cilium安装

1.cilium安装

卸载flannel

# 一般生产环境是不会这样操作的，因为一旦把 cni 卸载后，所有pod 都会因为没有对应cni 支持，导致pod 无法正常运行和通信异常；
# 生产环境如果涉及需要更换cni ，一般不会涉及，即便涉及到更换cni的，也会采用新部署一套集群，然后进行迁移；
# 卸载flannel cni 插件：
# 根据部署时记录，确认版本；
[root@master ~]# kubectl delete -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
podsecuritypolicy.policy "psp.flannel.unprivileged" deleted
clusterrole.rbac.authorization.k8s.io "flannel" deleted
clusterrolebinding.rbac.authorization.k8s.io "flannel" deleted
serviceaccount "flannel" deleted
configmap "kube-flannel-cfg" deleted
daemonset.apps "kube-flannel-ds" deleted
[root@master ~]#

[root@master ~]# ll /var/lib/cni/
total 12
drwx------ 3 root root 4096 Oct 28 23:13 cache
drwx------ 2 root root 4096 Nov 17 22:11 flannel
drwxr-xr-x 3 root root 4096 Oct 28 23:13 networks
[root@master ~]# mv /var/lib/cni/ /var/lib/cni.bak
[root@master ~]# ll /var/lib/cni.bak/
cache/    flannel/  networks/
[root@master ~]# ll /etc/cni/net.d/
total 4
-rw-r--r-- 1 root root 292 Nov 17 21:15 10-flannel.conflist
[root@master ~]# mv /etc/cni/net.d/10-flannel.conflist /etc/cni/net.d/10-flannel.conflist.bak
[root@master ~]# systemctl restart kubelet
[root@master ~]#

#安装cilium
wget https://raw.githubusercontent.com/cilium/cilium/1.9.0/install/kubernetes/quick-install.yaml

需要修改pod的网段地址 

cluster-pool-ipv4-cidr: "172.20.0.0/16"

kubectl create -f quick-install.yaml

#检查内核

wget https://raw.githubusercontent.com/cilium/cilium/master/examples/kubernetes/kernel-check/kernel-check.yaml
kubectl apply -f kernel-check.yaml

错误一：k8s找不到cilium-cni命令
Error validating CNI config list {"cniVersion":"0.3.1","name":"cilium","plugins":[{"cniVersion":"0.3.1","name":"cilium","type":"cilium-cni"}]}: [failed to find plugin "cilium-cni" in path [/opt/kube/bin]]

通常安装目录在/opt/cni/bin目录下，做一个软连接，或者修改kubelet.service的启动文件--cni-bin-dir地址

安装测试pod
kubectl apply -n cilium-test -f https://raw.githubusercontent.com/cilium/cilium/v1.9/examples/kubernetes/connectivity-check/connectivity-check.yaml

安装hubble 监控ui
kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/v1.9/install/kubernetes/quick-hubble-install.yaml

配置hubble的nodeport

# hubble-ui-nodeport-svc.yaml
kind: Service
apiVersion: v1
metadata:
  namespace: kube-system
  name: hubble-ui-np
spec:
  selector:
    k8s-app: hubble-ui
  ports:
    - name: http
      port: 8081 #hubble默认端口
      nodePort: 32321
  type: NodePort