KS in vcluster

# KS in vcluster ## 环境 > 使用 kubekey 安装 - kubesphere 3.3.0 - kubernetes 1.22.10 ## 安装使用 **platform-regular**(admin)角色安装 vcluster 到 test 命名空间 vclsuer 的 k8s 版本 1.22.10 vlcuster 需要映射宿主集群的 storageclass 到 vcluster ## 模块 | 模块/服务 | 可安装 | 可使用 | 备注 | | --- | --- | --- | --- | | kubesphere | 是 | 是 | openldap 异常会影响 ks-controller-manager ![image.png](https://cdn.nlark.com/yuque/0/2022/png/607602/1666688092884-2f1deaad-6544-4d7b-9f35-6126305e438f.png#averageHue=%23363f52&clientId=u6dd78420-9e4a-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=1009&id=u74f4142b&margin=%5Bobject%20Object%5D&name=image.png&originHeight=1009&originWidth=1735&originalType=binary&ratio=1&rotation=0&showTitle=false&size=35844&status=done&style=none&taskId=uf98cb458-d61f-4839-b255-92a4248ab36&title=&width=1735) 启用 pod ip tools 组件会导致 ks-controller-manager 异常 ![image.png](https://cdn.nlark.com/yuque/0/2022/png/607602/1666688379419-f9a98479-2594-4345-a09d-26f30ebf3ba4.png#averageHue=%23384254&clientId=u6dd78420-9e4a-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=1009&id=u13f008a6&margin=%5Bobject%20Object%5D&name=image.png&originHeight=1009&originWidth=1735&originalType=binary&ratio=1&rotation=0&showTitle=false&size=86682&status=done&style=none&taskId=u5343adc7-cbe2-44bb-be90-13aacafeeff&title=&width=1735) | | app-store | 是 | 是 | | | devops-system | 是 | 未验证 | | | logging-system | 是 | 是 | | | events-system | 是 | 是 | | | alerting | 否 | 否 | 依赖 metrics | | audit logs | 是 | 未验证 | | | service-mesh | 是 | 未验证 | | | network policies | 是 | 未验证 | ![image.png](https://cdn.nlark.com/yuque/0/2022/png/607602/1666581592452-2ad23a56-0d3d-4deb-804d-7f0c0c997f85.png#averageHue=%23b7e5d7&clientId=u95d6c281-0b17-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=1009&id=ua142ef43&margin=%5Bobject%20Object%5D&name=image.png&originHeight=1009&originWidth=1735&originalType=binary&ratio=1&rotation=0&showTitle=false&size=74594&status=done&style=none&taskId=u7301ad70-c115-489d-b090-28fbf91efe1&title=&width=1735) | | metrics-server | 否 | 否 | E1020 08:21:55.496943 1 server.go:132] unable to fully scrape metrics: unable to fully scrape metrics from node i-hkxlvd2q: unable to fetch metrics from node i-hkxlvd2q: request failed - "403 Forbidden". | | service topology | 是 | 是 | ![image.png](https://cdn.nlark.com/yuque/0/2022/png/607602/1666580877062-d8a89dc1-a5bc-44fc-a4e5-e0fa44adc7a7.png#averageHue=%2373c7af&clientId=u873bad2d-0467-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=1009&id=u70a486d9&margin=%5Bobject%20Object%5D&name=image.png&originHeight=1009&originWidth=1735&originalType=binary&ratio=1&rotation=0&showTitle=false&size=96282&status=done&style=none&taskId=u9d871c5e-169c-4c6d-97ed-9220200b616&title=&width=1735) | | pod ip tools | 是 | 否 | 启动会导致 ks-controller-manager 异常；原因是 ks-controller-manager 连接宿主集群查询 calico-node 查不到，导致 panic | | kubeedge | 是 | 否 | 添加边缘节点，云端不显示节点 | | | | | | openldap 启用后 pod 会异常，副本-1再+1可以恢复正常 # 权限 ## 需要 clusterrole 的功能及对应权限 | vcluster功能 | 默认启用 | 资源 | 具体权限 | 备注 | | --- | --- | --- | --- | --- | | sync.nodes | false | ["nodes", "nodes/status"]["pods", "nodes/proxy", "nodes/metrics", "nodes/stats"] | ["get", "watch", "list"] | | | sync.nodes.syncNodeChanges | false | ["nodes", "nodes/status"] | ["update", "patch"] | | | sync.nodes.enableScheduler | false | ["storageclasses","csinodes","csidrivers","csistoragecapacities"] | ["get", "watch", "list"] | | | sync.persistentvolumes | false | ["persistentvolumes"] | ["create", "delete", "patch", "update", "get", "watch", "list"] | | | sync.ingressclasses | false | ["ingressclasses"] | ["get", "watch", "list"] | | | sync.storageclasses | false | ["storageclasses"] | ["create", "delete", "patch", "update", "get", "watch", "list"] | | | sync.hoststorageclasses | false | ["storageclasses"] | ["get", "watch", "list"] | KS 必须启用 | | sync.priorityclasses | false | ["priorityclasses"] | ["create", "delete", "patch", "update", "get", "list", "watch"] | | | sync.volumesnapshots | false | ["volumesnapshotclasses"] ["volumesnapshotcontents"] | ["get", "list", "watch"] ["create", "delete", "patch", "update", "get", "list", "watch"] | | | mapServices.fromHost | [] | ["services"] | ["get", "watch", "list"] | | | plugin | {} | | | |