kubernetes与calico整合
说明
以前的kubernetes集群都是基于flannel搭建的,但应用系统所用的容器之间都能互访,存在一定的安全性,因calico在网络方面可支持策略,本文档为基于calico搭建kubernetes集群的记录
所有文件已经下载完成,并放置与我的github上 calico-kubernetes。
环境准备
- 宿主机系统CentOS 7.1 64bit
- virtualbox 5.0.14
- vagrant 1.8.1
- CoreOS alpha 928.0.0
- kubernetes v1.1.7
- calicoctl v0.15.0
- calico v1.0
- calico-ipam v1.0
安装
相关配置文件及组件下载完成后目录结构如下所示:
➜ coreos tree
.
├── cloud-config
│ ├── calico
│ ├── calicoctl
│ ├── calico-ipam
│ ├── easy-rsa.tar.gz
│ ├── key.sh
│ ├── kube-apiserver
│ ├── kube-controller-manager
│ ├── kubectl
│ ├── kubelet
│ ├── kube-proxy
│ ├── kube-scheduler
│ ├── make-ca-cert.sh
│ ├── master-config.yaml
│ ├── master-config.yaml.tmpl
│ ├── network-environment
│ ├── node-config.yaml_calico-02
│ ├── node-config.yaml_calico-03
│ ├── node-config.yaml.tmpl
│ └── setup-network-environment
├── manifests
│ ├── busybox.yaml
│ ├── kube-ui-rc.yaml
│ ├── kube-ui-svc.yaml
│ └── skydns.yaml
├── synced_folders.yaml
└── Vagrantfile
必要二进制工具下载
# 创建目录
mkdir cloud-config && cd cloud-config
## 下载calico相关组件
wget https://github.com/projectcalico/calico-containers/releases/download/v0.15.0/calicoctl
wget https://github.com/projectcalico/calico-cni/releases/download/v1.0.0/calico
wget https://github.com/projectcalico/calico-cni/releases/download/v1.0.0/calico-ipam
## 下载kubernetes相关组件
wget http://storage.googleapis.com/kubernetes-release/release/v1.1.7/bin/linux/amd64/kubectl
wget http://storage.googleapis.com/kubernetes-release/release/v1.1.7/bin/linux/amd64/kubelet
wget http://storage.googleapis.com/kubernetes-release/release/v1.1.7/bin/linux/amd64/kube-proxy
wget http://storage.googleapis.com/kubernetes-release/release/v1.1.7/bin/linux/amd64/kube-apiserver
wget http://storage.googleapis.com/kubernetes-release/release/v1.1.7/bin/linux/amd64/kube-controller-manager
wget http://storage.googleapis.com/kubernetes-release/release/v1.1.7/bin/linux/amd64/kube-scheduler
## 下载环境设置工具
wget https://github.com/kelseyhightower/setup-network-environment/releases/download/1.0.1/setup-network-environment
## 下载证书制作工具(也可以使用CoreOS系统自带的,本文档中不包含后续再更新)
wget https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz
cloud-init配置文件模板
目录中master-config.yaml
、node-config.yaml_calico-02
、node-config.yaml_calico-03
为启动集群时根据.tmpl
文件自动生成的配置文件
master cloud-init模板
~/cloud-config/master-config.yaml.tmpl 内容如下:
#cloud-config
---
write_files:
# Network config file for the Calico CNI plugin.
- path: /etc/cni/net.d/10-calico.conf
owner: root
permissions: 0755
content: |
{
"name": "calico-k8s-network",
"type": "calico",
"etcd_authority": "172.18.18.101:2379",
"log_level": "info",
"ipam": {
"type": "calico-ipam"
}
}
# Kubeconfig file.
- path: /etc/kubernetes/worker-kubeconfig.yaml
owner: root
permissions: 0755
content: |
apiVersion: v1
kind: Config
clusters:
- name: local
cluster:
server: http://172.18.18.101:8080
users:
- name: kubelet
contexts:
- context:
cluster: local
user: kubelet
name: kubelet-context
current-context: kubelet-context
hostname: __HOSTNAMT__
coreos:
update:
reboot-strategy: off
etcd2:
name: "etcdserver"
listen-client-urls: http://0.0.0.0:2379
advertise-client-urls: http://$private_ipv4:2379
initial-cluster: etcdserver=http://$private_ipv4:2380
initial-advertise-peer-urls: http://$private_ipv4:2380
listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001
listen-peer-urls: http://0.0.0.0:2380
fleet:
metadata: "role=master"
etcd_servers: "http://localhost:2379"
units:
- name: etcd2.service
command: start
- name: fleet.service
command: start
- name: setup-network-environment.service
command: start
content: |
[Unit]
Description=Setup Network Environment
Documentation=https://github.com/kelseyhightower/setup-network-environment
Requires=network-online.target
After=network-online.target
[Service]
ExecStartPre=-/usr/bin/chmod +x /opt/bin/setup-network-environment
ExecStart=/opt/bin/setup-network-environment
RemainAfterExit=yes
Type=oneshot
[Install]
WantedBy=multi-user.target
- name: kube