思享工具箱

Calico 完全二进制安装

摘要:
完全二进制安装calicov3calicov3官方所有教程中均推荐使用docker方式运行,使用calicoctl配合docker运行会帮你提供好运行依赖和自动配置等。而如果使用二进制方式运行calico则需要手动安装依赖和配置各个组件。Itautomaticallypre-initializestheetcddatabase.对于calico集群,需要在每个节点均安装一套caliconode。confd,管理calicoBGP配置文件。此外,caliconode还依赖于:etcdv3,用于提供calico集群的数据源。centos上可以运行以下命令安装上述依赖:yuminstall-yconntracknet-toolsiptablesprocpskmodcalicoctl安装CALICO_CTL_IMAGE=calico/ctl:v3.12.0dockerpull${CALICO_CTL_IMAGE}dockercreate--namecalico-ctl-create${CALICO_CTL_IMAGE}sudodockercpcalico-ctl-create:/calicoctl/usr/local/bin/calicoctldockerrmcalico-ctl-createcalico-node安装官方对于该操作的文档:Binaryinstallwithoutpackagemanagercalico-node包含了运行所需的各种依赖文件,可以从里面copy到主机上。
完全二进制安装 calico v3

calico v3 官方所有教程中均推荐使用 docker 方式运行,使用 calicoctl 配合 docker 运行会帮你提供好运行依赖和自动配置等。而如果使用二进制方式运行 calico 则需要手动安装依赖和配置各个组件。

It automatically pre-initializes the etcd database (which the other installation methods do not).

对于calico 集群,需要在每个节点均安装一套calico node。所有集群节点均链接到一个etcd集群,进行集群数据同步。

calico node 容器主要提供以下组件的安装运行,本地安装则需要手动安装配置这些组件:

  • calicoctl,calico 命令行工具。
  • felix,calico node daemon。
  • confd,管理calico BGP 配置文件。
  • bird,用于 BGP 节点互联 BGP mesh。

此外,calico node还依赖于:

  • etcd v3,用于提供calico集群的数据源。
  • net-tools,用于提供 arp 命令。
  • conntrack,用于 Netfilter 连接追踪。
  • iptables,用于管理 iptable 规则等。
  • procps,提供 ps 命令。
  • kmod,管理内核模块。

centos 上可以运行以下命令安装上述依赖:

yum install -y conntrack net-tools iptables procps kmod

calicoctl 安装

CALICO_CTL_IMAGE=calico/ctl:v3.12.0
docker pull ${CALICO_CTL_IMAGE}
docker create --name calico-ctl-create ${CALICO_CTL_IMAGE}
sudo docker cp calico-ctl-create:/calicoctl /usr/local/bin/calicoctl
docker rm calico-ctl-create

calico-node 安装

官方对于该操作的文档:Binary install without package manager

calico-node 包含了运行所需的各种依赖文件,可以从里面copy到主机上。这些依赖项目在linux-dependencies中描述。

二进制文件下载:

CALICO_NODE_IMAGE=calico/node:v3.12.0
docker pull ${CALICO_NODE_IMAGE}
docker create --name calico-node-create  ${CALICO_NODE_IMAGE}
# calico-node(felix confd)
sudo docker cp calico-node-create:/bin/calico-node /usr/local/bin/calico-node
# felix,felix 里面所需要的环境变量与calico node 重叠但是名称不同,所以直接使用脚本方式。详见:https://github.com/projectcalico/node/blob/release-v3.12/filesystem/etc/service/available/felix/run
sudo docker cp calico-node-create:/etc/service/available/felix/run /usr/local/bin/calico-felix
# bird,用于节点互联的组件,使用由confd生成的配置文件。
sudo docker cp calico-node-create:/usr/bin/bird /usr/local/bin/bird
# confd configurations,confd 的模板等,confd 从这些模板动态生成 bird 等所需的配置文件。
sudo docker cp calico-node-create:/etc/calico/confd /etc/calico/confd
docker rm calico-node-create

集中配置 calico 环境变量:

sudo sh -c "cat > /etc/calico/calico.env" << EOF
# all support env,default values are referenced: https://docs.projectcalico.org/reference/node/configuration
NODENAME=$(hostname)
NO_DEFAULT_POOLS=false
IP=""
IP6=""
IP_AUTODETECTION_METHOD=first-found
IP6_AUTODETECTION_METHOD=first-found
DISABLE_NODE_IP_CHECK=false
AS=
CALICO_DISABLE_FILE_LOGGING=false
CALICO_ROUTER_ID=""
DATASTORE_TYPE=etcdv3
WAIT_FOR_DATASTORE=false
CALICO_NETWORKING_BACKEND=bird
CALICO_IPV4POOL_CIDR=192.168.0.0/16
CALICO_IPV6POOL_CIDR=""
CALICO_IPV4POOL_BLOCK_SIZE=26
CALICO_IPV6POOL_BLOCK_SIZE=122
CALICO_IPV4POOL_IPIP=Always
CALICO_IPV4POOL_VXLAN=Never
CALICO_IPV4POOL_NAT_OUTGOING=true
CALICO_IPV6POOL_NAT_OUTGOING=false
CALICO_IPV4POOL_NODE_SELECTOR="all()"
CALICO_IPV6POOL_NODE_SELECTOR="all()"
CALICO_STARTUP_LOGLEVEL=ERROR
CLUSTER_TYPE=""
ETCD_ENDPOINTS=http://192.168.2.21:2379
ETCD_DISCOVERY_SRV=""
ETCD_KEY_FILE=""
ETCD_CERT_FILE=""
ETCD_CA_CERT_FILE=""
CALICO_MANAGE_CNI=false
FELIX_LOGSEVERITYSCREEN=INFO
EOF

安装 calico-felix service

sudo sh -c "cat > /etc/systemd/system/calico-felix.service" << EOF
[Unit]
Description=Calico Felix agent
After=syslog.target network.target

[Service]
User=root
EnvironmentFile=/etc/calico/calico.env
ExecStartPre=/usr/bin/mkdir -p /var/run/calico
ExecStartPre=/usr/local/bin/calico-node -startup
ExecStart=/usr/local/bin/calico-felix
KillMode=process
Restart=on-failure
LimitNOFILE=32000

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable calico-felix
sudo systemctl start calico-felix

安装 calico-confd service

sudo sh -c "cat > /etc/systemd/system/calico-confd.service" << EOF
[Unit]
Description=Calico confd
After=syslog.target network.target

[Service]
User=root
EnvironmentFile=/etc/calico/calico.env
ExecStartPre=/usr/bin/mkdir -p /var/run/calico
ExecStart=/usr/local/bin/calico-node -confd
KillMode=process
Restart=on-failure
LimitNOFILE=32000

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable calico-confd
sudo systemctl start calico-confd

安装 bird service

sudo sh -c "cat > /etc/systemd/system/bird.service" << EOF
[Unit]
Description=BIRD internet routing daemon
After=syslog.target network.target

[Service]
User=root
EnvironmentFile=/etc/calico/calico.env
ExecStartPre=/usr/bin/mkdir -p /var/run/calico
ExecStart=/usr/local/bin/bird -R -s /var/run/calico/bird.ctl -d -c /etc/calico/confd/config/bird.cfg
KillMode=process
Restart=on-failure
LimitNOFILE=32000

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable bird
sudo systemctl start bird

calico libnetwork-plugin 安装

# 该镜像是从 libnetwork 最新版本编译而来,非常规版本或latest版本。编译方式参考我其他关于calico libnetwork 内容。
CALICO_LIBNETWORK_PLUGIN_IMAGE=calico/libnetwork-plugin:v2.6

docker pull ${CALICO_LIBNETWORK_PLUGIN_IMAGE}
docker create --name calico-libnetwork-plugin-create ${CALICO_LIBNETWORK_PLUGIN_IMAGE}
sudo docker cp calico-libnetwork-plugin-create:/libnetwork-plugin /usr/local/bin/calico-libnetwork-plugin
docker rm calico-libnetwork-plugin-create

sudo sh -c "cat > /etc/systemd/system/calico-libnetwork-plugin.service" << EOF
[Unit]
Description=Calico libnetwork plugin
After=syslog.target network.target calico-felix.service
Requires=calico-felix.service

[Service]
User=root
EnvironmentFile=/etc/calico/calico.env
ExecStartPre=/usr/bin/mkdir -p /var/run/calico
ExecStart=/usr/local/bin/calico-libnetwork-plugin
KillMode=process
Restart=on-failure
LimitNOFILE=32000

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable calico-libnetwork-plugin
sudo systemctl start calico-libnetwork-plugin

docker 创建网络:

这里必须指定 subnet ,该subnet 需要是 ippool 中的地址或子集。

docker network create --driver calico --ipam-driver calico-ipam --subnet 192.168.0.0/16 cali_net

后续配置

配置全部允许的 calico network policy, 否则在默认规则下所有环境不能互通。

sudo sh -c "cat > /etc/calico/global-network-policy-allow-all.yaml" << EOF
apiVersion: projectcalico.org/v3
kind: GlobalNetworkPolicy
metadata:
  name: allow-all
spec:
  selector: all()
  ingress:
  - action: Allow
  egress:
  - action: Allow
EOF
sudo calicoctl apply -f /etc/calico/global-network-policy-allow-all.yaml

附录

附上调试时的script:

install.sh

#!/usr/bin/env sh

CALICO_NODE_IMAGE=calico/node:v3.12.0
docker pull ${CALICO_NODE_IMAGE}
docker create --name calico-node-create  ${CALICO_NODE_IMAGE}
# felix
sudo docker cp calico-node-create:/bin/calico-node /usr/local/bin/calico-node
sudo docker cp calico-node-create:/etc/service/available/felix/run /usr/local/bin/calico-felix
# bird
sudo docker cp calico-node-create:/usr/bin/bird /usr/local/bin/bird
# confd
sudo docker cp calico-node-create:/etc/calico/confd /etc/calico/confd
docker rm calico-node-create

sudo sh -c "cat > /etc/calico/calico.env" << EOF
# all support env,default values are referenced: https://docs.projectcalico.org/reference/node/configuration
NODENAME=$(hostname)
NO_DEFAULT_POOLS=false
IP=""
IP6=""
IP_AUTODETECTION_METHOD=first-found
IP6_AUTODETECTION_METHOD=first-found
DISABLE_NODE_IP_CHECK=false
AS=
CALICO_DISABLE_FILE_LOGGING=false
CALICO_ROUTER_ID=""
DATASTORE_TYPE=etcdv3
WAIT_FOR_DATASTORE=false
CALICO_NETWORKING_BACKEND=bird
CALICO_IPV4POOL_CIDR=192.168.0.0/16
CALICO_IPV6POOL_CIDR=""
CALICO_IPV4POOL_BLOCK_SIZE=26
CALICO_IPV6POOL_BLOCK_SIZE=122
CALICO_IPV4POOL_IPIP=Always
CALICO_IPV4POOL_VXLAN=Never
CALICO_IPV4POOL_NAT_OUTGOING=true
CALICO_IPV6POOL_NAT_OUTGOING=false
CALICO_IPV4POOL_NODE_SELECTOR="all()"
CALICO_IPV6POOL_NODE_SELECTOR="all()"
CALICO_STARTUP_LOGLEVEL=ERROR
CLUSTER_TYPE=""
ETCD_ENDPOINTS=http://192.168.2.21:2379
ETCD_DISCOVERY_SRV=""
ETCD_KEY_FILE=""
ETCD_CERT_FILE=""
ETCD_CA_CERT_FILE=""
CALICO_MANAGE_CNI=false
FELIX_LOGSEVERITYSCREEN=INFO
EOF

# felix,reference: https://github.com/projectcalico/node/blob/master/filesystem/etc/service/available/felix/run
sudo sh -c "cat > /etc/systemd/system/calico-felix.service" << EOF
[Unit]
Description=Calico Felix agent
After=syslog.target network.target

[Service]
User=root
EnvironmentFile=/etc/calico/calico.env
ExecStartPre=/usr/bin/mkdir -p /var/run/calico
ExecStartPre=/usr/local/bin/calico-node -startup
ExecStart=/usr/local/bin/calico-felix
KillMode=process
Restart=on-failure
LimitNOFILE=32000

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable calico-felix
sudo systemctl start calico-felix

# confd,reference: https://github.com/projectcalico/node/blob/master/filesystem/etc/service/available/confd/run
sudo sh -c "cat > /etc/systemd/system/calico-confd.service" << EOF
[Unit]
Description=Calico confd
After=syslog.target network.target

[Service]
User=root
EnvironmentFile=/etc/calico/calico.env
ExecStartPre=/usr/bin/mkdir -p /var/run/calico
ExecStart=/usr/local/bin/calico-node -confd
KillMode=process
Restart=on-failure
LimitNOFILE=32000

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable calico-confd
sudo systemctl start calico-confd

# bird,reference: https://github.com/projectcalico/node/blob/master/filesystem/etc/service/available/bird/run
sudo sh -c "cat > /etc/systemd/system/bird.service" << EOF
[Unit]
Description=BIRD internet routing daemon
After=syslog.target network.target

[Service]
User=root
EnvironmentFile=/etc/calico/calico.env
ExecStartPre=/usr/bin/mkdir -p /var/run/calico
ExecStart=/usr/local/bin/bird -R -s /var/run/calico/bird.ctl -d -c /etc/calico/confd/config/bird.cfg
KillMode=process
Restart=on-failure
LimitNOFILE=32000

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable bird
sudo systemctl start bird

# libnetwork-plugin

CALICO_LIBNETWORK_PLUGIN_IMAGE=internal-registry.ghostcloud.cn/calico/libnetwork-plugin:v2.6

docker pull ${CALICO_LIBNETWORK_PLUGIN_IMAGE}
docker create --name calico-libnetwork-plugin-create ${CALICO_LIBNETWORK_PLUGIN_IMAGE}
sudo docker cp calico-libnetwork-plugin-create:/libnetwork-plugin /usr/local/bin/calico-libnetwork-plugin
docker rm calico-libnetwork-plugin-create

sudo sh -c "cat > /etc/systemd/system/calico-libnetwork-plugin.service" << EOF
[Unit]
Description=Calico libnetwork plugin
After=syslog.target network.target calico-felix.service
Requires=calico-felix.service

[Service]
User=root
EnvironmentFile=/etc/calico/calico.env
ExecStartPre=/usr/bin/mkdir -p /var/run/calico
ExecStart=/usr/local/bin/calico-libnetwork-plugin
KillMode=process
Restart=on-failure
LimitNOFILE=32000

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable calico-libnetwork-plugin
sudo systemctl start calico-libnetwork-plugin

作者:一个大大大坑
链接:https://www.jianshu.com/p/9bddc2eb69a3

标签:#etcd#sudo#install | 浏览:398 | 发布日期:

免责声明:文章转载自《Calico 完全二进制安装》仅用于学习参考。如对内容有疑问,请及时联系本站处理。

上篇TCP/IP协议栈概述及各层包头分析Delphi调用IE打开网页下篇

宿迁高防,2C2G15M,22元/月;香港BGP,2C5G5M,25元/月 雨云优惠码:MjYwNzM=

相关文章

kubernetes之kubeadm 安装kubernetes 高可用集群

1. 架构信息 系统版本:CentOS 7.6内核:3.10.0-957.el7.x86_64 Kubernetes: v1.14.1Docker-ce: 18.09.5推荐硬件配置:4核8G Keepalived保证apiserever服务器的IP高可用 Haproxy实现apiserver的负载均衡 2. 节点信息 目前测试为 6 台虚拟机,etcd...

linux系统centos7.9安装R(编译安装)

查看系统: [root@centos7 ~]# cat /etc/redhat-release CentOS Linux release 7.9.2009 (Core) [root@centos7 ~]# hostnamectl Static hostname: centos7 Icon name: computer-vm...

关于在虚拟机上安装ubuntu输入不了中文的问题

打开终端后,无法输入中文,按照网络上的教程 1.安装语言包 System Settings–>Language Support–>Install/Remove Languages选中chinese,点击Apply,等待下载安装完成。 2.安装ibus框架 sudo apt-get install ibus ibus-clutter ibus-g...

ubuntu1704安装zabbix3.2

一、环境准备   部署zabbix要安装apache、mysql和php sudo apt-get install apache2 sudo apt-get install mysql-server #需要设密码 sudo apt-get install php7.0 php7.0-gd libapache2-mod-php7.0 php7.0-my...

unbuntu18.04安装snort问题记录

1.recipe for target 'aclocal.m4' failed sudo apt-get install autoconf automake 2.ERROR! LuaJIT library not found. wget http://luajit.org/download/LuaJIT-2.0.5.tar.gz tar -zxvf Lu...

Day7-PXE安装系统

PXE     Pre-boot eXecuionEnvironment     预启动执行环境,在操作系统之前运行     可用于远程安装、构建无盘工作站 工作模式     PXE client集成在网卡ROM中     在计算机引导时,BIOS把PXE client 调入内存执行,获取PXE server 配置、显示菜单,根据用户选择将远程操作系统下...

最新文章

随机推荐

思享工具箱导航