首页 > 其他分享 >cilium CLI 部署

cilium CLI 部署

时间:2024-06-03 16:02:15浏览次数:32  
标签:ingress CLI 部署 tcp checks health sg cilium

架构支持

AMD64

AArch64

内核版本

Linux kernel >= 4.19.57

Linux 发行版兼容性和注意事项

发行版

最低版本

Amazon Linux 2

all

Bottlerocket OS

all

CentOS

>= 8.0

Container-Optimized OS

all

CoreOS

all

Debian

>= 10 Buster

Flatcar

all

LinuxKit

all

Opensuse

Tumbleweed, >=Leap 15.4

RedHat Enterprise Linux

>= 8.0

Ubuntu

>= 18.04.3

ubuntu 22.04 系统要求

# Ubuntu 22.04 上运行 Cilium 之前,请确保安装以下软件包:

sudo apt install linux-modules-extra-raspi

高级功能所需的内核版本

Cilium 特性

最低内核版本

Bandwidth Manager

>= 5.1

Egress Gateway

>= 5.2

VXLAN Tunnel Endpoint (VTEP) Integration

>= 5.2

WireGuard Transparent Encryption

>= 5.6

Full support for Session Affinity

>= 5.7

BPF-based proxy redirection

>= 5.7

Socket-level LB bypass in pod netns

>= 5.7

L3 devices

>= 5.8

BPF-based host routing

>= 5.10

IPv6 BIG TCP support

>= 5.19

IPv4 BIG TCP support

>= 6.3

防火墙规则

主节点

Port Range / Protocol

Ingress/Egress

Source/Destination

Description

2379-2380/tcp

ingress

worker-sg

etcd access

8472/udp

ingress

master-sg (self)

VXLAN overlay

8472/udp

ingress

worker-sg

VXLAN overlay

4240/tcp

ingress

master-sg (self)

health checks

4240/tcp

ingress

worker-sg

health checks

ICMP 8/0

ingress

master-sg (self)

health checks

ICMP 8/0

ingress

worker-sg

health checks

8472/udp

egress

master-sg (self)

VXLAN overlay

8472/udp

egress

worker-sg

VXLAN overlay

4240/tcp

egress

master-sg (self)

health checks

4240/tcp

egress

worker-sg

health checks

ICMP 8/0

egress

master-sg (self)

health checks

ICMP 8/0

egress

worker-sg

health checks

工作节点

Port Range / Protocol

Ingress/Egress

Source/Destination

Description

8472/udp

ingress

master-sg

VXLAN overlay

8472/udp

ingress

worker-sg (self)

VXLAN overlay

4240/tcp

ingress

master-sg

health checks

4240/tcp

ingress

worker-sg (self)

health checks

ICMP 8/0

ingress

master-sg

health checks

ICMP 8/0

ingress

worker-sg (self)

health checks

8472/udp

egress

master-sg

VXLAN overlay

8472/udp

egress

worker-sg (self)

VXLAN overlay

4240/tcp

egress

master-sg

health checks

4240/tcp

egress

worker-sg (self)

health checks

ICMP 8/0

egress

master-sg

health checks

ICMP 8/0

egress

worker-sg (self)

health checks

2379-2380/tcp

egress

master-sg

etcd access

所有节点的其它端口

Port Range / Protocol

Description

4240/tcp

cluster health checks (cilium-health)

4244/tcp

Hubble server

4245/tcp

Hubble Relay

4250/tcp

Mutual Authentication port

4251/tcp

Spire Agent health check port (listening on 127.0.0.1 or ::1)

6060/tcp

cilium-agent pprof server (listening on 127.0.0.1)

6061/tcp

cilium-operator pprof server (listening on 127.0.0.1)

6062/tcp

Hubble Relay pprof server (listening on 127.0.0.1)

9878/tcp

cilium-envoy health listener (listening on 127.0.0.1)

9879/tcp

cilium-agent health status API (listening on 127.0.0.1 and/or ::1)

9890/tcp

cilium-agent gops server (listening on 127.0.0.1)

9891/tcp

operator gops server (listening on 127.0.0.1)

9893/tcp

Hubble Relay gops server (listening on 127.0.0.1)

9962/tcp

cilium-agent Prometheus metrics

9963/tcp

cilium-operator Prometheus metrics

9964/tcp

cilium-envoy Prometheus metrics

51871/udp

WireGuard encryption tunnel endpoint

放行 ESP 流量

sudo firewall-cmd --permanent --add-protocol=esp
sudo firewall-cmd --reload

cilium CLI 部署

CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
CLI_ARCH=amd64
if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}

验证 cilium

# cilium version --client
cilium-cli: v0.16.8 compiled with go1.22.3 on linux/amd64
cilium image (default): v1.15.5

参考文档

https://docs.cilium.io/en/stable/operations/system_requirements/

标签:ingress,CLI,部署,tcp,checks,health,sg,cilium
From: https://www.cnblogs.com/wangguishe/p/18180229

相关文章

  • 泛微e9阿里云linux服务器部署迁移总结
    1.基础部分,linux基础命令打开指定目录:cd[目录名称]创建目录:mkdir[目录名称]查看目录大小:du-sh[目录名称]启动停止服务:进入目录:cd/weaver/resin4/bin/启动服务:./startresin.sh停止服务:./stopresin.sh编辑文件vim【文件......
  • MVC2.0项目部署在IIS Winserver2012
    1、MVC1.0升级2.0初始项目为MVC1.0,用VS2010开发环境直接将项目升级为2.0参考地址:https://www.cnblogs.com/myshell/archive/2010/05/08/1730348.html用的第三种方式进行项目升级2、项目发布,直接重新生成项目,Bin文件夹下需要复制system.web.dllbin文件下不要复制系统文件,否则......
  • 2.3Docker部署java工程
    2.3Docker部署java工程1.导入jar包2.在Docker部署jdk(容器名为myjdk17)3.修改jar包名mv原包名新包名4.配置启动脚本Dockerfile是一个文本文件,其中包含了构建Docker镜像所需的一系列步骤和指令。通过编写Dockerfile文件,可以生成我们想要的镜像。基于JDK17镜像使......
  • ESXi常用Esxcli的指令
    前言使用Esxcli命令可获取有关vSAN的信息,以及对您的vSAN环境进行故障排除。可用命令如下:命令描述esxclivsannetworklist确认哪些VMkernel适配器可用于vSAN通信。esxclivsanstoragelist列出由vSAN声明的存储磁盘。esxclivsanclusterget......
  • 从零开始:腾讯云轻量应用服务器上部署MaxKB项目(基于LLM大语言模型的知识库问答系统)
    使用腾讯云轻量应用服务器部署和使用MaxKB项目前言一,MaxKB介绍MaxKB是基于LLM大语言模型的知识库问答系统,旨在成为企业的最强大脑。它支持开箱即用,无缝嵌入到第三方业务系统,并提供多模型支持,包括主流大模型和本地私有大模型,为用户提供智能问答交互体验和灵活性。二,效果展示 ......
  • 【Docker】docker-compose文件快速部署RustDesk远程桌面平替TeamViewer
    1.服务器安装Docker服务2.创建docker-compose.yaml文件version:'3'networks:rustdesk-net:external:falseservices:hbbs:#RustDeskID/Rendezvous服务器container_name:hbbsports:-21115:21115#用于NAT类型测试的TCP......
  • 内网部署api接口文档服务器端口如何让外网访问?
    计算机业内人士对于swagger并不陌生,不少人选择用swagger做为API接口文档管理。Swagger是一个规范和完整的框架,用于生成、描述、调用和可视化RESTful风格的Web服务。总体目标是使客户端和文件系统作为服务器以同样的速度来更新文件的方法,参数和模型紧密集成到服务器端的代......
  • 为lazarus TDataSet增加类似TClientDataSet的Delta功能
    为lazarusTDataSet增加类似TClientDataSet的Delta功能适用于所有TDataSet只需在unit的uses添加DataSetDelta。BufDataset1.ActivateMonitoring(true)//启动Delta功能BufDataset1.GetActionSQL('test');//根据Delta生成SQL继续开源:https://github.com/szlbz/DataSetDelta.gitun......
  • 五、docker部署xxl-job
    1、下载xxl-jo-admin的镜像dockerpullxuxueli/xxl-job-admin:2.3.02、运行xxl-job容器dockerrun-ePARAMS="--spring.datasource.url=jdbc:mysql://mysql.mysql-hf04-mqowye.svc.hfb.ipaas.cn:8066/xxl_job?Unicode=true&characterEncoding=UTF-8--spring.datasourc......
  • C#使用HttpClient上传文件至阿里云oss失败的解决方案。
    ThebodyofyourPOSTrequestisnotwell-formedmultipart/form-data在使用C#的HttpClient上传文件到阿里云oss的时候,根据postman生成的代码,但是用C#发起请求的时候会返回400错误以及错误信息>ThebodyofyourPOSTrequestisnotwell-formedmultipart/form-data主要因......