Kubernetes進階 -- calico網絡插件

calico網絡插件

harbor倉庫中新建 calico 項目，因爲我們已經指定了鏡像下載倉庫是harbor，默認會從裏面的library倉庫下載，但是calico.yml文件指定從calico倉庫下載，不想改動文件情況下我們新建calico倉庫。

拉取鏡像：

[root@server1 harbor]# docker pull calico/cni:v3.14.1

[root@server1 harbor]# docker pull calico/pod2daemon-flexvol:v3.14.1

[root@server1 harbor]# docker pull  calico/node:v3.14.1

[root@server1 harbor]# docker pull calico/kube-controllers:v3.14.1

[root@server1 harbor]# for i in `docker images |grep calico| awk '{print $1":"$2}'`;do docker tag $i reg.caoaoyuan.org/$i;done
//打標籤
[root@server1 harbor]# for i in `docker images |grep reg.caoaoyuan.org\/calico| awk '{print $1":"$2}'`;do docker push $i;done
//上傳

calico網絡插件通flannel插件一樣，具有針對同網段和不同網段的模式。

• name: CALICO_IPV4POOL_IPIP
  value: “Always”

它裏面的 ipip 就相當於 ip 的隧道，由於我們目前的主機都再統一網段，我們就可以關閉它。使用邊界網關協議就可以了

移除flannel插件的服務和數據
[root@server2 manifest]# kubectl delete -f kube-flannel.yml 	
[root@server2 mainfest]# mv /etc/cni/net.d/10-flannel.conflist /mnt/		# 這一步在三個結點都做


[root@server2 manifest]# vim calico.yaml
            - name: CALICO_IPV4POOL_IPIP
              value: "off"

[root@server2 manifest]# kubectl apply -f calico.yaml 
[root@server2 manifest]# kubectl get pod -n kube-system  -o wide
NAME                                       READY   STATUS    RESTARTS   AGE     IP             NODE      NOMINATED NODE   READINESS GATES
calico-kube-controllers-76d4774d89-th4kq   1/1     Running   0          3m42s   10.244.1.96    server3   <none>           <none>
calico-node-8qvg5                          1/1     Running   0          3m42s   172.25.254.3   server3   <none>           <none>
calico-node-8tbjj                          1/1     Running   0          3m42s   172.25.254.2   server2   <none>           <none>
calico-node-dxpbx                          1/1     Running   0          3m42s   172.25.254.4   server4   <none>           <none>
//它是以daemonset的方式運行的

[root@server4 ~]# ip a
4: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 52:af:33:ec:ef:32 brd ff:ff:ff:ff:ff:ff
ipvs0
       valid_lft forever preferred_lft forever
6: cali6463bc8abcb@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::ecee:eeff:feee:eeee/64 scope link 
       valid_lft forever preferred_lft forever
flannel 的設備消失了	calico的設備出現

[root@server3 ~]# ip route
default via 172.25.254.67 dev ens3 
10.244.22.0/26 via 172.25.254.4 dev ens3 proto bird 
blackhole 10.244.141.192/26 proto bird 
10.244.141.194 dev calibd4bc725030 scope link 
10.244.141.195 dev cali4bc5eb922f6 scope link	//看出訪問本機時直接走這個設備，類似與host-gw

我們還可以更改它的 ip 池：

            # Enable IPIP
            - name: CALICO_IPV4POOL_IPIP
              value: "Always"		//打開ip隧道
            # Enable or Disable VXLAN on the default IP pool.
            - name: CALICO_IPV4POOL_VXLAN
              value: "Never"

            - name: CALICO_IPV4POOL_CIDR
              value: "10.244.0.0/16"		//設置地址池

[root@server4 ~]# ip a
9: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
    inet 10.244.22.0/32 brd 10.244.22.0 scope global tunl0
       valid_lft forever preferred_lft forever
[root@server3 ~]# ip a
9: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
    inet 10.244.141.192/32 brd 10.244.141.192 scope global tunl0
       valid_lft forever preferred_lft forever

在每個結點上就會出現一個隧道設備。

[root@rhel7host ~]# curl 172.25.254.3:30899/hostname.html
deployment-example-846496db9d-cqmqz
[root@rhel7host ~]# curl 172.25.254.3:30899/hostname.html
deployment-example-846496db9d-rn6sx
[root@rhel7host ~]# curl 172.25.254.3:30899/hostname.html
deployment-example-846496db9d-cqmqz

訪問也是沒有問題的。