# 安装Kuboard(离线)
许多公司处于安全的考虑,需要将 Kuboard 离线安装到内网环境。本文描述了如何完成 Kuboard 的离线安装。请确保您已经熟悉了 安装Kuboard,本文只描述离线安装时,与正常安装的过程的差异部分。
# 准备Kuboard镜像
# 获取Kuboard镜像
在可以上网的机器上抓取 kuboard 镜像
docker pull eipwork/kuboard:latest1查看 kuboard 镜像的 ID
docker images | grep kuboard1输出结果如下所示:
eipwork/kuboard latest 0146965e6475 3 weeks ago 133MB1将 Kuboard 镜像导出到文件
docker save 86eaead8421e > kuboard.tar1ImageID
请使用上一个步骤中查询到的 image ID
将 kuboard.tar 传输到 Kubernetes 集群的某一个节点上
# 加载Kuboard镜像
在 Kubernetes 集群的某一个节点上执行
docker load < kuboard.tar1为镜像重新添加标签
docker tag 0146965e6475 eipwork/kuboard:latest1ImageID
请使用上一个步骤中查询到的 image ID
# 准备kuboard.yaml文件
安装Kuboard的yaml文件如下,将其保存到 kuboard-offline.yaml
必要的修改
- 修改该文件中第 26 行的节点名称为上一个步骤中,已经加载了 kuboard 镜像的节点,参考 将容器组调度到指定节点
- 与在线安装不同,此处
ImagePullPolicy=IfNotPresent(第30行),参考 容器镜像
apiVersion: apps/v1
kind: Deployment
metadata:
name: kuboard
namespace: kube-system
annotations:
k8s.kuboard.cn/displayName: kuboard
k8s.kuboard.cn/ingress: "true"
k8s.kuboard.cn/service: NodePort
k8s.kuboard.cn/workload: kuboard
labels:
k8s.kuboard.cn/layer: monitor
k8s.kuboard.cn/name: kuboard
spec:
replicas: 1
selector:
matchLabels:
k8s.kuboard.cn/layer: monitor
k8s.kuboard.cn/name: kuboard
template:
metadata:
labels:
k8s.kuboard.cn/layer: monitor
k8s.kuboard.cn/name: kuboard
spec:
containers:
- name: kuboard
image: eipwork/kuboard:latest
imagePullPolicy: IfNotPresent
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
apiVersion: v1
kind: Service
metadata:
name: kuboard
namespace: kube-system
spec:
type: NodePort
ports:
- name: http
port: 80
targetPort: 80
nodePort: 32567
selector:
k8s.kuboard.cn/layer: monitor
k8s.kuboard.cn/name: kuboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kuboard-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kuboard-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kuboard-user
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kuboard-viewer
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kuboard-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects:
- kind: ServiceAccount
name: kuboard-viewer
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kuboard
namespace: kube-system
annotations:
k8s.kuboard.cn/displayName: kuboard
k8s.kuboard.cn/workload: kuboard
nginx.org/websocket-services: "kuboard"
nginx.com/sticky-cookie-services: "serviceName=kuboard srv_id expires=1h path=/"
spec:
rules:
- host: kuboard.yourdomain.com
http:
paths:
- path: /
backend:
serviceName: kuboard
servicePort: http
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
- 执行命令
kubectl apply -f kuboard-offline.yaml1
# 登录Kuboard
登录 Kuboard 的方式同 安装Kuboard
免费答疑
QQ群
微信群
微信扫码
赞赏
微信扫码
