温馨提示×

温馨提示×

您好,登录后才能下订单哦!

密码登录×
登录注册×
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》

Kubernetes 1.8.4如何安装Calico

发布时间:2021-11-12 11:34:12 来源:亿速云 阅读:372 作者:小新 栏目:云计算

这篇文章给大家分享的是有关Kubernetes 1.8.4如何安装Calico的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。

Calico  

      Calico 是一款纯 Layer 3 的数据中心网络方案(不需要 Overlay 网络),Calico 好处是他已与各种云原生平台有良好的整合,而 Calico 在每一个节点利用 Linux Kernel 实现高效的 vRouter 来负责数据的转发,而当数据中心复杂度增加时,可以用 BGP route reflector 来达成。

  • 在master通过 kubectl 建立 Calico policy controller

    生成calico-controller.yml

    cat <<EOF > calico-controller.yml
    apiVersion: rbac.authorization.k8s.io/v1beta1
    kind: ClusterRoleBinding
    metadata:
      name: calico-kube-controllers
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: calico-kube-controllers
    subjects:
    - kind: ServiceAccount
      name: calico-kube-controllers
      namespace: kube-system
    ---
    kind: ClusterRole
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
      name: calico-kube-controllers
      namespace: kube-system
    rules:
      - apiGroups:
        - ""
        - extensions
        resources:
          - pods
          - namespaces
          - networkpolicies
        verbs:
          - watch
          - list
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: calico-kube-controllers
      namespace: kube-system
    ---
    apiVersion: extensions/v1beta1
    kind: Deployment
    metadata:
      name: calico-policy-controller
      namespace: kube-system
      labels:
        k8s-app: calico-policy
    spec:
      strategy:
        type: Recreate
      template:
        metadata:
          name: calico-policy-controller
          namespace: kube-system
          labels:
            k8s-app: calico-policy
        spec:
          hostNetwork: true
          serviceAccountName: calico-kube-controllers
          containers:
          - name: calico-policy-controller
            image: quay.io/calico/kube-controllers:v1.0.0
            env:
              - name: ETCD_ENDPOINTS
                value: "https://10.0.0.162:2379"
              - name: ETCD_CA_CERT_FILE
                value: "/etc/etcd/ssl/etcd-ca.pem"
              - name: ETCD_CERT_FILE
                value: "/etc/etcd/ssl/etcd.pem"
              - name: ETCD_KEY_FILE
                value: "/etc/etcd/ssl/etcd-key.pem"
            volumeMounts:
              - mountPath: /etc/etcd/ssl
                name: etcd-ca-certs
                readOnly: true
          volumes:
            - hostPath:
                path: /etc/etcd/ssl
                type: DirectoryOrCreate
              name: etcd-ca-certs
    EOF


    kubectl apply -f calico-controller.yml


    查看状态

    kubectl -n kube-system get po -l k8s-app=calico-policy


     

  • 在master下载 Calico CLI 工具

    wget https://github.com/projectcalico/calicoctl/releases/download/v1.6.1/calicoctl
    chmod +x calicoctl && mv calicoctl /usr/local/bin/


     

  • 在所有节点下载 Calico,并执行以下步骤

    export CALICO_URL="https://github.com/projectcalico/cni-plugin/releases/download/v1.11.0"
    wget -N -P /opt/cni/bin ${CALICO_URL}/calico
    wget -N -P /opt/cni/bin ${CALICO_URL}/calico-ipam
    chmod +x /opt/cni/bin/calico /opt/cni/bin/calico-ipam


  • 在所有节点下载 CNI plugins配置文件,以及 calico-node.service
    创建文件夹

    mkdir -p /etc/cni/net.d


    cat <<EOF > /etc/cni/net.d/10-calico.conf
    {
        "name": "calico-k8s-network",
        "cniVersion": "0.1.0",
        "type": "calico",
        "etcd_endpoints": "https://10.0.0.162:2379",
        "etcd_ca_cert_file": "/etc/etcd/ssl/etcd-ca.pem",
        "etcd_cert_file": "/etc/etcd/ssl/etcd.pem",
        "etcd_key_file": "/etc/etcd/ssl/etcd-key.pem",
        "log_level": "info",
        "ipam": {
            "type": "calico-ipam"
        },
        "policy": {
            "type": "k8s"
        },
        "kubernetes": {
            "kubeconfig": "/etc/kubernetes/kubelet.conf"
        }
    }
    EOF


    cat <<EOF > /lib/systemd/system/calico-node.service
    [Unit]
    Description=calico node
    After=docker.service
    Requires=docker.service
    
    [Service]
    User=root
    PermissionsStartOnly=true
    ExecStart=/usr/bin/docker run --net=host --privileged --name=calico-node \
      -e ETCD_ENDPOINTS=https://10.0.0.162:2379 \
      -e ETCD_CA_CERT_FILE=/etc/etcd/ssl/etcd-ca.pem \
      -e ETCD_CERT_FILE=/etc/etcd/ssl/etcd.pem \
      -e ETCD_KEY_FILE=/etc/etcd/ssl/etcd-key.pem \
      -e NODENAME=${HOSTNAME} \
      -e IP= \
      -e NO_DEFAULT_POOLS= \
      -e AS= \
      -e CALICO_LIBNETWORK_ENABLED=true \
      -e IP6= \
      -e CALICO_NETWORKING_BACKEND=bird \
      -e FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \
      -e FELIX_HEALTHENABLED=true \
      -e CALICO_IPV4POOL_CIDR=10.244.0.0/16 \
      -e CALICO_IPV4POOL_IPIP=always \
      -e IP_AUTODETECTION_METHOD=interface=ens33 \
      -e IP6_AUTODETECTION_METHOD=interface=ens33 \
      -v /etc/etcd/ssl:/etc/etcd/ssl \
      -v /var/run/calico:/var/run/calico \
      -v /lib/modules:/lib/modules \
      -v /run/docker/plugins:/run/docker/plugins \
      -v /var/run/docker.sock:/var/run/docker.sock \
      -v /var/log/calico:/var/log/calico \
      quay.io/calico/node:v2.6.2
    ExecStop=/usr/bin/docker rm -f calico-node
    Restart=on-failure
    RestartSec=10
    
    [Install]
    WantedBy=multi-user.target
    EOF


     

  • 在所有节点启动 Calico-node

    systemctl enable calico-node.service && systemctl start calico-node.service


  • 在master查看 Calico nodes

    cat <<EOF > ~/calico-rc
    export ETCD_ENDPOINTS="https://10.0.0.162:2379"
    export ETCD_CA_CERT_FILE="/etc/etcd/ssl/etcd-ca.pem"
    export ETCD_CERT_FILE="/etc/etcd/ssl/etcd.pem"
    export ETCD_KEY_FILE="/etc/etcd/ssl/etcd-key.pem"
    EOF


    . ~/calico-rc


    calicoctl get node -o wide


    查看 pending 的 pod 是否已执行

    kubectl -n kube-system get po

感谢各位的阅读!关于“Kubernetes 1.8.4如何安装Calico”这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,让大家可以学到更多知识,如果觉得文章不错,可以把它分享出去让更多的人看到吧!

向AI问一下细节

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

AI