the files listed above. Path is not important, you
  103. can store them anywhere as long as it's accessible by kubespray. It's recommended to use `*_version` in the path so
  104. that you don't need to modify this setting everytime kubespray upgrades one of these components.
  105. * `yum_repo`/`debian_repo`/`ubuntu_repo`: OS package repository depending on your OS, should point to your internal
  106. repository. Adjust the path accordingly. Used only for Docker/Containerd packages (if needed); other packages might
  107. be installed from other repositories. You might disable installing packages from other repositories by skipping
  108. the `system-packages` tag
  110. ## Install Kubespray Python Packages
  112. ### Recommended way: Kubespray Container Image
  114. The easiest way is to use [kubespray container image](https://quay.io/kubespray/kubespray) as all the required packages
  115. are baked in the image.
  116. Just copy the container image in your private container image registry and you are all set!
  118. ### Manual installation
  120. Look at the `requirements.txt` file and check if your OS provides all packages out-of-the-box (Using the OS package
  121. manager). For those missing, you need to either use a proxy that has Internet access (typically from a DMZ) or setup a
  122. PyPi server in your network that will host these packages.
  124. If you're using an HTTP(S) proxy to download your python packages:
  126. ```bash
  127. sudo pip install --proxy=https://[username:password@]proxyserver:port -r requirements.txt
  128. ```
  130. When using an internal PyPi server:
  132. ```bash
  133. # If you host all required packages
  134. pip install -i https://pypiserver/pypi -r requirements.txt
  136. # If you only need the ones missing from the OS package manager
  137. pip install -i https://pypiserver/pypi package_you_miss
  138. ```
  140. ## Run Kubespray as usual
  142. Once all artifacts are in place and your inventory properly set up, you can run kubespray with the
  143. regular `cluster.yaml` command:
  145. ```bash
  146. ansible-playbook -i inventory/my_airgap_cluster/hosts.yaml -b cluster.yml
  147. ```
  149. If you use [Kubespray Container Image](#recommended-way:-kubespray-container-image), you can mount your inventory inside
  150. the container:
  152. ```bash
  153. docker run --rm -it -v path_to_inventory/my_airgap_cluster:inventory/my_airgap_cluster myprivateregisry.com/kubespray/kubespray:v2.14.0 ansible-playbook -i inventory/my_airgap_cluster/hosts.yaml -b cluster.yml
  154. ```