OpenShift/Kubernetes集群 Calico BG
2019-10-29 本文已影响0人
潘晓华Michael
Calico OpenShift
calico 是容器网络的一种解决方案,也是当前最流行的方案之一。它完全利用路由规则实现动态组网,通过BGP协议通告路由。Calico BGP没有像ovs那样需要封包解包,所以它的网络性能更好。
管理calico网络免不了使用calicoctl工具,本篇介绍如何在OpenShift/Kubernetes环境下,配置calicoctl来管理集群网络。
calico元数据支持两种存储类:etcd与kubernetes
- 安装calicoctl
$ curl -O -L https://github.com/projectcalico/calicoctl/releases/download/v3.10.0/calicoctl
$ chmod a+x calicoctl
- 确认Calico部署时使用的元数据存储类型,查看calico-config
$ oc describe cm calico-config -n kube-system | grep datastore_type
可以为kubernetes、etcdv3。默认为etcdv3。
设置为kubernetes时表示直接使用k8s api存取数据库服务;
使用kubernetes类型
创建calicoctl访问的配置文件calicoctl.conf
$ mkdir /etc/calico
$ cat << EOF > /etc/calico/calicoctl.cfg
apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
datastoreType: "kubernetes"
kubeconfig: "/root/.kube/config"
EOF
使用etcdv3类型
- 创建calicoctl访问的配置文件calicoctl.conf
for openshift
$ mkdir /etc/calico
$ cat << EOF > /etc/calico/calicoctl.cfg
apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
datastoreType: "etcdv3"
etcdEndpoints: https://master1.example.com:2379
etcdKeyFile: /etc/cni/net.d/calico-tls/etcd-key
etcdCertFile: /etc/cni/net.d/calico-tls/etcd-cert
etcdCACertFile: /etc/cni/net.d/calico-tls/etcd-ca
EOF
for kubernetes
$ mkdir /etc/calico
$ cat << EOF > /etc/calico/calicoctl.cfg
apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
datastoreType: "etcdv3"
etcdEndpoints: https://master1.example.com:2379
etcdKeyFile: /etc/kubernetes/pki/etcd/server.key
etcdCertFile: /etc/kubernetes/pki/etcd/server.crt
etcdCACertFile: /etc/kubernetes/pki/etcd/ca.crt
EOF
- 执行calicoctl获取workloadendpoints
$ ./calicoctl get workloadendpoints
WORKLOAD NODE NETWORKS INTERFACE
docker-registry-3-fr8zn infra1.example.com 10.129.200.29/32 cali046d7771a9f
registry-console-3-bxbck master1.example.com 10.131.9.210/32 cali6d8bb449db0
$ ./calicoctl get workloadendpoints -a # 查看所有namespace下的workloadendpoints
