Kubernetes进阶 -- calico网络插件

calico网络插件

harbor仓库中新建 calico 项目，因为我们已经指定了镜像下载仓库是harbor，默认会从里面的library仓库下载，但是calico.yml文件指定从calico仓库下载，不想改动文件情况下我们在harbor上新建calico仓库。

拉取镜像：

[root@server1 harbor]# docker pull calico/cni:v3.14.1

[root@server1 harbor]# docker pull calico/pod2daemon-flexvol:v3.14.1

[root@server1 harbor]# docker pull  calico/node:v3.14.1

[root@server1 harbor]# docker pull calico/kube-controllers:v3.14.1

[root@server1 harbor]# for i in `docker images |grep calico| awk '{print $1":"$2}'`;do docker tag $i reg.caoaoyuan.org/$i;done
//打标签
[root@server1 harbor]# for i in `docker images |grep reg.caoaoyuan.org\/calico| awk '{print $1":"$2}'`;do docker push $i;done
//上传

calico网络插件通flannel插件一样，具有针对同网段和不同网段的模式。

• name: CALICO_IPV4POOL_IPIP
  value: “Always”

它里面的 ipip 就相当于 ip 的隧道，由于我们目前的主机都再统一网段，我们就可以关闭它。使用边界网关协议就可以了

移除flannel插件的服务和数据
[root@server2 manifest]# kubectl delete -f kube-flannel.yml 	
[root@server2 mainfest]# mv /etc/cni/net.d/10-flannel.conflist /mnt/		# 这一步在三个结点都做


[root@server2 manifest]# vim calico.yaml
            - name: CALICO_IPV4POOL_IPIP
              value: "off"

[root@server2 manifest]# kubectl apply -f calico.yaml 
[root@server2 manifest]# kubectl get pod -n kube-system  -o wide
NAME                                       READY   STATUS    RESTARTS   AGE     IP             NODE      NOMINATED NODE   READINESS GATES
calico-kube-controllers-76d4774d89-th4kq   1/1     Running   0          3m42s   10.244.1.96    server3   <none>           <none>
calico-node-8qvg5                          1/1     Running   0          3m42s   172.25.254.3   server3   <none>           <none>
calico-node-8tbjj                          1/1     Running   0          3m42s   172.25.254.2   server2   <none>           <none>
calico-node-dxpbx                          1/1     Running   0          3m42s   172.25.254.4   server4   <none>           <none>
//它是以daemonset的方式运行的

[root@server4 ~]# ip a
4: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 52:af:33:ec:ef:32 brd ff:ff:ff:ff:ff:ff
ipvs0
       valid_lft forever preferred_lft forever
6: cali6463bc8abcb@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1440 qdisc noqueue state UP group default 
    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::ecee:eeff:feee:eeee/64 scope link 
       valid_lft forever preferred_lft forever
flannel 的设备消失了	calico的设备出现

[root@server3 ~]# ip route
default via 172.25.254.67 dev ens3 
10.244.22.0/26 via 172.25.254.4 dev ens3 proto bird 
blackhole 10.244.141.192/26 proto bird 
10.244.141.194 dev calibd4bc725030 scope link 
10.244.141.195 dev cali4bc5eb922f6 scope link	//看出访问本机时直接走这个设备，类似与host-gw

我们还可以更改它的 ip 池：

            # Enable IPIP
            - name: CALICO_IPV4POOL_IPIP
              value: "Always"		//打开ip隧道
            # Enable or Disable VXLAN on the default IP pool.
            - name: CALICO_IPV4POOL_VXLAN
              value: "Never"

            - name: CALICO_IPV4POOL_CIDR
              value: "10.244.0.0/16"		//设置地址池

[root@server4 ~]# ip a
9: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
    inet 10.244.22.0/32 brd 10.244.22.0 scope global tunl0
       valid_lft forever preferred_lft forever
[root@server3 ~]# ip a
9: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0
    inet 10.244.141.192/32 brd 10.244.141.192 scope global tunl0
       valid_lft forever preferred_lft forever

在每个结点上就会出现一个隧道设备。

[root@rhel7host ~]# curl 172.25.254.3:30899/hostname.html
deployment-example-846496db9d-cqmqz
[root@rhel7host ~]# curl 172.25.254.3:30899/hostname.html
deployment-example-846496db9d-rn6sx
[root@rhel7host ~]# curl 172.25.254.3:30899/hostname.html
deployment-example-846496db9d-cqmqz

访问也是没有问题的。