一、准备

1、接上一篇

2、镜像

  • quay.io/calico/ctl:v1.5.0

  • quay.io/calico/cni:v1.10.0

  • quay.io/calico/node:v2.5.0

3、创建目录 所有节点

/etc/cni/net.d/ /etc/calico/certs/opt/cni/bin/    权限0755  属主kube/etc/kubernetes/addons/calico

二、配置所有节点

1、链接etcd证书

ln /etc/ssl/etcd/ssl/ca.pem /etc/calico/certs/ca_cert.crtln /etc/ssl/etcd/ssl/node-node1.pem /etc/calico/certs/cert.crtln /etc/ssl/etcd/ssl/node-node1-key.pem /etc/calico/certs/key.pem

2、/etc/cni/net.d/10-calico.conflist

{  "name": "cni0",  "cniVersion":"0.3.1",  "plugins":[    {          "nodename": "node1",          "type": "calico",      "etcd_endpoints": "https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379",      "etcd_cert_file": "/etc/ssl/etcd/ssl/node-node1.pem",      "etcd_key_file": "/etc/ssl/etcd/ssl/node-node1-key.pem",      "etcd_ca_cert_file": "/etc/ssl/etcd/ssl/ca.pem",      "log_level": "info",      "ipam": {        "type": "calico-ipam"      },              "kubernetes": {        "kubeconfig": "/etc/kubernetes/node-kubeconfig.yaml"      }    },    {      "type":"portmap",      "capabilities":{        "portMappings":true      }    }  ]}

3、/usr/local/bin/calicoctl

#!/bin/bash/usr/bin/docker run -i --privileged --rm \--net=host --pid=host \-e ETCD_ENDPOINTS=https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379 \-e ETCD_CA_CERT_FILE=/etc/calico/certs/ca_cert.crt \-e ETCD_CERT_FILE=/etc/calico/certs/cert.crt \-e ETCD_KEY_FILE=/etc/calico/certs/key.pem \-v /usr/bin/docker:/usr/bin/docker \-v /var/run/docker.sock:/var/run/docker.sock \-v /var/run/calico:/var/run/calico \-v /etc/calico/certs:/etc/calico/certs:ro \--memory=170M --cpu-shares=100 \quay.io/calico/ctl:v1.5.0 \"$@"

4、复制网络插件, 权限0755 属主kube

docker run --rm -v /opt/cni/bin:/cnibindir gcr.io/google_containers/hyperkube:v1.8.3 /bin/cp -r /opt/cni/bin/. /cnibindir/

docker run --rm -v /opt/cni/bin:/cnibindir quay.io/calico/cni:v1.10.0 sh -c 'cp /opt/cni/bin/* /cnibindir/'

此时Node已经Ready

三、设置ipPool

1、设置
echo '{"kind": "ipPool","spec": {"disabled": false, "ipip": {"enabled": true, "mode": "always"},                 "nat-outgoing": true},"apiVersion": "v1","metadata": {"cidr": "10.233.64.0/18"}}' | calicoctl create -f -
2、验证

四、创建calico 在Master上

1、/etc/kubernetes/addons/calico/calico-config.yml
kind: ConfigMapapiVersion: v1metadata:  name: calico-config  namespace: kube-systemdata:  etcd_endpoints: "https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379"  etcd_ca: "/calico-secrets/ca_cert.crt"  etcd_cert: "/calico-secrets/cert.crt"  etcd_key: "/calico-secrets/key.pem"  cluster_type: "bgp"  calico_backend: "bird"
2、/etc/kubernetes/addons/calico/calico-node.yml
---# This manifest installs the calico/node container, as well# as the Calico CNI plugins and network config on# each master and worker node in a Kubernetes cluster.kind: DaemonSetapiVersion: extensions/v1beta1metadata:  name: calico-node  namespace: kube-system  labels:    k8s-app: calico-nodespec:  selector:    matchLabels:      k8s-app: calico-node  template:    metadata:      labels:        k8s-app: calico-node    spec:      hostNetwork: true      serviceAccountName: calico-node      tolerations:        - effect: NoSchedule          operator: Exists      containers:        # Runs calico/node container on each Kubernetes node.  This        # container programs network policy and routes on each        # host.        - name: calico-node          image: quay.io/calico/node:v2.5.0          env:            # The location of the Calico etcd cluster.            - name: ETCD_ENDPOINTS              valueFrom:                configMapKeyRef:                  name: calico-config                  key: etcd_endpoints            # Choose the backend to use.            - name: CALICO_NETWORKING_BACKEND              valueFrom:                configMapKeyRef:                  name: calico-config                  key: calico_backend            # Cluster type to identify the deployment type            - name: CLUSTER_TYPE              valueFrom:                configMapKeyRef:                  name: calico-config                  key: cluster_type            # Disable file logging so `kubectl logs` works.            - name: CALICO_DISABLE_FILE_LOGGING              value: "true"            # Set Felix endpoint to host default action to ACCEPT.            - name: FELIX_DEFAULTENDPOINTTOHOSTACTION              value: "RETURN"# should be set in etcd before deployment#            # Configure the IP Pool from which Pod IPs will be chosen.#            - name: CALICO_IPV4POOL_CIDR#              value: "192.168.0.0/16"#            - name: CALICO_IPV4POOL_IPIP#              value: "always"            # Disable IPv6 on Kubernetes.            - name: FELIX_IPV6SUPPORT              value: "false"            # Set Felix logging to "info"            - name: FELIX_LOGSEVERITYSCREEN              value: "info"            # Disable autocreation of pools            - name: CALICO_NO_DEFAULT_POOLS              value: "true"            # Enable libnetwork            - name: CALICO_LIBNETWORK_ENABLED              value: "true"            # Set MTU for tunnel device used if ipip is enabled            - name: FELIX_PROMETHEUSMETRICSENABLED              value: "false"            - name: FELIX_PROMETHEUSMETRICSPORT              value: "9091"            - name: FELIX_PROMETHEUSGOMETRICSENABLED              value: "true"            - name: FELIX_PROMETHEUSPROCESSMETRICSENABLED              value: "true"            # Location of the CA certificate for etcd.            - name: ETCD_CA_CERT_FILE              valueFrom:                configMapKeyRef:                  name: calico-config                  key: etcd_ca            # Location of the client key for etcd.            - name: ETCD_KEY_FILE              valueFrom:                configMapKeyRef:                  name: calico-config                  key: etcd_key            # Location of the client certificate for etcd.            - name: ETCD_CERT_FILE              valueFrom:                configMapKeyRef:                  name: calico-config                  key: etcd_cert            - name: IP              valueFrom:                fieldRef:                  fieldPath: status.hostIP            - name: NODENAME              valueFrom:                fieldRef:                  fieldPath: spec.nodeName            - name: FELIX_HEALTHENABLED              value: "true"            - name: FELIX_IGNORELOOSERPF              value: "False"          securityContext:            privileged: true          resources:            limits:              cpu: 300m              memory: 500M            requests:              cpu: 150m              memory: 64M          livenessProbe:            httpGet:              path: /liveness              port: 9099            periodSeconds: 10            initialDelaySeconds: 10            failureThreshold: 6          readinessProbe:            httpGet:              path: /readiness              port: 9099            periodSeconds: 10          volumeMounts:            - mountPath: /lib/modules              name: lib-modules              readOnly: true            - mountPath: /var/run/calico              name: var-run-calico              readOnly: false            - mountPath: /calico-secrets              name: etcd-certs      volumes:        # Used by calico/node.        - name: lib-modules          hostPath:            path: /lib/modules        - name: var-run-calico          hostPath:            path: /var/run/calico        # Used to install CNI.        - name: cni-bin-dir          hostPath:            path: /opt/cni/bin        - name: cni-net-dir          hostPath:            path: /etc/cni/net.d        # Mount in the etcd TLS secrets.        - name: etcd-certs          hostPath:            path: "/etc/calico/certs"  updateStrategy:    rollingUpdate:      maxUnavailable: 20%    type: RollingUpdate
3、/etc/kubernetes/addons/calico/calico-node-sa.yml
---apiVersion: v1kind: ServiceAccountmetadata:  name: calico-node  namespace: kube-system  labels:    kubernetes.io/cluster-service: "true"
4、/etc/kubernetes/addons/calico/calico-cr.yml
---kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1beta1metadata:  name: calico-node  namespace: kube-systemrules:  - apiGroups: [""]    resources:      - pods      - nodes    verbs:      - get
5、/etc/kubernetes/addons/calico/calico-crb.yml
---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata:  name: calico-noderoleRef:  apiGroup: rbac.authorization.k8s.io  kind: ClusterRole  name: calico-nodesubjects:- kind: ServiceAccount  name: calico-node  namespace: kube-system
6、创建
kubectl create -f /etc/kubernetes/addons/calico/

四、验证

下一步kube-dns

转载于:https://blog.51cto.com/brave666/1971064

手动搭建Kubernetes1.8高可用集群(6)calico相关推荐

  1. 从0开始搭建Hadoop2.x高可用集群(HDFS篇)

    从0开始搭建Hadoop2.x高可用集群(HDFS篇) 演示目标 演示环境 注意事项 准备虚拟机 关闭防火墙 检查系统时间 修改host 设置免密登录 卸载OpenJDK 安装软件 准备HDFS 配置 ...

  2. 轻松搭建Redis缓存高可用集群

    Redis 高可用集群搭建 详情见 https://my.oschina.net/u/3796575/blog/1787078 转载于:https://www.cnblogs.com/xunyi/p/ ...

  3. 【Docker Swarm】搭建Docker Swarm高可用集群(详细版)

    文章目录 1️⃣什么是Docker Swarm? 2️⃣Docker Swarm相关命令说明 3️⃣Docker Swarm集群节点规划 4️⃣创建Docker Swarm高可用集群操作步骤演示

  4. k8s 手动恢复redis 集群_二进制手动部署k8s-1.14高可用集群(二、集群部署)

    1. CA证书(任意节点) 1.1 安装cfssl cfssl是非常好用的CA工具,我们用它来生成证书和秘钥文件 安装过程比较简单,如下: # 下载 $ mkdir -p ~/bin $ wget h ...

  5. mysql pxc搭建_MySQL PXC 高可用集群搭建

    一些名词介绍: WS:write set写数据集IST: Incremental State Transfer增量同步SST:State Snapshot Transfer全量同步 pxc环境所涉及的 ...

  6. kubesphere+kubernetes搭建生产环境高可用集群(一)

    docker部署安装harbor镜像仓库(附证书制作) 节点角色 主机名 CPU(核) 内存(GB) 系统盘(GB) 数据盘(TB) IP 备注 镜像仓库节点 harbor 2*8 256 2*600 ...

  7. Redis高可用集群-哨兵模式(Redis-Sentinel)搭建配置教程【Windows环境】

    ================================================= 人工智能教程.零基础!通俗易懂!风趣幽默!大家可以看看是否对自己有帮助! 点击查看高清无码教程 == ...

  8. 双vip的MySQL高可用集群

    目录 一.mysql集群的搭建 IP地址规划: 使用ansible给从服务器安装mysql 1.使用master与所有从服务器建立SSH免密通道,然后添加到mysqld组到hosts文件里面 2.使用 ...

  9. kubeadm一键搭建kubernetes1.14.1高可用集群

    一,基础环境配置 环境 版本 debian09 Debian 4.9.144-3 (2019-02-02) x86_64 GNU/Linux kubectl 1.14.1 kubeadmin 1.14 ...

  10. Kubernetes1.24版本高可用集群环境搭建(二进制方式)

    背景: 虽然kubeadm方式安装集群更加简单些,配置相对比较少,但是生产环境还是建议二进制的方式安装,因为二进制的方式kubernetes的kube-apiserver.kube-controlle ...

最新文章

  1. C#调用dll中的函数
  2. EntityFramework Core 1.1是如何创建DbContext实例的呢?
  3. Bash : test 命令
  4. 小师妹学JVM之:cache line对代码性能的影响
  5. netcore一键部署到linux服务器以服务方式后台运行
  6. [置顶] 运算符重载,浅拷贝(logical copy) ,vs, 深拷贝(physical copy),三大件(bigthree problem)...
  7. js 加总数组中某一列_js根据对象数组中某一属性值,合并相同项,并对某一属性累加处理...
  8. 别再被三次握手和四次挥手所支配!把TCP这玩意儿给你掰开了说
  9. GB35114视频流处理
  10. 这些一夜爆火的国产软件,却一度被大众误以为是外国佬研发的。。。
  11. CORS请求的简单请求和非简单请求
  12. 原创 使用docker 安装CVAT并使用
  13. java上传图片到阿里云oss云存储中,返回url链接地址
  14. 【金猿案例展】某国际知名美妆集团——数据赋能精准营销
  15. A Pulmonary Nodule Detection Model Based on Progressive Resolution and Hierarchical Saliency
  16. MySQL的图形化界面开发工具DataGrip的下载安装
  17. 查看数据库的版本命令
  18. matlab创建圆点标定板,Halcon学习(十八)如何制作标定板
  19. 微信小程序使用canvas画海报分享图
  20. SBT30100VDC-ASEMI低压降肖特基二极管SBT30100VDC

热门文章

  1. VB计算圆周率(二)
  2. (源码)群体智能优化算法之社会蜘蛛算法(Social Spider Algorithm ,SSA)
  3. 【Prison Break】第七天(4.3)
  4. 【VC++类型转换】string转换为CString
  5. 基于迭代局部搜索和随机惯性权重的BA算法MATLAB实现(ILSSIWBA)
  6. 2017程序员综合素质调研测试
  7. tensorflow.python.framework.errors_impl.NotFoundError: Could not find valid device for node.
  8. MERIT DEM 90m数据下载
  9. ArcGIS操作小技巧(七)之制作漂亮的萤火虫图
  10. 量子计算机具有天然的处理能力,新发现:光纤可用于构建具有强大计算与处理能力的超导量子计算机...