K8S Cilium网络插件——安装（v1.11.x版本）

参考链接：https://copyfuture.com/blogs-details/202201220359198627

(cilium install --helm-set tunnel=disabled  --helm-set autoDirectNodeRoutes=true --helm-set kubeProxyReplacement=strict  --helm-set loadBalancer.mode=hybrid --helm-set ipv4NativeRoutingCIDR=192.168.0.192/26)

(cilium install --helm-set prometheus.enabled=true,operator.prometheus.enabled=true,hubble.enabled=true,hubble.metrics.enabled="{dns,drop,tcp,flow,port-distribution,icmp,http}",tunnel=vxlan,ipam.mode=kubernetes)

1 安装cilium

1.1 cilium-cli

先安装cilium-cli工具，

wget https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
tar -xf cilium-linux-amd64.tar.gz -C /usr/bin/

1.2 cilium

然后直接用cilium安装即可，安装完检查状态

[root@master8 home]# cilium install
️ using Cilium version "v1.11.0"
 Auto-detected cluster name: kubernetes
 Auto-detected IPAM mode: cluster-pool
 Found CA in secret cilium-ca
 Generating certificates for Hubble...
 Creating Service accounts...
 Creating Cluster roles...
 Creating ConfigMap for Cilium version 1.11.0...
 Creating Agent DaemonSet...
 Creating Operator Deployment...
Waiting for Cilium to be installed and ready...
️ Restarting unmanaged pods...
️ Restarted unmanaged pod kube-system/coredns-558bd4d5db-5rph9
️ Restarted unmanaged pod kube-system/coredns-558bd4d5db-bw246
Cilium was successfully installed! Run 'cilium status' to view installation health
[root@master8 ~]# cilium status
/¯¯\
/¯¯\__/¯¯\ Cilium: OK
\__/¯¯\__/ Operator: OK
/¯¯\__/¯¯\ Hubble: disabled
\__/¯¯\__/ ClusterMesh: disabled
\__/
Deployment cilium-operator Desired: 1, Ready: 1/1, Available: 1/1
DaemonSet cilium Desired: 3, Ready: 3/3, Available: 3/3
Containers: cilium Running: 3
cilium-operator Running: 1
Cluster Pods: 2/2 managed by Cilium
Image versions cilium-operator quay.io/cilium/operator-generic:v1.11.0: 1
cilium quay.io/cilium/cilium:v1.11.0: 3

2 部署hubble

2.1 hubble

hubble是用于网络和安全的观察工具，可以直接通过cilium命令安装

[root@master8 ~]# cilium hubble enable
 Found CA in secret cilium-ca
Patching ConfigMap cilium-config to enable Hubble...
️ Restarted Cilium pods
Waiting for Cilium to become ready before deploying other Hubble component(s)...
Relay is already deployed
Waiting for Hubble to be installed...
Hubble was successfully enabled!
[root@master8 ~]# cilium status
/¯¯\
/¯¯\__/¯¯\ Cilium: OK
\__/¯¯\__/ Operator: OK
/¯¯\__/¯¯\ Hubble: OK
\__/¯¯\__/ ClusterMesh: disabled
\__/
Deployment cilium-operator Desired: 1, Ready: 1/1, Available: 1/1
Deployment hubble-relay Desired: 1, Ready: 1/1, Available: 1/1
DaemonSet cilium Desired: 3, Ready: 3/3, Available: 3/3
Containers: hubble-relay Running: 1
cilium Running: 3
cilium-operator Running: 1
Cluster Pods: 3/3 managed by Cilium
Image versions cilium quay.io/cilium/cilium:v1.11.0: 3
cilium-operator quay.io/cilium/operator-generic:v1.11.0: 1
hubble-relay quay.io/cilium/hubble-relay:v1.11.0: 1

2.2 hubble-cli

安装hubble-cli工具，

wget https://github.com/cilium/hubble/releases/download/v0.9.0/hubble-linux-amd64.tar.gz
tar -xf hubble-linux-amd64.tar.gz -C /usr/bin/

然后是为hubble服务在本机启用端口转发，从而让我们能连接到该服务，

[root@master8 home]# cilium hubble port-forward&
[1] 100758
[root@master8 home]# hubble status
Healthcheck (via localhost:4245): Ok
Current/Max Flows: 7,296/12,285 (59.39%)
Flows/s: 7.27
Connected Nodes: 3/3

2.3 hubble-ui

最后为了能够通过web ui查看hubble收集的信息，还需要安装对应的ui服务，

[root@master8 home]# cilium hubble enable --ui
 Found CA in secret cilium-ca
Patching ConfigMap cilium-config to enable Hubble...
️ Restarted Cilium pods
Waiting for Cilium to become ready before deploying other Hubble component(s)...
Relay is already deployed
Hubble UI is already deployed
Waiting for Hubble to be installed...
Hubble was successfully enabled!
[root@master8 home]# cilium status
/¯¯\
/¯¯\__/¯¯\ Cilium: OK
\__/¯¯\__/ Operator: OK
/¯¯\__/¯¯\ Hubble: OK
\__/¯¯\__/ ClusterMesh: disabled
\__/
DaemonSet cilium Desired: 3, Ready: 3/3, Available: 3/3
Deployment cilium-operator Desired: 1, Ready: 1/1, Available: 1/1
Deployment hubble-relay Desired: 1, Ready: 1/1, Available: 1/1
Deployment hubble-ui Desired: 1, Ready: 1/1, Available: 1/1
Containers: cilium Running: 3
cilium-operator Running: 1
hubble-relay Running: 1
hubble-ui Running: 1
Cluster Pods: 4/4 managed by Cilium
Image versions cilium-operator quay.io/cilium/operator-generic:v1.11.0: 1
hubble-relay quay.io/cilium/hubble-relay:v1.11.0: 1
hubble-ui quay.io/cilium/hubble-ui:v0.8.3: 1
hubble-ui quay.io/cilium/hubble-ui-backend:v0.8.3: 1
hubble-ui registry-1.docker.io/envoyproxy/envoy:v1.18.2: 1
cilium quay.io/cilium/cilium:v1.11.0: 3

然后同样需要为hubble-ui服务开启端口转发，

[root@master8 home]# cilium hubble ui&
[2] 115889

因为我是用虚拟机部署的，所以要通过master node的hostip访问，端口是12000