1. 程式人生 > >kubernetes叢集calico網路部署

kubernetes叢集calico網路部署

kubernetes叢集calico網路部署

.部署環境及架構

  • 作業系統:ubuntu14.04

  • Kubernetes:1.3.5

  • Etcd版本:2.2.1

  • Docker版本:1.10.1

  • calicoctl版本:v0.23.0

  • calico版本:v1.4.3

  • calico-ipam版本:v1.4.3

  • loopback版本:v0.3.0

  • 叢集資訊:

Role

Hostname

IPAddress

Master  etcd

master

10.10.102.66

Node

node1

10.10.102.67

Node

node2

10.10.102.68

二 、前提

1.使用calico需要kubernetes>=1.1。使用NetworkPolicy功能,kubernetes>=1.3.0

2.kubernetes中所有node可以訪問的一個etcd叢集。(可以共享kubernetesetcd叢集,建議另外新建一個etcd叢集。)

三 、calico元件

1. calico/nodedocker容器執行在k8smaster和每個node節點上。由於它包含用於calico路由的BGPagent

2. calico-cni外掛與kubelet元件一起部署在每個node節點上,用於當pod建立後,新增該podcalico網路。

3.calico/kube-policy-controller

執行在k8spod裡。實現NetworkPolicyAPI,需要k8s>=1.3.0.

四、安裝步驟

1.每個節點安裝docker(包括master節點)

2.安裝etcdkubernetes

3.每個節點(包括master)執行calico/node

# Download and install `calicoctl`
wget https://github.com/projectcalico/calico-containers/releases/download/v0.23.0/calicoctl
sudo chmod +x calicoctl

# Run the calico/node container
sudo ETCD_ENDPOINTS=http://10.10.102.66:4001
./calicoctl node


4.配置calicoCNI外掛

kubelet需要呼叫calicocalico-ipam外掛

wget -N -P /opt/cni/bin https://github.com/projectcalico/calico-cni/releases/download/v1.4.3/calico
wget -N -P /opt/cni/bin https://github.com/projectcalico/calico-cni/releases/download/v1.4.3/calico-ipam
chmod +x /opt/cni/bin/calico /opt/cni/bin/calico-ipam

CalicoCNI外掛需要標準的CNI配置檔案,如下所示。只有當部署calico/kube-policy-controller時候才需要policy欄位。

mkdir -p /etc/cni/net.d
cat >/etc/cni/net.d/10-calico.conf <<EOF
{
    "name": "calico-k8s-network",
    "type": "calico",
    "etcd_endpoints": "http://10.10.102.66:4001",
    "log_level": "info",
    "ipam": {
        "type": "calico-ipam"
    },
    "policy": {
        "type": "k8s"
    },
    "kubernetes": {
        "kubeconfig": "/root/.kube/config"
    }
}
EOF


5.安裝標準CNI lo外掛

wget https://github.com/containernetworking/cni/releases/download/v0.3.0/cni-v0.3.0.tgz
tar -zxvf cni-v0.3.0.tgz
sudo cp loopback /opt/cin/bin/

6.部署Caliconetwork policy controller

calico/kube-policy-controller實現了k8sNetworkPolicy Api 通過watchk8s API中的podnamespce networkpolicy 事件,配置calico響應相應事件。它被RelicaSet管理。

apiVersion: extensions/v1beta1
kind: ReplicaSet
metadata:
  name: calico-policy-controller
  namespace: kube-system
  labels:
    k8s-app: calico-policy
spec:
  replicas: 1
  template:
    metadata:
      name: calico-policy-controller
      namespace: kube-system
      labels:
        k8s-app: calico-policy
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        scheduler.alpha.kubernetes.io/tolerations: |
          [{"key": "dedicated", "value": "master", "effect": "NoSchedule" },
           {"key":"CriticalAddonsOnly", "operator":"Exists"}]
    spec:
      hostNetwork: true
      containers:
        - name: calico-policy-controller
          image: calico/kube-policy-controller:v0.4.0
          env:
            - name: ETCD_ENDPOINTS
              value: "http://10.10.102.66:4001"
            - name: K8S_API
              value: "https://kubernetes.default:443"
            - name: CONFIGURE_ETC_HOSTS
              value: "true"

kubectl create -f policy-controller.yaml


7.配置kubelet

kubelet啟動的時候使用如下引數配置使用calico

  • --network-plugin=cni
  • --network-plugin-dir=/etc/cni/net.d
8.配置calico訪問外網
calicoctl pool add 192.168.0.0/16  --nat-outgoing

calicoctl status 檢視calico狀態