第一步,安装etcd:

  请参考以前的文章:  http://www.cnblogs.com/vincenshen/articles/8637949.html

第二步,下载calico:

sudo wget -O /usr/local/bin/calicoctl https://github.com/projectcalico/calicoctl/releases/download/v1.6.3/calicoctl

sudo chmod +x /usr/local/bin/calicoctl

第三步,编写calico配置文件:

apiVersion: v1

kind: calicoApiConfig

metadata:

spec:

  datastoreType: "etcdv2"

  etcdEndpoints: "http://etcd:2379"

第四步,运行calico node:

root@Docker003:~# sudo calicoctl node run --node-image=quay.io/calico/node:v2.6.8

sudo: unable to resolve host Docker003

Running command to load modules: modprobe -a xt_set ip6_tables

Enabling IPv4 forwarding

Enabling IPv6 forwarding

Increasing conntrack limit

Removing old calico-node container (if running).

Running the following command to start calico-node:

docker run --net=host --privileged --name=calico-node -d --restart=always -e NODENAME=Docker003 -e CALICO_NETWORKING_BACKEND=bird -e CALICO_LIBNETWORK_ENABLED=true -e ETCD_ENDPOINTS=http://172.16.65.151:2379 -v /var/log/calico:/var/log/calico -v /var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v /run:/run -v /run/docker/plugins:/run/docker/plugins -v /var/run/docker.sock:/var/run/docker.sock quay.io/calico/node:v2.6.8

Image may take a short time to download if it is not available locally.

Container started, checking progress logs.

-- ::40.421 [INFO][] startup.go : Early log level set to info

-- ::40.422 [INFO][] client.go : Loading config from environment

-- ::40.422 [INFO][] startup.go : Skipping datastore connection test

-- ::40.424 [INFO][] startup.go : Building new node resource Name="Docker003"

-- ::40.424 [INFO][] startup.go : Initialise BGP data

-- ::40.425 [INFO][] startup.go : Using autodetected IPv4 address on interface ens33: 172.16.65.153/

-- ::40.425 [INFO][] startup.go : Node IPv4 changed, will check for conflicts

-- ::40.431 [INFO][] startup.go : No AS number configured on node resource, using global value

-- ::40.434 [INFO][] etcd.go : Ready flag is already set

-- ::40.435 [INFO][] client.go : Using previously configured cluster GUID

-- ::40.450 [INFO][] compat.go : Returning configured node to node mesh

-- ::40.460 [INFO][] startup.go : Using node name: Docker003

-- ::40.529 [INFO][] client.go : Loading config from environment

Starting libnetwork service

Calico node started successfully

calico node会以container方式运行

第五步,查看运行结果:

root@Docker003:~# calicoctl node status

Calico process is running.

IPv4 BGP status

+---------------+-------------------+-------+----------+-------------+

| PEER ADDRESS  |     PEER TYPE     | STATE |  SINCE   |    INFO     |

+---------------+-------------------+-------+----------+-------------+

| 172.16.65.152 | node-to-node mesh | up    | :: | Established |

+---------------+-------------------+-------+----------+-------------+

IPv6 BGP status

No IPv6 peers found.

第六步,创建calico网络

创建的calico网络会自动同步到其他Docker主机上

root@Docker003:~# docker network create --driver calico --ipam-driver calico-ipam calico_network01

0765e8cf3d7867715783f607d5fc1d8b54ef972ff697960c63aaf532d2900c51

root@Docker003:~# docker network ls

NETWORK ID          NAME                DRIVER              SCOPE

d3436c79a405        bridge              bridge              local

0765e8cf3d78        calico_network01    calico              global

5de037f95399        host                host                local

f4305d9ce150        none                null                local

第七步,运行container

root@Docker003:~# docker run -itd --network calico_network01 --name bbox1 busybox
// calico并没有在Docker主机上创建bridge
root@Docker003:~# brctl show

bridge name    bridge id        STP enabled    interfaces

docker0        .0242c840a49d    no    

// 多了一个calico veth pair

root@Docker003:~# ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue state UNKNOWN group default qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::/ scope host

       valid_lft forever preferred_lft forever

: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc pfifo_fast state UP group default qlen

    link/ether :0c::0f::b7 brd ff:ff:ff:ff:ff:ff

    inet 172.16.65.153/ brd 172.16.65.255 scope global ens33

       valid_lft forever preferred_lft forever

    inet6 fe80::20c:29ff:fe0f:79b7/ scope link

       valid_lft forever preferred_lft forever

: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu  qdisc noqueue state DOWN group default

    link/ether ::c8::a4:9d brd ff:ff:ff:ff:ff:ff

    inet 172.17.0.1/ brd 172.17.255.255 scope global docker0

       valid_lft forever preferred_lft forever

: calia9212856e7c@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu  qdisc noqueue state UP group default

    link/ether :3c:::7e: brd ff:ff:ff:ff:ff:ff link-netnsid

    inet6 fe80::903c:80ff:fe31:7e18/ scope link

       valid_lft forever preferred_lft forever


// container的网络和Docker主机通过calico veth pair连接

root@Docker003:~# docker exec bbox1 ip a

: lo: <LOOPBACK,UP,LOWER_UP> mtu  qdisc noqueue qlen

    link/loopback ::::: brd :::::

    inet 127.0.0.1/ scope host lo

       valid_lft forever preferred_lft forever

: cali0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu  qdisc noqueue

    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff

    inet 192.168.109.128/ brd 192.168.109.128 scope global cali0

       valid_lft forever preferred_lft forever

在其他Docker主机上也运行Container并加入相同的Calico网络

root@Docker003:~# ip route

default via 172.16.65.2 dev ens33 onlink

172.16.65.0/ dev ens33  proto kernel  scope link  src 172.16.65.153

172.17.0.0/ dev docker0  proto kernel  scope link  src 172.17.0.1 linkdown

192.168.109.128 dev calia9212856e7c  scope link

blackhole 192.168.109.128/  proto bird

192.168.214.64/ via 172.16.65.152 dev ens33  proto bird

在多个Docker主机上运行Container连接到同一个calico网络测试连通性

root@Docker002:~# docker exec bbox2 ping -c  bbox1

PING bbox1 (192.168.109.128):  data bytes

 bytes from 192.168.109.128: seq= ttl= time=0.447 ms

 bytes from 192.168.109.128: seq= ttl= time=1.328 ms

--- bbox1 ping statistics ---

 packets transmitted,  packets received, % packet loss

round-trip min/avg/max = 0.447/0.887/1.328 ms

calico为Container提供DNS服务。

第八步,为calico配置Policy

calico 默认的 policy 规则是:容器只能与同一个 calico 网络中的容器通信

root@Docker002:~# calicoctl get profile calico_network01 -o yaml

- apiVersion: v1

  kind: profile

  metadata:

    name: calico_network01

    tags:

    - calico_network01

  spec:

    egress:

    - action: allow

      destination: {}

      source: {}

    ingress:

    - action: allow

      destination: {}

      source:

        tag: calico_network01

编写policy yml文件

root@Docker003:~# vim test_ping.yml

- apiVersion: v1

  kind: profile

  metadata:

    name: calico_network02

  spec:

    ingress:

    - action: allow

      protocol: icmp

      source:

        tag: calico_network01

      destination: {}

应用policy

root@Docker003:~# calicoctl apply -f test_ping.yml

Successfully applied  'profile' resource(s)

docker calico安装的更多相关文章

  1. docker——容器安装tomcat

    写在前面: 继续docker的学习,学习了docker的基本常用命令之后,我在docker上安装jdk,tomcat两个基本的java web工具,这里对操作流程记录一下. 软件准备: 1.jdk-7 ...

  2. docker 启动安装等命令

    确认是否安装url whereis curl 启动docker服务: sudo service docker start sudo service docker stop 安装curl sudo ap ...

  3. DOCKER windows安装

    DOCKER windows安装 1.下载程序包 2. 设置环境变量 3. 启动DOCKERT 4. 分析start.sh 5. 利用SSH工具管理 6. 下载镜像 6.1 下载地址 6.2 用FTP ...

  4. 在docker里面安装部署应用

    最近一直在做docker的安装打包工作,学到不少东西,在博客里记一下. 环境centos6 ,docker 基础镜象centos6 1.创建本地基础镜象,安装基础命令包 (1)Dockerfile,D ...

  5. Docker Centos安装Redis以及问题处理

    之前一篇文章 Redis安装及主从配置 介绍了redis的安装配置,另一篇文件介绍了 Docker Centos安装Openssh .今天将两篇文件结合一下——在Docker Centos环境下搭建r ...

  6. Docker Centos安装Mysql5.6

    之前一篇随笔<Docker Centos安装Openssh> 写的是如何在基础的centos镜像中搭建ssh服务,在此基础上再搭建其他服务.本文继续介绍在centos_ssh基础上搭建my ...

  7. Docker的安装及简单使用

    1.  Docker的安装 (这里的“安装docker”其实就是安装Docker Engine) $ sudo apt-get intasll docker.io note: apt-get是ubun ...

  8. docker 的安装

    官方站点上有各种环境下的 安装指南,这里主要介绍下Ubuntu和CentOS系列的安装. Ubuntu 系列安装 Docker 通过系统自带包安装 Ubuntu 14.04 版本号系统中已经自带了 D ...

  9. docker 17 安装

    docker17 安装 新增一键安装命令: curl -sSL https://get.docker.com/ | sh 以下为手动安装过程 翻译自 Get Docker for Ubuntu Doc ...

随机推荐

  1. 没有Promise的时候自己处理复合异步请求

    function getList(options){ $.ajax(success:funciton(){ if(options.callback) options.callback.call(); ...

  2. dedecms代码详解 很全面

    dedecms代码研究(1)开篇dedecms 相信大家一定都知道这个cms 系统,功能比较强大,有比较完善的内容发布,还有内容静态化系统,还有就是它有自己独特的标签系统和模板系统.而模板系统也是其他 ...

  3. ASP.NET MVC 使用dataTable(3)--更多选项参考

    ASP.NET MVC 使用dataTable(3)--更多选项参考 jQuery  dataTables 插件是一个优秀的表格插件,是后台工程师的福音!它提供了针对数据表格的排序.浏览器分页.服务器 ...

  4. CF 617E【莫队求区间异或和】

    E. XOR and Favorite Number time limit per test 4 seconds memory limit per test 256 megabytes input s ...

  5. CSS3选择器:nth-child与:nth-of-type区别

    一.:nth-child 1.1 说明 :nth-child(n)选择器匹配属于其父元素的第N个子元素,不论元素的类型.n可以是数字.关键词或公式. 注意:如果第N个子元素与选择的元素类型不同则样式无 ...

  6. kubernetes 搭建教程

    http://blog.csdn.net/u011563903/article/details/71037093

  7. R语言(一)

    向量运算 R的强大功能之一就是把整个数据向量作为一个单一对象来处理.一个数据向量仅是数字的排列,一个向量可以通过如下方式构造 weight<-c(,,,) weight [] 结构c(--)用来 ...

  8. SpringBoot入门1—简介及helloworld

    Spring Boot简介 Spring Boot让我们的Spring应用变的更轻量化.比如:你可以仅仅依靠一个Java类来运行一个Spring引用.你也可以打包你的应用为jar并通过使用java - ...

  9. 安装和使用jupyter

    安装 pip install jupyter 使用 jupyter notebook

  10. 剑指offer 面试58题

    面试58题: 题目:翻转字符串 题:牛客最近来了一个新员工Fish,每天早晨总是会拿着一本英文杂志,写些句子在本子上.同事Cat对Fish写的内容颇感兴趣,有一天他向Fish借来翻看,但却读不懂它的意 ...