跳到主要内容

使用 Cilium 增强可观测性

注意

本文正在起草中,请等完善后再参考。

启用 Hubble Ralay

Hubble 包括 Hubble Server 和 Hubble Relay,其中 Hubble Server 已内置到每个节点的 cilium-agent 中并默认开启,Hubble Relay 是一个需要单独部署的组件,用于聚合集群所有节点 Hubble Server 的数据,提供统一的 API 入口。

使用下面的命令启用 Hubble Relay:

helm upgrade cilium cilium/cilium --version 1.18.3 \
   --namespace kube-system \
   --reuse-values \
   --set hubble.relay.image.repository=quay.tencentcloudcr.com/cilium/hubble-relay \
   --set hubble.relay.enabled=true

通过 cilium status 可验证 hubble 开启并正常运行:

$ cilium status
    /¯¯\
 /¯¯\__/¯¯\    Cilium:             OK
 \__/¯¯\__/    Operator:           OK
 /¯¯\__/¯¯\    Envoy DaemonSet:    OK
 \__/¯¯\__/    Hubble Relay:       OK
    \__/       ClusterMesh:        disabled

DaemonSet              cilium                   Desired: 3, Ready: 3/3, Available: 3/3
DaemonSet              cilium-envoy             Desired: 3, Ready: 3/3, Available: 3/3
Deployment             cilium-operator          Desired: 2, Ready: 2/2, Available: 2/2
Deployment             hubble-relay             Desired: 1, Ready: 1/1, Available: 1/1
Containers:            cilium                   Running: 3
                       cilium-envoy             Running: 3
                       cilium-operator          Running: 2
                       clustermesh-apiserver
                       hubble-relay             Running: 1
Cluster Pods:          4/4 managed by Cilium
Helm chart version:    1.18.3
Image versions         cilium             quay.tencentcloudcr.com/cilium/cilium:v1.18.3@sha256:5649db451c88d928ea585514746d50d91e6210801b300c897283ea319d68de15: 3
                       cilium-envoy       quay.tencentcloudcr.com/cilium/cilium-envoy:v1.34.10-1761014632-c360e8557eb41011dfb5210f8fb53fed6c0b3222@sha256:ca76eb4e9812d114c7f43215a742c00b8bf41200992af0d21b5561d46156fd15: 3
                       cilium-operator    quay.tencentcloudcr.com/cilium/operator-generic:v1.18.3@sha256:b5a0138e1a38e4437c5215257ff4e35373619501f4877dbaf92c89ecfad81797: 2
                       hubble-relay       quay.tencentcloudcr.com/cilium/hubble-relay:v1.18.3@sha256:e53e00c47fe4ffb9c086bad0c1c77f23cb968be4385881160683d9e15aa34dc3: 1

安装 Hubble 客户端

Hubble 客户端用于与 Hubble Ralay 提供的接口进行交互,参考 Install the Hubble Clienthubble 二进制 (Hubble 客户端) 安装到本机。

安装完成后,验证下 Hubble 客户端可正常访问 Hubble API:

$ hubble status -P
Healthcheck (via 127.0.0.1:4245): Ok
Current/Max Flows: 12,285/12,285 (100.00%)
Flows/s: 26.42
Connected Nodes: 3/3

启用 Hubble UI

Hubble UI 可用于可视化查看集群中的服务拓扑。

使用下面的命令启用 Hubble UI:

helm upgrade cilium cilium/cilium --version 1.18.3 \
   --namespace kube-system \
   --reuse-values \
   --set hubble.relay.enabled=true \
   --set hubble.ui.enabled=true \
   --set hubble.ui.backend.image.repository=quay.tencentcloudcr.com/cilium/hubble-ui-backend \
   --set hubble.ui.frontend.image.repository=quay.tencentcloudcr.com/cilium/hubble-ui

确认 Hubble UI 的 Pod 正常运行:

$ kubectl --namespace=kube-system get pod -l app.kubernetes.io/name=hubble-ui
NAME                         READY   STATUS    RESTARTS   AGE
hubble-ui-5dd5877df5-8c69k   2/2     Running   0          5m41s

然后就可以执行 cilium hubble ui 自动打开浏览器查看集群的服务拓扑了。

$ cilium hubble ui
ℹ  Opening "http://localhost:12000" in your browser...

更多请参考 Network Observability with Hubble / Service Map & Hubble UI