AWSTemplateFormatVersion: "2010-09-09" Description: Deploy Kubesphere into an existing Kubernetes Cluster (qs-1qtdde8cd) Parameters: KubeConfigKmsContext: Type: String Default: "EKSQuickStart" KubeClusterName: Type: String Alerting: Type: String Auditing: Type: String Devops: Type: String Events: Type: String Logging: Type: String MetricsServer: Type: String Multicluster: Type: String Networkpolicy: Type: String Openpitrix: Type: String Servicemesh: Type: String Kubeedge: Type: String Resources: KubeSphereCRD: Type: "Custom::KubeManifest" Version: '1.0' Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" # S3 path to the encrypted config file eg. s3://my-bucket/kube/config.encrypted # context for KMS to use when decrypting the file KubeConfigKmsContext: !Ref KubeConfigKmsContext ClusterName: !Ref KubeClusterName # Kubernetes manifest Manifest: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterconfigurations.installer.kubesphere.io spec: group: installer.kubesphere.io versions: - name: v1alpha1 served: true storage: true schema: openAPIV3Schema: type: object properties: spec: type: object x-kubernetes-preserve-unknown-fields: true status: type: object x-kubernetes-preserve-unknown-fields: true scope: Namespaced names: plural: clusterconfigurations singular: clusterconfiguration kind: ClusterConfiguration shortNames: - cc KubeSphereNamespace: DependsOn: KubeSphereCRD Type: "Custom::KubeManifest" Version: '1.0' Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" # S3 path to the encrypted config file eg. s3://my-bucket/kube/config.encrypted # context for KMS to use when decrypting the file KubeConfigKmsContext: !Ref KubeConfigKmsContext ClusterName: !Ref KubeClusterName # Kubernetes manifest Manifest: apiVersion: v1 kind: Namespace metadata: name: kubesphere-system KSInstallerServiceAccount: DependsOn: KubeSphereNamespace Type: "Custom::KubeManifest" Version: '1.0' Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" # S3 path to the encrypted config file eg. s3://my-bucket/kube/config.encrypted # context for KMS to use when decrypting the file KubeConfigKmsContext: !Ref KubeConfigKmsContext ClusterName: !Ref KubeClusterName # Kubernetes manifest Manifest: apiVersion: v1 kind: ServiceAccount metadata: name: ks-installer namespace: kubesphere-system KSInstallerClusterRole: DependsOn: KubeSphereNamespace Type: "Custom::KubeManifest" Version: '1.0' Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" # S3 path to the encrypted config file eg. s3://my-bucket/kube/config.encrypted # context for KMS to use when decrypting the file KubeConfigKmsContext: !Ref KubeConfigKmsContext ClusterName: !Ref KubeClusterName # Kubernetes manifest Manifest: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: ks-installer rules: - apiGroups: - "" resources: - '*' verbs: - '*' - apiGroups: - apps resources: - '*' verbs: - '*' - apiGroups: - extensions resources: - '*' verbs: - '*' - apiGroups: - batch resources: - '*' verbs: - '*' - apiGroups: - rbac.authorization.k8s.io resources: - '*' verbs: - '*' - apiGroups: - apiregistration.k8s.io resources: - '*' verbs: - '*' - apiGroups: - apiextensions.k8s.io resources: - '*' verbs: - '*' - apiGroups: - tenant.kubesphere.io resources: - '*' verbs: - '*' - apiGroups: - certificates.k8s.io resources: - '*' verbs: - '*' - apiGroups: - devops.kubesphere.io resources: - '*' verbs: - '*' - apiGroups: - monitoring.coreos.com resources: - '*' verbs: - '*' - apiGroups: - logging.kubesphere.io resources: - '*' verbs: - '*' - apiGroups: - jaegertracing.io resources: - '*' verbs: - '*' - apiGroups: - storage.k8s.io resources: - '*' verbs: - '*' - apiGroups: - admissionregistration.k8s.io resources: - '*' verbs: - '*' - apiGroups: - policy resources: - '*' verbs: - '*' - apiGroups: - autoscaling resources: - '*' verbs: - '*' - apiGroups: - networking.istio.io resources: - '*' verbs: - '*' - apiGroups: - config.istio.io resources: - '*' verbs: - '*' - apiGroups: - iam.kubesphere.io resources: - '*' verbs: - '*' - apiGroups: - notification.kubesphere.io resources: - '*' verbs: - '*' - apiGroups: - auditing.kubesphere.io resources: - '*' verbs: - '*' - apiGroups: - events.kubesphere.io resources: - '*' verbs: - '*' - apiGroups: - core.kubefed.io resources: - '*' verbs: - '*' - apiGroups: - installer.kubesphere.io resources: - '*' verbs: - '*' - apiGroups: - storage.kubesphere.io resources: - '*' verbs: - '*' - apiGroups: - security.istio.io resources: - '*' verbs: - '*' - apiGroups: - monitoring.kiali.io resources: - '*' verbs: - '*' - apiGroups: - kiali.io resources: - '*' verbs: - '*' - apiGroups: - networking.k8s.io resources: - '*' verbs: - '*' - apiGroups: - kubeedge.kubesphere.io resources: - '*' verbs: - '*' - apiGroups: - types.kubefed.io resources: - '*' verbs: - '*' - apiGroups: - monitoring.kubesphere.io resources: - '*' verbs: - '*' - apiGroups: - application.kubesphere.io resources: - '*' verbs: - '*' KSInstallerClusterRoleBinding: DependsOn: KSInstallerClusterRole Type: "Custom::KubeManifest" Version: '1.0' Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" # S3 path to the encrypted config file eg. s3://my-bucket/kube/config.encrypted # context for KMS to use when decrypting the file KubeConfigKmsContext: !Ref KubeConfigKmsContext ClusterName: !Ref KubeClusterName # Kubernetes manifest Manifest: kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: ks-installer subjects: - kind: ServiceAccount name: ks-installer namespace: kubesphere-system roleRef: kind: ClusterRole name: ks-installer apiGroup: rbac.authorization.k8s.io KubeSphereDeployment: DependsOn: KubeSphereNamespace Type: "Custom::KubeManifest" Version: '1.0' Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" # S3 path to the encrypted config file eg. s3://my-bucket/kube/config.encrypted # context for KMS to use when decrypting the file KubeConfigKmsContext: !Ref KubeConfigKmsContext ClusterName: !Ref KubeClusterName # Kubernetes manifest Manifest: apiVersion: apps/v1 kind: Deployment metadata: name: ks-installer namespace: kubesphere-system labels: app: ks-install spec: replicas: 1 selector: matchLabels: app: ks-install template: metadata: labels: app: ks-install spec: serviceAccountName: ks-installer containers: - name: installer image: kubesphere/ks-installer:v3.2.1 imagePullPolicy: "Always" resources: limits: cpu: "1" memory: 1Gi requests: cpu: 20m memory: 100Mi volumeMounts: - mountPath: /etc/localtime name: host-time readOnly: true volumes: - hostPath: path: /etc/localtime type: "" name: host-time KubesphereClusterConfiguration: DependsOn: KubeSphereDeployment Type: "Custom::KubeManifest" Version: '1.0' Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" # S3 path to the encrypted config file eg. s3://my-bucket/kube/config.encrypted # context for KMS to use when decrypting the file KubeConfigKmsContext: !Ref KubeConfigKmsContext ClusterName: !Ref KubeClusterName # Kubernetes manifest Manifest: apiVersion: installer.kubesphere.io/v1alpha1 kind: ClusterConfiguration metadata: name: ks-installer namespace: kubesphere-system labels: version: v3.2.1 spec: persistence: storageClass: "" authentication: jwtSecret: "" local_registry: "" etcd: monitoring: false endpointIps: localhost port: 2379 tlsEnable: true common: core: console: enableMultiLogin: true port: 30880 type: LoadBalancer redis: enabled: false volumeSize: 2Gi openldap: enabled: false volumeSize: 2Gi minio: volumeSize: 20Gi monitoring: endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090 GPUMonitoring: enabled: false gpu: kinds: - resourceName: "nvidia.com/gpu" resourceType: "GPU" default: true es: logMaxAge: 7 elkPrefix: logstash basicAuth: enabled: false username: "" password: "" externalElasticsearchUrl: "" externalElasticsearchPort: "" alerting: enabled: ${Alerting} auditing: enabled: ${Auditing} devops: enabled: ${Devops} jenkinsMemoryLim: 2Gi jenkinsMemoryReq: 1500Mi jenkinsVolumeSize: 8Gi jenkinsJavaOpts_Xms: 512m jenkinsJavaOpts_Xmx: 512m jenkinsJavaOpts_MaxRAM: 2g events: enabled: ${Events} logging: enabled: ${Logging} containerruntime: docker logsidecar: enabled: true replicas: 2 metrics_server: enabled: ${MetricsServer} monitoring: storageClass: "" gpu: nvidia_dcgm_exporter: enabled: false multicluster: clusterRole: ${Multicluster} network: networkpolicy: enabled: ${Networkpolicy} ippool: type: none topology: type: none openpitrix: store: enabled: ${Openpitrix} servicemesh: enabled: ${Servicemesh} kubeedge: enabled: ${Kubeedge} cloudCore: nodeSelector: {"node-role.kubernetes.io/worker": ""} tolerations: [] cloudhubPort: "10000" cloudhubQuicPort: "10001" cloudhubHttpsPort: "10002" cloudstreamPort: "10003" tunnelPort: "10004" cloudHub: advertiseAddress: - "" nodeLimit: "100" service: cloudhubNodePort: "30000" cloudhubQuicNodePort: "30001" cloudhubHttpsNodePort: "30002" cloudstreamNodePort: "30003" tunnelNodePort: "30004" edgeWatcher: nodeSelector: {"node-role.kubernetes.io/worker": ""} tolerations: [] edgeWatcherAgent: nodeSelector: {"node-role.kubernetes.io/worker": ""} tolerations: [] KubeSphereService: DependsOn: KubesphereClusterConfiguration Type: "Custom::KubeManifest" Version: '1.0' Properties: # The lambda function that executes the manifest against the cluster. This is created in one of the parent stacks ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeManifest-${KubeClusterName}" # S3 path to the encrypted config file eg. s3://my-bucket/kube/config.encrypted # context for KMS to use when decrypting the file KubeConfigKmsContext: !Ref KubeConfigKmsContext ClusterName: !Ref KubeClusterName # Kubernetes manifest Manifest: apiVersion: v1 kind: Service metadata: annotations: meta.helm.sh/release-name: ks-core meta.helm.sh/release-namespace: kubesphere-system labels: app.kubernetes.io/managed-by: Helm app: ks-console tier: frontend version: v3.1.0 name: ks-console namespace: kubesphere-system spec: ports: - name: nginx port: 80 protocol: TCP targetPort: 8000 nodePort: 30880 selector: app: ks-console tier: frontend sessionAffinity: None type: LoadBalancer KubeSphereConsole: DependsOn: KubeSphereService Type: "Custom::KubeGet" Version: '1.0' Properties: ServiceToken: !Sub "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:EKS-QuickStart-KubeGet-${KubeClusterName}" KubeConfigKmsContext: !Ref KubeConfigKmsContext ClusterName: !Ref KubeClusterName Namespace: kubesphere-system Name: 'svc/ks-console' JsonPath: '{.status.loadBalancer.ingress[0].hostname}' Outputs: KubeSphereConsole: Value: !Sub "http://${KubeSphereConsole}" KubeSpherePortConsole: Value: !Sub "http://${KubeSphereConsole}:8000" KubeSphereConsoleLoginUser: Value: admin KubeSphereConsoleDefaultAdminLoginPassword: Value: "P@88w0rd"