在笔记本Win10中基于WSL+Docker Desktop安装Kubernetes和Istio、Knative


Docker在win10 Home 2004版本上可以直接安装:在Win10家庭版中安装Docker Desktop正式版(非Toolbox)
安装启动Docker Desktop以后就可以安装K8s了,注意,不能使用Docker Desktop中setting的enable Kubernetes。只能自己手工安装K8s。
打开win10中的Ubuntu窗口,进入Linux:

# Download the latest version of KinD
curl -Lo ./kind https://github.com/kubernetes-sigs/kind/releases/download/v0.7.0/kind-$(uname)-amd64
# Make the binary executable
chmod +x ./kind
# Move the binary to your executable path
sudo mv ./kind /usr/local/bin/

现在可以创建第一个集群:

# Check if the KUBECONFIG is not set
echo $KUBECONFIG
# Check if the .kube directory is created > if not, no need to create it
ls $HOME/.kube
# Create the cluster and give it a name (optional)
kind create cluster --name wslkind

在创建集群时会报错:

出错:docker pull kindest/node:v1.17.0@sha256:95XXX

说明当前网络无法连接到 Docker Hub地址,这时可以先用简单命令测试一下Docker:

docker run hello-world

在输出以下一行后出错:

docker : Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: TLS handshake timeout.

这是网络无法接通的原因,在Docker Desktop的setting设置的resource设置代理地址。
设置好代理以后,重新再进入Ubuntu Linux窗口:

docker run hello-world
latest: Pulling from library/hello-world

这时应该正常安装成功了。

 这时再次运行:

kind create cluster --name wslkind

应该会再下载360M左右的文件:

Creating cluster "kind" ...
  Ensuring node image (kindest/node:v1.17.0) 
  Preparing nodes 
  Writing configuration 
  Starting control-plane 
  Installing CNI 
  Installing StorageClass 
Set kubectl context to "kind-kind"
You can now use your cluster with:

kubectl cluster-info --context kind-kind

Have a question, bug, or feature request? Let us know! https://kind.sigs.k8s.io/community 

运行:

kubectl cluster-info --context kind-kind

结果:

Kubernetes master is running at https://127.0.0.1:32768
KubeDNS is running at https://127.0.0.1:32768/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

用浏览器访问https://127.0.0.1:32768应该出现:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {
    
  },
  "code": 403
}

这是带有WSL2后端的Docker Desktop for Windows的真正优势。Docker确实实现了惊人的集成。

安装Istio
按照Istio官方文档

curl -L https://istio.io/downloadIstio | sh -

但是无法成功,原来https://istio.io/downloadIstio重定向到
https://raw.githubusercontent.com/istio/istio/release-1.6/release/downloadIstioCandidate.sh。
使用wget下载:
wget  https://raw.githubusercontent.com/istio/istio/release-1.6/release/downloadIstioCandidate.sh

chmod +x ./downloadIstioCandidate.sh
export ISTIO_VERSION=1.6.4
./downloadIstioCandidate.sh

结果:

Trying with TARGET_ARCH. Downloading istio-1.6.4 from https://github.com/istio/istio/releases/download/1.6.4/istio-1.6.4-linux-amd64.tar.gz ...

Istio 1.6.4 Download Complete!

Istio has been successfully downloaded into the istio-1.6.4 folder on your system.

为了进一步使用Knative,这里采取无边车方式安装istio,切换到Istion目录:

cat << EOF > ./istio-minimal-operator.yaml
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
spec:
  values:
    global:
      proxy:
        autoInject: disabled
      useMCP: false
      # The third-party-jwt is not enabled on all k8s.
      # See: https://istio.io/docs/ops/best-practices/security/configure-third-party-service-account-tokens
      jwtPolicy: first-party-jwt

  addonComponents:
    pilot:
      enabled: true
    prometheus:
      enabled: false

  components:
    ingressGateways:
      - name: istio-ingressgateway
        enabled: true
      - name: cluster-local-gateway
        enabled: true
        label:
          istio: cluster-local-gateway
          app: cluster-local-gateway
        k8s:
          service:
            type: ClusterIP
            ports:
            - port: 15020
              name: status-port
            - port: 80
              name: http2
            - port: 443
              name: https
EOF

cd istio-1.6.4/bin
./istioctl manifest apply -f istio-minimal-operator.yaml

如果安装过程出错,可能由于网速慢超时,多试验几次:

Istio core installed                                                                                                 
Istiod installed                                                                                                     
Addons installed                                                                                                     
Ingress gateways installed                                                                                           
Installation complete            


确认Istio安装情况:

kubectl get pods --namespace istio-system

以上K8s和Istio已经安装成功,进一步Knative安装参考官方文档:https://knative.dev/docs/install/any-kubernetes-cluster/