k8s 集群搭建-07-网络插件-Calico
七、网络插件-Calico
这部分我们部署kubernetes的网络查件 CNI。
文档地址:https://docs.projectcalico.org/getting-started/kubernetes/self-managed-onprem/onpremises
1. 下载文件说明
文档中有两个配置,50以下节点和50以上节点,它们的主要区别在于这个:typha。
当节点数比较多的情况下,Calico 的 Felix组件可通过 Typha 直接和 Etcd 进行数据交互,不通过 kube-apiserver,降低kube-apiserver的压力。大家根据自己的实际情况选择下载。
下载后的文件是一个all-in-one的yaml文件,我们只需要在此基础上做少许修改即可。
在 node-1 上下载配置文件:
cd ~
# 出现版本兼容问题,需要用下边 v3.20 的配置文件
# curl https://projectcalico.docs.tigera.io/manifests/calico.yaml -O
curl https://docs.projectcalico.org/archive/v3.20/manifests/calico.yaml -O
2. 修改IP自动发现
当kubelet的启动参数中存在
--node-ip的时候,以host-network模式启动的pod的status.hostIP字段就会自动填入kubelet中指定的ip地址。
vi calico.yaml修改前:
- name: IP
value: "autodetect"修改后:
- name: IP
valueFrom:
fieldRef:
fieldPath: status.hostIP3. 修改 CIDR
修改前:
# - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"修改后(修改成你自己的value哦,我这里(案例)是10.200.0.0/16,我实际修改的为:192.200.0.0/16)
10.xx.xx.xx 都改为 192.xx.xx.xx
- name: CALICO_IPV4POOL_CIDR
value: "192.200.0.0/16"3. 使插件生效
$ kubectl apply -f calico.yaml
若果报了这样的错误,是版本问题导致的:
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created
error: unable to recognize "calico.yaml": no matches for kind "PodDisruptionBudget" in version "policy/v1"
可能是版本兼容问题,参考:https://github.com/kyverno/kyverno/issues/2983
需要重新下载:
curl https://docs.projectcalico.org/archive/v3.20/manifests/calico.yaml -O然后再按照上述的步骤修改配置,再次执行:
$ kubectl apply -f calico.yaml执行打印结果:
[root@homaybd03 ~]# kubectl apply -f calico.yaml
configmap/calico-config unchanged
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org configured
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org configured
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers configured
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers unchanged
clusterrole.rbac.authorization.k8s.io/calico-node configured
clusterrolebinding.rbac.authorization.k8s.io/calico-node unchanged
daemonset.apps/calico-node configured
serviceaccount/calico-node unchanged
deployment.apps/calico-kube-controllers configured
serviceaccount/calico-kube-controllers unchanged
poddisruptionbudget.policy/calico-kube-controllers created
[root@homaybd03 ~]#
插件安装完成,看一下效果,其他两个节点的状态已经 Ready 了。
[root@hombd03 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
homaybd04 Ready <none> 7h17m v1.20.2
homaybd05 Ready <none> 6h51m v1.20.2
[root@homaybd03 ~]#
然后看一下Pod状态,都已经 Running 了。
[root@hombd03 ~]# kubectl get po -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-6d9cdcd744-5v54f 1/1 Running 0 16m
calico-node-6zkzf 1/1 Running 0 16m
calico-node-mj59l 1/1 Running 0 16m
nginx-proxy-homaybd05 1/1 Running 0 6h52m
[root@homaybd03 ~]# 为者常成,行者常至
自由转载-非商用-非衍生-保持署名(创意共享3.0许可证)
