溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章給大家分享的是有關Kubernetes 1.8.4如何安裝Calico的內容。小編覺得挺實用的,因此分享給大家做個參考,一起跟隨小編過來看看吧。
Calico 是一款純 Layer 3 的數據中心網絡方案(不需要 Overlay 網絡),Calico 好處是他已與各種云原生平臺有良好的整合,而 Calico 在每一個節點利用 Linux Kernel 實現高效的 vRouter 來負責數據的轉發,而當數據中心復雜度增加時,可以用 BGP route reflector 來達成。
在master通過 kubectl 建立 Calico policy controller
生成calico-controller.yml
cat <<EOF > calico-controller.yml apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: calico-kube-controllers roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: calico-kube-controllers subjects: - kind: ServiceAccount name: calico-kube-controllers namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: calico-kube-controllers namespace: kube-system rules: - apiGroups: - "" - extensions resources: - pods - namespaces - networkpolicies verbs: - watch - list --- apiVersion: v1 kind: ServiceAccount metadata: name: calico-kube-controllers namespace: kube-system --- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: calico-policy-controller namespace: kube-system labels: k8s-app: calico-policy spec: strategy: type: Recreate template: metadata: name: calico-policy-controller namespace: kube-system labels: k8s-app: calico-policy spec: hostNetwork: true serviceAccountName: calico-kube-controllers containers: - name: calico-policy-controller image: quay.io/calico/kube-controllers:v1.0.0 env: - name: ETCD_ENDPOINTS value: "https://10.0.0.162:2379" - name: ETCD_CA_CERT_FILE value: "/etc/etcd/ssl/etcd-ca.pem" - name: ETCD_CERT_FILE value: "/etc/etcd/ssl/etcd.pem" - name: ETCD_KEY_FILE value: "/etc/etcd/ssl/etcd-key.pem" volumeMounts: - mountPath: /etc/etcd/ssl name: etcd-ca-certs readOnly: true volumes: - hostPath: path: /etc/etcd/ssl type: DirectoryOrCreate name: etcd-ca-certs EOF
kubectl apply -f calico-controller.yml
查看狀態
kubectl -n kube-system get po -l k8s-app=calico-policy
在master下載 Calico CLI 工具
wget https://github.com/projectcalico/calicoctl/releases/download/v1.6.1/calicoctl chmod +x calicoctl && mv calicoctl /usr/local/bin/
在所有節點下載 Calico,并執行以下步驟
export CALICO_URL="https://github.com/projectcalico/cni-plugin/releases/download/v1.11.0"
wget -N -P /opt/cni/bin ${CALICO_URL}/calico
wget -N -P /opt/cni/bin ${CALICO_URL}/calico-ipam
chmod +x /opt/cni/bin/calico /opt/cni/bin/calico-ipam在所有節點下載 CNI plugins配置文件,以及 calico-node.service
創建文件夾
mkdir -p /etc/cni/net.d
cat <<EOF > /etc/cni/net.d/10-calico.conf
{
"name": "calico-k8s-network",
"cniVersion": "0.1.0",
"type": "calico",
"etcd_endpoints": "https://10.0.0.162:2379",
"etcd_ca_cert_file": "/etc/etcd/ssl/etcd-ca.pem",
"etcd_cert_file": "/etc/etcd/ssl/etcd.pem",
"etcd_key_file": "/etc/etcd/ssl/etcd-key.pem",
"log_level": "info",
"ipam": {
"type": "calico-ipam"
},
"policy": {
"type": "k8s"
},
"kubernetes": {
"kubeconfig": "/etc/kubernetes/kubelet.conf"
}
}
EOFcat <<EOF > /lib/systemd/system/calico-node.service
[Unit]
Description=calico node
After=docker.service
Requires=docker.service
[Service]
User=root
PermissionsStartOnly=true
ExecStart=/usr/bin/docker run --net=host --privileged --name=calico-node \
-e ETCD_ENDPOINTS=https://10.0.0.162:2379 \
-e ETCD_CA_CERT_FILE=/etc/etcd/ssl/etcd-ca.pem \
-e ETCD_CERT_FILE=/etc/etcd/ssl/etcd.pem \
-e ETCD_KEY_FILE=/etc/etcd/ssl/etcd-key.pem \
-e NODENAME=${HOSTNAME} \
-e IP= \
-e NO_DEFAULT_POOLS= \
-e AS= \
-e CALICO_LIBNETWORK_ENABLED=true \
-e IP6= \
-e CALICO_NETWORKING_BACKEND=bird \
-e FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \
-e FELIX_HEALTHENABLED=true \
-e CALICO_IPV4POOL_CIDR=10.244.0.0/16 \
-e CALICO_IPV4POOL_IPIP=always \
-e IP_AUTODETECTION_METHOD=interface=ens33 \
-e IP6_AUTODETECTION_METHOD=interface=ens33 \
-v /etc/etcd/ssl:/etc/etcd/ssl \
-v /var/run/calico:/var/run/calico \
-v /lib/modules:/lib/modules \
-v /run/docker/plugins:/run/docker/plugins \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/log/calico:/var/log/calico \
quay.io/calico/node:v2.6.2
ExecStop=/usr/bin/docker rm -f calico-node
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
在所有節點啟動 Calico-node
systemctl enable calico-node.service && systemctl start calico-node.service
在master查看 Calico nodes
cat <<EOF > ~/calico-rc export ETCD_ENDPOINTS="https://10.0.0.162:2379" export ETCD_CA_CERT_FILE="/etc/etcd/ssl/etcd-ca.pem" export ETCD_CERT_FILE="/etc/etcd/ssl/etcd.pem" export ETCD_KEY_FILE="/etc/etcd/ssl/etcd-key.pem" EOF
. ~/calico-rc
calicoctl get node -o wide
查看 pending 的 pod 是否已執行
kubectl -n kube-system get po
感謝各位的閱讀!關于“Kubernetes 1.8.4如何安裝Calico”這篇文章就分享到這里了,希望以上內容可以對大家有一定的幫助,讓大家可以學到更多知識,如果覺得文章不錯,可以把它分享出去讓更多的人看到吧!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
