Calico是一个纯三层的数据中心网络方案,Calico支持广泛的平台,包括Kubernetes、OpenStack等。

Calico 在每一个计算节点利用 Linux Kernel 实现了一个高效的虚拟路由器( vRouter) 来负责数据转发,而每个 vRouter 通过 BGP 协议负责把自己上运行的 workload 的路由信息向整个 Calico 网络内传播。

此外,Calico 项目还实现了 Kubernetes 网络策略,提供ACL功能。

https://docs.projectcalico.org/getting-started/kubernetes/quickstart

wget https://docs.projectcalico.org/manifests/calico.yaml

下载完后还需要修改里面配置项:

  • 定义Pod网络(CALICO_IPV4POOL_CIDR),与前面pod CIDR配置一样
  • 选择工作模式(CALICO_IPV4POOL_IPIP),支持BGP(Never)IPIP(Always)CrossSubnet(开启BGP并支持跨子网)

kubernetes 集群架构 kubernetes calico大规模集群_docker

由于使用docker 直接下载需要FQ还有各种问题,所以直接单独下载来了上传百度网盘分享

kubernetes 集群架构 kubernetes calico大规模集群_ci_02


链接: https://pan.baidu.com/s/1jtF7QjLyrNNMh6BTKI48ug 密码: a3iu

导入包

docker load -i xxx.tar.gz

kubernetes 集群架构 kubernetes calico大规模集群_docker_03

应用calico

[root@k8s-master ~]# kubectl apply -f calico.yaml 
configmap/calico-config created
customresourcedefinition.apiextensions.k8s.io/bgpconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/bgppeers.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/blockaffinities.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/clusterinformations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/felixconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/globalnetworksets.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/hostendpoints.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamblocks.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamconfigs.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ipamhandles.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/ippools.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/kubecontrollersconfigurations.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networkpolicies.crd.projectcalico.org created
customresourcedefinition.apiextensions.k8s.io/networksets.crd.projectcalico.org created
clusterrole.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrolebinding.rbac.authorization.k8s.io/calico-kube-controllers created
clusterrole.rbac.authorization.k8s.io/calico-node created
clusterrolebinding.rbac.authorization.k8s.io/calico-node created
daemonset.apps/calico-node created
serviceaccount/calico-node created
deployment.apps/calico-kube-controllers created
serviceaccount/calico-kube-controllers created

查看状态

[root@k8s-master ~]# kubectl get pods -n kube-system
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-578894d4cd-rnrdk   1/1     Running   0          57s
calico-node-5mtpb                          1/1     Running   0          58s
calico-node-mvw6g                          1/1     Running   0          58s
calico-node-pl4j5                          1/1     Running   0          58s
coredns-7ff77c879f-ptp6d                   1/1     Running   0          25m
coredns-7ff77c879f-rknfw                   1/1     Running   0          25m
etcd-k8s-master                            1/1     Running   0          26m
kube-apiserver-k8s-master                  1/1     Running   0          26m
kube-controller-manager-k8s-master         1/1     Running   0          26m
kube-proxy-5r8r7                           1/1     Running   0          19m
kube-proxy-svwqf                           1/1     Running   0          19m
kube-proxy-tl9jd                           1/1     Running   0          25m
kube-scheduler-k8s-master                  1/1     Running   0          26m

[root@k8s-master ~]# kubectl get node
NAME         STATUS   ROLES    AGE   VERSION
k8s-master   Ready    master   28m   v1.18.0
k8s-node1    Ready    <none>   21m   v1.18.0
k8s-node2    Ready    <none>   21m   v1.18.0