这篇文章给大家分享的是有关Kubernetes 1.8.4如何安装Calico的内容。小编觉得挺实用的，因此分享给大家做个参考，一起跟随小编过来看看吧。

Calico  

      Calico 是一款纯 Layer 3 的数据中心网络方案(不需要 Overlay 网络)，Calico 好处是他已与各种云原生平台有良好的整合，而 Calico 在每一个节点利用 Linux Kernel 实现高效的 vRouter 来负责数据的转发，而当数据中心复杂度增加时，可以用 BGP route reflector 来达成。

• 在master通过 kubectl 建立 Calico policy controller

  生成calico-controller.yml

  cat <<EOF > calico-controller.yml
  apiVersion: rbac.authorization.k8s.io/v1beta1
  kind: ClusterRoleBinding
  metadata:
    name: calico-kube-controllers
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: calico-kube-controllers
  subjects:
  - kind: ServiceAccount
    name: calico-kube-controllers
    namespace: kube-system
  ---
  kind: ClusterRole
  apiVersion: rbac.authorization.k8s.io/v1beta1
  metadata:
    name: calico-kube-controllers
    namespace: kube-system
  rules:
    - apiGroups:
      - ""
      - extensions
      resources:
        - pods
        - namespaces
        - networkpolicies
      verbs:
        - watch
        - list
  ---
  apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: calico-kube-controllers
    namespace: kube-system
  ---
  apiVersion: extensions/v1beta1
  kind: Deployment
  metadata:
    name: calico-policy-controller
    namespace: kube-system
    labels:
      k8s-app: calico-policy
  spec:
    strategy:
      type: Recreate
    template:
      metadata:
        name: calico-policy-controller
        namespace: kube-system
        labels:
          k8s-app: calico-policy
      spec:
        hostNetwork: true
        serviceAccountName: calico-kube-controllers
        containers:
        - name: calico-policy-controller
          image: quay.io/calico/kube-controllers:v1.0.0
          env:
            - name: ETCD_ENDPOINTS
              value: "https://10.0.0.162:2379"
            - name: ETCD_CA_CERT_FILE
              value: "/etc/etcd/ssl/etcd-ca.pem"
            - name: ETCD_CERT_FILE
              value: "/etc/etcd/ssl/etcd.pem"
            - name: ETCD_KEY_FILE
              value: "/etc/etcd/ssl/etcd-key.pem"
          volumeMounts:
            - mountPath: /etc/etcd/ssl
              name: etcd-ca-certs
              readOnly: true
        volumes:
          - hostPath:
              path: /etc/etcd/ssl
              type: DirectoryOrCreate
            name: etcd-ca-certs
  EOF

  
  

  kubectl apply -f calico-controller.yml

  
  

  查看状态

  kubectl -n kube-system get po -l k8s-app=calico-policy

  
  

   

• 在master下载 Calico CLI 工具

  wget https://github.com/projectcalico/calicoctl/releases/download/v1.6.1/calicoctl
  chmod +x calicoctl && mv calicoctl /usr/local/bin/

  
  

   

• 在所有节点下载 Calico，并执行以下步骤

  export CALICO_URL="https://github.com/projectcalico/cni-plugin/releases/download/v1.11.0"
  wget -N -P /opt/cni/bin ${CALICO_URL}/calico
  wget -N -P /opt/cni/bin ${CALICO_URL}/calico-ipam
  chmod +x /opt/cni/bin/calico /opt/cni/bin/calico-ipam

  
  

• 在所有节点下载 CNI plugins配置文件，以及 calico-node.service
  创建文件夹

  mkdir -p /etc/cni/net.d

  
  

  cat <<EOF > /etc/cni/net.d/10-calico.conf
  {
      "name": "calico-k8s-network",
      "cniVersion": "0.1.0",
      "type": "calico",
      "etcd_endpoints": "https://10.0.0.162:2379",
      "etcd_ca_cert_file": "/etc/etcd/ssl/etcd-ca.pem",
      "etcd_cert_file": "/etc/etcd/ssl/etcd.pem",
      "etcd_key_file": "/etc/etcd/ssl/etcd-key.pem",
      "log_level": "info",
      "ipam": {
          "type": "calico-ipam"
      },
      "policy": {
          "type": "k8s"
      },
      "kubernetes": {
          "kubeconfig": "/etc/kubernetes/kubelet.conf"
      }
  }
  EOF

  
  

  cat <<EOF > /lib/systemd/system/calico-node.service
  [Unit]
  Description=calico node
  After=docker.service
  Requires=docker.service
  
  [Service]
  User=root
  PermissionsStartOnly=true
  ExecStart=/usr/bin/docker run --net=host --privileged --name=calico-node \
    -e ETCD_ENDPOINTS=https://10.0.0.162:2379 \
    -e ETCD_CA_CERT_FILE=/etc/etcd/ssl/etcd-ca.pem \
    -e ETCD_CERT_FILE=/etc/etcd/ssl/etcd.pem \
    -e ETCD_KEY_FILE=/etc/etcd/ssl/etcd-key.pem \
    -e NODENAME=${HOSTNAME} \
    -e IP= \
    -e NO_DEFAULT_POOLS= \
    -e AS= \
    -e CALICO_LIBNETWORK_ENABLED=true \
    -e IP6= \
    -e CALICO_NETWORKING_BACKEND=bird \
    -e FELIX_DEFAULTENDPOINTTOHOSTACTION=ACCEPT \
    -e FELIX_HEALTHENABLED=true \
    -e CALICO_IPV4POOL_CIDR=10.244.0.0/16 \
    -e CALICO_IPV4POOL_IPIP=always \
    -e IP_AUTODETECTION_METHOD=interface=ens33 \
    -e IP6_AUTODETECTION_METHOD=interface=ens33 \
    -v /etc/etcd/ssl:/etc/etcd/ssl \
    -v /var/run/calico:/var/run/calico \
    -v /lib/modules:/lib/modules \
    -v /run/docker/plugins:/run/docker/plugins \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v /var/log/calico:/var/log/calico \
    quay.io/calico/node:v2.6.2
  ExecStop=/usr/bin/docker rm -f calico-node
  Restart=on-failure
  RestartSec=10
  
  [Install]
  WantedBy=multi-user.target
  EOF

  
  

   

• 在所有节点启动 Calico-node

  systemctl enable calico-node.service && systemctl start calico-node.service

  
  

• 在master查看 Calico nodes

  cat <<EOF > ~/calico-rc
  export ETCD_ENDPOINTS="https://10.0.0.162:2379"
  export ETCD_CA_CERT_FILE="/etc/etcd/ssl/etcd-ca.pem"
  export ETCD_CERT_FILE="/etc/etcd/ssl/etcd.pem"
  export ETCD_KEY_FILE="/etc/etcd/ssl/etcd-key.pem"
  EOF

  
  

  . ~/calico-rc

  
  

  calicoctl get node -o wide

  
  

  查看 pending 的 pod 是否已执行

  kubectl -n kube-system get po

感谢各位的阅读！关于“Kubernetes 1.8.4如何安装Calico”这篇文章就分享到这里了，希望以上内容可以对大家有一定的帮助，让大家可以学到更多知识，如果觉得文章不错，可以把它分享出去让更多的人看到吧！