手动搭建Kubernetes1.8高可用集群(6)calico
2017-10-10 08:59
579 查看
一、准备
1、接上一篇
2、镜像
quay.io/calico/ctl:v1.5.0quay.io/calico/cni:v1.10.0
quay.io/calico/node:v2.5.0
3、创建目录 所有节点
/etc/cni/net.d/ /etc/calico/certs /opt/cni/bin/ 权限0755 属主kube /etc/kubernetes/addons/calico
二、配置所有节点
1、链接etcd证书
ln /etc/ssl/etcd/ssl/ca.pem /etc/calico/certs/ca_cert.crt ln /etc/ssl/etcd/ssl/node-node1.pem /etc/calico/certs/cert.crt ln /etc/ssl/etcd/ssl/node-node1-key.pem /etc/calico/certs/key.pem
2、/etc/cni/net.d/10-calico.conflist
{ "name": "cni0", "cniVersion":"0.3.1", "plugins":[ { "nodename": "node1", "type": "calico", "etcd_endpoints": "https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379", "etcd_cert_file": "/etc/ssl/etcd/ssl/node-node1.pem", "etcd_key_file": "/etc/ssl/etcd/ssl/node-node1-key.pem", "etcd_ca_cert_file": "/etc/ssl/etcd/ssl/ca.pem", "log_level": "info", "ipam": { "type": "calico-ipam" }, "kubernetes": { "kubeconfig": "/etc/kubernetes/node-kubeconfig.yaml" } }, { "type":"portmap", "capabilities":{ "portMappings":true } } ] }
3、/usr/local/bin/calicoctl
#!/bin/bash /usr/bin/docker run -i --privileged --rm \ --net=host --pid=host \ -e ETCD_ENDPOINTS=https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379 \ -e ETCD_CA_CERT_FILE=/etc/calico/certs/ca_cert.crt \ -e ETCD_CERT_FILE=/etc/calico/certs/cert.crt \ -e ETCD_KEY_FILE=/etc/calico/certs/key.pem \ -v /usr/bin/docker:/usr/bin/docker \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /var/run/calico:/var/run/calico \ -v /etc/calico/certs:/etc/calico/certs:ro \ --memory=170M --cpu-shares=100 \ quay.io/calico/ctl:v1.5.0 \ "$@"
4、复制网络插件, 权限0755 属主kube
docker run --rm -v /opt/cni/bin:/cnibindir gcr.io/google_containers/hyperkube:v1.8.3 /bin/cp -r /opt/cni/bin/. /cnibindir/ docker run --rm -v /opt/cni/bin:/cnibindir quay.io/calico/cni:v1.10.0 sh -c 'cp /opt/cni/bin/* /cnibindir/'
此时Node已经Ready
三、设置ipPool
1、设置echo '{ "kind": "ipPool", "spec": {"disabled": false, "ipip": {"enabled": true, "mode": "always"}, "nat-outgoing": true}, "apiVersion": "v1", "metadata": {"cidr": "10.233.64.0/18"} }' | calicoctl create -f -2、验证
四、创建calico 在Master上
1、/etc/kubernetes/addons/calico/calico-config.ymlkind: ConfigMap apiVersion: v1 metadata: name: calico-config namespace: kube-system data: etcd_endpoints: "https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379" etcd_ca: "/calico-secrets/ca_cert.crt" etcd_cert: "/calico-secrets/cert.crt" etcd_key: "/calico-secrets/key.pem" cluster_type: "bgp" calico_backend: "bird"2、/etc/kubernetes/addons/calico/calico-node.yml
--- # This manifest installs the calico/node container, as well # as the Calico CNI plugins and network config on # each master and worker node in a Kubernetes cluster. kind: DaemonSet apiVersion: extensions/v1beta1 metadata: name: calico-node namespace: kube-system labels: k8s-app: calico-node spec: selector: matchLabels: k8s-app: calico-node template: metadata: labels: k8s-app: calico-node spec: hostNetwork: true serviceAccountName: calico-node tolerations: - effect: NoSchedule operator: Exists containers: # Runs calico/node container on each Kubernetes node. This # container programs network policy and routes on each # host. - name: calico-node image: quay.io/calico/node:v2.5.0 env: # The location of the Calico etcd cluster. - name: ETCD_ENDPOINTS valueFrom: configMapKeyRef: name: calico-config key: etcd_endpoints # Choose the backend to use. - name: CALICO_NETWORKING_BACKEND valueFrom: configMapKeyRef: name: calico-config key: calico_backend # Cluster type to identify the deployment type - name: CLUSTER_TYPE valueFrom: configMapKeyRef: name: calico-config key: cluster_type # Disable file logging so `kubectl logs` works. - name: CALICO_DISABLE_FILE_LOGGING value: "true" # Set Felix endpoint to host default action to ACCEPT. - name: FELIX_DEFAULTENDPOINTTOHOSTACTION value: "RETURN" # should be set in etcd before deployment # # Configure the IP Pool from which Pod IPs will be chosen. # - name: CALICO_IPV4POOL_CIDR # value: "192.168.0.0/16" # - name: CALICO_IPV4POOL_IPIP # value: "always" # Disable IPv6 on Kubernetes. - name: FELIX_IPV6SUPPORT value: "false" # Set Felix logging to "info" - name: FELIX_LOGSEVERITYSCREEN value: "info" # Disable autocreation of pools - name: CALICO_NO_DEFAULT_POOLS value: "true" # Enable libnetwork - name: CALICO_LIBNETWORK_ENABLED value: "true" # Set MTU for tunnel device used if ipip is enabled - name: FELIX_PROMETHEUSMETRICSENABLED value: "false" - name: FELIX_PROMETHEUSMETRICSPORT value: "9091" - name: FELIX_PROMETHEUSGOMETRICSENABLED value: "true" - name: FELIX_PROMETHEUSPROCESSMETRICSENABLED value: "true" # Location of the CA certificate for etcd. - name: ETCD_CA_CERT_FILE valueFrom: configMapKeyRef: name: calico-config key: etcd_ca # Location of the client key for etcd. - name: ETCD_KEY_FILE valueFrom: configMapKeyRef: name: calico-config key: etcd_key # Location of the client certificate for etcd. - name: ETCD_CERT_FILE valueFrom: configMapKeyRef: name: calico-config key: etcd_cert - name: IP valueFrom: fieldRef: fieldPath: status.hostIP - name: NODENAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: FELIX_HEALTHENABLED value: "true" - name: FELIX_IGNORELOOSERPF value: "False" securityContext: privileged: true resources: limits: cpu: 300m memory: 500M requests: cpu: 150m memory: 64M livenessProbe: httpGet: path: /liveness port: 9099 periodSeconds: 10 initialDelaySeconds: 10 failureThreshold: 6 readinessProbe: httpGet: path: /readiness port: 9099 periodSeconds: 10 volumeMounts: - mountPath: /lib/modules name: lib-modules readOnly: true - mountPath: /var/run/calico name: var-run-calico readOnly: false - mountPath: /calico-secrets name: etcd-certs volumes: # Used by calico/node. - name: lib-modules hostPath: path: /lib/modules - name: var-run-calico hostPath: path: /var/run/calico # Used to install CNI. - name: cni-bin-dir hostPath: path: /opt/cni/bin - name: cni-net-dir hostPath: path: /etc/cni/net.d # Mount in the etcd TLS secrets. - name: etcd-certs hostPath: path: "/etc/calico/certs" updateStrategy: rollingUpdate: maxUnavailable: 20% type: RollingUpdate3、/etc/kubernetes/addons/calico/calico-node-sa.yml
--- apiVersion: v1 kind: ServiceAccount metadata: name: calico-node namespace: kube-system labels: kubernetes.io/cluster-service: "true"4、/etc/kubernetes/addons/calico/calico-cr.yml
--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: calico-node namespace: kube-system rules: - apiGroups: [""] resources: - pods - nodes verbs: - get5、/etc/kubernetes/addons/calico/calico-crb.yml
--- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: calico-node roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: calico-node subjects: - kind: ServiceAccount name: calico-node namespace: kube-system6、创建
kubectl create -f /etc/kubernetes/addons/calico/
四、验证
下一步kube-dns
相关文章推荐
- 手动搭建Kubernetes1.8高可用集群(6)calico
- 手动搭建Kubernetes1.8高可用集群(2)TLS Certificates
- 手动搭建Kubernetes1.8高可用集群(3)Docker
- 手动搭建Kubernetes1.8高可用集群(2)TLS Certificates
- 手动搭建Kubernetes1.8高可用集群(5)Node
- 手动搭建Kubernetes1.8高可用集群(7)dnsmasq
- 手动搭建Kubernetes1.8高可用集群(3)ETCD
- 手动搭建Kubernetes1.8高可用集群(4)Master
- 手动搭建Kubernetes1.8高可用集群(1)Docker配置
- 手动搭建Kubernetes1.8高可用集群(7)dns
- 手动搭建kubernetes1.9.3集群
- Kubernetes 1.8.4 手动安装教程-安装Calico(六)
- Kubernetes1.10HA高可用集群环境搭建
- Calico在Kubernetes中的搭建
- LNAMP服务器环境搭建(手动编译安装)
- Linux集群、Keepalived—Nginx高可用集群架构搭建
- 混合式app ionic2.x 手动搭建开发环境教程分享(nodejs,jdk,ant,androidsdk)
- Ubuntu下搭建JDK1.8环境
- 64位win7手动搭建php开发环境Apache+MySQL+php及相关配置,问题解决方法