How to Deploy SaaS Private Cloud with Kubernetes and KubeSphere: A Complete Guide

Introduction

SaaS private‑cloud services face many special problems such as custom client requirements, network security, data compliance, and internal system integration. To help customers generate long‑term value, SaaS private‑cloud solutions are needed.

Required Supporting Facilities

Release mechanism for seamless, smooth rollout.

Version management for image version control and rapid rollback.

Dynamic scaling to handle higher concurrency.

Monitoring system for network traffic and application resources.

Problem‑tracing platform for quick anomaly location.

Technology Selection

Source Code Deployment vs Container Deployment

Source code deployment packages code into tar or war files and runs them on the host, which leads to complex orchestration, high script maintenance cost, and difficult rollback.

Container deployment offers image repositories for version management, abstracts environment differences, improves performance, and reduces IT costs.

Container Orchestration Issues

Challenges include coordinating containers for scaling, performing hot‑fixes without downtime, monitoring application health, and rolling back code safely.

Kubernetes is the natural solution for orchestrating containers.

Kubernetes Overview

Kubernetes is an open‑source, portable, extensible platform for managing containerized workloads and services, supporting declarative configuration and automation.

Why Use KubeSphere

KubeSphere builds a cloud‑native operating system on top of Kubernetes, offering multi‑cloud and multi‑cluster management, full‑stack DevOps, micro‑service governance, logging, monitoring, multi‑tenant control, and more, all with a unified graphical interface.

Resource Requirements for KubeSphere

Master node: 2 CPU, 8 GB RAM, 100 GB disk (production: at least 3 masters).

Worker nodes: 3 × 8 CPU, 16 GB RAM.

Harbor registry: 2 CPU, 4 GB RAM, 150 GB disk.

Docker Installation

sudo apt-get update</code><code>sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin</code><code># For specific version</code><code>sudo apt-get install docker-ce=<VERSION_STRING> docker-ce-cli=<VERSION_STRING> containerd.io docker-compose-plugin</code><code>sudo service docker start

Docker Log Rotation Configuration

vi /etc/docker/daemon.json</code><code>{</code><code>  "data-root": "/u/var/lib/docker",</code><code>  "log-driver": "json-file",</code><code>  "log-opts": {</code><code>    "max-size": "300m",</code><code>    "max-file": "1"</code><code>  }</code><code>}</code><code>systemctl restart docker

Harbor Private Registry Setup

mv /tmp/docker/docker-compose-xxx /usr/local/bin/docker-compose</code><code>chmod +x /usr/local/bin/docker-compose</code><code>docker-compose -v</code><code>tar -xvf harbor-offline-installer-v1.10.10.tgz</code><code>mv harbor /opt</code><code># Edit harbor.yml to set data_volume and log paths</code><code># Prepare and start Harbor</code><code>./prepare</code><code>./install.sh</code><code># Configure Docker to trust the registry</code><code>echo '{ "insecure-registries":["xxxxx:8090"] }' > /etc/docker/daemon.json</code><code>systemctl restart docker</code><code>docker login xxxxx:8090 -u admin -p Harbor12345

KubeSphere Deployment with KubeKey

Install conntrack: yum install -y conntrack Use KubeKey to generate and apply configuration:

./kk create config --with-kubernetes v1.17.9 --with-kubesphere v3.1.1 -f config-qiyu.yaml</code><code>./kk create cluster -f config-qiyu.yaml

Prepare required images and additional packages (Helm, etcd, Docker, cri-tools) and place them in the KubeKey directory.

Sample KubeKey Configuration (YAML)

apiVersion: kubekey.kubesphere.io/v1alpha1
kind: Cluster
metadata:
  name: sample
spec:
  hosts:
  - {name: localhost1, address: 127.0.0.1, internalAddress: 127.0.0.1, user: root, password: root}
  - {name: localhost2, address: 127.0.0.2, internalAddress: 127.0.0.2, user: root, password: root}
  - {name: localhost3, address: 127.0.0.3, internalAddress: 127.0.0.3, user: root, password: root}
  roleGroups:
    etcd:
    - localhost1
    master:
    - localhost1
    worker:
    - localhost2
    - localhost3
  controlPlaneEndpoint:
    domain: lb.kubesphere.local
    address: ""
    port: 6443
  kubernetes:
    version: v1.17.9
    clusterName: cluster.local
  network:
    plugin: flannel
    kubePodsCIDR: 10.26.0.0/16
    kubeServiceCIDR: 10.27.0.0/16
  registry:
    privateRegistry: "localhost:8090/registry"

Platform Management in KubeSphere

Includes cluster resource monitoring, access control, multi‑tenant management, project quota configuration, workload definition, rolling updates, storage volume management, proxy settings, and service creation (ClusterIP, NodePort, LoadBalancer, Headless).

Conclusion

By leveraging Kubernetes, KubeSphere, Docker, and Harbor, you can build a robust SaaS private‑cloud platform that provides smooth deployment, automated scaling, comprehensive monitoring, and unified DevOps capabilities.