k8s calicoctl安装

1.需要下载calicoctl

wget -O /usr/local/bin/calicoctl https://github.com/projectcalico/calicoctl/releases/download/v1.6.1/calicoctl
chmod +x /usr/local/bin/calicoctl

2.calicoctl需要和etcd对接，而etcd启用了https，需要获取cert文件

• docker安装的etcd，所以先查出docker id

[root@192-168-124-65 calico]# docker ps | grep etcd
5e9f2c1aaa6a        daocloud.io/daocloud/dce-etcd:2.10.2-rc.3                                                                                  "/usr/local/bin/dc..."   2 weeks ago         Up 2 weeks          2380/tcp, 0.0.0.0:12380->12380/tcp, 0.0.0.0:12379->2379/tcp                  dce_etcd_1

• 进入docker，查看开启的端口,可以确认是开启了https

[root@192-168-124-65 calico]# docker exec -it 5e9f2c1aaa6a sh
/ # etcdctl member list
bbb1619ea7397597: name=dce-etcd-192.168.124.65 peerURLs=http://192.168.124.65:12380 clientURLs=https://192.168.124.65:12379 isLeader=true

• 需要获取https的cert，于是查看etcd是否有挂载盘

[root@192-168-124-65 ~]# docker inspect 5e9f2c1aaa6a

      "Mounts": [
            {
                "Type": "bind",
                "Source": "/var/local/dce/etcd",
                "Destination": "/data",
                "Mode": "rw",
                "RW": true,
                "Propagation": "rprivate"
            }

可以看到容器本地/data，挂载到了主机/var/local/dce/etcd

• 将etcd的cert文件复制到/data

/etc/ssl/private/client # cp ca.pem client-cert.pem client-key.pem /data

• host上面已经可以看到了cert文件，在主机上面将cert文件放入/etc/calico/

[root@192-168-124-65 calico]# ls
calicoctl.cfg  calicoctl.cfg.1  ca.pem  client-cert.pem  client-key.pem

3.写calicoctl的配置文件

[root@192-168-124-65 calico]# cat calicoctl.cfg
apiVersion: v1
kind: calicoApiConfig
metadata:
spec:
  etcdEndpoints: https://192.168.124.65:12379
  etcdKeyFile: /etc/calico/client-key.pem
  etcdCertFile: /etc/calico/client-cert.pem
  etcdCACertFile: /etc/calico/ca.pem
[root@192-168-124-65 calico]# pwd
/etc/calico

4. calicoctl终于可以用了

[root@192-168-124-65 calico]# calicoctl get node
NAME
192-168-124-64
192-168-124-65

5.etcd的api也可以使用了

[root@192-168-124-65 calico]# curl --cacert /etc/calico/ca.pem --cert /etc/calico/client-cert.pem --key /etc/calico/client-key.pem https://192.168.124.65:12379/v2/keys
{"action":"get","node":{"dir":true,"nodes":[{"key":"/calico","dir":true,"modifiedIndex":62,"createdIndex":62},{"key":"/DCE","dir":true,"modifiedIndex":4,"createdIndex":4}]}}