update cilium

Author: Xiaolong He

README.md

@@ -4,8 +4,13 @@
 
 本文档主要介绍了基于 Vagrant/kubeadm 部署 kubernetes 测试环境..
 
-- ansible_k8s_ubuntu 基于 ansible 环境一键可以完成 Kubernetes 环境部署
-- ansible_k8s_centos 基于 ansible 环境一键可以完成 Kubernetes 环境部署
-- kubeadm_k8s 手动介绍了高可用 kubernetes 环境的部署
+- Kubernetes
+    - [ansible_k8s_ubuntu](./ansible_k8s_ubuntu/README.md) 基于 ansible 环境一键可以完成 Kubernetes 环境部署
+    - [ansible_k8s_centos](./ansible_k8s_centos/README.md) 基于 ansible 环境一键可以完成 Kubernetes 环境部署
+- Kubernetes Cilium
+    - [compiler-kernel](./compiler-kernel/README.md) 基于 centos/7.8 系统更新 kernel 至 5.9.8..
+    - [ansible_k8s_centos_cilium](./ansible_k8s_centos_cilium/README.md) 基于 ansible 环境一键可以完成 Kubernetes 环境部署 - 使用 cilium 
+- Kubernetes HA
+    - [kubeadm_k8s](./kubeadm_k8s/README.md) 手动介绍了高可用 kubernetes 环境的部署
 
 如果您在使用中有任何问题，欢迎与我联系..

ansible_k8s_centos/README.md

@@ -41,8 +41,6 @@ kube-system   kube-proxy-zjzcs                     1/1     Running   0
 kube-system   kube-scheduler-k8s-master            1/1     Running   0          18m     192.168.50.10   k8s-master   <none>           <none>
 ```
 
-
-
 ```bash
 # 查看 fdb 表项
 bridge fdb show dev flannel.1

ansible_k8s_centos_cilium/README.md

@@ -0,0 +1,63 @@
+# 基于 BPF 的网络方案 cilium 部署
+
+> Time: 2020.11.12
+
+Cilium 要求 linux kernel 4.8.0 以上的版本支持，因此我们
+
+使用 Kubeadm 部署 Kubernetes...
+
+> 需要注意 Mac 上安装好 ansible/vagrant 
+
+## Step1. 准备测试环境
+
+安装 Virtualbox/Vagrant 之后，还需要安装好 ansible `brew install ansible`
+
+## Step2. 下载 ansible 代码，并启动 Kubernetes 集群
+
+```
+git clone https://github.com/markthink/deploy_k8s.git
+cd deploy_k8s
+vagrant up
+```
+
+## Step3. 下载 helm 安装 cilium 
+
+```bash
+wget https://get.helm.sh/helm-v3.4.1-linux-amd64.tar.gz
+tar xvf helm-v3.4.1-linux-amd64.tar.gz
+ls linux-amd64/
+
+helm repo add cilium https://helm.cilium.io/
+helm install cilium cilium/cilium --version 1.9.0       \
+  --namespace kube-system                               \
+  --set externalWorkloads.enabled=true                  \
+  --set clustermesh.apiserver.tls.auto.method=cronJob
+```
+
+命令输出...
+
+
+```bash
+[vagrant@k8s-master ~]$ helm repo add cilium https://helm.cilium.io/
+"cilium" has been added to your repositories
+[vagrant@k8s-master ~]$ helm install cilium cilium/cilium --version 1.9.0       \
+>   --namespace kube-system                               \
+>   --set externalWorkloads.enabled=true                  \
+>   --set clustermesh.apiserver.tls.auto.method=cronJob
+NAME: cilium
+LAST DEPLOYED: Fri Nov 13 12:34:24 2020
+NAMESPACE: kube-system
+STATUS: deployed
+REVISION: 1
+TEST SUITE: None
+NOTES:
+You have successfully installed Cilium with Hubble.
+
+Your release version is 1.9.0.
+
+For any further help, visit https://docs.cilium.io/en/v1.9/gettinghelp
+```
+
+```bash
+The cilium_net: Caught tx_queue_len zero misconfig is harmless, by the way.
+```

ansible_k8s_centos_cilium/Vagrantfile

@@ -0,0 +1,39 @@
+IMAGE_NAME = "centos-kernel"
+N = 2
+
+Vagrant.configure("2") do |config|
+    config.ssh.insert_key = false
+
+    config.vm.provider "virtualbox" do |v|
+        v.memory = 8192
+        v.cpus = 4
+    end
+      
+    config.vm.define "k8s-master" do |master|
+        master.vm.box = IMAGE_NAME
+        master.vm.network "private_network", ip: "192.168.50.10"
+        master.vm.hostname = "k8s-master"
+        master.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: true
+        master.vm.provision "ansible" do |ansible|
+            ansible.playbook = "kubernetes-setup/master-playbook.yml"
+            ansible.extra_vars = {
+                node_ip: "192.168.50.10",
+            }
+        end
+    end
+
+    (1..N).each do |i|
+        config.vm.define "node-#{i}" do |node|
+            node.vm.box = IMAGE_NAME
+            node.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: true
+            node.vm.network "private_network", ip: "192.168.50.#{i + 10}"
+            node.vm.hostname = "node-#{i}"
+            node.vm.provision "ansible" do |ansible|
+                ansible.playbook = "kubernetes-setup/node-playbook.yml"
+                ansible.extra_vars = {
+                    node_ip: "192.168.50.#{i + 10}",
+                }
+            end
+        end
+    end
+end

ansible_k8s_centos_cilium/kubernetes-setup/join-command

@@ -0,0 +1 @@
+kubeadm join 192.168.50.10:6443 --token jqmmw9.jhcn2fcjksl3d07b     --discovery-token-ca-cert-hash sha256:1be5bcde2161fc5385d4bc876a650f3389911e6cd8aa09e033bf124430d30f87 

ansible_k8s_centos_cilium/kubernetes-setup/master-playbook.yml

@@ -0,0 +1,57 @@
+---
+- hosts: all
+  become: true
+  # remote_user: vagrant
+  vars:
+    # ansible_become_pass: vagrant
+    # iface: eth1
+  tasks:
+  - name: Read prek8s.sh file
+    template:
+      src: prek8s.sh
+      dest: /tmp/prek8s.sh
+
+  - name: Install docker-ce/kubelet/kubeadm/kubectl
+    command: bash /tmp/prek8s.sh
+
+  - name: Accept forward rules
+    command: iptables -P FORWARD ACCEPT
+
+  - name: Configure node ip
+    lineinfile:
+      path: /etc/sysconfig/kubelet
+      line: KUBELET_EXTRA_ARGS=--node-ip={{ node_ip }}
+      create: yes
+  
+  - name: Restart kubelet
+    service:
+      name: kubelet
+      daemon_reload: yes
+      state: restarted
+  
+  # "modprobe: FATAL: Module configs not found
+  - name: copy config
+    command: cp /boot/config-3.10.0-1127.el7.x86_64 /boot/config-5.9.8
+
+  - name: Initialize the Kubernetes cluster using kubeadm
+    command: kubeadm init --apiserver-advertise-address="192.168.50.10" --apiserver-cert-extra-sans="192.168.50.10"  --node-name k8s-master --pod-network-cidr=10.244.0.0/16
+
+  - name: Setup kubeconfig for vagrant user
+    command: "{{ item }}"
+    with_items:
+     - mkdir -p /home/vagrant/.kube
+     - cp -i /etc/kubernetes/admin.conf /home/vagrant/.kube/config
+     - chown vagrant:vagrant /home/vagrant/.kube/config
+
+  - name: Generate join command
+    command: kubeadm token create --print-join-command
+    register: join_command
+
+  - name: Copy join command to local file
+    become: false
+    local_action: copy content="{{ join_command.stdout_lines[0] }}" dest="./join-command"
+
+  handlers:
+    - name: docker status
+      service: name=docker state=started
+

ansible_k8s_centos_cilium/kubernetes-setup/node-playbook.yml

@@ -0,0 +1,47 @@
+---
+- hosts: all
+  become: true
+  # remote_user: vagrant
+  vars:
+    # ansible_become_pass: vagrant
+  tasks:
+  - name: Read prek8s.sh file
+    template:
+      src: prek8s.sh
+      dest: /tmp/prek8s.sh
+
+  - name: Install docker-ce/kubelet/kubeadm/kubectl
+    command: bash /tmp/prek8s.sh
+
+  - name: Accept forward rules
+    command: iptables -P FORWARD ACCEPT
+
+  - name: Accept forward rules
+    command: iptables -P FORWARD ACCEPT
+
+  - name: Configure node ip
+    lineinfile:
+      path: /etc/sysconfig/kubelet
+      line: KUBELET_EXTRA_ARGS=--node-ip={{ node_ip }}
+      create: yes
+
+  - name: Restart kubelet
+    service:
+      name: kubelet
+      daemon_reload: yes
+      state: restarted
+
+  - name: Copy the join command to server location
+    become: false
+    copy: src=join-command dest=/tmp/join-command.sh mode=0777
+
+  # "modprobe: FATAL: Module configs not found
+  - name: copy config
+    command: cp /boot/config-3.10.0-1127.el7.x86_64 /boot/config-5.9.8
+    
+  - name: Join the node to cluster
+    command: sh /tmp/join-command.sh
+
+  handlers:
+    - name: docker status
+      service: name=docker state=started

ansible_k8s_centos_cilium/kubernetes-setup/prek8s.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+yum install -y yum-utils device-mapper-persistent-data lvm2
+yum-config-manager --add-repo \
+  https://download.docker.com/linux/centos/docker-ce.repo
+yum update -y && yum install -y \
+  containerd.io-1.2.13 \
+  docker-ce-19.03.11 \
+  docker-ce-cli-19.03.11
+mkdir /etc/docker
+# Set up the Docker daemon
+cat <<EOF | tee /etc/docker/daemon.json
+{
+  "exec-opts": ["native.cgroupdriver=systemd"],
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  },
+  "storage-driver": "overlay2",
+  "storage-opts": [
+    "overlay2.override_kernel_check=true"
+  ]
+}
+EOF
+mkdir -p /etc/systemd/system/docker.service.d
+
+# 安装指定版本的 kubelet/kubectl/kubeadm
+cat <<EOF > /etc/yum.repos.d/kubernetes.repo
+[kubernetes]
+name=Kubernetes
+baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+enabled=1
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+EOF
+# yum autoremove -y kubelet kubeadm kubectl --disableexcludes=kubernetes 
+# yum install -y kubelet-1.18.10-0 kubeadm-1.18.10-0 kubectl-1.18.10-0 --disableexcludes=kubernetes 
+yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes 
+# 设置开机启动
+systemctl daemon-reload && systemctl enable docker && systemctl restart docker
+systemctl enable --now kubelet
+
+# echo "1" > /proc/sys/net/bridge/bridge-nf-call-iptables
+cat <<EOF > /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-iptables = 1
+EOF
+sysctl --system
+
+sed -i '/swap/d' /etc/fstab
+swapoff -a
+
+# 配置系统环境
+echo "export LC_ALL=en_US.UTF-8"  >>  /etc/profile
+source /etc/profile
+
+# 将 SELinux 禁用
+setenforce 0
+sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config