使用 cilium 作为网络插件部署 K8s + KubeSphere

ruiyaoOps

系统要求

Linux kernel >= 4.9.17
更多信息请查看 cilium 系统要求

环境

以一台 Ubuntu Server 20.04.1 LTS 64bit 为例

name	ip	role
node1	10.160.6.136	etcd, master, worker

下载安装包

sudo wget https://github.com/kubesphere/kubekey/releases/download/v1.1.0/kubekey-v1.1.0-linux-64bit.deb

使用 cilium 作为网络插件部署 KubeSphere

1.安装 KubeKey

sudo dpkg -i kubekey-v1.1.0-linux-64bit.deb

2.生成配置文件

sudo kk create config --with-kubernetes v1.19.8

3.修改配置文件，将网络插件修改为 cilium
注意将spec.network.plugin 的值修改为 cilium

sudo vi config-sample.yaml

apiVersion: kubekey.kubesphere.io/v1alpha1
kind: Cluster
metadata:
  name: sample
spec:
  hosts:
  - {name: node1, address: 10.160.6.136, internalAddress: 10.160.6.136, user: ubuntu, password: ********}
  roleGroups:
    etcd:
    - node1
    master: 
    - node1
    worker:
    - node1
  controlPlaneEndpoint:
    domain: lb.kubesphere.local
    address: ""
    port: 6443
  kubernetes:
    version: v1.19.8
    imageRepo: kubesphere
    clusterName: cluster.local
  network:
    plugin: cilium
    kubePodsCIDR: 10.233.64.0/18
    kubeServiceCIDR: 10.233.0.0/18
  registry:
    registryMirrors: []
    insecureRegistries: []
  addons: []

4.部署依赖

sudo kk init os -f config-sample.yaml

5.部署 KubeSphere

sudo kk create cluster -f config-sample.yaml --with-kubesphere v3.1.0

看到如下提示说明安装完成

#####################################################
###              Welcome to KubeSphere!           ###
#####################################################

Console: http://10.160.6.136:30880
Account: admin
Password: P@88w0rd

NOTES：
  1. After you log into the console, please check the
     monitoring status of service components in
     "Cluster Management". If any service is not
     ready, please wait patiently until all components 
     are up and running.
  2. Please change the default password after login.

#####################################################
https://kubesphere.io             2021-05-18 17:15:03
#####################################################
INFO[17:15:16 CST] Installation is complete.

6.登陆 KubeSphere console

7.检查状态

安装hubble UI

kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/v1.8/install/kubernetes/experimental-install.yaml

检查状态

安装 demo 服务，并在 hubble UI 查看服务依赖关系

1.安装 demo

kubectl apply -f https://raw.githubusercontent.com/cilium/cilium/1.9.7/examples/minikube/http-sw-app.yaml -n default

2.将 hubble UI 服务类型修改为 nodeport

3.访问 demo

kubectl exec xwing -n default -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing
Ship landed
kubectl exec tiefighter -n default -- curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing
Ship landed

4.在 hubble 上查看服务依赖关系

ruiyaoOps

@Feynman 申请加精 😆

Feynman

ruiyaoOps Cool! Cilium 来了

snow_huige

请教下，系统要求需要是x86架构吧，好像网上说是cilium目前不支持arm架构?

johnniang

snow_huige v1.10 应该是支持多架构镜像。

cilium/cilium#9898 (comment)

shake

kubectl -n kube-system exec -ti cilium-4ft5k – cilium status

KVStore: Ok Disabled
Kubernetes: Ok 1.20 (v1.20.4) [linux/amd64]
Kubernetes APIs: [“CustomResourceDefinition”, “cilium/v2::CiliumClusterwideNetworkPolicy”, “cilium/v2::CiliumEndpoint”, “cilium/v2::CiliumNetworkPolicy”, “cilium/v2::CiliumNode”, “core/v1::Namespace”, “core/v1::Node”, “core/v1:😛ods”, “core/v1::Service”, “discovery/v1beta1::EndpointSlice”, “networking.k8s.io/v1::NetworkPolicy”]
KubeProxyReplacement: Probe [eth0 (DR)] [NodePort (SNAT, 30000-32767, XDP: DISABLED), HostPort, ExternalIPs, HostReachableServices (TCP, UDP), SessionAffinity]
Cilium: Ok OK
NodeMonitor: Disabled
Cilium health daemon: Ok
IPAM: IPv4: 20/255 allocated from 10.233.64.0/24,
Masquerading: BPF [eth0] 10.233.64.0/24
Controller Status: 89/89 healthy
Proxy Status: OK, ip 10.233.64.33, 0 redirects active on ports 10000-20000
Hubble: Disabled
Cluster health: 2/2 reachable (2021-07-05T06:12:14Z)

默认hubble disalbed, ui 看不到流量。

ruiyaoOps

shake 这个是由于之前部署 hubble ui 的 yaml 没有增加 cilium-config 中的 enable-hubble: true，https://raw.githubusercontent.com/cilium/cilium/v1.8/install/kubernetes/experimental-install.yaml 中已经添加了