第一步,安装etcd:

  请参考以前的文章:  http://www.cnblogs.com/vincenshen/articles/8637949.html

第二步,下载calico:

sudo wget -O /usr/local/bin/calicoctl https://github.com/projectcalico/calicoctl/releases/download/v1.6.3/calicoctl

sudo chmod +x /usr/local/bin/calicoctl

第三步,编写calico配置文件:

apiVersion: v1

kind: calicoApiConfig

metadata:

spec:

  datastoreType: "etcdv2"

  etcdEndpoints: "http://etcd:2379"

第四步,运行calico node:

root@Docker003:~# sudo calicoctl node run --node-image=quay.io/calico/node:v2.6.8

sudo: unable to resolve host Docker003

Running command to load modules: modprobe -a xt_set ip6_tables

Enabling IPv4 forwarding

Enabling IPv6 forwarding

Increasing conntrack limit

Removing old calico-node container (if running).

Running the following command to start calico-node:

docker run --net=host --privileged --name=calico-node -d --restart=always -e NODENAME=Docker003 -e CALICO_NETWORKING_BACKEND=bird -e CALICO_LIBNETWORK_ENABLED=true -e ETCD_ENDPOINTS=http://172.16.65.151:2379 -v /var/log/calico:/var/log/calico -v /var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v /run:/run -v /run/docker/plugins:/run/docker/plugins -v /var/run/docker.sock:/var/run/docker.sock quay.io/calico/node:v2.6.8

Image may take a short time to download if it is not available locally.

Container started, checking progress logs.

-- ::40.421 [INFO][] startup.go : Early log level set to info

-- ::40.422 [INFO][] client.go : Loading config from environment

-- ::40.422 [INFO][] startup.go : Skipping datastore connection test

-- ::40.424 [INFO][] startup.go : Building new node resource Name="Docker003"

-- ::40.424 [INFO][] startup.go : Initialise BGP data

-- ::40.425 [INFO][] startup.go : Using autodetected IPv4 address on interface ens33: 172.16.65.153/

-- ::40.425 [INFO][] startup.go : Node IPv4 changed, will check for conflicts

-- ::40.431 [INFO][] startup.go : No AS number configured on node resource, using global value

-- ::40.434 [INFO][] etcd.go : Ready flag is already set

-- ::40.435 [INFO][] client.go : Using previously configured cluster GUID

-- ::40.450 [INFO][] compat.go : Returning configured node to node mesh

-- ::40.460 [INFO][] startup.go : Using node name: Docker003

-- ::40.529 [INFO][] client.go : Loading config from environment

Starting libnetwork service

Calico node started successfully

calico node会以container方式运行

第五步,查看运行结果:

root@Docker003:~# calicoctl node status

Calico process is running.

IPv4 BGP status

+---------------+-------------------+-------+----------+-------------+

| PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |

+---------------+-------------------+-------+----------+-------------+

| 172.16.65.152 | node-to-node mesh | up    | :: | Established |

+---------------+-------------------+-------+----------+-------------+

IPv6 BGP status

No IPv6 peers found.

第六步,创建calico网络

创建的calico网络会自动同步到其他Docker主机上

root@Docker003:~# docker network create --driver calico --ipam-driver calico-ipam calico_network01

0765e8cf3d7867715783f607d5fc1d8b54ef972ff697960c63aaf532d2900c51

root@Docker003:~# docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

d3436c79a405        bridge              bridge              local

0765e8cf3d78        calico_network01    calico              global

5de037f95399        host                host                local

f4305d9ce150        none                null                local

第七步,运行container

root@Docker003:~# docker run -itd --network calico_network01 --name bbox1 busybox
// calico并没有在Docker主机上创建bridge
root@Docker003:~# brctl show

bridge name    bridge id        STP enabled    interfaces

docker0        .0242c840a49d    no    

// 多了一个calico veth pair

root@Docker003:~# ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue state UNKNOWN group default qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::/ scope host

       valid_lft forever preferred_lft forever

: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc pfifo_fast state UP group default qlen

    link/ether :0c::0f::b7 brd ff:ff:ff:ff:ff:ff

    inet 172.16.65.153/ brd 172.16.65.255 scope global ens33

       valid_lft forever preferred_lft forever

    inet6 fe80::20c:29ff:fe0f:79b7/ scope link

       valid_lft forever preferred_lft forever

: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu  qdisc noqueue state DOWN group default

    link/ether ::c8::a4:9d brd ff:ff:ff:ff:ff:ff

    inet 172.17.0.1/ brd 172.17.255.255 scope global docker0

       valid_lft forever preferred_lft forever

: calia9212856e7c@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc noqueue state UP group default

    link/ether :3c:::7e: brd ff:ff:ff:ff:ff:ff link-netnsid

    inet6 fe80::903c:80ff:fe31:7e18/ scope link

       valid_lft forever preferred_lft forever


// container的网络和Docker主机通过calico veth pair连接

root@Docker003:~# docker exec bbox1 ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

: cali0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu  qdisc noqueue

    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff

    inet 192.168.109.128/ brd 192.168.109.128 scope global cali0

       valid_lft forever preferred_lft forever

在其他Docker主机上也运行Container并加入相同的Calico网络

root@Docker003:~# ip route

default via 172.16.65.2 dev ens33 onlink

172.16.65.0/ dev ens33  proto kernel  scope link  src 172.16.65.153

172.17.0.0/ dev docker0  proto kernel  scope link  src 172.17.0.1 linkdown

192.168.109.128 dev calia9212856e7c  scope link

blackhole 192.168.109.128/  proto bird

192.168.214.64/ via 172.16.65.152 dev ens33  proto bird

在多个Docker主机上运行Container连接到同一个calico网络测试连通性

root@Docker002:~# docker exec bbox2 ping -c  bbox1

PING bbox1 (192.168.109.128):  data bytes

 bytes from 192.168.109.128: seq= ttl= time=0.447 ms

 bytes from 192.168.109.128: seq= ttl= time=1.328 ms

--- bbox1 ping statistics ---

 packets transmitted,  packets received, % packet loss

round-trip min/avg/max = 0.447/0.887/1.328 ms

calico为Container提供DNS服务。

第八步,为calico配置Policy

calico 默认的 policy 规则是:容器只能与同一个 calico 网络中的容器通信

root@Docker002:~# calicoctl get profile calico_network01 -o yaml

- apiVersion: v1

  kind: profile

  metadata:

    name: calico_network01

    tags:

    - calico_network01

  spec:

    egress:

    - action: allow

      destination: {}

      source: {}

    ingress:

    - action: allow

      destination: {}

      source:

        tag: calico_network01

编写policy yml文件

root@Docker003:~# vim test_ping.yml

- apiVersion: v1

  kind: profile

  metadata:

    name: calico_network02

  spec:

    ingress:

    - action: allow

      protocol: icmp

      source:

        tag: calico_network01

      destination: {}

应用policy

root@Docker003:~# calicoctl apply -f test_ping.yml

Successfully applied  'profile' resource(s)

docker calico安装的更多相关文章

  1. docker——容器安装tomcat

    写在前面: 继续docker的学习,学习了docker的基本常用命令之后,我在docker上安装jdk,tomcat两个基本的java web工具,这里对操作流程记录一下. 软件准备: 1.jdk-7 ...

  2. docker 启动安装等命令

    确认是否安装url whereis curl 启动docker服务: sudo service docker start sudo service docker stop 安装curl sudo ap ...

  3. DOCKER windows安装

    DOCKER windows安装 1.下载程序包 2. 设置环境变量 3. 启动DOCKERT 4. 分析start.sh 5. 利用SSH工具管理 6. 下载镜像 6.1 下载地址 6.2 用FTP ...

  4. 在docker里面安装部署应用

    最近一直在做docker的安装打包工作,学到不少东西,在博客里记一下. 环境centos6 ,docker 基础镜象centos6 1.创建本地基础镜象,安装基础命令包 (1)Dockerfile,D ...

  5. Docker Centos安装Redis以及问题处理

    之前一篇文章 Redis安装及主从配置 介绍了redis的安装配置,另一篇文件介绍了 Docker Centos安装Openssh .今天将两篇文件结合一下——在Docker Centos环境下搭建r ...

  6. Docker Centos安装Mysql5.6

    之前一篇随笔<Docker Centos安装Openssh> 写的是如何在基础的centos镜像中搭建ssh服务,在此基础上再搭建其他服务.本文继续介绍在centos_ssh基础上搭建my ...

  7. Docker的安装及简单使用

    1.  Docker的安装 (这里的“安装docker”其实就是安装Docker Engine) $ sudo apt-get intasll docker.io note: apt-get是ubun ...

  8. docker 的安装

    官方站点上有各种环境下的 安装指南,这里主要介绍下Ubuntu和CentOS系列的安装. Ubuntu 系列安装 Docker 通过系统自带包安装 Ubuntu 14.04 版本号系统中已经自带了 D ...

  9. docker 17 安装

    docker17 安装 新增一键安装命令: curl -sSL https://get.docker.com/ | sh 以下为手动安装过程 翻译自 Get Docker for Ubuntu Doc ...

随机推荐

  1. 从git上拉下来的严选weex项目demo

    项目地址 https://github.com/zwwill/yanxuan-weex-demo 在package.json里"author"之类后面加上 "privat ...

  2. js instanceof (2)

    instanceof运算符可以用来判断某个构造函数的prototype属性是否存在另外一个要检测对象的原型链上.实例一:普遍用法 A instanceof B :检测B.prototype是否存在于参 ...

  3. -webkit-transition: all .2s ease-in-out;

    W3C标准中对CSS3的transition这是样描述的:CSS的transition允许CSS的属性值在一定的时间区间内平滑地过渡.这种效果可以在鼠标单击.获得焦点.被点击或对元素任何改变中触发,并 ...

  4. SQL金典

    ps:补充自己的基础知识,大神请无视.. ~~~~~~~~~~~~~~~~~~~~~ DataBase Management System,DBMS.... Catalog ...库 Table... ...

  5. Linux之(tomcat)服务之服务调优

    Tomcat调优原则: ● 增加连接数 ● 调整工作模式 ● 启用gzip压缩 ● 调整JVM内存大小 ● 作为web服务器时,与Apache或者Nginx整合 ● 合理选择垃圾回收算法 ● 尽量使用 ...

  6. Android开发:《Gradle Recipes for Android》阅读笔记(翻译)3.3——整合resource文件

    问题: 想要在product的flavor里面改变图片,文字或者其它资源. 解决方案: 在flavor里面增加合适的资源目录,并且改变他们包含的值. 讨论: 考虑下3.2章的“hello world ...

  7. 【BZOJ3239】Discrete Logging BSGS

    [BZOJ3239]Discrete Logging Description Given a prime P, 2 <= P < 231, an integer B, 2 <= B ...

  8. 《挑战程序设计竞赛》2.1 广度优先搜索 AOJ0558 POJ3669 AOJ0121

    AOJ0558 原文链接: AOJ0558 题意: 在H * W的地图上有N个奶酪工厂,分别生产硬度为1-N的奶酪.有一只吃货老鼠准备从老鼠洞出发吃遍每一个工厂的奶酪.老鼠有一个体力值,初始时为1,每 ...

  9. jquery lazyload延迟加载技术的实现原理分析_jquery

    前言 懒加载技术(简称lazyload)并不是新技术,它是js程序员对网页性能优化的一种方案.lazyload的核心是按需加载.在大型网站中都有lazyload的身影,例如谷歌的图片搜索页,迅雷首页, ...

  10. 时间格式化输出strtime

    The format argument consists of one or more codes; as in printf, the formatting codes are preceded b ...