溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

Kubernetes 1.8.4如何安裝Calico

發(fā)布時間:2021-11-12 11:34:12 來源:億速云 閱讀:363 作者:小新 欄目:云計算

這篇文章給大家分享的是有關(guān)Kubernetes 1.8.4如何安裝Calico的內(nèi)容。小編覺得挺實用的,因此分享給大家做個參考,一起跟隨小編過來看看吧。

Calico  

      Calico 是一款純 Layer 3 的數(shù)據(jù)中心網(wǎng)絡(luò)方案(不需要 Overlay 網(wǎng)絡(luò)),Calico 好處是他已與各種云原生平臺有良好的整合,而 Calico 在每一個節(jié)點利用 Linux Kernel 實現(xiàn)高效的 vRouter 來負責數(shù)據(jù)的轉(zhuǎn)發(fā),而當數(shù)據(jù)中心復(fù)雜度增加時,可以用 BGP route reflector 來達成。

  • 在master通過 kubectl 建立 Calico policy controller

    生成calico-controller.yml

    cat <<EOF > calico-controller.yml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: calico-kube-controllers
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: calico-kube-controllers
subjects:
- kind: ServiceAccount
  name: calico-kube-controllers
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: calico-kube-controllers
  namespace: kube-system
rules:
  - apiGroups:
    - ""
    - extensions
    resources:
      - pods
      - namespaces
      - networkpolicies
    verbs:
      - watch
      - list
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: calico-kube-controllers
  namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: calico-policy-controller
  namespace: kube-system
  labels:
    k8s-app: calico-policy
spec:
  strategy:
    type: Recreate
  template:
    metadata:
      name: calico-policy-controller
      namespace: kube-system
      labels:
        k8s-app: calico-policy
    spec:
      hostNetwork: true
      serviceAccountName: calico-kube-controllers
      containers:
      - name: calico-policy-controller
        image: quay.io/calico/kube-controllers:v1.0.0
        env:
          - name: ETCD_ENDPOINTS
            value: "https://10.0.0.162:2379"
          - name: ETCD_CA_CERT_FILE
            value: "/etc/etcd/ssl/etcd-ca.pem"
          - name: ETCD_CERT_FILE
            value: "/etc/etcd/ssl/etcd.pem"
          - name: ETCD_KEY_FILE
            value: "/etc/etcd/ssl/etcd-key.pem"
        volumeMounts:
          - mountPath: /etc/etcd/ssl
            name: etcd-ca-certs
            readOnly: true
      volumes:
        - hostPath:
            path: /etc/etcd/ssl
            type: DirectoryOrCreate
          name: etcd-ca-certs
EOF


    kubectl apply -f calico-controller.yml


    查看狀態(tài)

    kubectl -n kube-system get po -l k8s-app=calico-policy


     

  • 在master下載 Calico CLI 工具

    wget https://github.com/projectcalico/calicoctl/releases/download/v1.6.1/calicoctl
chmod +x calicoctl && mv calicoctl /usr/local/bin/


     

  • 在所有節(jié)點下載 Calico,并執(zhí)行以下步驟

    export CALICO_URL="https://github.com/projectcalico/cni-plugin/releases/download/v1.11.0"
wget -N -P /opt/cni/bin ${CALICO_URL}/calico
wget -N -P /opt/cni/bin ${CALICO_URL}/calico-ipam
chmod +x /opt/cni/bin/calico /opt/cni/bin/calico-ipam


  • 在所有節(jié)點下載 CNI plugins配置文件,以及 calico-node.service
    創(chuàng)建文件夾

    mkdir -p /etc/cni/net.d


    cat <<EOF > /etc/cni/net.d/10-calico.conf
{
    "name": "calico-k8s-network",
    "cniVersion": "0.1.0",
    "type": "calico",
    "etcd_endpoints": "https://10.0.0.162:2379",
    "etcd_ca_cert_file": "/etc/etcd/ssl/etcd-ca.pem",
    "etcd_cert_file": "/etc/etcd/ssl/etcd.pem",
    "etcd_key_file": "/etc/etcd/ssl/etcd-key.pem",
    "log_level": "info",
    "ipam": {
        "type": "calico-ipam"
    },
    "policy": {
        "type": "k8s"
    },
    "kubernetes": {
        "kubeconfig": "/etc/kubernetes/kubelet.conf"
    }
}
EOF


    cat <<EOF > /lib/systemd/system/calico-node.service
[Unit]
Description=calico node
After=docker.service
Requires=docker.service

[Service]
User=root
PermissionsStartOnly=true
ExecStart=/usr/bin/docker run --net=host --privileged --name=calico-node \
  -e ETCD_ENDPOINTS=https://10.0.0.162:2379 \
  -e ETCD_CA_CERT_FILE=/etc/etcd/ssl/etcd-ca.pem \
  -e ETCD_CERT_FILE=/etc/etcd/ssl/etcd.pem \
  -e ETCD_KEY_FILE=/etc/etcd/ssl/etcd-key.pem \
  -e NODENAME=${HOSTNAME} \
  -e IP= \
  -e NO_DEFAULT_POOLS= \
  -e AS= \
  -e CALICO_LIBNETWORK_ENABLED=true \
  -e IP6= \
  -e CALICO_NETWORKING_BACKEND=bird \
  -e FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \
  -e FELIX_HEALTHENABLED=true \
  -e CALICO_IPV4POOL_CIDR=10.244.0.0/16 \
  -e CALICO_IPV4POOL_IPIP=always \
  -e IP_AUTODETECTION_METHOD=interface=ens33 \
  -e IP6_AUTODETECTION_METHOD=interface=ens33 \
  -v /etc/etcd/ssl:/etc/etcd/ssl \
  -v /var/run/calico:/var/run/calico \
  -v /lib/modules:/lib/modules \
  -v /run/docker/plugins:/run/docker/plugins \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /var/log/calico:/var/log/calico \
  quay.io/calico/node:v2.6.2
ExecStop=/usr/bin/docker rm -f calico-node
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF


     

  • 在所有節(jié)點啟動 Calico-node

    systemctl enable calico-node.service && systemctl start calico-node.service


  • 在master查看 Calico nodes

    cat <<EOF > ~/calico-rc
export ETCD_ENDPOINTS="https://10.0.0.162:2379"
export ETCD_CA_CERT_FILE="/etc/etcd/ssl/etcd-ca.pem"
export ETCD_CERT_FILE="/etc/etcd/ssl/etcd.pem"
export ETCD_KEY_FILE="/etc/etcd/ssl/etcd-key.pem"
EOF


    . ~/calico-rc


    calicoctl get node -o wide


    查看 pending 的 pod 是否已執(zhí)行

    kubectl -n kube-system get po

感謝各位的閱讀!關(guān)于“Kubernetes 1.8.4如何安裝Calico”這篇文章就分享到這里了,希望以上內(nèi)容可以對大家有一定的幫助,讓大家可以學(xué)到更多知識,如果覺得文章不錯,可以把它分享出去讓更多的人看到吧!

向AI問一下細節(jié)

免責聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI