kubernetes集群calico网络部署
一. 部署环境及架构
-
操作系统:ubuntu14.04
-
Kubernetes:1.3.5
-
Etcd版本:2.2.1
-
Docker版本:1.10.1
-
calicoctl版本:v0.23.0
-
calico版本:v1.4.3
-
calico-ipam版本:v1.4.3
-
loopback版本:v0.3.0
-
集群信息:
Role | Hostname | IPAddress |
---|
Master etcd | master | 10.10.102.66 |
Node | node1 | 10.10.102.67 |
Node | node2 | 10.10.102.68 |
二 、前提
1.使用calico需要kubernetes>=1.1。使用NetworkPolicy功能,kubernetes>=1.3.0
2.kubernetes中所有node可以访问的一个etcd集群。(可以共享kubernetes的etcd集群,建议另外新建一个etcd集群。)
三 、calico组件
1. calico/nodedocker容器运行在k8s的master和每个node节点上。由于它包含用于calico路由的BGPagent。
2. calico-cni插件与kubelet组件一起部署在每个node节点上,用于当pod创建后,添加该pod到calico网路。
3.calico/kube-policy-controller运行在k8s的pod里。实现NetworkPolicyAPI,需要k8s>=1.3.0.
四、安装步骤
1.每个节点安装docker(包括master节点)
2.安装etcd和kubernetes
3.每个节点(包括master)运行calico/node
# Download and install `calicoctl`
wget https://github.com/projectcalico/calico-containers/releases/download/v0.23.0/calicoctl
sudo chmod +x calicoctl
# Run the calico/node container
sudo ETCD_ENDPOINTS=http://10.10.102.66:4001 ./calicoctl node
4.
配置calicoCNI插件
kubelet需要调用calico和calico-ipam插件
wget -N -P /opt/cni/bin https://github.com/projectcalico/calico-cni/releases/download/v1.4.3/calico
wget -N -P /opt/cni/bin https://github.com/projectcalico/calico-cni/releases/download/v1.4.3/calico-ipam
chmod +x /opt/cni/bin/calico /opt/cni/bin/calico-ipam
CalicoCNI插件需要标准的CNI配置文件,如下所示。只有当部署calico/kube-policy-controller时候才需要policy字段。
mkdir -p /etc/cni/net.d
cat >/etc/cni/net.d/10-calico.conf <<EOF
{
"name": "calico-k8s-network",
"type": "calico",
"etcd_endpoints": "http://10.10.102.66:4001",
"log_level": "info",
"ipam": {
"type": "calico-ipam"
},
"policy": {
"type": "k8s"
},
"kubernetes": {
"kubeconfig": "/root/.kube/config"
}
}
EOF
5.安装标准CNI lo插件
wget https://github.com/containernetworking/cni/releases/download/v0.3.0/cni-v0.3.0.tgz
tar -zxvf cni-v0.3.0.tgz
sudo cp loopback /opt/cin/bin/
6.部署Caliconetwork policy controller
calico/kube-policy-controller实现了k8sNetworkPolicy Api 通过watchk8s API中的podnamespce networkpolicy 事件,配置calico响应相应事件。它被RelicaSet管理。
apiVersion: extensions/v1beta1
kind: ReplicaSet
metadata:
name: calico-policy-controller
namespace: kube-system
labels:
k8s-app: calico-policy
spec:
replicas: 1
template:
metadata:
name: calico-policy-controller
namespace: kube-system
labels:
k8s-app: calico-policy
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: |
[{"key": "dedicated", "value": "master", "effect": "NoSchedule" },
{"key":"CriticalAddonsOnly", "operator":"Exists"}]
spec:
hostNetwork: true
containers:
- name: calico-policy-controller
image: calico/kube-policy-controller:v0.4.0
env:
- name: ETCD_ENDPOINTS
value: "http://10.10.102.66:4001"
- name: K8S_API
value: "https://kubernetes.default:443"
- name: CONFIGURE_ETC_HOSTS
value: "true"
kubectl create -f policy-controller.yaml
7.配置kubelet
kubelet启动的时候使用如下参数配置使用calico
--network-plugin=cni
--network-plugin-dir=/etc/cni/net.d
8.配置
calico访问外网
calicoctl pool add 192.168.0.0/16 --nat-outgoing
calicoctl status 查看calico状态
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)