ubuntu 22.04 安装 minikube 和 istio

1. 使用 vmware 安装 ubuntu22.04 服务器

步骤简单，自己百度即可

2. 安装minikube

借鉴安装脚本： https://blog.csdn.net/LeoForBest/article/details/126524892

#!/usr/bin/bash
# ~~~~~~~~~
# Ubuntu 22.04 Minikube install
# Update Author: yuluo
# Usage: bash install-minikube.sh (不要 root, 使用普通用户)

echo "正在准备环境..."
sudo apt-get update -y
sudo apt-get install ca-certificates curl gnupg lsb-release apt-transport-https -y

function install_docker() {
    echo "正在卸载旧版本docker..."
    sudo apt-get remove docker docker-engine docker.io containerd runc -y
    echo "正在添加docker gpg..."
    sudo mkdir -p /etc/apt/keyrings
    if [ -f "/etc/apt/keyrings/docker.gpg" ]; then
        sudo rm /etc/apt/keyrings/docker.gpg
    fi

    sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
    sudo chmod a+r /etc/apt/keyrings/docker.gpg
    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
    echo "正在安装docker..."
    sudo apt-get update
    sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
    echo "正在添加当前用户${USER}到docker组..."
    sudo usermod -aG docker "$USER"
    echo "正在设置docker registry国内镜像..."
    if [ -f "/etc/docker/daemon.json" ]; then
        sudo mv /etc/docker/daemon.json{,.bak}
    fi
    cat <<EOF | sudo tee /etc/docker/daemon.json >/dev/null
{
 "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn", "https://registry.docker-cn.com"]
}
EOF
    # 将 docker.sock 文件所有者修改为当前用户，确保 minikube 启动成功
    sudo chown $USER /var/run/docker.sock

    sudo systemctl restart docker.service
    echo "Docker安装完成."
}

function install_kubectl() {
	
    echo "正在下载安装 kubectl"
    # 和 minukube 同理
    # sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl 
    sudo chmod +x ./kubectl
    sudo mv ./kubectl /usr/local/bin/
    echo "kubectl 安装完成..."
}

install_kubectl

function install_minikube() {
    echo "正在下载安装minikube-linux-amd64..."
    # 提前下在 minikube 到当前路径下，因为网络原因下载太慢，因此注释此步骤
    # sudo curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
    sudo install minikube-linux-amd64 /usr/local/bin/minikube
    echo "正在启动minikube..."
    # minikube 清除了所有内容，谨慎使用
    # minikube delete
    # --kubernetes-version=v1.23.8 https://github.com/kubernetes/minikube/issues/14477
    
    minikube start

    minikube status
    
    echo "minikube 启动成功，安装minikube完毕..."
}

install_docker

# echo "正在安装virtualbox..."

# 这里在物理linux机器上运行时使用，如果已经在 vm 虚拟机上，裸机运行即可
# sudo apt install virtualbox virtualbox-ext-pack -y

install_minikube

echo -e "\n\n"

cat <<EOF
**************************************
            docker version
**************************************
EOF

sudo docker version

cat <<EOF
*******************************************
   设置 minikube kubectl 别名为 kubectl
*******************************************
EOF

# 可选
echo 'alias kubectl="minikube kubectl --"' >> ~/.profile
source ~/.profile

cat <<EOF
**************************************
       kubectl -- get po -A
**************************************
EOF

kubectl get pods -A

echo -e "\n 为 root 用户添加 kubectl 的执行权限，原因如下：因为 minikube 在普通用户下启动，root 用户下无 minikube 应用。所以使用时会 8080 refused"

sudo mkdir -p /root/.kube
sudo cp $HOME/.kube/config /root/.kube
sudo su

echo -e "\n 更多信息可参考: https://minikube.sigs.k8s.io/docs/start/"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

安装最终效果如下：

yuluo@yuluo-ubuntu:~/minikube$ kubectl get pod -A
NAMESPACE     NAME                               READY   STATUS    RESTARTS        AGE
kube-system   coredns-5d78c9869d-s4hrm           1/1     Running   0               2m57s
kube-system   etcd-minikube                      1/1     Running   0               3m10s
kube-system   kube-apiserver-minikube            1/1     Running   0               3m10s
kube-system   kube-controller-manager-minikube   1/1     Running   0               3m10s
kube-system   kube-proxy-sbpzx                   1/1     Running   0               2m57s
kube-system   kube-scheduler-minikube            1/1     Running   0               3m10s
kube-system   storage-provisioner                1/1     Running   1 (2m36s ago)   3m9s
yuluo@yuluo-ubuntu:~/minikube$ 
1
2
3
4
5
6
7
8
9
10

部署 minikube dashboard

minikube dashboard

yuluo@yuluo-ubuntu:~$ kubectl get pods -A | grep dashboard
kubernetes-dashboard   dashboard-metrics-scraper-5dd9cbfd69-mzxzp   1/1     Running     0                104s
kubernetes-dashboard   kubernetes-dashboard-5c5cfc8747-np7qt        1/1     Running     0                104s

# 配置 minikube 远程访问
yuluo@yuluo-ubuntu:~$ kubectl proxy --address='0.0.0.0' --disable-filter=true
W1022 09:09:49.061124  193925 proxy.go:175] Request filter disabled, your proxy is vulnerable to XSRF attacks, please be cautious
Starting to serve on [::]:8001

浏览器访问：
http://ip:8001/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
1
2
3
4
5
6
7
8
9
10
11
12
13

3. 测试部署应用

1. 编写 Go Application

package main

import (
	"fmt"
	"log"
	"net/http"
)

func main() {
	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		fmt.Fprintln(w, "Hello World!")
	})

	log.Fatalln(http.ListenAndServe(":80", nil))
}


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

2. 编译

go mod init
go mod tidy
GOOS=linux GOARCH=386 go build -ldflags '-s -w' -o webserver

3. 打包 docker 镜像

# docker build -t leo/webserver .
# 为了减小体积，使用scratch，实际使用golang官方镜像
FROM scratch

COPY ./webserver /webserver

CMD ["/webserver"]
1
2
3
4
5
6
7

4. 构建 Docker 镜像

# 1.本机制作go镜像
docker build -t yuluo/webserver .    (名称必须是 Dockerfile)
docker image save yuluo/webserver > webserver.tar
# 2.上传到minikube虚拟机中docker镜像库
minikube image load webserver.tar
1
2
3
4
5

5. 部署

1. 部署 Pod

编写 yaml

apiVersion: v1
kind: Pod
metadata:
  name: webserver
  labels:
    name: webserver
spec:
  containers:
  - name: webserver
    image: yuluo/webserver
    imagePullPolicy: Never
    resources:
      limits:
        memory: "128Mi"
        cpu: "500m"
    ports:
      - containerPort: 80
        hostPort: 8080
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

该字段设置imagePullPolicy: Never使用本地的镜像，否则会从镜像仓库拉取最新导致失败Error: ErrImagePull

同时因为设置 hostPort，可以在 minikube node 上访问 minikubeIp:8080

部署到 minikube

kubectl apply -f webserver-pod.yaml

# 出现如下表明部署成功
root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# kubectl get pods -A
NAMESPACE     NAME                               READY   STATUS    RESTARTS       AGE
default       webserver                          1/1     Running   0              7s
kube-system   coredns-5d78c9869d-s4hrm           1/1     Running   6 (24m ago)    27h
1
2
3
4
5
6
7

查看 Pod 状态

kubectl get pods webserver
kubectl describe pods webserver

root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# kubectl describe pod webserver
Name:             webserver
Namespace:        default
Priority:         0
Service Account:  default
Node:             minikube/192.168.49.2						# 节点 ip
Start Time:       Sat, 21 Oct 2023 04:22:54 +0000
Labels:           name=webserver
Annotations:      <none>
Status:           Running
IP:               10.244.0.10								# pod ip
1
2
3
4
5
6
7
8
9
10
11
12
13
14

访问测试

# 使用 minikube ssh 到此 节点 上访问 pod 验证
minikube ssh --node minikube

curl podIp

# 最终结果如下
docker@minikube:~$ curl 10.244.0.10
Hello World!
1
2
3
4
5
6
7
8

2. 创建 Service 关联 Pod

编写 yaml 资源文件
```
# service
apiVersion: v1
kind: Service
metadata:
  name: webserver-svc
spec:
  selector:
    name: webserver
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
1
2
3
4
5
6
7
8
9
10
11
12
```
上面的示例定义了一个ClusterIP Service。到 ClusterIP 上端口 80 的流量将转发到你的Pod 上的端口 8080 (targetPort配置项)，携带 name: webserver 标签的 Pod 将被添加到 Service中作为作为服务的可用端点
部署 svc
```
kubectl apply -f webserver-pod.yaml
1
```

查看 SVC 状态

kubectl get svc
NAME            TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
kubernetes      ClusterIP   10.96.0.1       <none>        443/TCP   27h
webserver-svc   ClusterIP   10.103.70.226   <none>        80/TCP    76s

# kubectl describe service  webserver-svc 通过此命令查看 service 和 pod 的关系 
root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# kubectl describe service  webserver-svc
Name:              webserver-svc
Namespace:         default
Labels:            <none>
Annotations:       <none>
Selector:          name=webserver
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.103.70.226
IPs:               10.103.70.226
Port:              <unset>  80/TCP
TargetPort:        80/TCP
Endpoints:         10.244.0.10:80
Session Affinity:  None
Events:            <none>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

测试访问

# service 测试访问
minikube ssh --node minikube

# 显示如下
docker@minikube:~$ curl 10.244.0.10
Hello World!
1
2
3
4
5
6

3. 创建 Ingress 暴露服务

Ingress 实际上是与Service完全不同的资源，算是Service上面的一层代理，通常在 Service前使用Ingress来提供HTTP路由配置。它让我们可以设置外部 URL、基于域名的虚拟主机、SSL 和负载均衡。此处使用nginx-ingress作为控制器，它使用NGINX服务器作为反向代理来把流量路由给后面的Service。

设置代理（处理 ingress-nginx image 可能 pull 失败的情况，需要重启 minikube）

sudo vim /etc/profile.d/proxy.sh

添加以下内容到文件中

export http_proxy="http://10.10.1.10:8080/"
export https_proxy="http://10.10.1.10:8080/"
1
2

sudo chmod +x /etc/profile.d/proxy.sh

source /etc/profile.d/proxy.sh
#查看环境变量进行确认是否生效
env | grep -i proxy
1
2
3

取消代理
```
unset http_proxy
unset https_proxy
1
2
```

重启 minikube

yuluo@yuluo-ubuntu:~$ minikube start
* minikube v1.31.2 on Ubuntu 22.04
* Using the docker driver based on existing profile
* Starting control plane node minikube in cluster minikube
* Pulling base image ...
* Restarting existing docker container for "minikube" ...
* Found network options:
  - http_proxy=http://192.168.2.9:7890/
! You appear to be using a proxy, but your NO_PROXY environment does not include the minikube IP (192.168.49.2).
* Please see https://minikube.sigs.k8s.io/docs/handbook/vpn_and_proxy/ for more details
  - https_proxy=http://192.168.2.9:7890/
* Preparing Kubernetes v1.27.4 on Docker 24.0.4 ...
  - env HTTP_PROXY=http://192.168.2.9:7890/
  - env HTTPS_PROXY=http://192.168.2.9:7890/
* Configuring bridge CNI (Container Networking Interface) ...
* Verifying Kubernetes components...
  - Using image gcr.io/k8s-minikube/storage-provisioner:v5
* Enabled addons: default-storageclass, storage-provisioner
* Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

环境配置

# 为了在 minikube 中使用 nginx-ingress ，必须执行以下命令启用
minikube addons enable ingress

kubectl get pods -A  # 查看 ingress-nginx 是否启动成功，如没有 使用以下命令重试
kubectl get pod podName -n nameSpace -o yaml | kubectl replace --force -f -

# 如下所示即为成功状态：
root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# kubectl get pods -n ingress-nginx | grep ingress-nginx-controller
ingress-nginx-controller-7799c6795f-29dnh   1/1     Running     0          21h
1
2
3
4
5
6
7
8
9

编写 yaml 资源配置文件

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: webserver-ingress
spec:
  ingressClassName: nginx-ingress
  rules:
    - host: "webserver.com"
      http:
        paths:
          - path: "/"
            pathType: Prefix
            backend:
              service:
                name: webserver-svc
                port:
                  number: 80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

部署 Ingress

kubectl apply -f webserver-ingress.yaml
1

查看状态

# 通过 kubectl get ingress 查看已经创建的 ingress 资源

# 通过 kubectl describe ingress webserver-ingress 查看 service 和 ingress 的关系
root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# kubectl describe ingress webserver-ingress
Name:             webserver-ingress
Labels:           <none>
Namespace:        default
Address:          
Ingress Class:    nginx-ingress
Default backend:  <default>
Rules:
  Host           Path  Backends
  ----           ----  --------
  webserver.com  
                 /   webserver-svc:80 (10.244.0.10:80)
Annotations:     <none>
Events:          <none>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

测试访问

# 设置 hosts 文件创建映射关系
vim /etc/hosts
<minikube ip> webserver.com

# 测试
curl webserver.com:8080

# 结果如下：
root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# curl webserver.com:8080
Hello World!
1
2
3
4
5
6
7
8
9
10

4. 安装 Istio

1. 下载 istio 上传到服务器

Istio 安装包地址：https://github.com/istio/istio/releases

2. 安装

# 解压缩
tar -zxvf istio-1.19.3

# 添加 bin 目录到系统 path
export PATH=$HOME/istio/istio-1.19.3/bin:$PATH

# 检查
istioctl version

# 检查是否可以安装 istio
root@yuluo-ubuntu:/home/yuluo# istioctl x precheck
✔ No issues found when checking the cluster. Istio is safe to install or upgrade!
  To get started, check out https://istio.io/latest/docs/setup/getting-started/
  
# 安装 Istio
istioctl install  输入 y
出现如下：安装成功
root@yuluo-ubuntu:/home/yuluo# istioctl install
This will install the Istio 1.19.3 "default" profile (with components: Istio core, Istiod, and Ingress gateways) into the cluster. Proceed? (y/N) y
✔ Istio core installed                              
✔ Istiod installed                               
✔ Ingress gateways installed                                     
✔ Installation complete
Made this installation the default for injection and validation.

# kubectl get pods -A | grep istio-system
yuluo@yuluo-ubuntu:~$ kubectl get pods -A | grep istio-system
istio-system    istio-ingressgateway-cf99dfc5c-f5bnw        1/1     Running     0                11m
istio-system    istiod-78c4f7f756-lnd7g                     1/1     Running     0                11m
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

3. 安装 Istio dashboard

导入 grafana ，参考: https://istio.io/latest/zh/docs/tasks/observability/metrics/using-istio-dashboard/

kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.19/samples/addons/grafana.yaml

# 通过以下命令启动
istioctl dashboard grafana

# 映射本地访问 (这里 不指定时，只能使用 127.0.0.1 访问，使用 ipv4 地址访问需要指明)
kubectl port-forward grafana-5f9b8c6c5d-jnd6n -n istio-system --address 192.168.2.13 3000:3000

# 访问如下地址
http://192.168.2.13:3000/d/G8wLrJIZk/istio-mesh-dashboard
1
2
3
4
5
6
7
8
9
10

导入 promethems

kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.19/samples/addons/prometheus.yaml

istioctl dashboard prometheus

kubectl port-forward prometheus-5d5d6d6fc-w7rk4 -n istio-system --address 192.168.2.13 9090:9090
1
2
3
4
5

安装 kiali

kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.19/samples/addons/kiali.yaml

kubectl port-forward kiali-7c9d5f9f96-b8bpj -n istio-system --address 172.23.235.246 20001:20001

http://172.23.235.246:20001/
1
2
3
4
5

相关阅读:
React入门
 【算法】用动态规划求解背包问题
 java高级——集合（中）
Redis 主从复制
 【计算机视觉 | 目标检测】arxiv 计算机视觉关于目标检测的学术速递（9 月 13 日论文合集）
数据结构之顺序表
 栈、栈帧、AAPCS的一些粗浅理解（通俗易懂）
花30天整理了11个超棒的Java开源项目，雀氏牛逼
 如何在【逻辑回归】中优化控制正则化程度的超参数C
【图像处理】基于matlab GUI图像处理【含Matlab源码 2123期】
原文地址：https://blog.csdn.net/qq_52397471/article/details/133987579