kubernetes 安装cilium
kubernetes 安装cilium
Cilium介绍
Cilium是一个开源软件,用于透明地提供和保护使用Kubernetes,Docker和Mesos等Linux容器管理平台部署的应用程序服务之间的网络和API连接。
Cilium基于一种名为BPF的新Linux内核技术,它可以在Linux内部动态插入强大的安全性,可见性和网络控制逻辑。 除了提供传统的网络级安全性之外,BPF的灵活性还可以在API和进程级别上实现安全性,以保护容器或容器内的通信。由于BPF在Linux内核中运行,因此可以应用和更新Cilium安全策略,而无需对应用程序代码或容器配置进行任何更改。
1 安装helm
[root@k8s-master01 ~]# curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
[root@k8s-master01 ~]# chmod 700 get_helm.sh
[root@k8s-master01 ~]# ./get_helm.sh2 安装cilium
[root@k8s-master01 ~]# helm repo add cilium https://helm.cilium.io
[root@k8s-master01 ~]# helm install cilium cilium/cilium --namespace kube-system --set hubble.relay.enabled=true --set hubble.ui.enabled=true --set prometheus.enabled=true --set operator.prometheus.enabled=true --set hubble.enabled=true --set hubble.metrics.enabled="{dns,drop,tcp,flow,port-distribution,icmp,http}"
NAME: cilium
LAST DEPLOYED: Sun Sep 11 00:04:30 2022
NAMESPACE: kube-system
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
You have successfully installed Cilium with Hubble.
Your release version is 1.12.1.
For any further help, visit https://docs.cilium.io/en/v1.12/gettinghelp
[root@k8s-master01 ~]#3 查看
[root@k8s-master01 ~]# kubectl get pod -A | grep cil
kube-system cilium-gmr6c 1/1 Running 0 5m3s
kube-system cilium-kzgdj 1/1 Running 0 5m3s
kube-system cilium-operator-69b677f97c-6pw4k 1/1 Running 0 5m3s
kube-system cilium-operator-69b677f97c-xzzdk 1/1 Running 0 5m3s
kube-system cilium-q2rnr 1/1 Running 0 5m3s
kube-system cilium-smx5v 1/1 Running 0 5m3s
kube-system cilium-tdjq4 1/1 Running 0 5m3s
[root@k8s-master01 ~]#4 下载专属监控面板
[root@k8s-master01 yaml]# wget https://raw.githubusercontent.com/cilium/cilium/1.12.1/examples/kubernetes/addons/prometheus/monitoring-example.yaml
[root@k8s-master01 yaml]#
[root@k8s-master01 yaml]# kubectl apply -f monitoring-example.yaml
namespace/cilium-monitoring created
serviceaccount/prometheus-k8s created
configmap/grafana-config created
configmap/grafana-cilium-dashboard created
configmap/grafana-cilium-operator-dashboard created
configmap/grafana-hubble-dashboard created
configmap/prometheus created
clusterrole.rbac.authorization.k8s.io/prometheus created
clusterrolebinding.rbac.authorization.k8s.io/prometheus created
service/grafana created
service/prometheus created
deployment.apps/grafana created
deployment.apps/prometheus created
[root@k8s-master01 yaml]#5 下载部署测试用例
[root@k8s-master01 yaml]# wget https://raw.githubusercontent.com/cilium/cilium/master/examples/kubernetes/connectivity-check/connectivity-check.yaml
[root@k8s-master01 yaml]# sed -i "s#google.com#oiox.cn#g" connectivity-check.yaml
[root@k8s-master01 yaml]# kubectl apply -f connectivity-check.yaml
deployment.apps/echo-a created
deployment.apps/echo-b created
deployment.apps/echo-b-host created
deployment.apps/pod-to-a created
deployment.apps/pod-to-external-1111 created
deployment.apps/pod-to-a-denied-cnp created
deployment.apps/pod-to-a-allowed-cnp created
deployment.apps/pod-to-external-fqdn-allow-google-cnp created
deployment.apps/pod-to-b-multi-node-clusterip created
deployment.apps/pod-to-b-multi-node-headless created
deployment.apps/host-to-b-multi-node-clusterip created
deployment.apps/host-to-b-multi-node-headless created
deployment.apps/pod-to-b-multi-node-nodeport created
deployment.apps/pod-to-b-intra-node-nodeport created
service/echo-a created
service/echo-b created
service/echo-b-headless created
service/echo-b-host-headless created
ciliumnetworkpolicy.cilium.io/pod-to-a-denied-cnp created
ciliumnetworkpolicy.cilium.io/pod-to-a-allowed-cnp created
ciliumnetworkpolicy.cilium.io/pod-to-external-fqdn-allow-google-cnp created
[root@k8s-master01 yaml]#6 查看pod
[root@k8s-master01 yaml]# kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
cilium-monitoring grafana-59957b9549-6zzqh 1/1 Running 0 10m
cilium-monitoring prometheus-7c8c9684bb-4v9cl 1/1 Running 0 10m
default chenby-75b5d7fbfb-7zjsr 1/1 Running 0 27h
default chenby-75b5d7fbfb-hbvr8 1/1 Running 0 27h
default chenby-75b5d7fbfb-ppbzg 1/1 Running 0 27h
default echo-a-6799dff547-pnx6w 1/1 Running 0 10m
default echo-b-fc47b659c-4bdg9 1/1 Running 0 10m
default echo-b-host-67fcfd59b7-28r9s 1/1 Running 0 10m
default host-to-b-multi-node-clusterip-69c57975d6-z4j2z 1/1 Running 0 10m
default host-to-b-multi-node-headless-865899f7bb-frrmc 1/1 Running 0 10m
default pod-to-a-allowed-cnp-5f9d7d4b9d-hcd8x 1/1 Running 0 10m
default pod-to-a-denied-cnp-65cc5ff97b-2rzb8 1/1 Running 0 10m
default pod-to-a-dfc64f564-p7xcn 1/1 Running 0 10m
default pod-to-b-intra-node-nodeport-677868746b-trk2l 1/1 Running 0 10m
default pod-to-b-multi-node-clusterip-76bbbc677b-knfq2 1/1 Running 0 10m
default pod-to-b-multi-node-headless-698c6579fd-mmvd7 1/1 Running 0 10m
default pod-to-b-multi-node-nodeport-5dc4b8cfd6-8dxmz 1/1 Running 0 10m
default pod-to-external-1111-8459965778-pjt9b 1/1 Running 0 10m
default pod-to-external-fqdn-allow-google-cnp-64df9fb89b-l9l4q 1/1 Running 0 10m
kube-system cilium-7rfj6 1/1 Running 0 56s
kube-system cilium-d4cch 1/1 Running 0 56s
kube-system cilium-h5x8r 1/1 Running 0 56s
kube-system cilium-operator-5dbddb6dbf-flpl5 1/1 Running 0 56s
kube-system cilium-operator-5dbddb6dbf-gcznc 1/1 Running 0 56s
kube-system cilium-t2xlz 1/1 Running 0 56s
kube-system cilium-z65z7 1/1 Running 0 56s
kube-system coredns-665475b9f8-jkqn8 1/1 Running 1 (36h ago) 36h
kube-system hubble-relay-59d8575-9pl9z 1/1 Running 0 56s
kube-system hubble-ui-64d4995d57-nsv9j 2/2 Running 0 56s
kube-system metrics-server-776f58c94b-c6zgs 1/1 Running 1 (36h ago) 37h
[root@k8s-master01 yaml]#7 修改为NodePort
[root@k8s-master01 yaml]# kubectl edit svc -n kube-system hubble-ui
service/hubble-ui edited
[root@k8s-master01 yaml]#
[root@k8s-master01 yaml]# kubectl edit svc -n cilium-monitoring grafana
service/grafana edited
[root@k8s-master01 yaml]#
[root@k8s-master01 yaml]# kubectl edit svc -n cilium-monitoring prometheus
service/prometheus edited
[root@k8s-master01 yaml]#
type: NodePort8 查看端口
[root@k8s-master01 yaml]# kubectl get svc -A | grep monit
cilium-monitoring grafana NodePort 10.100.250.17 <none> 3000:30707/TCP 15m
cilium-monitoring prometheus NodePort 10.100.131.243 <none> 9090:31155/TCP 15m
[root@k8s-master01 yaml]#
[root@k8s-master01 yaml]# kubectl get svc -A | grep hubble
kube-system hubble-metrics ClusterIP None <none> 9965/TCP 5m12s
kube-system hubble-peer ClusterIP 10.100.150.29 <none> 443/TCP 5m12s
kube-system hubble-relay ClusterIP 10.109.251.34 <none> 80/TCP 5m12s
kube-system hubble-ui NodePort 10.102.253.59 <none> 80:31219/TCP 5m12s
[root@k8s-master01 yaml]#9 访问
http://192.168.1.61:30707
http://192.168.1.61:31155
http://192.168.1.61:31219
关于
https://www.oiox.cn/
https://www.oiox.cn/index.php/start-page.html
CSDN、GitHub、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客
全网可搜《小陈运维》
文章主要发布于微信公众号
kubernetes 安装cilium的更多相关文章
- Docker系列(九)Kubernetes安装
环境: A.B两天机器A机器IP:192.169.0.104,B机器IP:192.168.0.102,其中A为Master节点,B为Slave节点 操作系统:Centos7 Master与Slave节 ...
- 轻松加愉快的 Kubernetes 安装教程
轻松加愉快的 Kubernetes 安装教程 马哥Linux运维 2 days ago 作者:无聊的学习者 来源:见文末 在国内安装 K8S,一直是大家很头痛的问题,各种麻烦,关键是还不知道需要下载什 ...
- Kuboard Kubernetes安装
一.简介 Kubernetes 容器编排已越来越被大家关注,然而使用 Kubernetes 的门槛却依然很高,主要体现在这几个方面: 集群的安装复杂,出错概率大 Kubernetes相较于容器化,引入 ...
- kubernetes安装-kubeadm
系统信息 角色 系统 CPU Core memory master 18.04.1-Ubuntu 4 8G slave 18.04.1-Ubuntu 4 4G 安装前准备(主节点和从节点都需要执行) ...
- kubernetes安装-二进制
主要参考https://github.com/opsnull/follow-me-install-kubernetes-cluster,采用Flanel和docker 系统信息 角色 系统 CPU C ...
- 服务网格Istio入门-详细记录Kubernetes安装Istio并使用
我最新最全的文章都在南瓜慢说 www.pkslow.com,文章更新也只在官网,欢迎大家来喝茶~~ 1 服务网格Istio Istio是开源的Service Mesh实现,一般用于Kubernetes ...
- Kubernetes安装GitLab
个人名片: 对人间的热爱与歌颂,可抵岁月冗长 Github:念舒_C.ying CSDN主页️:念舒_C.ying 个人博客 :念舒_C.ying Kubernetes安装GitLab Step 1 ...
- kubernetes 安装备注
一.安装环境 阿里云:centos 7.3 master节点:外网IP(116.62.205.90).内网IP(172.16.223.200) node节点:外网IP(116.62.212.174). ...
- kubernetes安装
本文主要参考自: https://blog.csdn.net/real_myth/article/details/78719244 还有一份更适合在生产环境使用的超强高可用(多master,nginx ...
- kubernetes 安装kong、kong-ingress-controlor
一.关于kong的详细内容这里不再赘述,可以查看官网. kong升级到1.0以后功能越来越完善,并切新版本的kong可以作为service-mesh使用,并可以将其作为kubernetes的ingre ...
随机推荐
- java pta第二次阶段性总结
一.前言 经过这三次的pta训练,我对java再一次有了一个新的认识,这三次比起之前难度更大,所涉及的知识点更多.第4.5次作业是在前几次作业上的再次拓展,由三角形拓展到四边形,再由四边形拓展到五边形 ...
- tomcat8.5.55启动失败service tomcat start 报错
问题描述: Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these e ...
- webpack配置跨域proxy
首先新建一个项目: 安装vue-cli: npm i -g @vue/cli npm i -g @vue/cli-init 安装webpack: npm install webpack -g vue新 ...
- python.字典方法。第三天
当需要为字典中的键设置默认值时,当该键没有任何值时使用它.代码如下 spam={'name':'Pooka','age':'5'} if 'color' not in sapm; spam['colo ...
- Crypto入门 (七) Railfence (栏栅密码,正常型和W型)
前言: Crypto中分三类,分别是编码.古典密码.现代密码,栏栅密码属于古典密码中得特殊移位密码,密钥只有 一个k,表示栏栅得长度.所谓栏栅密码就是将要加密得明文分成k个一组,然后取每组得第一个字符 ...
- LoadRunner性能测试-app压力测试
步骤分为三步: 一,录制脚本 录制脚本原理:启动LR代理服务器监听设置好的端口号是否有请求发送给服务器,有请求时,代理服务器接收请求,并转发给对应的系统服务器,LR从而获取到请求的信息与数据,生成脚本 ...
- 2020/5/26-笔记:Oracle数据库表空间的管理
1新建表空间 (1)普通(本地管理)表空间: create tablespace 表空间名 datafile'OS系统文件路径\文件名.dbf' size nM; 或 create tablespac ...
- AD域服务相关知识
一.活动目录及意义 活动目录:windows网络中的目录服务(Directory Service),即活动目录域服务(AD DS) 目录服务:目录和与目录相关服务 活动目录负责目录数据库的保存.新建. ...
- C#向其实进程子窗体发送指令
近日,想在自己的软件简单控制其它软件的最大化最小化,想到直接向进程发送指令,结果一直无效,经过Spy++发现,原来快捷方式在子窗体上,所以需要遍历子窗体在发送指令,以下为参考代码: 1 [DllImp ...
- canal对接阿里云kafka
一.前提条件 已经有mysql实例 自建或者云上都可以 已经在阿里云的kakfa创建topic 默认不自动创建topic 二.配置要监控的instance 先修改example的配置文件 conf/e ...