calico安装下载
k8s网络插件
1、版本选择
cacli版本对应关系查找。
参考:https://blog.csdn.net/LRXmrlirixing/article/details/126648454
https://docs.tigera.io/archive/v3.10/getting-started/kubernetes/requirements
本次安装的的k8s版本是v1.14.3,所以可以使用calico v3.10版本。
同样的页面:Installing Calico for policy and networking (recommended),我们看下安装方法。
[root@k8s-master1 kubeadms]# curl https://docs.projectcalico.org/v3.10/manifests/calico.yaml -O
[root@k8s-master1 kubeadms]# vi calico.yaml
# Cluster type to identify the deployment type
- name: CLUSTER_TYPE
value: "k8s,bgp"
- name: IP_AUTODETECTION_METHOD
value: "interface=ens33"
# Auto-detect the BGP IP address.
[root@k8s-master1 kubeadms]# kubectl create -f calico.yaml
[root@k8s-master1 kubeadms]# kubectl get pods -A -owide |grep calico-node
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system calico-node-42d7g 0/1 Init:ImagePullBackOff 0 75s 192.168.1.134 k8s-node1 <none> <none>
kube-system calico-node-8mxbl 0/1 Pending 0 75s <none> k8s-master3 <none> <none>
kube-system calico-node-g8ckq 0/1 Init:ImagePullBackOff 0 75s 192.168.1.135 k8s-node2 <none> <none>
kube-system calico-node-hn8ks 0/1 Pending 0 75s <none> k8s-node3 <none> <none>
kube-system calico-node-r4kzp 0/1 Init:ImagePullBackOff 0 75s 192.168.1.131 k8s-master1 <none> <none>
kube-system calico-node-vjd4g 0/1 Init:ImagePullBackOff 0 75s 192.168.1.132 k8s-master2 <none> <none>
如上,很明显就是下载images失败,读取calico.yaml文件,看下需要下载那些镜像。
2、下载镜像
calico镜像下载地址:https://github.com/projectcalico/calico/releases
下载3.10.4版本:https://docs.tigera.io/archive/v3.10/release-notes/,, v3.10.4 下面的Release archive 下载这个链接就好。本地下载很慢,最好在外网环境下载。
如下截图下载,
下载过程超级慢,整个目录结构如下,比较全面。这里不仅有images镜像包,也有yaml配置文件和bin二进制信息。
[root@k8s-node2 ~]# cd /root/release-v3.10.4/images [root@k8s-node2 images]# ls calico-cni.tar calico-dikastes.tar calico-flannel-migration-controller.tar calico-kube-controllers.tar calico-node.tar calico-pod2daemon-flexvol.tar calico-typha.tar [root@k8s-node2 images]# docker load -i calico-cni.tar [root@k8s-node2 images]# docker load -i calico-node.tar [root@k8s-node2 images]# docker load -i calico-pod2daemon-flexvol.tar [root@k8s-node2 images]# docker images |grep calico calico/node v3.10.4 870da06857d7 4 years ago 192MB calico/cni v3.10.4 62ce410b90df 4 years ago 163MB calico/kube-controllers v3.10.4 0bffddb67f96 4 years ago 50.6MB calico/pod2daemon-flexvol v3.10.4 63fbf227cf10 4 years ago 9.78MB
查看,导入了image之后的节点,pod都已经正常启动了。
依次导入其他节点,操作网络部署完成。
也可以尝试一下第二种方法
参考:K8S Calico网络插件 - RidingWind - 博客园尝试手动从quay.io下载镜像。quay.io是一个公共镜像仓库。(速度比较快,建议使用这一种方法)
[root@k8s-node1 ~]#docker pull quay.io/calico/cni:v3.10.4 [root@k8s-node1 ~]#docker pull quay.io/calico/node:v3.10.4 [root@k8s-node1 ~]#docker pull quay.io/calico/pod2daemon-flexvol:v3.10.4 [root@k8s-node1 ~]#docker tag quay.io/calico/node:v3.10.4 calico/node:v3.10.4 [root@k8s-node1 ~]#docker tag quay.io/calico/pod2daemon-flexvol:v3.10.4 calico/pod2daemon-flexvol:v3.10.4 [root@k8s-node1 ~]#docker tag quay.io/calico/cni:v3.10.4 calico/cni:v3.10.4 [root@k8s-node1 ~]#docker images |grep calico
以上两种方案都是安装calico网络差距的方法。
查看网卡转发
[root@k8s-node3 images]# iptables -nvL -t nat
[root@k8s-node3 images]# ifconfig
[root@k8s-node3 images]# ip r
[root@k8s-node3 images]# ifconfig
cali63819132f35: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1440
inet6 fe80::ecee:eeff:feee:eeee prefixlen 64 scopeid 0x20<link>
ether ee:ee:ee:ee:ee:ee txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
cali66b00abb893: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1440
inet6 fe80::ecee:eeff:feee:eeee prefixlen 64 scopeid 0x20<link>
ether ee:ee:ee:ee:ee:ee txqueuelen 0 (Ethernet)
RX packets 30120 bytes 2117252 (2.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30120 bytes 2117252 (2.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:7f:61:cc:ed txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.136 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 240e:3b2:32da:9970:20c:29ff:fe1a:bf6 prefixlen 64 scopeid 0x0<global>
inet6 fe80::20c:29ff:fe1a:bf6 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:1a:0b:f6 txqueuelen 1000 (Ethernet)
RX packets 613783 bytes 807611315 (770.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 112127 bytes 11425883 (10.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 30120 bytes 2117252 (2.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30120 bytes 2117252 (2.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tunl0: flags=193<UP,RUNNING,NOARP> mtu 1440
inet 192.168.107.192 netmask 255.255.255.255
tunnel txqueuelen 1000 (IPIP Tunnel)
RX packets 31397 bytes 16081715 (15.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 29796 bytes 2616662 (2.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@k8s-node3 images]# ip r
default via 192.168.1.1 dev ens33 proto static metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.1.0/24 dev ens33 proto kernel scope link src 192.168.1.136 metric 100
192.168.1.154 via 192.168.1.131 dev tunl0 proto bird onlink
192.168.36.64/26 via 192.168.1.134 dev tunl0 proto bird onlink
blackhole 192.168.107.192/26 proto bird
192.168.107.195 dev cali66b00abb893 scope link
192.168.107.200 dev cali63819132f35 scope link
192.168.159.128/26 via 192.168.1.131 dev tunl0 proto bird onlink
192.168.169.128/26 via 192.168.1.135 dev tunl0 proto bird onlink
192.168.224.0/26 via 192.168.1.132 dev tunl0 proto bird onlink
[root@k8s-node3 images]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 1 packets, 241 bytes)
pkts bytes target prot opt in out source destination
270 39152 cali-PREROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:6gwbT8clXdHdC1b1 */
358 56318 KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
11 10650 DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 1 packets, 241 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2 packets, 120 bytes)
pkts bytes target prot opt in out source destination
2866 172K cali-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tVnHkvAo15HuiPy0 */
3171 193K KUBE-SERVICES all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service portals */
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 2 packets, 120 bytes)
pkts bytes target prot opt in out source destination
2711 163K cali-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:O3lYWMrLQYEMJtB5 */
0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0
2881 176K KUBE-POSTROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes postrouting rules */
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
Chain KUBE-MARK-DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000
Chain KUBE-MARK-MASQ (21 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000
Chain KUBE-NODEPORTS (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/myappsvc: */ tcp dpt:32074
0 0 KUBE-SVC-S4M3VZTYC774P2CI tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* default/myappsvc: */ tcp dpt:32074
0 0 KUBE-MARK-MASQ tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* devs/myapptesvc: */ tcp dpt:31052
0 0 KUBE-SVC-7FTMKMBWERMGYGOL tcp -- * * 0.0.0.0/0 0.0.0.0/0 /* devs/myapptesvc: */ tcp dpt:31052
Chain KUBE-POSTROUTING (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service traffic requiring SNAT */ mark match 0x4000/0x4000
Chain KUBE-SEP-2CVYXI7CPJQ4S2I7 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 192.168.1.131 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp to:192.168.1.131:6443
Chain KUBE-SEP-7PPXA5JT5ALVQPIV (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.17.0.2 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp to:172.17.0.2:53
Chain KUBE-SEP-7T3N2VAXXWSLQ4WK (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 192.168.1.132 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp to:192.168.1.132:6443
Chain KUBE-SEP-CPJSBS35VMSBOKH6 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.17.0.3 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp to:172.17.0.3:53
Chain KUBE-SEP-DSL7LUEVWMEJDZFH (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.17.0.2 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp to:172.17.0.2:9153
Chain KUBE-SEP-HHGA4X2WVOS42ROD (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 192.168.107.195 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp to:192.168.107.195:80
Chain KUBE-SEP-ICEUYJUOINC2SEIN (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 192.168.169.132 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp to:192.168.169.132:80
Chain KUBE-SEP-ICPAVPOQMH5DEG7J (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 192.168.36.66 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp to:192.168.36.66:80
Chain KUBE-SEP-K7JQ5XSWBQ7MTKDL (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.17.0.3 0.0.0.0/0
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp to:172.17.0.3:53
Chain KUBE-SEP-MJ4C7PP2DS74GGQA (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.17.0.3 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp to:172.17.0.3:9153
Chain KUBE-SEP-OC6QERTONJSZRPZO (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 192.168.1.133 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp to:192.168.1.133:6443
Chain KUBE-SEP-SNPTLXDNVSPZ5ND2 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 172.17.0.2 0.0.0.0/0
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp to:172.17.0.2:53
Chain KUBE-SEP-W26VWPA4CTE65YIK (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ all -- * * 192.168.169.129 0.0.0.0/0
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp to:192.168.169.129:80
Chain KUBE-SERVICES (2 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-MARK-MASQ tcp -- * * !10.244.0.0/16 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443
0 0 KUBE-SVC-NPX46M4PTMTKRN6Y tcp -- * * 0.0.0.0/0 10.96.0.1 /* default/kubernetes:https cluster IP */ tcp dpt:443
0 0 KUBE-MARK-MASQ tcp -- * * !10.244.0.0/16 10.111.241.11 /* default/myappsvc: cluster IP */ tcp dpt:80
0 0 KUBE-SVC-S4M3VZTYC774P2CI tcp -- * * 0.0.0.0/0 10.111.241.11 /* default/myappsvc: cluster IP */ tcp dpt:80
0 0 KUBE-MARK-MASQ udp -- * * !10.244.0.0/16 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53
0 0 KUBE-SVC-TCOU7JCQXEZGVUNU udp -- * * 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:dns cluster IP */ udp dpt:53
0 0 KUBE-MARK-MASQ tcp -- * * !10.244.0.0/16 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53
0 0 KUBE-SVC-ERIFXISQEP7F7OF4 tcp -- * * 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:dns-tcp cluster IP */ tcp dpt:53
0 0 KUBE-MARK-MASQ tcp -- * * !10.244.0.0/16 10.96.0.10 /* kube-system/kube-dns:metrics cluster IP */ tcp dpt:9153
0 0 KUBE-SVC-JD5MR3NA4I4DYORP tcp -- * * 0.0.0.0/0 10.96.0.10 /* kube-system/kube-dns:metrics cluster IP */ tcp dpt:9153
0 0 KUBE-MARK-MASQ tcp -- * * !10.244.0.0/16 10.103.85.197 /* devs/myapptesvc: cluster IP */ tcp dpt:80
0 0 KUBE-SVC-7FTMKMBWERMGYGOL tcp -- * * 0.0.0.0/0 10.103.85.197 /* devs/myapptesvc: cluster IP */ tcp dpt:80
2 120 KUBE-NODEPORTS all -- * * 0.0.0.0/0 0.0.0.0/0 /* kubernetes service nodeports; NOTE: this must be the last rule in this chain */ ADDRTYPE match dst-type LOCAL
Chain KUBE-SVC-7FTMKMBWERMGYGOL (2 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-ICEUYJUOINC2SEIN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain KUBE-SVC-ERIFXISQEP7F7OF4 (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-7PPXA5JT5ALVQPIV all -- * * 0.0.0.0/0 0.0.0.0/0 statistic mode random probability 0.50000000000
0 0 KUBE-SEP-CPJSBS35VMSBOKH6 all -- * * 0.0.0.0/0 0.0.0.0/0
Chain KUBE-SVC-JD5MR3NA4I4DYORP (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-DSL7LUEVWMEJDZFH all -- * * 0.0.0.0/0 0.0.0.0/0 statistic mode random probability 0.50000000000
0 0 KUBE-SEP-MJ4C7PP2DS74GGQA all -- * * 0.0.0.0/0 0.0.0.0/0
Chain KUBE-SVC-NPX46M4PTMTKRN6Y (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-2CVYXI7CPJQ4S2I7 all -- * * 0.0.0.0/0 0.0.0.0/0 statistic mode random probability 0.33332999982
0 0 KUBE-SEP-7T3N2VAXXWSLQ4WK all -- * * 0.0.0.0/0 0.0.0.0/0 statistic mode random probability 0.50000000000
0 0 KUBE-SEP-OC6QERTONJSZRPZO all -- * * 0.0.0.0/0 0.0.0.0/0
Chain KUBE-SVC-S4M3VZTYC774P2CI (2 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-HHGA4X2WVOS42ROD all -- * * 0.0.0.0/0 0.0.0.0/0 statistic mode random probability 0.33332999982
0 0 KUBE-SEP-W26VWPA4CTE65YIK all -- * * 0.0.0.0/0 0.0.0.0/0 statistic mode random probability 0.50000000000
0 0 KUBE-SEP-ICPAVPOQMH5DEG7J all -- * * 0.0.0.0/0 0.0.0.0/0
Chain KUBE-SVC-TCOU7JCQXEZGVUNU (1 references)
pkts bytes target prot opt in out source destination
0 0 KUBE-SEP-SNPTLXDNVSPZ5ND2 all -- * * 0.0.0.0/0 0.0.0.0/0 statistic mode random probability 0.50000000000
0 0 KUBE-SEP-K7JQ5XSWBQ7MTKDL all -- * * 0.0.0.0/0 0.0.0.0/0
Chain cali-OUTPUT (1 references)
pkts bytes target prot opt in out source destination
2866 172K cali-fip-dnat all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:GBTAv2p5CwevEyJm */
Chain cali-POSTROUTING (1 references)
pkts bytes target prot opt in out source destination
2867 172K cali-fip-snat all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Z-c7XtVd2Bq7s_hA */
2867 172K cali-nat-outgoing all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:nYKhEzDlr11Jccal */
0 0 MASQUERADE all -- * tunl0 0.0.0.0/0 0.0.0.0/0 /* cali:JHlpT-eSqR1TvyYm */ ADDRTYPE match src-type !LOCAL limit-out ADDRTYPE match src-type LOCAL
Chain cali-PREROUTING (1 references)
pkts bytes target prot opt in out source destination
270 39152 cali-fip-dnat all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:r6XmIziWUJsdOK6Z */
Chain cali-fip-dnat (2 references)
pkts bytes target prot opt in out source destination
Chain cali-fip-snat (1 references)
pkts bytes target prot opt in out source destination
Chain cali-nat-outgoing (1 references)
pkts bytes target prot opt in out source destination
295 17401 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Dw4T8UWPnCLxRJiI */ match-set cali40masq-ipam-pools src ! match-set cali40all-ipam-pools dst
[root@k8s-node3 images]#
知识改变命运,努力创造奇迹~
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 25岁的心里话
· 闲置电脑爆改个人服务器(超详细) #公网映射 #Vmware虚拟网络编辑器
· 零经验选手,Compose 一天开发一款小游戏!
· 通过 API 将Deepseek响应流式内容输出到前端
· AI Agent开发,如何调用三方的API Function,是通过提示词来发起调用的吗