calico網絡插件
harbor倉庫中新建 calico 項目,因爲我們已經指定了鏡像下載倉庫是harbor,默認會從裏面的library倉庫下載,但是calico.yml文件指定從calico倉庫下載,不想改動文件情況下我們新建calico倉庫。
拉取鏡像:
[root@server1 harbor]# docker pull calico/cni:v3.14.1
[root@server1 harbor]# docker pull calico/pod2daemon-flexvol:v3.14.1
[root@server1 harbor]# docker pull calico/node:v3.14.1
[root@server1 harbor]# docker pull calico/kube-controllers:v3.14.1
[root@server1 harbor]# for i in `docker images |grep calico| awk '{print $1":"$2}'`;do docker tag $i reg.caoaoyuan.org/$i;done
//打標籤
[root@server1 harbor]# for i in `docker images |grep reg.caoaoyuan.org\/calico| awk '{print $1":"$2}'`;do docker push $i;done
//上傳
calico網絡插件通flannel插件一樣,具有針對同網段和不同網段的模式。
- name: CALICO_IPV4POOL_IPIP
value: “Always”
它裏面的 ipip 就相當於 ip 的隧道,由於我們目前的主機都再統一網段,我們就可以關閉它。使用邊界網關協議就可以了
移除flannel插件的服務和數據
[root@server2 manifest]# kubectl delete -f kube-flannel.yml
[root@server2 mainfest]# mv /etc/cni/net.d/10-flannel.conflist /mnt/ # 這一步在三個結點都做
[root@server2 manifest]# vim calico.yaml
- name: CALICO_IPV4POOL_IPIP
value: "off"
[root@server2 manifest]# kubectl apply -f calico.yaml
[root@server2 manifest]# kubectl get pod -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-76d4774d89-th4kq 1/1 Running 0 3m42s 10.244.1.96 server3 <none> <none>
calico-node-8qvg5 1/1 Running 0 3m42s 172.25.254.3 server3 <none> <none>
calico-node-8tbjj 1/1 Running 0 3m42s 172.25.254.2 server2 <none> <none>
calico-node-dxpbx 1/1 Running 0 3m42s 172.25.254.4 server4 <none> <none>
//它是以daemonset的方式運行的
[root@server4 ~]# ip a
4: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 52:af:33:ec:ef:32 brd ff:ff:ff:ff:ff:ff
ipvs0
valid_lft forever preferred_lft forever
6: cali6463bc8abcb@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::ecee:eeff:feee:eeee/64 scope link
valid_lft forever preferred_lft forever
flannel 的設備消失了 calico的設備出現
[root@server3 ~]# ip route
default via 172.25.254.67 dev ens3
10.244.22.0/26 via 172.25.254.4 dev ens3 proto bird
blackhole 10.244.141.192/26 proto bird
10.244.141.194 dev calibd4bc725030 scope link
10.244.141.195 dev cali4bc5eb922f6 scope link //看出訪問本機時直接走這個設備,類似與host-gw
我們還可以更改它的 ip 池:
# Enable IPIP
- name: CALICO_IPV4POOL_IPIP
value: "Always" //打開ip隧道
# Enable or Disable VXLAN on the default IP pool.
- name: CALICO_IPV4POOL_VXLAN
value: "Never"
- name: CALICO_IPV4POOL_CIDR
value: "10.244.0.0/16" //設置地址池
[root@server4 ~]# ip a
9: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
inet 10.244.22.0/32 brd 10.244.22.0 scope global tunl0
valid_lft forever preferred_lft forever
[root@server3 ~]# ip a
9: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
inet 10.244.141.192/32 brd 10.244.141.192 scope global tunl0
valid_lft forever preferred_lft forever
在每個結點上就會出現一個隧道設備。
[root@rhel7host ~]# curl 172.25.254.3:30899/hostname.html
deployment-example-846496db9d-cqmqz
[root@rhel7host ~]# curl 172.25.254.3:30899/hostname.html
deployment-example-846496db9d-rn6sx
[root@rhel7host ~]# curl 172.25.254.3:30899/hostname.html
deployment-example-846496db9d-cqmqz
訪問也是沒有問題的。