Kuberntes 之 Cilium 启用Cilium Ingress Controller【2024-03-01 测试成功】
部署MetaILB + 启用Cilium Ingress Controller
#
root@ubuntu-k8s-master01:~# cilium uninstall
🔥 Deleting pods in cilium-test namespace...
🔥 Deleting cilium-test namespace...
#
root@ubuntu-k8s-master01:~/software# cilium install \
--set kubeProxyReplacement=strict \
--set ipam.mode=kubernetes \
--set routingMode=tunnel \
--set tunnelProtocol=vxlan \
--set ipam.operator.clusterPoolIPv4PodCIDRList=10.244.0.0/16 \
--set ipam.Operator.ClusterPoolIPv4MaskSize=24 \
--set ingressController.enabled=true \
--set ingressController.loadbalancerMode=shared
ℹ️ Using Cilium version 1.15.0
🔮 Auto-detected cluster name: kubernetes
🔮 Auto-detected kube-proxy has not been installed
ℹ️ Cilium will fully replace all functionalities of kube-proxy
root@ubuntu-k8s-master01:~/software# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
cilium-jvvdp 1/1 Running 0 57s
cilium-mnr4p 1/1 Running 0 57s
cilium-operator-7764cf64d6-zfw96 1/1 Running 0 57s
cilium-svx6j 1/1 Running 0 57s
coredns-774bbd8588-5qx92 1/1 Running 0 19h
coredns-774bbd8588-ggfjp 1/1 Running 0 19h
etcd-ubuntu-k8s-master01 1/1 Running 0 19h
etcd-ubuntu-k8s-node01 1/1 Running 0 19h
etcd-ubuntu-k8s-node02 1/1 Running 0 19h
kube-apiserver-ubuntu-k8s-master01 1/1 Running 0 19h
kube-apiserver-ubuntu-k8s-node01 1/1 Running 0 19h
kube-apiserver-ubuntu-k8s-node02 1/1 Running 0 19h
kube-controller-manager-ubuntu-k8s-master01 1/1 Running 1 (19h ago) 19h
kube-controller-manager-ubuntu-k8s-node01 1/1 Running 0 19h
kube-controller-manager-ubuntu-k8s-node02 1/1 Running 0 19h
kube-scheduler-ubuntu-k8s-master01 1/1 Running 1 (19h ago) 19h
kube-scheduler-ubuntu-k8s-node01 1/1 Running 0 19h
kube-scheduler-ubuntu-k8s-node02 1/1 Running 0 19h
root@ubuntu-k8s-master01:~/software# cilium status
/¯¯\
/¯¯\__/¯¯\ Cilium: OK
\__/¯¯\__/ Operator: OK
/¯¯\__/¯¯\ Envoy DaemonSet: disabled (using embedded mode)
\__/¯¯\__/ Hubble Relay: disabled
\__/ ClusterMesh: disabled
Deployment cilium-operator Desired: 1, Ready: 1/1, Available: 1/1
DaemonSet cilium Desired: 3, Ready: 3/3, Available: 3/3
Containers: cilium Running: 3
cilium-operator Running: 1
Cluster Pods: 5/5 managed by Cilium
Helm chart version: 1.15.0
Image versions cilium quay.io/cilium/cilium:v1.15.0@sha256:9cfd6a0a3a964780e73a11159f93cc363e616f7d9783608f62af6cfdf3759619: 3
cilium-operator quay.io/cilium/operator-generic:v1.15.0@sha256:e26ecd316e742e4c8aa1e302ba8b577c2d37d114583d6c4cdd2b638493546a79: 1
root@ubuntu-k8s-master01:~/software# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cilium-ingress LoadBalancer 10.102.86.21 <pending> 80:30616/TCP,443:32436/TCP 108s
hubble-peer ClusterIP 10.101.155.52 <none> 443/TCP 108s
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 19h
#部署MetaILB
#这里因为没有部署kube-proxy 所以不用修改kubectl edit cm kube-proxy -n kube-system 这一步
#192.168.40.51
root@ubuntu-k8s-master01:~/software# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cilium-ingress LoadBalancer 10.102.86.21 192.168.40.51 80:30616/TCP,443:32436/TCP 18m
hubble-peer ClusterIP 10.101.155.52 <none> 443/TCP 18m
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 20h通过 Cilium Ingress Controller 开放 Hubble UI
root@ubuntu-k8s-master01:~/software# cilium hubble enable --ui
root@ubuntu-k8s-master01:~/software# kubectl get svc -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cilium-ingress LoadBalancer 10.102.86.21 192.168.40.51 80:30616/TCP,443:32436/TCP 23m
hubble-peer ClusterIP 10.101.155.52 <none> 443/TCP 23m
hubble-relay ClusterIP 10.97.223.195 <none> 80/TCP 9s
hubble-ui ClusterIP 10.110.4.237 <none> 80/TCP 9s
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 20h
root@ubuntu-k8s-master01:~/software# kubectl create ingress hubble-ui --rule='hubble.sheca.com/*=hubble-ui:80' --class='cilium' -n kube-system --dry-run=client -o yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
creationTimestamp: null
name: hubble-ui
namespace: kube-system
spec:
ingressClassName: cilium
rules:
- host: hubble.sheca.com
http:
paths:
- backend:
service:
name: hubble-ui
port:
number: 80
path: /
pathType: Prefix
status:
loadBalancer: {}
#此时的192.168.40.51 因为之前是shared模式 所以 Cilium的外部IP就是192.168.40.51
root@ubuntu-k8s-master01:~/software# kubectl create ingress hubble-ui --rule='hubble.sheca.com/*=hubble-ui:80' --class='cilium' -n kube-system
ingress.networking.k8s.io/hubble-ui created
root@ubuntu-k8s-master01:~/software# kubectl get ingress -n kube-system
NAME CLASS HOSTS ADDRESS PORTS AGE
hubble-ui cilium hubble.sheca.com 192.168.40.51 80 25s
root@ubuntu-k8s-master01:~/software# kubectl describe ingress hubble-ui -n kube-system
Name: hubble-ui
Labels: <none>
Namespace: kube-system
Address: 192.168.40.51
Ingress Class: cilium
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
hubble.sheca.com
/ hubble-ui:80 (10.244.1.106:8081)
Annotations: <none>
Events: <none>
#编辑 笔记本 /etc/hosts文件
192.168.40.51 hubble.sheca.com![]()
通过Ingress 暴露服务-shared模式 共用一个External IP
通过Ingress 暴露服务-shared模式 共用一个External IProot@ubuntu-k8s-master01:~/software# kubectl create deployment demoapp-cilium --image=ikubernetes/demoapp:v1.0 --replicas=3
deployment.apps/demoapp-cilium created
root@ubuntu-k8s-master01:~/software# kubectl get pods -o wide | grep cilium
demoapp-cilium-65c55ccffb-8lp84 1/1 Running 0 91s 10.244.1.115 ubuntu-k8s-node01 <none> <none>
demoapp-cilium-65c55ccffb-j9zlb 1/1 Running 0 91s 10.244.2.105 ubuntu-k8s-node02 <none> <none>
demoapp-cilium-65c55ccffb-rwq9j 1/1 Running 0 91s 10.244.2.191 ubuntu-k8s-node02 <none> <none>
root@ubuntu-k8s-master01:~/software# kubectl create service clusterip demoapp-cilium --tcp=80:80
service/demoapp-cilium created
root@ubuntu-k8s-master01:~/software# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
demoapp ClusterIP 10.96.47.49 <none> 80/TCP 19h
demoapp-cilium ClusterIP 10.105.188.29 <none> 80/TCP 2m5s
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 20h
root@ubuntu-k8s-master01:~/software# kubectl get ep
NAME ENDPOINTS AGE
demoapp 10.244.1.44:80,10.244.2.46:80,10.244.2.73:80 19h
demoapp-cilium 10.244.1.115:80,10.244.2.105:80,10.244.2.191:80 3s
kubernetes 192.168.40.132:6443,192.168.40.133:6443,192.168.40.134:6443 20h
#创建Ingress
root@ubuntu-k8s-master01:~/software# kubectl create ingress demoapp-cilium-ingress --rule='demoapp-cilium.sheca.com/*=demoapp-cilium:80' --class='cilium'
ingress.networking.k8s.io/demoapp-cilium-ingress created
root@ubuntu-k8s-master01:~/software# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
demoapp-cilium-ingress cilium demoapp-cilium.sheca.com 192.168.40.51 80 6s
#配置Hosts
192.168.40.51 dzzz.sheca.com hubble.sheca.com demoapp-cilium.sheca.com
#访问浏览器
demoapp-cilium.sheca.com
通过Ingress 暴露服务-dedicated 模式 每个Service独用一个External IP
root@ubuntu-k8s-master01:~/software# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
demoapp-cilium-ingress cilium demoapp-cilium.sheca.com 192.168.40.51 80 3m56s
#保存之前的配置 进行修改为dedicated模式
root@ubuntu-k8s-master01:~/software# kubectl create ingress demoapp-cilium-ingress --rule='demoapp-cilium.sheca.com/*=demoapp-cilium:80' --class='cilium' --dry-run=client -o yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
creationTimestamp: null
name: demoapp-cilium-ingress
spec:
ingressClassName: cilium
rules:
- host: demoapp-cilium.sheca.com
http:
paths:
- backend:
service:
name: demoapp-cilium
port:
number: 80
path: /
pathType: Prefix
status:
loadBalancer: {}
root@ubuntu-k8s-master01:~/software# kubectl create ingress demoapp-cilium-ingress --rule='demoapp-cilium.sheca.com/*=demoapp-cilium:80' --class='cilium' --dry-run=client -o yaml > demoapp-cilium-ingress-shared.yaml
#192.168.40.52
root@ubuntu-k8s-master01:~/software# kubectl get ingress
NAME CLASS HOSTS ADDRESS PORTS AGE
demoapp-cilium-ingress cilium demoapp-cilium.sheca.com 192.168.40.52 80 24m
#单独会建立一个cilium-ingress-demoapp-cilium-ingress 名字
root@ubuntu-k8s-master01:~/software# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
cilium-ingress-demoapp-cilium-ingress LoadBalancer 10.97.191.210 192.168.40.52 80:30900/TCP,443:32014/TCP 25m
demoapp ClusterIP 10.96.47.49 <none> 80/TCP 19h
demoapp-cilium ClusterIP 10.105.188.29 <none> 80/TCP 36m
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 21h
#配置hosts
192.168.40.52 demoapp-cilium.sheca.com
#访问
demoapp-cilium.sheca.com 
浙公网安备 33010602011771号