第一步,安装etcd:

  请参考以前的文章:  http://www.cnblogs.com/vincenshen/articles/8637949.html

第二步,下载calico:

sudo wget -O /usr/local/bin/calicoctl https://github.com/projectcalico/calicoctl/releases/download/v1.6.3/calicoctl

sudo chmod +x /usr/local/bin/calicoctl

第三步,编写calico配置文件:

apiVersion: v1

kind: calicoApiConfig

metadata:

spec:

  datastoreType: "etcdv2"

  etcdEndpoints: "http://etcd:2379"

第四步,运行calico node:

root@Docker003:~# sudo calicoctl node run --node-image=quay.io/calico/node:v2.6.8

sudo: unable to resolve host Docker003

Running command to load modules: modprobe -a xt_set ip6_tables

Enabling IPv4 forwarding

Enabling IPv6 forwarding

Increasing conntrack limit

Removing old calico-node container (if running).

Running the following command to start calico-node:

docker run --net=host --privileged --name=calico-node -d --restart=always -e NODENAME=Docker003 -e CALICO_NETWORKING_BACKEND=bird -e CALICO_LIBNETWORK_ENABLED=true -e ETCD_ENDPOINTS=http://172.16.65.151:2379 -v /var/log/calico:/var/log/calico -v /var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v /run:/run -v /run/docker/plugins:/run/docker/plugins -v /var/run/docker.sock:/var/run/docker.sock quay.io/calico/node:v2.6.8

Image may take a short time to download if it is not available locally.

Container started, checking progress logs.

-- ::40.421 [INFO][] startup.go : Early log level set to info

-- ::40.422 [INFO][] client.go : Loading config from environment

-- ::40.422 [INFO][] startup.go : Skipping datastore connection test

-- ::40.424 [INFO][] startup.go : Building new node resource Name="Docker003"

-- ::40.424 [INFO][] startup.go : Initialise BGP data

-- ::40.425 [INFO][] startup.go : Using autodetected IPv4 address on interface ens33: 172.16.65.153/

-- ::40.425 [INFO][] startup.go : Node IPv4 changed, will check for conflicts

-- ::40.431 [INFO][] startup.go : No AS number configured on node resource, using global value

-- ::40.434 [INFO][] etcd.go : Ready flag is already set

-- ::40.435 [INFO][] client.go : Using previously configured cluster GUID

-- ::40.450 [INFO][] compat.go : Returning configured node to node mesh

-- ::40.460 [INFO][] startup.go : Using node name: Docker003

-- ::40.529 [INFO][] client.go : Loading config from environment

Starting libnetwork service

Calico node started successfully

calico node会以container方式运行

第五步,查看运行结果:

root@Docker003:~# calicoctl node status

Calico process is running.

IPv4 BGP status

+---------------+-------------------+-------+----------+-------------+

| PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |

+---------------+-------------------+-------+----------+-------------+

| 172.16.65.152 | node-to-node mesh | up    | :: | Established |

+---------------+-------------------+-------+----------+-------------+

IPv6 BGP status

No IPv6 peers found.

第六步,创建calico网络

创建的calico网络会自动同步到其他Docker主机上

root@Docker003:~# docker network create --driver calico --ipam-driver calico-ipam calico_network01

0765e8cf3d7867715783f607d5fc1d8b54ef972ff697960c63aaf532d2900c51

root@Docker003:~# docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

d3436c79a405        bridge              bridge              local

0765e8cf3d78        calico_network01    calico              global

5de037f95399        host                host                local

f4305d9ce150        none                null                local

第七步,运行container

root@Docker003:~# docker run -itd --network calico_network01 --name bbox1 busybox
// calico并没有在Docker主机上创建bridge
root@Docker003:~# brctl show

bridge name    bridge id        STP enabled    interfaces

docker0        .0242c840a49d    no    

// 多了一个calico veth pair

root@Docker003:~# ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue state UNKNOWN group default qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::/ scope host

       valid_lft forever preferred_lft forever

: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc pfifo_fast state UP group default qlen

    link/ether :0c::0f::b7 brd ff:ff:ff:ff:ff:ff

    inet 172.16.65.153/ brd 172.16.65.255 scope global ens33

       valid_lft forever preferred_lft forever

    inet6 fe80::20c:29ff:fe0f:79b7/ scope link

       valid_lft forever preferred_lft forever

: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu  qdisc noqueue state DOWN group default

    link/ether ::c8::a4:9d brd ff:ff:ff:ff:ff:ff

    inet 172.17.0.1/ brd 172.17.255.255 scope global docker0

       valid_lft forever preferred_lft forever

: calia9212856e7c@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc noqueue state UP group default

    link/ether :3c:::7e: brd ff:ff:ff:ff:ff:ff link-netnsid

    inet6 fe80::903c:80ff:fe31:7e18/ scope link

       valid_lft forever preferred_lft forever


// container的网络和Docker主机通过calico veth pair连接

root@Docker003:~# docker exec bbox1 ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

: cali0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu  qdisc noqueue

    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff

    inet 192.168.109.128/ brd 192.168.109.128 scope global cali0

       valid_lft forever preferred_lft forever

在其他Docker主机上也运行Container并加入相同的Calico网络

root@Docker003:~# ip route

default via 172.16.65.2 dev ens33 onlink

172.16.65.0/ dev ens33  proto kernel  scope link  src 172.16.65.153

172.17.0.0/ dev docker0  proto kernel  scope link  src 172.17.0.1 linkdown

192.168.109.128 dev calia9212856e7c  scope link

blackhole 192.168.109.128/  proto bird

192.168.214.64/ via 172.16.65.152 dev ens33  proto bird

在多个Docker主机上运行Container连接到同一个calico网络测试连通性

root@Docker002:~# docker exec bbox2 ping -c  bbox1

PING bbox1 (192.168.109.128):  data bytes

 bytes from 192.168.109.128: seq= ttl= time=0.447 ms

 bytes from 192.168.109.128: seq= ttl= time=1.328 ms

--- bbox1 ping statistics ---

 packets transmitted,  packets received, % packet loss

round-trip min/avg/max = 0.447/0.887/1.328 ms

calico为Container提供DNS服务。

第八步,为calico配置Policy

calico 默认的 policy 规则是:容器只能与同一个 calico 网络中的容器通信

root@Docker002:~# calicoctl get profile calico_network01 -o yaml

- apiVersion: v1

  kind: profile

  metadata:

    name: calico_network01

    tags:

    - calico_network01

  spec:

    egress:

    - action: allow

      destination: {}

      source: {}

    ingress:

    - action: allow

      destination: {}

      source:

        tag: calico_network01

编写policy yml文件

root@Docker003:~# vim test_ping.yml

- apiVersion: v1

  kind: profile

  metadata:

    name: calico_network02

  spec:

    ingress:

    - action: allow

      protocol: icmp

      source:

        tag: calico_network01

      destination: {}

应用policy

root@Docker003:~# calicoctl apply -f test_ping.yml

Successfully applied  'profile' resource(s)

docker calico安装的更多相关文章

  1. docker——容器安装tomcat

    写在前面: 继续docker的学习,学习了docker的基本常用命令之后,我在docker上安装jdk,tomcat两个基本的java web工具,这里对操作流程记录一下. 软件准备: 1.jdk-7 ...

  2. docker 启动安装等命令

    确认是否安装url whereis curl 启动docker服务: sudo service docker start sudo service docker stop 安装curl sudo ap ...

  3. DOCKER windows安装

    DOCKER windows安装 1.下载程序包 2. 设置环境变量 3. 启动DOCKERT 4. 分析start.sh 5. 利用SSH工具管理 6. 下载镜像 6.1 下载地址 6.2 用FTP ...

  4. 在docker里面安装部署应用

    最近一直在做docker的安装打包工作,学到不少东西,在博客里记一下. 环境centos6 ,docker 基础镜象centos6 1.创建本地基础镜象,安装基础命令包 (1)Dockerfile,D ...

  5. Docker Centos安装Redis以及问题处理

    之前一篇文章 Redis安装及主从配置 介绍了redis的安装配置,另一篇文件介绍了 Docker Centos安装Openssh .今天将两篇文件结合一下——在Docker Centos环境下搭建r ...

  6. Docker Centos安装Mysql5.6

    之前一篇随笔<Docker Centos安装Openssh> 写的是如何在基础的centos镜像中搭建ssh服务,在此基础上再搭建其他服务.本文继续介绍在centos_ssh基础上搭建my ...

  7. Docker的安装及简单使用

    1.  Docker的安装 (这里的“安装docker”其实就是安装Docker Engine) $ sudo apt-get intasll docker.io note: apt-get是ubun ...

  8. docker 的安装

    官方站点上有各种环境下的 安装指南,这里主要介绍下Ubuntu和CentOS系列的安装. Ubuntu 系列安装 Docker 通过系统自带包安装 Ubuntu 14.04 版本号系统中已经自带了 D ...

  9. docker 17 安装

    docker17 安装 新增一键安装命令: curl -sSL https://get.docker.com/ | sh 以下为手动安装过程 翻译自 Get Docker for Ubuntu Doc ...

随机推荐

  1. ChemDraw 15支持哪些输入格式

    当我们想让我们的化学图形应用在试卷编辑.论文撰写.刊物出版等各个方面,这个时候往往都得使用ChemDraw 15.它可以与很多第三方应用灵活.本ChemDraw教程介绍新版ChemDraw Profe ...

  2. Linux之(tomcat)服务之服务调优

    Tomcat调优原则: ● 增加连接数 ● 调整工作模式 ● 启用gzip压缩 ● 调整JVM内存大小 ● 作为web服务器时,与Apache或者Nginx整合 ● 合理选择垃圾回收算法 ● 尽量使用 ...

  3. EditText相关属性设置

    1.默认不弹出软件盘 在AndroidManifest.xml设置: <activity            android:name="com.demo.Activity" ...

  4. Python 爬取盗墓笔记的标题,章节,章节名称

    # coding:utf-8import requestsimport jsonfrom bs4 import BeautifulSoup user_agent = 'Mozilla/5.0 (Win ...

  5. linux之shell之if、while、for语句介绍

    一.基本判断条件 1)逻辑运算符 -a    expr1 -a expr2    逻辑与 -o    expr1 -o expr2    逻辑或 !     !expr1                ...

  6. 启发式搜索技术A*

    开篇 这篇文章介绍找最短路径的一种算法,它的字我比较喜欢:启发式搜索. 对于入门的好文章不多,而这篇文章就是为初学者而写的,很适合入门的一篇.文章定位:非专业性A*文章,很适合入门. 有图有真相,先给 ...

  7. 阿里云 如何减少备份使用量? mysql数据库的完整备份、差异备份、增量备份

    RDS for MySQL备份.SQL审计容量相关问题_MYSQL使用_技术运维问题_云数据库 RDS 版-阿里云 https://help.aliyun.com/knowledge_detail/4 ...

  8. ECMAScript6补全字符串长度方法padStart()和padEnd()

    一.padStart() 1.定义 padStart()方法用另一个字符串(默认为空格)重复填充到对象字符串到指定长度,填充从对象字符串左侧开始,返回新的字符串. 2.语法 str.padStart( ...

  9. while循环。for循环

    1.while循环 基本循环格式 while 条件 : # 循环体 # 如果条件为真,那么循环体则执行 # 如果条件为假,那么循环体不执行 break:退出本层循环. continue:退出本次循环, ...

  10. 给俺的 CSDN 博客加背景音乐 - 高大尚的《心经》背景音乐

    给俺的 CSDN 博客加背景音乐 - 高大尚的<心经>背景音乐 太阳火神的漂亮人生 (http://blog.csdn.net/opengl_es) 本文遵循"署名-非商业用途- ...