73 lines
2.9 KiB
Plaintext
73 lines
2.9 KiB
Plaintext
https://docs.cilium.io/en/v1.9/gettingstarted/kind/
|
|
|
|
kind create cluster --name=kind-cilium --config kind-cilium-config.yaml
|
|
|
|
kubectl cluster-info --context kind-kind-cilium
|
|
kubectl config use-context kind-kind-cilium
|
|
|
|
helm repo add cilium https://helm.cilium.io/
|
|
|
|
docker pull cilium/cilium:v1.9.5
|
|
kind load docker-image --name kind-cilium cilium/cilium:v1.9.5
|
|
|
|
helm install cilium cilium/cilium --version 1.9.5 \
|
|
--namespace kube-system \
|
|
--set nodeinit.enabled=true \
|
|
--set kubeProxyReplacement=partial \
|
|
--set hostServices.enabled=false \
|
|
--set externalIPs.enabled=true \
|
|
--set nodePort.enabled=true \
|
|
--set hostPort.enabled=true \
|
|
--set bpf.masquerade=false \
|
|
--set image.pullPolicy=IfNotPresent \
|
|
--set ipam.mode=kubernetes
|
|
|
|
kubectl create ns cilium-test
|
|
kubectl apply -n cilium-test -f https://raw.githubusercontent.com/cilium/cilium/v1.9/examples/kubernetes/connectivity-check/connectivity-check.yaml
|
|
# kubectl get pods --namespace cilium-test
|
|
|
|
export CILIUM_NAMESPACE=kube-system
|
|
helm upgrade cilium cilium/cilium --version 1.9.5 \
|
|
--namespace $CILIUM_NAMESPACE \
|
|
--reuse-values \
|
|
--set hubble.listenAddress=":4244" \
|
|
--set hubble.relay.enabled=true \
|
|
--set hubble.ui.enabled=true
|
|
> kubectl port-forward -n $CILIUM_NAMESPACE svc/hubble-ui --address 0.0.0.0 --address :: 12000:80
|
|
# open http://localhost:12000/ to access the UI
|
|
|
|
export HUBBLE_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/hubble/master/stable.txt)
|
|
curl -LO "https://github.com/cilium/hubble/releases/download/$HUBBLE_VERSION/hubble-linux-amd64.tar.gz"
|
|
curl -LO "https://github.com/cilium/hubble/releases/download/$HUBBLE_VERSION/hubble-linux-amd64.tar.gz.sha256sum"
|
|
sha256sum --check hubble-linux-amd64.tar.gz.sha256sum
|
|
tar zxf hubble-linux-amd64.tar.gz
|
|
sudo mv hubble /usr/local/bin
|
|
> kubectl port-forward -n $CILIUM_NAMESPACE svc/hubble-relay --address 0.0.0.0 --address :: 4245:80
|
|
# hubble --server localhost:4245 status
|
|
# hubble --server localhost:4245 observe
|
|
|
|
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/namespace.yaml
|
|
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
|
|
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/metallb.yaml
|
|
# kubectl get pods -n metallb-system --watch
|
|
|
|
docker network inspect -f '{{.IPAM.Config}}' kind
|
|
kubectl apply -f metallb-configmap.yaml
|
|
|
|
|
|
Test metallb:
|
|
kubectl apply -f metallb-test.yaml
|
|
LB_IP=$(kubectl get svc/foo-service -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
|
|
# should output foo and bar on separate lines
|
|
for _ in {1..10}; do
|
|
curl ${LB_IP}:5678
|
|
done
|
|
|
|
|
|
Ingress TBD:
|
|
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml
|
|
kubectl wait --namespace ingress-nginx \
|
|
--for=condition=ready pod \
|
|
--selector=app.kubernetes.io/component=controller \
|
|
--timeout=90s
|