手动搭建Kubernetes1.8高可用集群(6)calico
一、准备
1、接上一篇
2、镜像
quay.io/calico/ctl:v1.5.0
quay.io/calico/cni:v1.10.0
quay.io/calico/node:v2.5.0
3、创建目录 所有节点
/etc/cni/net.d/ /etc/calico/certs/opt/cni/bin/ 权限0755 属主kube/etc/kubernetes/addons/calico
二、配置所有节点
1、链接etcd证书
ln /etc/ssl/etcd/ssl/ca.pem /etc/calico/certs/ca_cert.crtln /etc/ssl/etcd/ssl/node-node1.pem /etc/calico/certs/cert.crtln /etc/ssl/etcd/ssl/node-node1-key.pem /etc/calico/certs/key.pem
2、/etc/cni/net.d/10-calico.conflist
{ "name": "cni0", "cniVersion":"0.3.1", "plugins":[ { "nodename": "node1", "type": "calico", "etcd_endpoints": "https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379", "etcd_cert_file": "/etc/ssl/etcd/ssl/node-node1.pem", "etcd_key_file": "/etc/ssl/etcd/ssl/node-node1-key.pem", "etcd_ca_cert_file": "/etc/ssl/etcd/ssl/ca.pem", "log_level": "info", "ipam": { "type": "calico-ipam" }, "kubernetes": { "kubeconfig": "/etc/kubernetes/node-kubeconfig.yaml" } }, { "type":"portmap", "capabilities":{ "portMappings":true } } ]}
3、/usr/local/bin/calicoctl
#!/bin/bash/usr/bin/docker run -i --privileged --rm \--net=host --pid=host \-e ETCD_ENDPOINTS=https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379 \-e ETCD_CA_CERT_FILE=/etc/calico/certs/ca_cert.crt \-e ETCD_CERT_FILE=/etc/calico/certs/cert.crt \-e ETCD_KEY_FILE=/etc/calico/certs/key.pem \-v /usr/bin/docker:/usr/bin/docker \-v /var/run/docker.sock:/var/run/docker.sock \-v /var/run/calico:/var/run/calico \-v /etc/calico/certs:/etc/calico/certs:ro \--memory=170M --cpu-shares=100 \quay.io/calico/ctl:v1.5.0 \"$@"
4、复制网络插件, 权限0755 属主kube
docker run --rm -v /opt/cni/bin:/cnibindir gcr.io/google_containers/hyperkube:v1.8.3 /bin/cp -r /opt/cni/bin/. /cnibindir/ docker run --rm -v /opt/cni/bin:/cnibindir quay.io/calico/cni:v1.10.0 sh -c 'cp /opt/cni/bin/* /cnibindir/'
此时Node已经Ready
三、设置ipPool
1、设置
echo '{"kind": "ipPool","spec": {"disabled": false, "ipip": {"enabled": true, "mode": "always"}, "nat-outgoing": true},"apiVersion": "v1","metadata": {"cidr": "10.233.64.0/18"}}' | calicoctl create -f -
2、验证
四、创建calico 在Master上
1、/etc/kubernetes/addons/calico/calico-config.yml
kind: ConfigMapapiVersion: v1metadata: name: calico-config namespace: kube-systemdata: etcd_endpoints: "https://192.168.1.121:2379,https://192.168.1.122:2379,https://192.168.1.123:2379" etcd_ca: "/calico-secrets/ca_cert.crt" etcd_cert: "/calico-secrets/cert.crt" etcd_key: "/calico-secrets/key.pem" cluster_type: "bgp" calico_backend: "bird"
2、/etc/kubernetes/addons/calico/calico-node.yml
---# This manifest installs the calico/node container, as well# as the Calico CNI plugins and network config on# each master and worker node in a Kubernetes cluster.kind: DaemonSetapiVersion: extensions/v1beta1metadata: name: calico-node namespace: kube-system labels: k8s-app: calico-nodespec: selector: matchLabels: k8s-app: calico-node template: metadata: labels: k8s-app: calico-node spec: hostNetwork: true serviceAccountName: calico-node tolerations: - effect: NoSchedule operator: Exists containers: # Runs calico/node container on each Kubernetes node. This # container programs network policy and routes on each # host. - name: calico-node image: quay.io/calico/node:v2.5.0 env: # The location of the Calico etcd cluster. - name: ETCD_ENDPOINTS valueFrom: configMapKeyRef: name: calico-config key: etcd_endpoints # Choose the backend to use. - name: CALICO_NETWORKING_BACKEND valueFrom: configMapKeyRef: name: calico-config key: calico_backend # Cluster type to identify the deployment type - name: CLUSTER_TYPE valueFrom: configMapKeyRef: name: calico-config key: cluster_type # Disable file logging so `kubectl logs` works. - name: CALICO_DISABLE_FILE_LOGGING value: "true" # Set Felix endpoint to host default action to ACCEPT. - name: FELIX_DEFAULTENDPOINTTOHOSTACTION value: "RETURN"# should be set in etcd before deployment# # Configure the IP Pool from which Pod IPs will be chosen.# - name: CALICO_IPV4POOL_CIDR# value: "192.168.0.0/16"# - name: CALICO_IPV4POOL_IPIP# value: "always" # Disable IPv6 on Kubernetes. - name: FELIX_IPV6SUPPORT value: "false" # Set Felix logging to "info" - name: FELIX_LOGSEVERITYSCREEN value: "info" # Disable autocreation of pools - name: CALICO_NO_DEFAULT_POOLS value: "true" # Enable libnetwork - name: CALICO_LIBNETWORK_ENABLED value: "true" # Set MTU for tunnel device used if ipip is enabled - name: FELIX_PROMETHEUSMETRICSENABLED value: "false" - name: FELIX_PROMETHEUSMETRICSPORT value: "9091" - name: FELIX_PROMETHEUSGOMETRICSENABLED value: "true" - name: FELIX_PROMETHEUSPROCESSMETRICSENABLED value: "true" # Location of the CA certificate for etcd. - name: ETCD_CA_CERT_FILE valueFrom: configMapKeyRef: name: calico-config key: etcd_ca # Location of the client key for etcd. - name: ETCD_KEY_FILE valueFrom: configMapKeyRef: name: calico-config key: etcd_key # Location of the client certificate for etcd. - name: ETCD_CERT_FILE valueFrom: configMapKeyRef: name: calico-config key: etcd_cert - name: IP valueFrom: fieldRef: fieldPath: status.hostIP - name: NODENAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: FELIX_HEALTHENABLED value: "true" - name: FELIX_IGNORELOOSERPF value: "False" securityContext: privileged: true resources: limits: cpu: 300m memory: 500M requests: cpu: 150m memory: 64M livenessProbe: httpGet: path: /liveness port: 9099 periodSeconds: 10 initialDelaySeconds: 10 failureThreshold: 6 readinessProbe: httpGet: path: /readiness port: 9099 periodSeconds: 10 volumeMounts: - mountPath: /lib/modules name: lib-modules readOnly: true - mountPath: /var/run/calico name: var-run-calico readOnly: false - mountPath: /calico-secrets name: etcd-certs volumes: # Used by calico/node. - name: lib-modules hostPath: path: /lib/modules - name: var-run-calico hostPath: path: /var/run/calico # Used to install CNI. - name: cni-bin-dir hostPath: path: /opt/cni/bin - name: cni-net-dir hostPath: path: /etc/cni/net.d # Mount in the etcd TLS secrets. - name: etcd-certs hostPath: path: "/etc/calico/certs" updateStrategy: rollingUpdate: maxUnavailable: 20% type: RollingUpdate
3、/etc/kubernetes/addons/calico/calico-node-sa.yml
---apiVersion: v1kind: ServiceAccountmetadata: name: calico-node namespace: kube-system labels: kubernetes.io/cluster-service: "true"
4、/etc/kubernetes/addons/calico/calico-cr.yml
---kind: ClusterRoleapiVersion: rbac.authorization.k8s.io/v1beta1metadata: name: calico-node namespace: kube-systemrules: - apiGroups: [""] resources: - pods - nodes verbs: - get
5、/etc/kubernetes/addons/calico/calico-crb.yml
---apiVersion: rbac.authorization.k8s.io/v1beta1kind: ClusterRoleBindingmetadata: name: calico-noderoleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: calico-nodesubjects:- kind: ServiceAccount name: calico-node namespace: kube-system
6、创建
kubectl create -f /etc/kubernetes/addons/calico/
四、验证
下一步kube-dns
转载于:https://blog.51cto.com/brave666/1971064
手动搭建Kubernetes1.8高可用集群(6)calico相关推荐
- 从0开始搭建Hadoop2.x高可用集群(HDFS篇)
从0开始搭建Hadoop2.x高可用集群(HDFS篇) 演示目标 演示环境 注意事项 准备虚拟机 关闭防火墙 检查系统时间 修改host 设置免密登录 卸载OpenJDK 安装软件 准备HDFS 配置 ...
- 轻松搭建Redis缓存高可用集群
Redis 高可用集群搭建 详情见 https://my.oschina.net/u/3796575/blog/1787078 转载于:https://www.cnblogs.com/xunyi/p/ ...
- 【Docker Swarm】搭建Docker Swarm高可用集群(详细版)
文章目录 1️⃣什么是Docker Swarm? 2️⃣Docker Swarm相关命令说明 3️⃣Docker Swarm集群节点规划 4️⃣创建Docker Swarm高可用集群操作步骤演示
- k8s 手动恢复redis 集群_二进制手动部署k8s-1.14高可用集群(二、集群部署)
1. CA证书(任意节点) 1.1 安装cfssl cfssl是非常好用的CA工具,我们用它来生成证书和秘钥文件 安装过程比较简单,如下: # 下载 $ mkdir -p ~/bin $ wget h ...
- mysql pxc搭建_MySQL PXC 高可用集群搭建
一些名词介绍: WS:write set写数据集IST: Incremental State Transfer增量同步SST:State Snapshot Transfer全量同步 pxc环境所涉及的 ...
- kubesphere+kubernetes搭建生产环境高可用集群(一)
docker部署安装harbor镜像仓库(附证书制作) 节点角色 主机名 CPU(核) 内存(GB) 系统盘(GB) 数据盘(TB) IP 备注 镜像仓库节点 harbor 2*8 256 2*600 ...
- Redis高可用集群-哨兵模式(Redis-Sentinel)搭建配置教程【Windows环境】
================================================= 人工智能教程.零基础!通俗易懂!风趣幽默!大家可以看看是否对自己有帮助! 点击查看高清无码教程 == ...
- 双vip的MySQL高可用集群
目录 一.mysql集群的搭建 IP地址规划: 使用ansible给从服务器安装mysql 1.使用master与所有从服务器建立SSH免密通道,然后添加到mysqld组到hosts文件里面 2.使用 ...
- kubeadm一键搭建kubernetes1.14.1高可用集群
一,基础环境配置 环境 版本 debian09 Debian 4.9.144-3 (2019-02-02) x86_64 GNU/Linux kubectl 1.14.1 kubeadmin 1.14 ...
- Kubernetes1.24版本高可用集群环境搭建(二进制方式)
背景: 虽然kubeadm方式安装集群更加简单些,配置相对比较少,但是生产环境还是建议二进制的方式安装,因为二进制的方式kubernetes的kube-apiserver.kube-controlle ...
最新文章
- C#调用dll中的函数
- EntityFramework Core 1.1是如何创建DbContext实例的呢?
- Bash : test 命令
- 小师妹学JVM之:cache line对代码性能的影响
- netcore一键部署到linux服务器以服务方式后台运行
- [置顶] 运算符重载,浅拷贝(logical copy) ,vs, 深拷贝(physical copy),三大件(bigthree problem)...
- js 加总数组中某一列_js根据对象数组中某一属性值,合并相同项,并对某一属性累加处理...
- 别再被三次握手和四次挥手所支配!把TCP这玩意儿给你掰开了说
- GB35114视频流处理
- 这些一夜爆火的国产软件,却一度被大众误以为是外国佬研发的。。。
- CORS请求的简单请求和非简单请求
- 原创 使用docker 安装CVAT并使用
- java上传图片到阿里云oss云存储中,返回url链接地址
- 【金猿案例展】某国际知名美妆集团——数据赋能精准营销
- A Pulmonary Nodule Detection Model Based on Progressive Resolution and Hierarchical Saliency
- MySQL的图形化界面开发工具DataGrip的下载安装
- 查看数据库的版本命令
- matlab创建圆点标定板,Halcon学习(十八)如何制作标定板
- 微信小程序使用canvas画海报分享图
- SBT30100VDC-ASEMI低压降肖特基二极管SBT30100VDC
热门文章
- VB计算圆周率(二)
- (源码)群体智能优化算法之社会蜘蛛算法(Social Spider Algorithm ,SSA)
- 【Prison Break】第七天(4.3)
- 【VC++类型转换】string转换为CString
- 基于迭代局部搜索和随机惯性权重的BA算法MATLAB实现(ILSSIWBA)
- 2017程序员综合素质调研测试
- tensorflow.python.framework.errors_impl.NotFoundError: Could not find valid device for node.
- MERIT DEM 90m数据下载
- ArcGIS操作小技巧(七)之制作漂亮的萤火虫图
- 量子计算机具有天然的处理能力,新发现:光纤可用于构建具有强大计算与处理能力的超导量子计算机...