关于我们

质量为本、客户为根、勇于拼搏、务实创新

新闻公告

< 返回新闻公共列表

Kubernetes 1.8.4如何安装Calico

发布时间:2022-03-16 17:19:35

Calico  

      Calico 是一款纯 Layer 3 的数据中心网络方案(不需要 Overlay 网络),Calico 好处是他已与各种云原生平台有良好的整合,而 Calico 在每一个节点利用 Linux Kernel 实现高效的 vRouter 来负责数据的转发,而当数据中心复杂度增加时,可以用 BGP route reflector 来达成。

  • 在master通过 kubectl 建立 Calico policy controller

    生成calico-controller.yml

    cat <<EOF > calico-controller.ymlapiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata:  name: calico-kube-controllersroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: calico-kube-controllerssubjects:- kind: ServiceAccount  name: calico-kube-controllers  namespace: kube-system---kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1beta1metadata:  name: calico-kube-controllers  namespace: kube-systemrules:  - apiGroups:    - ""    - extensions    resources:      - pods      - namespaces      - networkpolicies    verbs:      - watch      - list---apiVersion: v1kind: ServiceAccountmetadata:  name: calico-kube-controllers  namespace: kube-system---apiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: calico-policy-controller  namespace: kube-system  labels:    k8s-app: calico-policyspec:  strategy:    type: Recreate  template:    metadata:      name: calico-policy-controller      namespace: kube-system      labels:        k8s-app: calico-policy    spec:      hostNetwork: true      serviceAccountName: calico-kube-controllers      containers:      - name: calico-policy-controller        image: quay.io/calico/kube-controllers:v1.0.0        env:          - name: ETCD_ENDPOINTS            value: "https://10.0.0.162:2379"          - name: ETCD_CA_CERT_FILE            value: "/etc/etcd/ssl/etcd-ca.pem"          - name: ETCD_CERT_FILE            value: "/etc/etcd/ssl/etcd.pem"          - name: ETCD_KEY_FILE            value: "/etc/etcd/ssl/etcd-key.pem"        volumeMounts:          - mountPath: /etc/etcd/ssl            name: etcd-ca-certs            readOnly: true      volumes:        - hostPath:            path: /etc/etcd/ssl            type: DirectoryOrCreate          name: etcd-ca-certsEOF
    kubectl apply -f calico-controller.yml

    查看状态

    kubectl -n kube-system get po -l k8s-app=calico-policy

  • 在master下载 Calico CLI 工具

    wget https://github.com/projectcalico/calicoctl/releases/download/v1.6.1/calicoctl
chmod +x calicoctl && mv calicoctl /usr/local/bin/

  • 在所有节点下载 Calico,并执行以下步骤

    export CALICO_URL="https://github.com/projectcalico/cni-plugin/releases/download/v1.11.0"wget -N -P /opt/cni/bin ${CALICO_URL}/calico
wget -N -P /opt/cni/bin ${CALICO_URL}/calico-ipam
chmod +x /opt/cni/bin/calico /opt/cni/bin/calico-ipam

  • 在所有节点下载 CNI plugins配置文件,以及 calico-node.service
    创建文件夹

    mkdir -p /etc/cni/net.d
    cat <<EOF > /etc/cni/net.d/10-calico.conf
{
    "name": "calico-k8s-network",
    "cniVersion": "0.1.0",
    "type": "calico",
    "etcd_endpoints": "https://10.0.0.162:2379",
    "etcd_ca_cert_file": "/etc/etcd/ssl/etcd-ca.pem",
    "etcd_cert_file": "/etc/etcd/ssl/etcd.pem",
    "etcd_key_file": "/etc/etcd/ssl/etcd-key.pem",
    "log_level": "info",
    "ipam": {
        "type": "calico-ipam"    },
    "policy": {
        "type": "k8s"    },
    "kubernetes": {
        "kubeconfig": "/etc/kubernetes/kubelet.conf"    }
}
EOF
    cat <<EOF > /lib/systemd/system/calico-node.service[Unit]Description=calico nodeAfter=docker.serviceRequires=docker.service[Service]User=rootPermissionsStartOnly=trueExecStart=/usr/bin/docker run --net=host --privileged --name=calico-node \
  -e ETCD_ENDPOINTS=https://10.0.0.162:2379 \
  -e ETCD_CA_CERT_FILE=/etc/etcd/ssl/etcd-ca.pem \
  -e ETCD_CERT_FILE=/etc/etcd/ssl/etcd.pem \
  -e ETCD_KEY_FILE=/etc/etcd/ssl/etcd-key.pem \
  -e NODENAME=${HOSTNAME} \
  -e IP= \
  -e NO_DEFAULT_POOLS= \
  -e AS= \
  -e CALICO_LIBNETWORK_ENABLED=true \
  -e IP6= \
  -e CALICO_NETWORKING_BACKEND=bird \
  -e FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \
  -e FELIX_HEALTHENABLED=true \
  -e CALICO_IPV4POOL_CIDR=10.244.0.0/16 \
  -e CALICO_IPV4POOL_IPIP=always \
  -e IP_AUTODETECTION_METHOD=interface=ens33 \
  -e IP6_AUTODETECTION_METHOD=interface=ens33 \
  -v /etc/etcd/ssl:/etc/etcd/ssl \
  -v /var/run/calico:/var/run/calico \
  -v /lib/modules:/lib/modules \
  -v /run/docker/plugins:/run/docker/plugins \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /var/log/calico:/var/log/calico \
  quay.io/calico/node:v2.6.2ExecStop=/usr/bin/docker rm -f calico-nodeRestart=on-failureRestartSec=10[Install]WantedBy=multi-user.targetEOF

  • 在所有节点启动 Calico-node

    systemctl enable calico-node.service && systemctl start calico-node.service

  • 在master查看 Calico nodes

    cat <<EOF > ~/calico-rcexport ETCD_ENDPOINTS="https://10.0.0.162:2379"export ETCD_CA_CERT_FILE="/etc/etcd/ssl/etcd-ca.pem"export ETCD_CERT_FILE="/etc/etcd/ssl/etcd.pem"export ETCD_KEY_FILE="/etc/etcd/ssl/etcd-key.pem"EOF
    . ~/calico-rc
    calicoctl get node -o wide

    查看 pending 的 pod 是否已执行

    kubectl -n kube-system get po


免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:leidianyun@qq.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

本文链接:http://leidianyun.cn/news/content/287.html 复制本文链接 链接已复制
/template/Home/ZdsjuX168/PC/Static

网站通知

尊敬的雷电云用户,您好:

雷电云停止运营,仅保留域名续费!
雷电云停止运营,仅保留域名续费雷电云停止运营,仅保留域名续费
雷电云停止运营,仅保留域名续费雷电云停止运营,仅保留域名续费

我知道了