第一步,安装etcd:

  请参考以前的文章:  http://www.cnblogs.com/vincenshen/articles/8637949.html

第二步,下载calico:

sudo wget -O /usr/local/bin/calicoctl https://github.com/projectcalico/calicoctl/releases/download/v1.6.3/calicoctl

sudo chmod +x /usr/local/bin/calicoctl

第三步,编写calico配置文件:

apiVersion: v1

kind: calicoApiConfig

metadata:

spec:

  datastoreType: "etcdv2"

  etcdEndpoints: "http://etcd:2379"

第四步,运行calico node:

root@Docker003:~# sudo calicoctl node run --node-image=quay.io/calico/node:v2.6.8

sudo: unable to resolve host Docker003

Running command to load modules: modprobe -a xt_set ip6_tables

Enabling IPv4 forwarding

Enabling IPv6 forwarding

Increasing conntrack limit

Removing old calico-node container (if running).

Running the following command to start calico-node:

docker run --net=host --privileged --name=calico-node -d --restart=always -e NODENAME=Docker003 -e CALICO_NETWORKING_BACKEND=bird -e CALICO_LIBNETWORK_ENABLED=true -e ETCD_ENDPOINTS=http://172.16.65.151:2379 -v /var/log/calico:/var/log/calico -v /var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v /run:/run -v /run/docker/plugins:/run/docker/plugins -v /var/run/docker.sock:/var/run/docker.sock quay.io/calico/node:v2.6.8

Image may take a short time to download if it is not available locally.

Container started, checking progress logs.

-- ::40.421 [INFO][] startup.go : Early log level set to info

-- ::40.422 [INFO][] client.go : Loading config from environment

-- ::40.422 [INFO][] startup.go : Skipping datastore connection test

-- ::40.424 [INFO][] startup.go : Building new node resource Name="Docker003"

-- ::40.424 [INFO][] startup.go : Initialise BGP data

-- ::40.425 [INFO][] startup.go : Using autodetected IPv4 address on interface ens33: 172.16.65.153/

-- ::40.425 [INFO][] startup.go : Node IPv4 changed, will check for conflicts

-- ::40.431 [INFO][] startup.go : No AS number configured on node resource, using global value

-- ::40.434 [INFO][] etcd.go : Ready flag is already set

-- ::40.435 [INFO][] client.go : Using previously configured cluster GUID

-- ::40.450 [INFO][] compat.go : Returning configured node to node mesh

-- ::40.460 [INFO][] startup.go : Using node name: Docker003

-- ::40.529 [INFO][] client.go : Loading config from environment

Starting libnetwork service

Calico node started successfully

calico node会以container方式运行

第五步,查看运行结果:

root@Docker003:~# calicoctl node status

Calico process is running.

IPv4 BGP status

+---------------+-------------------+-------+----------+-------------+

| PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |

+---------------+-------------------+-------+----------+-------------+

| 172.16.65.152 | node-to-node mesh | up    | :: | Established |

+---------------+-------------------+-------+----------+-------------+

IPv6 BGP status

No IPv6 peers found.

第六步,创建calico网络

创建的calico网络会自动同步到其他Docker主机上

root@Docker003:~# docker network create --driver calico --ipam-driver calico-ipam calico_network01

0765e8cf3d7867715783f607d5fc1d8b54ef972ff697960c63aaf532d2900c51

root@Docker003:~# docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

d3436c79a405        bridge              bridge              local

0765e8cf3d78        calico_network01    calico              global

5de037f95399        host                host                local

f4305d9ce150        none                null                local

第七步,运行container

root@Docker003:~# docker run -itd --network calico_network01 --name bbox1 busybox
// calico并没有在Docker主机上创建bridge
root@Docker003:~# brctl show

bridge name    bridge id        STP enabled    interfaces

docker0        .0242c840a49d    no    

// 多了一个calico veth pair

root@Docker003:~# ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue state UNKNOWN group default qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::/ scope host

       valid_lft forever preferred_lft forever

: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc pfifo_fast state UP group default qlen

    link/ether :0c::0f::b7 brd ff:ff:ff:ff:ff:ff

    inet 172.16.65.153/ brd 172.16.65.255 scope global ens33

       valid_lft forever preferred_lft forever

    inet6 fe80::20c:29ff:fe0f:79b7/ scope link

       valid_lft forever preferred_lft forever

: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu  qdisc noqueue state DOWN group default

    link/ether ::c8::a4:9d brd ff:ff:ff:ff:ff:ff

    inet 172.17.0.1/ brd 172.17.255.255 scope global docker0

       valid_lft forever preferred_lft forever

: calia9212856e7c@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc noqueue state UP group default

    link/ether :3c:::7e: brd ff:ff:ff:ff:ff:ff link-netnsid

    inet6 fe80::903c:80ff:fe31:7e18/ scope link

       valid_lft forever preferred_lft forever


// container的网络和Docker主机通过calico veth pair连接

root@Docker003:~# docker exec bbox1 ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

: cali0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu  qdisc noqueue

    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff

    inet 192.168.109.128/ brd 192.168.109.128 scope global cali0

       valid_lft forever preferred_lft forever

在其他Docker主机上也运行Container并加入相同的Calico网络

root@Docker003:~# ip route

default via 172.16.65.2 dev ens33 onlink

172.16.65.0/ dev ens33  proto kernel  scope link  src 172.16.65.153

172.17.0.0/ dev docker0  proto kernel  scope link  src 172.17.0.1 linkdown

192.168.109.128 dev calia9212856e7c  scope link

blackhole 192.168.109.128/  proto bird

192.168.214.64/ via 172.16.65.152 dev ens33  proto bird

在多个Docker主机上运行Container连接到同一个calico网络测试连通性

root@Docker002:~# docker exec bbox2 ping -c  bbox1

PING bbox1 (192.168.109.128):  data bytes

 bytes from 192.168.109.128: seq= ttl= time=0.447 ms

 bytes from 192.168.109.128: seq= ttl= time=1.328 ms

--- bbox1 ping statistics ---

 packets transmitted,  packets received, % packet loss

round-trip min/avg/max = 0.447/0.887/1.328 ms

calico为Container提供DNS服务。

第八步,为calico配置Policy

calico 默认的 policy 规则是:容器只能与同一个 calico 网络中的容器通信

root@Docker002:~# calicoctl get profile calico_network01 -o yaml

- apiVersion: v1

  kind: profile

  metadata:

    name: calico_network01

    tags:

    - calico_network01

  spec:

    egress:

    - action: allow

      destination: {}

      source: {}

    ingress:

    - action: allow

      destination: {}

      source:

        tag: calico_network01

编写policy yml文件

root@Docker003:~# vim test_ping.yml

- apiVersion: v1

  kind: profile

  metadata:

    name: calico_network02

  spec:

    ingress:

    - action: allow

      protocol: icmp

      source:

        tag: calico_network01

      destination: {}

应用policy

root@Docker003:~# calicoctl apply -f test_ping.yml

Successfully applied  'profile' resource(s)

docker calico安装的更多相关文章

  1. docker——容器安装tomcat

    写在前面: 继续docker的学习,学习了docker的基本常用命令之后,我在docker上安装jdk,tomcat两个基本的java web工具,这里对操作流程记录一下. 软件准备: 1.jdk-7 ...

  2. docker 启动安装等命令

    确认是否安装url whereis curl 启动docker服务: sudo service docker start sudo service docker stop 安装curl sudo ap ...

  3. DOCKER windows安装

    DOCKER windows安装 1.下载程序包 2. 设置环境变量 3. 启动DOCKERT 4. 分析start.sh 5. 利用SSH工具管理 6. 下载镜像 6.1 下载地址 6.2 用FTP ...

  4. 在docker里面安装部署应用

    最近一直在做docker的安装打包工作,学到不少东西,在博客里记一下. 环境centos6 ,docker 基础镜象centos6 1.创建本地基础镜象,安装基础命令包 (1)Dockerfile,D ...

  5. Docker Centos安装Redis以及问题处理

    之前一篇文章 Redis安装及主从配置 介绍了redis的安装配置,另一篇文件介绍了 Docker Centos安装Openssh .今天将两篇文件结合一下——在Docker Centos环境下搭建r ...

  6. Docker Centos安装Mysql5.6

    之前一篇随笔<Docker Centos安装Openssh> 写的是如何在基础的centos镜像中搭建ssh服务,在此基础上再搭建其他服务.本文继续介绍在centos_ssh基础上搭建my ...

  7. Docker的安装及简单使用

    1.  Docker的安装 (这里的“安装docker”其实就是安装Docker Engine) $ sudo apt-get intasll docker.io note: apt-get是ubun ...

  8. docker 的安装

    官方站点上有各种环境下的 安装指南,这里主要介绍下Ubuntu和CentOS系列的安装. Ubuntu 系列安装 Docker 通过系统自带包安装 Ubuntu 14.04 版本号系统中已经自带了 D ...

  9. docker 17 安装

    docker17 安装 新增一键安装命令: curl -sSL https://get.docker.com/ | sh 以下为手动安装过程 翻译自 Get Docker for Ubuntu Doc ...

随机推荐

  1. SlidingMenu官方实例分析6——ResponsiveUIActivity

    ResponsiveUIActivity 这个类实现的是一个响应适UI设计重点是布局的设计: layout布局如下: layout-large-land布局如下: layout-xlarge布局如下: ...

  2. 椭圆参数方程中的θ(离心角Theta)

    椭圆参数方程中的离心角θ是交以其x轴对应外接圆上点的角度(或是交以其y轴对应内接圆上点的角度) 椭圆的参数程为:x=acosθy=bsinθ.M(x,y)椭圆上一点.过M作直线⊥X轴,交以O为圆心,以 ...

  3. 2205 Problem B

    问题 B: [高精度]简单高精度加法 时间限制: 1 Sec  内存限制: 64 MB 提交: 77  解决: 25 [提交][状态][讨论版] 题目描述 修罗王解决了计算机的内存限制问题,终于可以使 ...

  4. mvc ajax给control传值问题

    jquery中的ajax操作给后台传值 $.ajax({ type: 'POST',   url: '<%=Url.Action("test","testIndex ...

  5. hibernate createQuery查询传递参数的两种方式

    String hql = "from InventoryTask it where it.orgId=:orgId"; Session session = getSession() ...

  6. 《从零开始学Swift》学习笔记(Day 30)——选择类还是结构体呢?

    原创文章,欢迎转载.转载请注明:关东升的博客 类和结构体非常相似,很多情况下没有区别.如果你是设计人员在进行系统设计时候,是将某种类型设计成为类还是结构体? 类和结构体异同: 类和结构体都有如下功能: ...

  7. docker-compose安装confluence

    1.首先安装docker-compose   pip install docker-compose       安装完成提示:         2.编写mysql-confluence-compose ...

  8. tomcat 配置自签名ssl证书

    背景:据说17年苹果app必须走https协议与后台交互了,网上各种搜索最后还是发现有2篇写的比较全面,折腾后总结出2种实现方式.在这里记录,方便有共同需求的同学们参考 本文只介绍生成自签名ssl证书 ...

  9. iOS RunLoop详解

    1. RunLoop简介 1.1 什么是RUnLoop 可以理解为字面的意思:Run表示运行,Loop表示循环.结合在一起就是运行的循环.通常叫做运行循环. RunLoop实际上是一个对象,这个对象在 ...

  10. Vuejs2.0 cnpm 安装脚手架项目模板

    NPM 方法 因为npm 安装速度慢,所以我们可以使用淘宝的镜像cnpm 再安装之前 我们需要先安装nodejs  因为vue框架也是基于nodeljs 下载地址:http://nodejs.cn/d ...