Master KubeSphere: Install, Manage Multi‑Tenant & Build DevOps Pipelines

1. Install KubeSphere

Hardware configuration (VirtualBox VM): OS Ubuntu 18.04, CPU 4 cores, Memory 8 GB, Disk 60 GB.

Download installer

curl -L https://kubesphere.io/download/stable/v2.1.1 > installer.tar.gz && tar -zxf installer.tar.gz && cd kubesphere-all-v2.1.1/scripts

Modify configuration

docker_registry_mirrors:
  - https://xxx.mirror.aliyuncs.com
  - https://docker.mirrors.ustc.edu.cn
  - https://registry.docker-cn.com
  - https://mirror.aliyuncs.com

Run the installation script: ~/kubesphere-all-v2.1.1/scripts/install.sh If the installation fails with an etcd error, stop the firewall or run uninstall.sh then install.sh again.

2. From Getting Started to Giving Up

2.1 Multi‑Tenant Management

KubeSphere defines four resource levels: Cluster, Workspace, Project, and DevOps Project. A cluster can contain multiple workspaces; each workspace can contain multiple projects and DevOps projects. Built‑in roles include Cluster Administrator, Workspace Administrator, Project Administrator, and Project Regular.

Cluster Administrator

Create a users-manager role for managing accounts and roles.

Create a user-manager account and assign the users-manager role.

Log in with user-manager and create accounts ws-manager , ws-admin , project-admin , project-regular .

Workspace Administrator

Use the ws-manager account to create a workspace (e.g., demo-workspace) and assign ws-admin as its administrator. Then, with ws-admin , invite project-admin and project-regular and grant them workspace-regular and workspace-viewer roles.

Project and DevOps Project Administrator

Log in as project-admin to create a project (e.g., demo-project) under the workspace, then invite project-regular and assign the operator role.

2.2 Application Routing

KubeSphere provides a global Ingress controller for routing traffic to services. Example: requests to https://cafe.example.com/coffee are served by the coffee deployment, while /tea is served by the tea deployment.

Steps

Create services tea and coffee.

Generate TLS certificates and keys.

Create an application route (Ingress) pointing to the services. If no DNS is available, use the automatically generated domain.

2.3 Configuration Center

Secrets store sensitive data (passwords, tokens, keys) without exposing them in pod specs. They can be mounted as volumes or injected as environment variables.

2.4 Source‑to‑Image (S2I)

S2I builds a Docker image directly from source code without requiring a Dockerfile. KubeSphere supports S2I for building images, creating services, and deploying them automatically to Kubernetes.

2.5 DevOps Pipeline (Jenkinsfile out of SCM)

Use the visual pipeline builder to create a CI/CD pipeline without a Jenkinsfile in the repository. The pipeline consists of six stages:

Checkout SCM – pull code from GitHub.

Unit test – run tests; proceed only if they pass.

Code Analysis – run SonarQube static analysis.

Build and Push – build Docker image and push with tag SNAPSHOT-$BUILD_NUMBER to Docker Hub.

Artifacts – archive JAR packages.

Deploy to DEV – deploy to a dev environment after approval and send notification email.

Creating Credentials

Configure Docker registry credentials, SonarQube tokens, and Kubernetes deployment credentials in the DevOps console.

3. DevOps Project

The DevOps project visualizes pipeline execution, shows logs, and integrates with the private image registry. Documentation links are provided for further reference.

For more details, refer to the official KubeSphere documentation.