kubernetes1.8.4 安装指南 -- 9. calico

来源：互联网发布：linux 禁止ip连接编辑：程序博客网时间：2024/05/21 09:23

在master节点通过kubectl建立calico policy controller

calico-controller.yml

apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata:  name: calico-kube-controllersroleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: calico-kube-controllerssubjects:- kind: ServiceAccount  name: calico-kube-controllers  namespace: kube-system---kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1beta1metadata:  name: calico-kube-controllers  namespace: kube-systemrules:  - apiGroups:    - ""    - extensions    resources:      - pods      - namespaces      - networkpolicies    verbs:      - watch      - list---apiVersion: v1kind: ServiceAccountmetadata:  name: calico-kube-controllers  namespace: kube-system---apiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: calico-policy-controller  namespace: kube-system  labels:    k8s-app: calico-policyspec:  strategy:    type: Recreate  template:    metadata:      name: calico-policy-controller      namespace: kube-system      labels:        k8s-app: calico-policy    spec:      hostNetwork: true      serviceAccountName: calico-kube-controllers      containers:      - name: calico-policy-controller        image: quay.io/calico/kube-controllers:v1.0.0        env:          - name: ETCD_ENDPOINTS            value: "http://10.0.0.210:2379"        volumeMounts:          - mountPath: /etc/etcd/ssl            name: etcd-ca-certs            readOnly: true      volumes:        - hostPath:            path: /etc/etcd/ssl            type: DirectoryOrCreate          name: etcd-ca-certs

下载calicoctl

wget https://github.com/projectcalico/calicoctl/releases/download/v1.6.2/calicoctl -o /usr/local/bin/calicoctl

chmod +x /usr/local/bin/calicoctl

接下来的操作需要在所有节点进行。

wget https://github.com/projectcalico/cni-plugin/releases/download/v1.11.1/calico -o /opt/cni/bin

wget https://github.com/projectcalico/cni-plugin/releases/download/v1.11.1/calico-ipam -o /opt/cni/bin

chmod +x /opt/cni/bin/calico /opt/cni/bin/calico-ipam

mkdir -p /etc/cni/net.d

在/lib/systemd/system/下面建立文件calico-node.service

[Unit]Description=calico nodeAfter=docker.serviceRequires=docker.service[Service]User=rootPermissionsStartOnly=trueExecStart=/usr/bin/docker run --net=host --privileged --name=calico-node \  -e ETCD_ENDPOINTS=http://10.0.0.210:2379 \  -e NODENAME=${HOSTNAME} \  -e IP= \  -e NO_DEFAULT_POOLS= \  -e AS= \  -e CALICO_LIBNETWORK_ENABLED=true \  -e IP6= \  -e CALICO_NETWORKING_BACKEND=bird \  -e FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \  -e FELIX_HEALTHENABLED=true \  -e CALICO_IPV4POOL_CIDR=10.244.0.0/16 \  -e CALICO_IPV4POOL_IPIP=always \  -e IP_AUTODETECTION_METHOD=interface=eth0 \  -e IP6_AUTODETECTION_METHOD=interface=eth0 \  -v /etc/etcd/ssl:/etc/etcd/ssl \  -v /var/run/calico:/var/run/calico \  -v /lib/modules:/lib/modules \  -v /run/docker/plugins:/run/docker/plugins \  -v /var/run/docker.sock:/var/run/docker.sock \  -v /var/log/calico:/var/log/calico \  quay.io/calico/node:v2.6.3ExecStop=/usr/bin/docker rm -f calico-nodeRestart=on-failureRestartSec=10[Install]WantedBy=multi-user.target

在/etc/cni/net.d下面建立文件10-calico.conf

{    "name": "calico-k8s-network",    "cniVersion": "0.1.0",    "type": "calico",    "etcd_endpoints": "http://10.0.0.210:2379",    "log_level": "info",    "ipam": {        "type": "calico-ipam"    },    "policy": {        "type": "k8s"    },    "kubernetes": {        "kubeconfig": "/etc/kubernetes/kubelet.conf"    }}

在所有节点启动calico

systemctl enable calico-node

systemctl start calico-node

在master节点查看calico nodes

在用户主目录创建文件calico-rc

source ~/calico-rc

阅读全文

0 0