diff --git a/deploy/cloud/Kubefile b/deploy/cloud/Kubefile index 80e5eca7781..eb507ce3607 100644 --- a/deploy/cloud/Kubefile +++ b/deploy/cloud/Kubefile @@ -3,6 +3,7 @@ COPY tars tars COPY etc etc COPY scripts scripts COPY manifests manifests +COPY registry registry ENV cloudDomain="127.0.0.1.nip.io" diff --git a/deploy/cloud/README.md b/deploy/cloud/README.md index cea2dd50df2..f2105a2950a 100644 --- a/deploy/cloud/README.md +++ b/deploy/cloud/README.md @@ -46,13 +46,15 @@ sealos gen labring/kubernetes:v1.25.6\ labring/zot:v1.4.3\ labring/kubeblocks:v0.5.3\ --env policy=anonymousPolicy\ - --masters 10.140.0.16 > Clusterfile + --masters 10.140.0.16 \ + --nodes 10.140.0.17, 10.140.0.18 > Clusterfile sealos apply -f Clusterfile ``` Note: if you want to change pod cidr, please edit the `Clusterfile` before run `sealos apply` + ### Ingress-nginx setup We use ingress-nginx to expose our services. You can install ingress-nginx by using sealos: @@ -82,10 +84,16 @@ Install ingress-nginx and switch to NodePort mode sealos run docker.io/labring/ingress-nginx:v1.5.1 --config-file ingress-nginx-config.yaml ``` +Note: if your domain is resolved to the master ip, you may need patch ingress-nginx DaemonSet to run on master node: + +```shell +kubectl -n ingress-nginx patch ds ingress-nginx-controller -p '{"spec":{"template":{"spec":{"tolerations":[{"key":"node-role.kubernetes.io/master","operator":"Exists","effect":"NoSchedule"}]}}}}' +```` + ## run sealos cloud cluster image ### Generate TLS config file -You can skip this step if you use the self-signed cert that we provide by default. +You can skip this step if you use the self-signed cert which we provided by default. Please make sure `spec.match` is the same as the image you want to run and the registry name such as ghcr.io/docker.io can diff --git a/deploy/cloud/manifests/mock-cert.yaml.tmpl b/deploy/cloud/manifests/mock-cert.yaml.tmpl new file mode 100644 index 00000000000..8224d5c34f4 --- /dev/null +++ b/deploy/cloud/manifests/mock-cert.yaml.tmpl @@ -0,0 +1,27 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigned-issuer +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: sealos-cloud + namespace: sealos-system +spec: + secretName: wildcard-cert + issuerRef: + name: selfsigned-issuer + kind: ClusterIssuer + commonName: {{ .cloudDomain }} + dnsNames: + - '{{ .cloudDomain }}' + - '*.{{ .cloudDomain }}' + secretTemplate: + annotations: + reflector.v1.k8s.emberstack.com/reflection-allowed: "true" + reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: sealos,\w+-system,\w+-frontend,ns-[\-a-z0-9]* + reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" + reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: sealos,\w+-system,\w+-frontend,ns-[\-a-z0-9]* diff --git a/deploy/cloud/scripts/init.sh b/deploy/cloud/scripts/init.sh index 5d0dec7eccc..2577f13f583 100644 --- a/deploy/cloud/scripts/init.sh +++ b/deploy/cloud/scripts/init.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -e +set -ex cloudDomain="127.0.0.1.nip.io" tlsCrtPlaceholder="" @@ -10,17 +10,15 @@ function read_env { source $1 } -function mock_tls { +function create_tls_secret { if grep -q $tlsCrtPlaceholder manifests/tls-secret.yaml; then echo "mock tls secret" + kubectl apply -f manifests/mock-cert.yaml + echo "mock tls cert has been created successfully." else echo "tls secret is already set" - return + kubectl apply -f manifests/tls-secret.yaml fi - - mkdir -p etc/tls - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout etc/tls/tls.key -out etc/tls/tls.crt -subj "/CN=$1" -addext "subjectAltName=DNS:$1,DNS:*.$1" >/dev/null 2>&1 - sed -i -e "s;$tlsCrtPlaceholder;$(base64 -w 0 etc/tls/tls.crt);" -e "s;$tlsKeyPlaceholder;$(base64 -w 0 etc/tls/tls.key);" manifests/tls-secret.yaml } function sealos_run_controller { @@ -94,11 +92,11 @@ function install { # read env read_env etc/sealos/cloud.env - # mock tls - mock_tls $cloudDomain - # kubectl apply namespace, secret and mongodb - kubectl apply -f manifests/namespace.yaml -f manifests/tls-secret.yaml + kubectl apply -f manifests/namespace.yaml + + # create tls secret + create_tls_secret $cloudDomain # gen mongodb uri gen_mongodb_uri