K8S Cilium网络插件——安装

注:本文基于Cilium v1.11.0编写

1 安装cilium

1.1 cilium-cli

先安装cilium-cli工具,

wget https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
tar -xf cilium-linux-amd64.tar.gz -C /usr/bin/

1.2 cilium

然后直接用cilium安装即可,安装完检查状态

[root@master8 home]# cilium install
ℹ️  using Cilium version "v1.11.0"
 Auto-detected cluster name: kubernetes
 Auto-detected IPAM mode: cluster-pool
 Found CA in secret cilium-ca
 Generating certificates for Hubble...
 Creating Service accounts...
 Creating Cluster roles...
 Creating ConfigMap for Cilium version 1.11.0...
 Creating Agent DaemonSet...
 Creating Operator Deployment...
⌛ Waiting for Cilium to be installed and ready...
♻️  Restarting unmanaged pods...
♻️  Restarted unmanaged pod kube-system/coredns-558bd4d5db-5rph9
♻️  Restarted unmanaged pod kube-system/coredns-558bd4d5db-bw246
✅ Cilium was successfully installed! Run 'cilium status' to view installation health
[root@master8 ~]# cilium status
    /¯¯\
 /¯¯\__/¯¯\    Cilium:         OK
 \__/¯¯\__/    Operator:       OK
 /¯¯\__/¯¯\    Hubble:         disabled
 \__/¯¯\__/    ClusterMesh:    disabled
    \__/

Deployment        cilium-operator    Desired: 1, Ready: 1/1, Available: 1/1
DaemonSet         cilium             Desired: 3, Ready: 3/3, Available: 3/3
Containers:       cilium             Running: 3
                  cilium-operator    Running: 1
Cluster Pods:     2/2 managed by Cilium
Image versions    cilium-operator    quay.io/cilium/operator-generic:v1.11.0: 1
                  cilium             quay.io/cilium/cilium:v1.11.0: 3

2 部署hubble

2.1 hubble

hubble是用于网络和安全的观察工具,可以直接通过cilium命令安装

[root@master8 ~]# cilium hubble enable
 Found CA in secret cilium-ca
✨ Patching ConfigMap cilium-config to enable Hubble...
♻️  Restarted Cilium pods
⌛ Waiting for Cilium to become ready before deploying other Hubble component(s)...
✅ Relay is already deployed
⌛ Waiting for Hubble to be installed...
✅ Hubble was successfully enabled!
[root@master8 ~]# cilium status
    /¯¯\
 /¯¯\__/¯¯\    Cilium:         OK
 \__/¯¯\__/    Operator:       OK
 /¯¯\__/¯¯\    Hubble:         OK
 \__/¯¯\__/    ClusterMesh:    disabled
    \__/

Deployment        cilium-operator    Desired: 1, Ready: 1/1, Available: 1/1
Deployment        hubble-relay       Desired: 1, Ready: 1/1, Available: 1/1
DaemonSet         cilium             Desired: 3, Ready: 3/3, Available: 3/3
Containers:       hubble-relay       Running: 1
                  cilium             Running: 3
                  cilium-operator    Running: 1
Cluster Pods:     3/3 managed by Cilium
Image versions    cilium             quay.io/cilium/cilium:v1.11.0: 3
                  cilium-operator    quay.io/cilium/operator-generic:v1.11.0: 1
                  hubble-relay       quay.io/cilium/hubble-relay:v1.11.0: 1

2.2 hubble-cli

安装hubble-cli工具,

wget https://github.com/cilium/hubble/releases/download/v0.9.0/hubble-linux-amd64.tar.gz
tar -xf hubble-linux-amd64.tar.gz -C /usr/bin/

然后是为hubble服务在本机启用端口转发,从而让我们能连接到该服务,

[root@master8 home]# cilium hubble port-forward&
[1] 100758
[root@master8 home]# hubble status
Healthcheck (via localhost:4245): Ok
Current/Max Flows: 7,296/12,285 (59.39%)
Flows/s: 7.27
Connected Nodes: 3/3

2.3 hubble-ui

最后为了能够通过web ui查看hubble收集的信息,还需要安装对应的ui服务,

[root@master8 home]# cilium hubble enable --ui
 Found CA in secret cilium-ca
✨ Patching ConfigMap cilium-config to enable Hubble...
♻️  Restarted Cilium pods
⌛ Waiting for Cilium to become ready before deploying other Hubble component(s)...
✅ Relay is already deployed
✅ Hubble UI is already deployed
⌛ Waiting for Hubble to be installed...
✅ Hubble was successfully enabled!
[root@master8 home]# cilium status
    /¯¯\
 /¯¯\__/¯¯\    Cilium:         OK
 \__/¯¯\__/    Operator:       OK
 /¯¯\__/¯¯\    Hubble:         OK
 \__/¯¯\__/    ClusterMesh:    disabled
    \__/

DaemonSet         cilium             Desired: 3, Ready: 3/3, Available: 3/3
Deployment        cilium-operator    Desired: 1, Ready: 1/1, Available: 1/1
Deployment        hubble-relay       Desired: 1, Ready: 1/1, Available: 1/1
Deployment        hubble-ui          Desired: 1, Ready: 1/1, Available: 1/1
Containers:       cilium             Running: 3
                  cilium-operator    Running: 1
                  hubble-relay       Running: 1
                  hubble-ui          Running: 1
Cluster Pods:     4/4 managed by Cilium
Image versions    cilium-operator    quay.io/cilium/operator-generic:v1.11.0: 1
                  hubble-relay       quay.io/cilium/hubble-relay:v1.11.0: 1
                  hubble-ui          quay.io/cilium/hubble-ui:v0.8.3: 1
                  hubble-ui          quay.io/cilium/hubble-ui-backend:v0.8.3: 1
                  hubble-ui          registry-1.docker.io/envoyproxy/envoy:v1.18.2: 1
                  cilium             quay.io/cilium/cilium:v1.11.0: 3

然后同样需要为hubble-ui服务开启端口转发,

[root@master8 home]# cilium hubble ui&
[2] 115889

因为我是用虚拟机部署的,所以要通过master node的hostip访问,端口是12000
K8S Cilium网络插件——安装_第1张图片
如果无法获取到cilium相关镜像,可从以下链接下载(访问密码:6501):
cilium-cli:v0.10.0
cilium:v1.11.0
operator-generic:v1.11.0
hubble-cli:0.9.0
hubble-relay:v1.11.0
hubble-ui-backend:v0.8.3
hubble-ui:v0.8.3
envoy:v1.18.2


参考文档:

  1. https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/
  2. https://docs.cilium.io/en/stable/gettingstarted/hubble_setup/#hubble-setup
  3. https://docs.cilium.io/en/stable/gettingstarted/hubble/

你可能感兴趣的:(Kubernetes,cilium,hubble,k8s)