zoukankan      html  css  js  c++  java

  • docker calico安装

     

    第一步,安装etcd:

      请参考以前的文章:  http://www.cnblogs.com/vincenshen/articles/8637949.html

    第二步,下载calico:

    sudo wget -O /usr/local/bin/calicoctl https://github.com/projectcalico/calicoctl/releases/download/v1.6.3/calicoctl
sudo chmod +x /usr/local/bin/calicoctl

    第三步,编写calico配置文件:

    apiVersion: v1
kind: calicoApiConfig
metadata:
spec:
  datastoreType: "etcdv2"
  etcdEndpoints: "http://etcd:2379"

    第四步,运行calico node:

    root@Docker003:~# sudo calicoctl node run --node-image=quay.io/calico/node:v2.6.8
sudo: unable to resolve host Docker003
Running command to load modules: modprobe -a xt_set ip6_tables
Enabling IPv4 forwarding
Enabling IPv6 forwarding
Increasing conntrack limit
Removing old calico-node container (if running).
Running the following command to start calico-node:

docker run --net=host --privileged --name=calico-node -d --restart=always -e NODENAME=Docker003 -e CALICO_NETWORKING_BACKEND=bird -e CALICO_LIBNETWORK_ENABLED=true -e ETCD_ENDPOINTS=http://172.16.65.151:2379 -v /var/log/calico:/var/log/calico -v /var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v /run:/run -v /run/docker/plugins:/run/docker/plugins -v /var/run/docker.sock:/var/run/docker.sock quay.io/calico/node:v2.6.8

Image may take a short time to download if it is not available locally.
Container started, checking progress logs.

2018-03-25 14:40:40.421 [INFO][7] startup.go 173: Early log level set to info
2018-03-25 14:40:40.422 [INFO][7] client.go 202: Loading config from environment
2018-03-25 14:40:40.422 [INFO][7] startup.go 83: Skipping datastore connection test
2018-03-25 14:40:40.424 [INFO][7] startup.go 259: Building new node resource Name="Docker003"
2018-03-25 14:40:40.424 [INFO][7] startup.go 273: Initialise BGP data
2018-03-25 14:40:40.425 [INFO][7] startup.go 467: Using autodetected IPv4 address on interface ens33: 172.16.65.153/24
2018-03-25 14:40:40.425 [INFO][7] startup.go 338: Node IPv4 changed, will check for conflicts
2018-03-25 14:40:40.431 [INFO][7] startup.go 530: No AS number configured on node resource, using global value
2018-03-25 14:40:40.434 [INFO][7] etcd.go 111: Ready flag is already set
2018-03-25 14:40:40.435 [INFO][7] client.go 139: Using previously configured cluster GUID
2018-03-25 14:40:40.450 [INFO][7] compat.go 796: Returning configured node to node mesh
2018-03-25 14:40:40.460 [INFO][7] startup.go 131: Using node name: Docker003
2018-03-25 14:40:40.529 [INFO][14] client.go 202: Loading config from environment
Starting libnetwork service
Calico node started successfully

    calico node会以container方式运行

    第五步,查看运行结果:

    root@Docker003:~# calicoctl node status
Calico process is running.

IPv4 BGP status
+---------------+-------------------+-------+----------+-------------+
| PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |
+---------------+-------------------+-------+----------+-------------+
| 172.16.65.152 | node-to-node mesh | up    | 14:40:44 | Established |
+---------------+-------------------+-------+----------+-------------+

IPv6 BGP status
No IPv6 peers found.

    第六步,创建calico网络

    创建的calico网络会自动同步到其他Docker主机上

    root@Docker003:~# docker network create --driver calico --ipam-driver calico-ipam calico_network01
0765e8cf3d7867715783f607d5fc1d8b54ef972ff697960c63aaf532d2900c51
    
root@Docker003:    ~# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
d3436c79a405        bridge              bridge              local
0765e8cf3d78        calico_network01    calico              global
5de037f95399        host                host                local
f4305d9ce150        none                null                local

    第七步,运行container

    root@Docker003:~# docker run -itd --network calico_network01 --name bbox1 busybox
    // calico并没有在Docker主机上创建bridge
    root@Docker003:~    # brctl show
bridge name    bridge id        STP enabled    interfaces
docker0        8000.0242c840a49d    no    

    // 多了一个calico veth pair    
root@Docker003:    ~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:0f:79:b7 brd ff:ff:ff:ff:ff:ff
    inet 172.16.65.153/24 brd 172.16.65.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe0f:79b7/64 scope link 
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:c8:40:a4:9d brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
5: calia9212856e7c@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 92:3c:80:31:7e:18 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::903c:80ff:fe31:7e18/64 scope link 
       valid_lft forever preferred_lft forever

    // container的网络和Docker主机通过calico veth pair连接
root@Docker003:~# docker exec bbox1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
4: cali0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue 
    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff
    inet 192.168.109.128/32 brd 192.168.109.128 scope global cali0
       valid_lft forever preferred_lft forever

    在其他Docker主机上也运行Container并加入相同的Calico网络

    root@Docker003:~# ip route
default via 172.16.65.2 dev ens33 onlink 
172.16.65.0/24 dev ens33  proto kernel  scope link  src 172.16.65.153 
172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.0.1 linkdown 
192.168.109.128 dev calia9212856e7c  scope link 
blackhole 192.168.109.128/26  proto bird 
192.168.214.64/26 via 172.16.65.152 dev ens33  proto bird

    在多个Docker主机上运行Container连接到同一个calico网络测试连通性

    root@Docker002:~# docker exec bbox2 ping -c 2 bbox1
PING bbox1 (192.168.109.128): 56 data bytes
64 bytes from 192.168.109.128: seq=0 ttl=62 time=0.447 ms
64 bytes from 192.168.109.128: seq=1 ttl=62 time=1.328 ms

--- bbox1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.447/0.887/1.328 ms

    calico为Container提供DNS服务。

    第八步,为calico配置Policy

    calico 默认的 policy 规则是:容器只能与同一个 calico 网络中的容器通信

    root@Docker002:~# calicoctl get profile calico_network01 -o yaml
- apiVersion: v1
  kind: profile
  metadata:
    name: calico_network01
    tags:
    - calico_network01
  spec:
    egress:
    - action: allow
      destination: {}
      source: {}
    ingress:
    - action: allow
      destination: {}
      source:
        tag: calico_network01

    编写policy yml文件

    root@Docker003:~# vim test_ping.yml

- apiVersion: v1
  kind: profile
  metadata:
    name: calico_network02
  spec:
    ingress:
    - action: allow
      protocol: icmp
      source:
        tag: calico_network01
      destination: {}

    应用policy 

    root@Docker003:~# calicoctl apply -f test_ping.yml 
Successfully applied 1 'profile' resource(s)
  • 相关阅读:
    echarts实现中国地图(部分省份版)
    Head First 设计模式——与设计模式相处
    Head First 设计模式-复合模式
    Head First 设计模式-状态、代理模式
    Head First 设计模式-模板方法、迭代器
    魔幻的一个月~
    Head First 设计模式-命令与适配器模式
    突然想写点什么……
    Head First 设计模式- 工厂与单件模式
    Head First 设计模式——观察者与装饰者模式
  • 原文地址:https://www.cnblogs.com/vincenshen/p/8647564.html
Copyright © 2011-2022 走看看