K8s Kubernetes развернуть_кластер_без_интернета
github.com
Air-Gap installation
Offline environment
In case your servers don't have access to the internet directly (for example when deploying on premises with security constraints), you need to get the following artifacts in advance from another environment where has access to the internet.
Some static files (zips and binaries)
OS packages (rpm/deb files)
Container images used by Kubespray. Exhaustive list depends on your setup
[Optional] Python packages used by Kubespray (only required if your OS doesn't provide all python packages/versions listed in requirements.txt)
[Optional] Helm chart files (only required if helm_enabled=true)
Then you need to setup the following services on your offline environment:
an HTTP reverse proxy/cache/mirror to serve some static files (zips and binaries)
an internal Yum/Deb repository for OS packages
an internal container image registry that need to be populated with all container images used by Kubespray
[Optional] an internal PyPi server for python packages used by Kubespray
[Optional] an internal Helm registry for Helm chart files
You can get artifact lists with generate_list.sh script. In addition, you can find some tools for offline deployment under contrib/offline.
Configure Inventory
Once all artifacts are accessible from your internal network, adjust the following variables in your inventory to match your environment:
For the OS specific settings, just define the one matching your OS. If you use the settings like the one above, you'll need to define in your inventory the following variables:
registry_host: Container image registry. If you don't use the same repository path for the container images that the ones defined in Download's role defaults , you need to override the *_image_repo for these container images. If you want to make your life easier, use the same repository path, you won't have to override anything else.
registry_addr: Container image registry, but only have [domain or ip]:[port].
files_repo: HTTP webserver or reverse proxy that is able to serve the files listed above. Path is not important, you can store them anywhere as long as it's accessible by kubespray. It's recommended to use *_version in the path so that you don't need to modify this setting everytime kubespray upgrades one of these components.
yum_repo/debian_repo/ubuntu_repo: OS package repository depending on your OS, should point to your internal repository. Adjust the path accordingly.