这篇文章给大家分享的是有关Kubernetes 1.8.4如何安装Calico的内容。小编觉得挺实用的,因此分享给大家做个参考,一起跟随小编过来看看吧。
Calico 是一款纯 Layer 3 的数据中心网络方案(不需要 Overlay 网络),Calico 好处是他已与各种云原生平台有良好的整合,而 Calico 在每一个节点利用 Linux Kernel 实现高效的 vRouter 来负责数据的转发,而当数据中心复杂度增加时,可以用 BGP route reflector 来达成。
在master通过 kubectl 建立 Calico policy controller
生成calico-controller.yml
cat <<EOF > calico-controller.yml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: calico-kube-controllers roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: calico-kube-controllers subjects: - kind: ServiceAccount name: calico-kube-controllers namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: calico-kube-controllers namespace: kube-system rules: - apiGroups: - "" - extensions resources: - pods - namespaces - networkpolicies verbs: - watch - list --- apiVersion: v1 kind: ServiceAccount metadata: name: calico-kube-controllers namespace: kube-system --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: calico-policy-controller namespace: kube-system labels: k8s-app: calico-policy spec: strategy: type: Recreate template: metadata: name: calico-policy-controller namespace: kube-system labels: k8s-app: calico-policy spec: hostNetwork: true serviceAccountName: calico-kube-controllers containers: - name: calico-policy-controller image: quay.io/calico/kube-controllers:v1.0.0 env: - name: ETCD_ENDPOINTS value: "https://10.0.0.162:2379" - name: ETCD_CA_CERT_FILE value: "/etc/etcd/ssl/etcd-ca.pem" - name: ETCD_CERT_FILE value: "/etc/etcd/ssl/etcd.pem" - name: ETCD_KEY_FILE value: "/etc/etcd/ssl/etcd-key.pem" volumeMounts: - mountPath: /etc/etcd/ssl name: etcd-ca-certs readOnly: true volumes: - hostPath: path: /etc/etcd/ssl type: DirectoryOrCreate name: etcd-ca-certs EOF
kubectl apply -f calico-controller.yml
查看状态
kubectl -n kube-system get po -l k8s-app=calico-policy
在master下载 Calico CLI 工具
wget https://github.com/projectcalico/calicoctl/releases/download/v1.6.1/calicoctl chmod +x calicoctl && mv calicoctl /usr/local/bin/
在所有节点下载 Calico,并执行以下步骤
export CALICO_URL="https://github.com/projectcalico/cni-plugin/releases/download/v1.11.0" wget -N -P /opt/cni/bin ${CALICO_URL}/calico wget -N -P /opt/cni/bin ${CALICO_URL}/calico-ipam chmod +x /opt/cni/bin/calico /opt/cni/bin/calico-ipam
在所有节点下载 CNI plugins配置文件,以及 calico-node.service
创建文件夹
mkdir -p /etc/cni/net.d
cat <<EOF > /etc/cni/net.d/10-calico.conf { "name": "calico-k8s-network", "cniVersion": "0.1.0", "type": "calico", "etcd_endpoints": "https://10.0.0.162:2379", "etcd_ca_cert_file": "/etc/etcd/ssl/etcd-ca.pem", "etcd_cert_file": "/etc/etcd/ssl/etcd.pem", "etcd_key_file": "/etc/etcd/ssl/etcd-key.pem", "log_level": "info", "ipam": { "type": "calico-ipam" }, "policy": { "type": "k8s" }, "kubernetes": { "kubeconfig": "/etc/kubernetes/kubelet.conf" } } EOF
cat <<EOF > /lib/systemd/system/calico-node.service [Unit] Description=calico node After=docker.service Requires=docker.service [Service] User=root PermissionsStartOnly=true ExecStart=/usr/bin/docker run --net=host --privileged --name=calico-node \ -e ETCD_ENDPOINTS=https://10.0.0.162:2379 \ -e ETCD_CA_CERT_FILE=/etc/etcd/ssl/etcd-ca.pem \ -e ETCD_CERT_FILE=/etc/etcd/ssl/etcd.pem \ -e ETCD_KEY_FILE=/etc/etcd/ssl/etcd-key.pem \ -e NODENAME=${HOSTNAME} \ -e IP= \ -e NO_DEFAULT_POOLS= \ -e AS= \ -e CALICO_LIBNETWORK_ENABLED=true \ -e IP6= \ -e CALICO_NETWORKING_BACKEND=bird \ -e FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \ -e FELIX_HEALTHENABLED=true \ -e CALICO_IPV4POOL_CIDR=10.244.0.0/16 \ -e CALICO_IPV4POOL_IPIP=always \ -e IP_AUTODETECTION_METHOD=interface=ens33 \ -e IP6_AUTODETECTION_METHOD=interface=ens33 \ -v /etc/etcd/ssl:/etc/etcd/ssl \ -v /var/run/calico:/var/run/calico \ -v /lib/modules:/lib/modules \ -v /run/docker/plugins:/run/docker/plugins \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/log/calico:/var/log/calico \ quay.io/calico/node:v2.6.2 ExecStop=/usr/bin/docker rm -f calico-node Restart=on-failure RestartSec=10 [Install] WantedBy=multi-user.target EOF
在所有节点启动 Calico-node
systemctl enable calico-node.service && systemctl start calico-node.service
在master查看 Calico nodes
cat <<EOF > ~/calico-rc export ETCD_ENDPOINTS="https://10.0.0.162:2379" export ETCD_CA_CERT_FILE="/etc/etcd/ssl/etcd-ca.pem" export ETCD_CERT_FILE="/etc/etcd/ssl/etcd.pem" export ETCD_KEY_FILE="/etc/etcd/ssl/etcd-key.pem" EOF
. ~/calico-rc
calicoctl get node -o wide
查看 pending 的 pod 是否已执行
kubectl -n kube-system get po
感谢各位的阅读!关于“Kubernetes 1.8.4如何安装Calico”这篇文章就分享到这里了,希望以上内容可以对大家有一定的帮助,让大家可以学到更多知识,如果觉得文章不错,可以把它分享出去让更多的人看到吧!
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。