在筆記本Win10中基於WSL+Docker Desktop安裝Kubernetes和Istio、Knative

banq發表於2020-07-05
筆記Win10Docker

Docker在win10 Home 2004版本上可以直接安裝:在Win10家庭版中安裝Docker Desktop正式版(非Toolbox)
安裝啟動Docker Desktop以後就可以安裝K8s了,注意,不能使用Docker Desktop中setting的enable Kubernetes。只能自己手工安裝K8s。
開啟win10中的Ubuntu視窗,進入Linux:

# Download the latest version of KinD
curl -Lo ./kind https://github.com/kubernetes-sigs/kind/releases/download/v0.7.0/kind-$(uname)-amd64
# Make the binary executable
chmod +x ./kind
# Move the binary to your executable path
sudo mv ./kind /usr/local/bin/


現在可以建立第一個叢集:

# Check if the KUBECONFIG is not set
echo $KUBECONFIG
# Check if the .kube directory is created > if not, no need to create it
ls $HOME/.kube
# Create the cluster and give it a name (optional)
kind create cluster --name wslkind


在建立叢集時會報錯:

出錯:docker pull kindest/node:v1.17.0@sha256:95XXX


說明當前網路無法連線到 Docker Hub地址,這時可以先用簡單命令測試一下Docker:

docker run hello-world


在輸出以下一行後出錯:

docker : Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: TLS handshake timeout.


這是網路無法接通的原因,在Docker Desktop的setting設定的resource設定代理地址。
設定好代理以後,重新再進入Ubuntu Linux視窗:

docker run hello-world
latest: Pulling from library/hello-world

這時應該正常安裝成功了。

 這時再次執行:

kind create cluster --name wslkind


應該會再下載360M左右的檔案:

Creating cluster "kind" ...
   Ensuring node image (kindest/node:v1.17.0) 
   Preparing nodes 
   Writing configuration 
   Starting control-plane 
   Installing CNI 
   Installing StorageClass 
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/community 


執行:

kubectl cluster-info --context kind-kind


結果:

Kubernetes master is running at https://127.0.0.1:32768
KubeDNS is running at https://127.0.0.1:32768/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.




用瀏覽器訪問https://127.0.0.1:32768應該出現:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {
    
  },
  "code": 403
}

這是帶有WSL2後端的Docker Desktop for Windows的真正優勢。Docker確實實現了驚人的整合。

安裝Istio
按照Istio官方文件

curl -L https://istio.io/downloadIstio | sh -

但是無法成功,原來https://istio.io/downloadIstio重定向到
https://raw.githubusercontent.com/istio/istio/release-1.6/release/downloadIstioCandidate.sh。
使用wget下載:

wget  https://raw.githubusercontent.com/istio/istio/release-1.6/release/downloadIstioCandidate.sh


chmod +x ./downloadIstioCandidate.sh
export ISTIO_VERSION=1.6.4
./downloadIstioCandidate.sh


結果:

Trying with TARGET_ARCH. Downloading istio-1.6.4 from https://github.com/istio/istio/releases/download/1.6.4/istio-1.6.4-linux-amd64.tar.gz ...

Istio 1.6.4 Download Complete!

Istio has been successfully downloaded into the istio-1.6.4 folder on your system.


為了進一步使用Knative,這裡採取無邊車方式安裝istio,切換到Istion目錄:

cat << EOF > ./istio-minimal-operator.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  values:
    global:
      proxy:
        autoInject: disabled
      useMCP: false
      # The third-party-jwt is not enabled on all k8s.
      # See: https://istio.io/docs/ops/best-practices/security/configure-third-party-service-account-tokens
      jwtPolicy: first-party-jwt

  addonComponents:
    pilot:
      enabled: true
    prometheus:
      enabled: false

  components:
    ingressGateways:
      - name: istio-ingressgateway
        enabled: true
      - name: cluster-local-gateway
        enabled: true
        label:
          istio: cluster-local-gateway
          app: cluster-local-gateway
        k8s:
          service:
            type: ClusterIP
            ports:
            - port: 15020
              name: status-port
            - port: 80
              name: http2
            - port: 443
              name: https
EOF


cd istio-1.6.4/bin
./istioctl manifest apply -f istio-minimal-operator.yaml


如果安裝過程出錯,可能由於網速慢超時,多試驗幾次:

Istio core installed                                                                                                 
Istiod installed                                                                                                     
Addons installed                                                                                                     
Ingress gateways installed                                                                                           
Installation complete            



確認Istio安裝情況:

kubectl get pods --namespace istio-system


以上K8s和Istio已經安裝成功,進一步Knative安裝參考官方文件:https://knative.dev/docs/install/any-kubernetes-cluster/

相關文章