参考calico官网:http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/hosted/kubeadm/

上述链接介绍的是利用calico内置独立的etcd节点实现pod发现与存储的机制,过程中通过yaml文件描述的规则在Kubernetes master所在node上部署一个单节点的etcd集群,此etcd集群只供calico内部使用

贴一下我的配置:

# This ConfigMap is used to configure a self-hosted Calico installation.

kind: ConfigMap

apiVersion: v1

metadata:

  name: calico-config

  namespace: kube-system

data:

  # The location of your etcd cluster.  This uses the Service clusterIP

  # defined below.

  # 192.168..128是我虚拟机的地址 也就是Kubernetes master节点所在机器的地址,下面配置中用到的这个地址同理

  etcd_endpoints: "http://192.168.182.128:6666"

  # True enables BGP networking, false tells Calico to enforce

  # policy only, using native networking.

  enable_bgp: "true"

  # The CNI network configuration to install on each node.

  cni_network_config: |-

    {

        "name": "k8s-pod-network",

        "type": "calico",

        "etcd_endpoints": "http://192.168.182.128:6666",

        "log_level": "info",

        "ipam": {

            "type": "calico-ipam"

        },

        "policy": {

            "type": "k8s",

             "k8s_api_root": "https://192.168.182.128:6443",

             "k8s_auth_token": ""

        },

        "kubernetes": {

            "kubeconfig": "/etc/kubernetes/kubelet.conf"

        }

    }

  # The default IP Pool to be created for the cluster.

  # Pod IP addresses will be assigned from this pool.

  ippool.yaml: |

      apiVersion: v1

      kind: ipPool

      metadata:

        cidr: 10.1.0.0/

      spec:

        ipip:

          enabled: true

        nat-outgoing: true

---

# This manifest installs the Calico etcd on the kubeadm master.  This uses a DaemonSet

# to force it to run on the master even when the master isn't schedulable, and uses

# nodeSelector to ensure it only runs on the master.

apiVersion: extensions/v1beta1

kind: DaemonSet

metadata:

  name: calico-etcd

  namespace: kube-system

  labels:

    k8s-app: calico-etcd

spec:

  template:

    metadata:

      labels:

        k8s-app: calico-etcd

      annotations:

        scheduler.alpha.kubernetes.io/critical-pod: ''

        scheduler.alpha.kubernetes.io/tolerations: |

          [{"key": "dedicated", "value": "master", "effect": "NoSchedule" },

           {"key":"CriticalAddonsOnly", "operator":"Exists"}]

    spec:

      # Only run this pod on the master.

      nodeSelector:

        kubeadm.alpha.kubernetes.io/role: master

      hostNetwork: true

      containers:

        - name: calico-etcd

          image: k8s/etcd:v3.0.15

          env:

            - name: CALICO_ETCD_IP

              valueFrom:

                fieldRef:

                  fieldPath: status.podIP

          command: ["/bin/sh","-c"]

          args: ["/usr/local/bin/etcd --name=calico --data-dir=/var/etcd/calico-data --advertise-client-urls=http://$CALICO_ETCD_IP:6666 --listen-client-urls=http://0.0.0.0:6666 --listen-peer-urls=http://0.0.0.0:6667"]

          volumeMounts:

            - name: var-etcd

              mountPath: /var/etcd

      volumes:

        - name: var-etcd

          hostPath:

            path: /var/etcd

---

# This manfiest installs the Service which gets traffic to the Calico

# etcd.

apiVersion: v1

kind: Service

metadata:

  labels:

    k8s-app: calico-etcd

  name: calico-etcd

  namespace: kube-system

spec:

  # Select the calico-etcd pod running on the master.

  selector:

    k8s-app: calico-etcd

  # This ClusterIP needs to be known in advance, since we cannot rely

  # on DNS to get access to etcd.

  clusterIP: None

  ports:

    - port: 

---

# This manifest installs the calico/node container, as well

# as the Calico CNI plugins and network config on

# each master and worker node in a Kubernetes cluster.

kind: DaemonSet

apiVersion: extensions/v1beta1

metadata:

  name: calico-node

  namespace: kube-system

  labels:

    k8s-app: calico-node

spec:

  selector:

    matchLabels:

      k8s-app: calico-node

  template:

    metadata:

      labels:

        k8s-app: calico-node

      annotations:

        scheduler.alpha.kubernetes.io/critical-pod: ''

        scheduler.alpha.kubernetes.io/tolerations: |

          [{"key": "dedicated", "value": "master", "effect": "NoSchedule" },

           {"key":"CriticalAddonsOnly", "operator":"Exists"}]

    spec:

      hostNetwork: true

      containers:

        # Runs calico/node container on each Kubernetes node.  This

        # container programs network policy and routes on each

        # host.

        - name: calico-node

          image: calico/node:v1.0.2

          env:

            # The location of the Calico etcd cluster.

            - name: ETCD_ENDPOINTS

              valueFrom:

                configMapKeyRef:

                  name: calico-config

                  key: etcd_endpoints

            # Enable BGP.  Disable to enforce policy only.

            - name: CALICO_NETWORKING

              valueFrom:

                configMapKeyRef:

                  name: calico-config

                  key: enable_bgp

            # Disable file logging so `kubectl logs` works.

            - name: CALICO_DISABLE_FILE_LOGGING

              value: "true"

            # Set Felix endpoint to host default action to ACCEPT.

            - name: FELIX_DEFAULTENDPOINTTOHOSTACTION

              value: "ACCEPT"

            # Don't configure a default pool.  This is done by the Job

            # below.

            - name: NO_DEFAULT_POOLS

              value: "true"

            # Auto-detect the BGP IP address.

            - name: IP

              value: ""

          securityContext:

            privileged: true

          volumeMounts:

            - mountPath: /lib/modules

              name: lib-modules

              readOnly: true

            - mountPath: /var/run/calico

              name: var-run-calico

              readOnly: false

        # This container installs the Calico CNI binaries

        # and CNI network config file on each node.

        - name: install-cni

          image: quay.io/calico/cni:v1.5.5

          command: ["/install-cni.sh"]

          env:

            # The location of the Calico etcd cluster.

            - name: ETCD_ENDPOINTS

              valueFrom:

                configMapKeyRef:

                  name: calico-config

                  key: etcd_endpoints

            # The CNI network config to install on each node.

            - name: CNI_NETWORK_CONFIG

              valueFrom:

                configMapKeyRef:

                  name: calico-config

                  key: cni_network_config

          volumeMounts:

            - mountPath: /host/opt/cni/bin

              name: cni-bin-dir

            - mountPath: /host/etc/cni/net.d

              name: cni-net-dir

      volumes:

        # Used by calico/node.

        - name: lib-modules

          hostPath:

            path: /lib/modules

        - name: var-run-calico

          hostPath:

            path: /var/run/calico

        # Used to install CNI.

        - name: cni-bin-dir

          hostPath:

            path: /opt/cni/bin

        - name: cni-net-dir

          hostPath:

            path: /etc/cni/net.d

---

# This manifest deploys the Calico policy controller on Kubernetes.

# See https://github.com/projectcalico/k8s-policy

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

  name: calico-policy-controller

  namespace: kube-system

  labels:

    k8s-app: calico-policy

spec:

  # The policy controller can only have a single active instance.

  replicas:

  strategy:

    type: Recreate

  template:

    metadata:

      name: calico-policy-controller

      namespace: kube-system

      labels:

        k8s-app: calico-policy-controller

      annotations:

        scheduler.alpha.kubernetes.io/critical-pod: ''

        scheduler.alpha.kubernetes.io/tolerations: |

          [{"key": "dedicated", "value": "master", "effect": "NoSchedule" },

           {"key":"CriticalAddonsOnly", "operator":"Exists"}]

    spec:

      # The policy controller must run in the host network namespace so that

      # it isn't governed by policy that would prevent it from working.

      hostNetwork: true

      containers:

        - name: calico-policy-controller

          image: calico/kube-policy-controller:v0.5.2

          env:

            # The location of the Calico etcd cluster.

            - name: ETCD_ENDPOINTS

              valueFrom:

                configMapKeyRef:

                  name: calico-config

                  key: etcd_endpoints

            # The location of the Kubernetes API.  Use the default Kubernetes

            # service for API access.

            - name: K8S_API

              value: "https://kubernetes.default:443"

            # Since we're running in the host namespace and might not have KubeDNS

            # access, configure the container's /etc/hosts to resolve

            # kubernetes.default to the correct service clusterIP.

            - name: CONFIGURE_ETC_HOSTS

              value: "true"

---

## This manifest deploys a Job which performs one time

# configuration of Calico

apiVersion: batch/v1

kind: Job

metadata:

  name: configure-calico

  namespace: kube-system

  labels:

    k8s-app: calico

spec:

  template:

    metadata:

      name: configure-calico

      annotations:

        scheduler.alpha.kubernetes.io/critical-pod: ''

        scheduler.alpha.kubernetes.io/tolerations: |

          [{"key": "dedicated", "value": "master", "effect": "NoSchedule" },

           {"key":"CriticalAddonsOnly", "operator":"Exists"}]

    spec:

      hostNetwork: true

      restartPolicy: OnFailure

      containers:

        # Writes basic configuration to datastore.

        - name: configure-calico

          image: calico/ctl:v1.0.2

          args:

          - apply

          - -f

          - /etc/config/calico/ippool.yaml

          volumeMounts:

            - name: config-volume

              mountPath: /etc/config

          env:

            # The location of the etcd cluster.

            - name: ETCD_ENDPOINTS

              valueFrom:

                configMapKeyRef:

                  name: calico-config

                  key: etcd_endpoints

      volumes:

       - name: config-volume

         configMap:

           name: calico-config

           items:

            - key: ippool.yaml

              path: calico/ippool.yaml

通过kubectl命令安装calico

kubectl create -f calico.yaml

可以根据执行结果和kubectl系列命令查看相应的deployment和各个pod的运行状态以及出错信息。

如果一切正常,就可以创建测试pod进行ping通信测试了,官方给出的测试方法也可以:

kubectl create ns policy-demo
# Run the Pods.

kubectl run --namespace=policy-demo nginx --replicas= --image=nginx
# Create the Service.

kubectl expose --namespace=policy-demo deployment nginx --port=
# Run a Pod and try to access the `nginx` Service.

$ kubectl run --namespace=policy-demo access --rm -ti --image busybox /bin/sh

Waiting for pod policy-demo/access--y0m47 to be running, status is Pending, pod ready: false

If you don't see a command prompt, try pressing enter.

/ # wget -q nginx -O -

如果看到nginx的回复说明网络已经通了, 注意前提是Kubernetes集群中已经运行dns服务

也可以直接在命令行发送ping:

kubectl exec -ti nginx--f2cdm --namespace=policy-demo ping 10.1.155.75

涉及到的docker镜像文件在国内网络环境下载很慢,如果有需要我可以贴上来。

在Kubernetes集群中使用calico做网络驱动的配置方法的更多相关文章

  1. 初试 Kubernetes 集群中使用 Traefik 反向代理

    初试 Kubernetes 集群中使用 Traefik 反向代理 2017年11月17日 09:47:20 哎_小羊_168 阅读数:12308    版权声明:本文为博主原创文章,未经博主允许不得转 ...

  2. 在kubernetes集群中创建redis主从多实例

    分类 > 正文 在kubernetes集群中创建redis主从多实例 redis-slave镜像制作 redis-master镜像制作 创建kube的配置文件yaml 继续使用上次实验环境 ht ...

  3. Kubernetes集群中Service的滚动更新

    Kubernetes集群中Service的滚动更新 二月 9, 2017 0 条评论 在移动互联网时代,消费者的消费行为已经“全天候化”,为此,商家的业务系统也要保持7×24小时不间断地提供服务以满足 ...

  4. 【转载】浅析从外部访问 Kubernetes 集群中应用的几种方式

    一般情况下,Kubernetes 的 Cluster Network 是属于私有网络,只能在 Cluster Network 内部才能访问部署的应用.那么如何才能将 Kubernetes 集群中的应用 ...

  5. kubernetes集群中的pause容器

    昨天晚上搭建好了k8s多主集群,启动了一个nginx的pod,然而每启动一个pod就伴随这一个pause容器,考虑到之前在做kubelet的systemd unit文件时有见到: 1 2 3 4 5 ...

  6. 解决项目迁移至Kubernetes集群中的代理问题

    解决项目迁移至Kubernetes集群中的代理问题 随着Kubernetes技术的日益成熟,越来越多的企业选择用Kubernetes集群来管理项目.新项目还好,可以选择合适的集群规模从零开始构建项目: ...

  7. 如何在 Kubernetes 集群中玩转 Fluid + JuiceFS

    作者简介: 吕冬冬,云知声超算平台架构师, 负责大规模分布式机器学习平台架构设计与功能研发,负责深度学习算法应用的优化与 AI 模型加速.研究领域包括高性能计算.分布式文件存储.分布式缓存等. 朱唯唯 ...

  8. ingress-nginx 的使用 =》 部署在 Kubernetes 集群中的应用暴露给外部的用户使用

    文章转载自:https://mp.weixin.qq.com/s?__biz=MzU4MjQ0MTU4Ng==&mid=2247488189&idx=1&sn=8175f067 ...

  9. Kubernetes集群中Jmeter对公司演示的压力测试

    6分钟阅读 背景 压力测试是评估Web应用程序性能的有效方法.此外,越来越多的Web应用程序被分解为几个微服务,每个微服务的性能可能会有所不同,因为有些是计算密集型的,而有些是IO密集型的. 基于微服 ...

随机推荐

  1. 9-9害死人不偿命的(3n+1)猜想

    1001. 害死人不偿命的(3n+1)猜想 (15) 时间限制 400 ms 内存限制 65536 kB 代码长度限制 8000 B 判题程序 Standard 作者 CHEN, Yue 卡拉兹(Ca ...

  2. JSON 理解

    转自: http://blog.csdn.net/qyf_5445/article/details/8635578 (json很全面的理解) http://www.cnblogs.com/haitao ...

  3. Java filter拦截器的使用

    1.web.xml配置 <!-- 验证是否登录 拦截功能 --> <filter> <filter-name>isLogin</filter-name> ...

  4. Linq 实现sql中的not in和in条件查询

    T-SQL的IN: Select ProductID, ProductName, CategoryID From dbo.Products Where CategoryID in (1, 2) T-S ...

  5. javaScript数组去重方法

    在JAvascript平时项目开发中经常会用到数组去重的操作.这时候就要用到JS数组去重的方法了. demo1: 第一种:JS数组去重操作方法是利用遍历原数组,利用数组的indexOf()方法来来判断 ...

  6. django源码解析一(请求处理流程)

    1.我们都知道WSGI是一个规范,规范了server和application之间通信的一些约束,server端在监听到请求之后,会把请求转给application去处理,他们之间关联起来的桥梁是一个e ...

  7. 最近做了一个通达OA的大料:20170905最新版本破解可改单位名称,无限制安装

    最近做了一个通达OA的大料:20170905最新版本破解可改单位名称,无限制安装 用户约七十家,总体不错,修改了两次注册授权文件,完美使用中 可联系麦枫http://www.mfsun.com管理员Q ...

  8. unity3d 初学者遇到的坑(提醒自己不要范同样的错误)

    使用NGUI的过程中,总是会发生一些就像我这样的初学者遇到的坑:一直以为在创建  一直以为图中的文字Depth深度大于beijingheitu的深度,会显示在beijingheitu下所有子物体之上, ...

  9. nginx小问题

    配置nginx与ftp图片服务器:安装后,要在/usr/local/nginx/conf/nginx.conf里面的server中(带有localhost的那一块)修改为location \ {roo ...

  10. JavaScript 的使用基础总结①

    JavaScript 使用   JavaScript 是一种轻量级的编程语言,JavaScript 是可插入 HTML 页面的编程代码,JavaScript 插入 HTML 页面后,可由所有的现代浏览 ...