Install minikube and istio on ubuntu 22.04

ubuntu 22.04 install minikube and istio

1. Use vmware to install ubuntu22.04 server

? The steps are simple, just search it on Baidu yourself

2. Install minikube

Learn from the installation script: https://blog.csdn.net/LeoForBest/article/details/126524892

#!/usr/bin/bash
# ~~~~~~~~~
# Ubuntu 22.04 Minikube install
# Update Author: yuluo
# Usage: bash install-minikube.sh (do not root, use normal user)

echo "Preparing environment..."
sudo apt-get update -y
sudo apt-get install ca-certificates curl gnupg lsb-release apt-transport-https -y

function install_docker() {<!-- -->
    echo "Uninstalling old version of docker..."
    sudo apt-get remove docker docker-engine docker.io containerd runc -y
    echo "Adding docker gpg..."
    sudo mkdir -p /etc/apt/keyrings
    if [ -f "/etc/apt/keyrings/docker.gpg" ]; then
        sudo rm /etc/apt/keyrings/docker.gpg
    fi

    sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
    sudo chmod a + r /etc/apt/keyrings/docker.gpg
    echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
    echo "Installing docker..."
    sudo apt-get update
    sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
    echo "Adding current user ${<!-- -->USER} to docker group..."
    sudo usermod -aG docker "$USER"
    echo "Setting up docker registry domestic image..."
    if [ -f "/etc/docker/daemon.json" ]; then
        sudo mv /etc/docker/daemon.json{<!-- -->,.bak}
    fi
    cat <<EOF | sudo tee /etc/docker/daemon.json >/dev/null
{
 "registry-mirrors": ["https://docker.mirrors.ustc.edu.cn", "https://registry.docker-cn.com"]
}
EOF
    # Change the owner of the docker.sock file to the current user to ensure that minikube starts successfully
    sudo chown $USER /var/run/docker.sock

    sudo systemctl restart docker.service
    echo "Docker installation completed."
}

function install_kubectl() {<!-- -->
\t
    echo "Downloading and installing kubectl"
    # Same as minukube
    # sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux /amd64/kubectl
    sudo chmod +x ./kubectl
    sudo mv ./kubectl /usr/local/bin/
    echo "kubectl installation completed..."
}

install_kubectl

function install_minikube() {<!-- -->
    echo "Downloading and installing minikube-linux-amd64..."
    # Download minikube to the current path in advance. The download is too slow due to network reasons, so comment this step.
    # sudo curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
    sudo install minikube-linux-amd64 /usr/local/bin/minikube
    echo "Starting minikube..."
    #minikube Cleared all content, use with caution
    # minikube delete
    # --kubernetes-version=v1.23.8 https://github.com/kubernetes/minikube/issues/14477
    
    minikube start

    minikube status
    
    echo "minikube started successfully, minikube installation is complete..."
}

install_docker

# echo "Installing virtualbox..."

# This is used when running on a physical Linux machine. If it is already on a vm virtual machine, just run it on bare metal.
# sudo apt install virtualbox virtualbox-ext-pack -y

install_minikube

echo -e "\\
\\
"

cat <<EOF
***************************************
            docker version
***************************************
EOF

sudo docker version

cat <<EOF
*******************************************
   Set minikube kubectl alias to kubectl
*******************************************
EOF

# optional
echo 'alias kubectl="minikube kubectl --"' >> ~/.profile
source ~/.profile

cat <<EOF
***************************************
       kubectl -- get po -A
***************************************
EOF

kubectl get pods -A

echo -e "\\
 Add kubectl execution permissions to the root user for the following reasons: because minikube is started under a normal user, there is no minikube application under the root user. Therefore, 8080 refused" will be displayed when used.

sudo mkdir -p /root/.kube
sudo cp $HOME/.kube/config /root/.kube
sudo su

echo -e "\\
 For more information, please refer to: https://minikube.sigs.k8s.io/docs/start/"

The final effect of the installation is as follows:

yuluo@yuluo-ubuntu:~/minikube$ kubectl get pod -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-5d78c9869d-s4hrm 1/1 Running 0 2m57s
kube-system etcd-minikube 1/1 Running 0 3m10s
kube-system kube-apiserver-minikube 1/1 Running 0 3m10s
kube-system kube-controller-manager-minikube 1/1 Running 0 3m10s
kube-system kube-proxy-sbpzx 1/1 Running 0 2m57s
kube-system kube-scheduler-minikube 1/1 Running 0 3m10s
kube-system storage-provisioner 1/1 Running 1 (2m36s ago) 3m9s
yuluo@yuluo-ubuntu:~/minikube$

Deploy minikube dashboard

minikube dashboard

yuluo@yuluo-ubuntu:~$ kubectl get pods -A | grep dashboard
kubernetes-dashboard dashboard-metrics-scraper-5dd9cbfd69-mzxzp 1/1 Running 0 104s
kubernetes-dashboard kubernetes-dashboard-5c5cfc8747-np7qt 1/1 Running 0 104s

# Configure minikube remote access
yuluo@yuluo-ubuntu:~$ kubectl proxy --address='0.0.0.0' --disable-filter=true
W1022 09:09:49.061124 193925 proxy.go:175] Request filter disabled, your proxy is vulnerable to XSRF attacks, please be cautious
Starting to serve on [::]:8001

Browser access:
http://ip:8001/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/

3. Test deployment application

1. Writing Go Application

package main

import (
"fmt"
"log"
"net/http"
)

func main() {<!-- -->
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {<!-- -->
fmt.Fprintln(w, "Hello World!")
})

log.Fatalln(http.ListenAndServe(":80", nil))
}

2. Compile

go mod init
go mod tidy
GOOS=linux GOARCH=386 go build -ldflags '-s -w' -o webserver

3. Packaging docker image

# docker build -t leo/webserver .
# In order to reduce the size, use scratch, actually use the golang official image
FROM scratch

COPY ./webserver /webserver

CMD ["/webserver"]

4. Build Docker image

# 1. Create go image locally
docker build -t yuluo/webserver . (name must be Dockerfile)
docker image save yuluo/webserver > webserver.tar
# 2. Upload to the docker image library in the minikube virtual machine
minikube image load webserver.tar

5. Deployment

1. Deploy Pod

Write yaml

apiVersion: v1
Kind: Pod
metadata:
  name: webserver
  labels:
    name: webserver
spec:
  containers:
  - name: webserver
    image: yuluo/webserver
    imagePullPolicy: Never
    resources:
      limits:
        memory: "128Mi"
        cpu: "500m"
    ports:
      - containerPort: 80
        hostPort: 8080

This field is set to imagePullPolicy: Never to use the local image, otherwise it will pull the latest image from the image warehouse and cause failure Error: ErrImagePull

At the same time, because the hostPort is set, minikubeIp:8080 can be accessed on the minikube node

Deploy to minikube

kubectl apply -f webserver-pod.yaml

# The following appears to indicate successful deployment
root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
default webserver 1/1 Running 0 7s
kube-system coredns-5d78c9869d-s4hrm 1/1 Running 6 (24m ago) 27h

View Pod status

kubectl get pods webserver
kubectl describe pods webserver

root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# kubectl describe pod webserver
Name: webserver
Namespace: default
Priority: 0
Service Account: default
Node: minikube/192.168.49.2 # Node ip
Start Time: Sat, 21 Oct 2023 04:22:54 + 0000
Labels: name=webserver
Annotations: <none>
Status: Running
IP: 10.244.0.10 # pod ip

access test

# Use minikube ssh to access the pod on this node for verification
minikube ssh --node minikube

curl podIp

#The final result is as follows
docker@minikube:~$ curl 10.244.0.10
Hello World!

2. Create Service-associated Pod

Write yaml resource file
```
# service
apiVersion: v1
Kind: Service
metadata:
  name: webserver-svc
spec:
  selector:
    name: webserver
  ports:
    - port: 80
      targetPort: 80
      protocol: TCP
```
The above example defines a ClusterIP Service. Traffic to port 80 on ClusterIP will be forwarded to port 8080 on your Pod (targetPort configuration item), and the Pod carrying the name: webserver label will be added to the Service as an available endpoint for the service
Deploy svc
```
kubectl apply -f webserver-pod.yaml
```

View SVC status

kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 27h
webserver-svc ClusterIP 10.103.70.226 <none> 80/TCP 76s

# kubectl describe service webserver-svc Use this command to view the relationship between service and pod
root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# kubectl describe service webserver-svc
Name: webserver-svc
Namespace: default
Labels: <none>
Annotations: <none>
Selector: name=webserver
Type: ClusterIP
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.103.70.226
IPs: 10.103.70.226
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.244.0.10:80
Session Affinity: None
Events: <none>

test access

# service test access
minikube ssh --node minikube

# Displayed as follows
docker@minikube:~$ curl 10.244.0.10
Hello World!

3. Create Ingress exposure service

Ingress is actually a completely different resource from Service. It is a layer of proxy above Service. Ingress is usually used before Service to provide HTTP routing configuration. It allows us to set up external URLs, domain-based virtual hosting, SSL and load balancing. Here nginx-ingress is used as the controller, which uses the NGINX server as a reverse proxy to route traffic to the subsequent Service.

Set the proxy (to handle the situation where the ingress-nginx image may fail to pull, minikube needs to be restarted)

sudo vim /etc/profile.d/proxy.sh

Add the following content to the file

export http_proxy="http://10.10.1.10:8080/"
export https_proxy="http://10.10.1.10:8080/"

sudo chmod +x /etc/profile.d/proxy.sh

source /etc/profile.d/proxy.sh
#Check the environment variables to confirm whether they are effective
env | grep -i proxy

Cancel proxy
```
unset http_proxy
unset https_proxy
```

Restart minikube

yuluo@yuluo-ubuntu:~$ minikube start
* minikube v1.31.2 on Ubuntu 22.04
* Using the docker driver based on existing profile
* Starting control plane node minikube in cluster minikube
* Pulling base image...
* Restarting existing docker container for "minikube" ...
* Found network options:
  - http_proxy=http://192.168.2.9:7890/
! You appear to be using a proxy, but your NO_PROXY environment does not include the minikube IP (192.168.49.2).
* Please see https://minikube.sigs.k8s.io/docs/handbook/vpn_and_proxy/ for more details
  - https_proxy=http://192.168.2.9:7890/
* Preparing Kubernetes v1.27.4 on Docker 24.0.4 ...
  - env HTTP_PROXY=http://192.168.2.9:7890/
  - env HTTPS_PROXY=http://192.168.2.9:7890/
* Configuring bridge CNI (Container Networking Interface) ...
* Verifying Kubernetes components...
  - Using image gcr.io/k8s-minikube/storage-provisioner:v5
* Enabled addons: default-storageclass, storage-provisioner
* Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default

Environment configuration

# In order to use nginx-ingress in minikube, you must execute the following command to enable it
minikube addons enable ingress

kubectl get pods -A # Check whether ingress-nginx starts successfully. If not, use the following command to try again.
kubectl get pod podName -n nameSpace -o yaml | kubectl replace --force -f -

# The following is the success status:
root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# kubectl get pods -n ingress-nginx | grep ingress-nginx-controller
ingress-nginx-controller-7799c6795f-29dnh 1/1 Running 0 21h

Write yaml resource configuration file

apiVersion: networking.k8s.io/v1
Kind: Ingress
metadata:
  name: webserver-ingress
spec:
  ingressClassName: nginx-ingress
  rules:
    - host: "webserver.com"
      http:
        paths:
          - path: "/"
            pathType: Prefix
            backend:
              service:
                name: webserver-svc
                port:
                  number: 80

Deploy Ingress

kubectl apply -f webserver-ingress.yaml

View status

# View the created ingress resources through kubectl get ingress

# Check the relationship between service and ingress through kubectl describe ingress webserver-ingress
root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# kubectl describe ingress webserver-ingress
Name: webserver-ingress
Labels: <none>
Namespace: default
Address:
Ingress Class: nginx-ingress
Default backend: <default>
Rules:
  Host Path Backends
  ---- ---- --------
  webserver.com
                 /webserver-svc:80 (10.244.0.10:80)
Annotations: <none>
Events: <none>

test access

# Set hosts file to create mapping relationship
vim /etc/hosts
<minikube ip> webserver.com

# test
curl webserver.com:8080

#The results are as follows:
root@yuluo-ubuntu:/home/yuluo/app/test-deploy-app# curl webserver.com:8080
Hello World!

4. Install Istio

1. Download istio and upload it to the server

Istio installation package address: https://github.com/istio/istio/releases

2. Installation

# Decompress
tar -zxvf istio-1.19.3

#Add bin directory to system path
export PATH=$HOME/istio/istio-1.19.3/bin:$PATH

# examine
istioctl version

# Check if istio can be installed
root@yuluo-ubuntu:/home/yuluo# istioctl x precheck
? No issues found when checking the cluster. Istio is safe to install or upgrade!
  To get started, check out https://istio.io/latest/docs/setup/getting-started/
  
# Install Istio
istioctl install enter y
Appears as follows: Installation successful
root@yuluo-ubuntu:/home/yuluo# istioctl install
This will install the Istio 1.19.3 "default" profile (with components: Istio core, Istiod, and Ingress gateways) into the cluster. Proceed? (y/N) y
? Istio core installed
?Istiod installed
? Ingress gateways installed
? Installation complete
Made this installation the default for injection and validation.

# kubectl get pods -A | grep istio-system
yuluo@yuluo-ubuntu:~$ kubectl get pods -A | grep istio-system
istio-system istio-ingressgateway-cf99dfc5c-f5bnw 1/1 Running 0 11m
istio-system istiod-78c4f7f756-lnd7g 1/1 Running 0 11m

3. Install Istio dashboard

Import grafana, reference: https://istio.io/latest/zh/docs/tasks/observability/metrics/using-istio-dashboard/

kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.19/samples/addons/grafana.yaml

# Start with the following command
istioctl dashboard grafana

# Mapping local access (if not specified here, only 127.0.0.1 can be used to access, and access using ipv4 address needs to be specified)
kubectl port-forward grafana-5f9b8c6c5d-jnd6n -n istio-system --address 192.168.2.13 3000:3000

#Access the following address
http://192.168.2.13:3000/d/G8wLrJIZk/istio-mesh-dashboard

import promethems

kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.19/samples/addons/prometheus.yaml

istioctl dashboard prometheus

kubectl port-forward prometheus-5d5d6d6fc-w7rk4 -n istio-system --address 192.168.2.13 9090:9090

Install kiali

kubectl apply -f https://raw.githubusercontent.com/istio/istio/release-1.19/samples/addons/kiali.yaml

kubectl port-forward kiali-7c9d5f9f96-b8bpj -n istio-system --address 172.23.235.246 20001:20001

http://172.23.235.246:20001/