[k8s]calico证书

docker run --net=host --privileged --name=calico-node \
-e HOSTNAME=no188 \
-e NODENAME=${HOSTNAME} \
-e IP=192.168.8.188 \
-e IP6= \
-e CALICO_NETWORKING_BACKEND= \
-e FELIX_DEFAULTENDPOINTTOHOSTACTION=RETURN \
-e AS= \
-e NO_DEFAULT_POOLS= \
-e CALICO_LIBNETWORK_ENABLED=true \
-e CALICO_IPV4POOL_CIDR=10.233.0.0/16 \
-e ETCD_ENDPOINTS=https://192.168.8.161:2379,https://192.168.8.162:2379,https://192.168.8.163:2379 \
-e ETCD_CA_CERT_FILE=/etc/calico/certs/ca_cert.crt \
-e ETCD_CERT_FILE=/etc/calico/certs/cert.crt \
-e ETCD_KEY_FILE=/etc/calico/certs/key.pem \
-v /var/log/calico:/var/log/calico \
-v /run/docker/plugins:/run/docker/plugins \
-v /lib/modules:/lib/modules \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/run/calico:/var/run/calico \
-v /etc/calico/certs:/etc/calico/certs:ro \
calico/node:v1.3.0

docker run --net=host --privileged --name=calico-node -d --restart=always \
  -v /etc/kubernetes/ssl:/etc/kubernetes/ssl \
  -e ETCD_ENDPOINTS=https://192.168.8.161:2379,https://192.168.8.162:2379,https://192.168.8.163:2379 \
  -e ETCD_KEY_FILE=/etc/kubernetes/ssl/kubernetes-key.pem \
  -e ETCD_CERT_FILE=/etc/kubernetes/ssl/kubernetes.pem \
  -e ETCD_CA_CERT_FILE=/etc/kubernetes/ssl/ca.pem \
  -e NODENAME=${HOSTNAME} \
  -e IP= \
  -e CALICO_IPV4POOL_CIDR=172.1.0.0/16 \ 
  -e NO_DEFAULT_POOLS= \
  -e AS= \
  -e CALICO_LIBNETWORK_ENABLED=true \
  -e IP6= \
  -e CALICO_NETWORKING_BACKEND=bird \
  -e FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \
  -v /var/run/calico:/var/run/calico \
  -v /lib/modules:/lib/modules \
  -v /run/docker/plugins:/run/docker/plugins \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v /var/log/calico:/var/log/calico \
192.168.1.103/k8s_public/calico-node:v1.1.3

验证证书:

openssl x509  -noout -text -in  kubernetes.pem

docker相关的option配置温佳丽

/etc/sysconfig/docker

/etc/systemd/system/docker.service
/etc/systemd/system/docker.service.d/

/usr/lib/systemd/system/docker.service
/etc/sysconfig/docker