Shulou(Shulou.com)06/01 Report--

This article shows you how to deploy and verify calico on docker. The content is concise and easy to understand. It will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

1. Background

The following deployment takes a five-server environment as an example:

Server 1: hostname is etcdnode1, IP is 192.168.56.100 Server 2: hostname is etcdnode2, IP is 192.168.56.101 Server 3: hostname is etcdnode3, IP is 192.168.56.102 Server 2: hostname is hostnode1, IP is 192.168.56.200 Server 3: hostname is hostnode2, IP is 192.168.56.201

Among them, etcdnode1,etcdnode2 and etcdnode3 will deploy etcd as the back-end distributed storage of the calico network, and hostnode1 and hostnode2 will deploy the calico network.

Software background:

Ubuntu 16.04 etcd-v3.1.10 Docker calicoctl-v1.6.1 calico/node image-v.2.6.2 calico, calico-ipam plugins-v1.11.02. Deploy 2.1. Etcd deployment

Etcdnode1,etcdnode2 and etcdnode3 deploy etcd by executing the following commands, respectively.

2.1.1. Install etcd# cd / usr/local# curl-L https://github.com/coreos/etcd/releases/download/v3.1.10/etcd-v3.1.10-linux-amd64.tar.gz-o etcd-v3.1.10-linux-amd64.tar.gz# tar-zxf etcd-v3.1.9-linux-amd64.tar.gz# cd etcd-v3.1.9-linux-amd64# cp etcd etcdctl / usr/bin# mkdir-p / var/lib/etcd# chmod-R a+rw / var/lib/etcd2.1.2. Create a systemd service file

Open the / etc/systemd/system/etcd.service file using vi.

[Unit] Description=etcdDocumentation= https://github.com/coreos/etcd[Service]Type=notifyRestart=alwaysRestartSec=5sLimitNOFILE=40000TimeoutStartSec=0 ExecStart=/usr/bin/etcd-- name ${local_hostname}\-data-dir / var/lib/etcd\-listen-client-urls http://0.0.0.0:2379\-listen-peer-urls http://0.0.0.0:2380\-advertise-client-urls http://${local_IP}:2379\ -- initial-advertise-peer-urls http://${local_IP}:2380\-- initial-cluster * etcdnode1= http://192.168.56.100:2380, Etcdnode2= http://192.168.56.101:2380, etcdnode3=http:// 192.168.56.102 initial-cluster-token my-etcd-token 2380 *-- initial-cluster-token my-etcd-token\-- initial-cluster-state new [Install] WantedBy=multi-user.target

It is important to note that local_hostname and local_IP need to be replaced with the node's own hostname and IP addresses.

2.1.3. Start the etcd service

After all etcd nodes have performed the above steps at the same time, perform the following steps at the same time.

# systemctl daemon-reload# systemctl enable etcd.service# systemctl start etcd.service2.1.4. Check etcd status # etcdctl cluster-health / / check the health status of the cluster # etcdctl member list / / return the list of cluster members 2.2. Docker deployment

Both hostnode1 and hostnode2 nodes need to be configured.

2.2.1. Install docker# apt-y install docker.io2.2.2. Modify daemon.json

The Docker daemon requires the storage and notification capabilities of etcd to be configured in the / etc/docker/daemon.json file. You can open / etc/docker/daemon.json through vi and replace ${local_IP} with each dockerhost's own IP address.

{"cluster-store": "* * etcd://192.168.56.100:2379, 192.168.56.101 cluster-store 2379192.168.56.102", "cluster-advertise": "${local_IP}: 2375", "hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]} 2.2.3. Restart the docker service # systemctl restart docker.service

It will take some time to restart. After completion, confirm whether the docker configuration is effective.

# docker info... Cluster Store: etcd://192.168.56.100:2379192.168.56.101:2379, 192.168.56.102:2379Cluster Advertise: 192.168.56.200:2375Insecure Registries: 127.0.0.0/82.3. Calico deployment

Each docker host requires configuration.

2.3.1. Download calico

PS: we are downloading and using v1.6.1 here. As of now, calico has a v3.1.1 version.

# wget-O / usr/local/bin/calicoctl https://github.com/projectcalico/calicoctl/releases/download/v1.6.1/calicoctl# chmod + x / usr/local/bin/calicoctl# mkdir / var/lib/calico# curl-L-o/var/lib/calico/calico https://github.com/projectcalico/cni-plugin/releases/download/v1.11.0/calico# curl-L-o/var/lib/calico/calico-ipam https://github.com/projectcalico/cni-plugin/ Releases/download/v1.11.0/calico-ipam# chmod + x/var/lib/calico/calico # chmod + x/var/lib/calico/calico-ipam2.3.2. Add calico configuration # mkdir-p / etc/calico

Then modify the configuration of calico by adding the following to the / etc/calico/calicoctl.cfg file. Here, the main purpose is to increase the configuration of the etcd terminal, if there are multiple etcd nodes, you can use a comma connection.

ApiVersion: v1kind: calicoApiConfigmetadata:spec: datastoreType: "etcdv2" etcdEndpoints: "http:// 192.168.56.100 http://192.168.56.102:2379"2.3.3. 2379 / 192.168.56.101 http://192.168.56.102:2379"2.3.3. Set kernel network parameters

Calico requires parameters such as "net.ipv4.conf.all.rp_filter" and "net.ipv4.ip_forward" to be enabled, but some distributions do not enable these parameters by default, so they need to be enabled manually.

# echo "net.ipv4.conf.all.rp_filter=1" > > / etc/sysctl.conf# echo "net.ipv4.ip_forward=1" > > / etc/sysctl.conf# sysctl-p 2.3.4. Start the calico/node container

To start the calico/node container, you may need to download the corresponding image on the Internet. In addition, ${local_IP} needs to be replaced with the IP address of their respective docker host.

Then:

# calicoctl node run--node-image=calico/node:v2.6.2-- ip= {local_IP}

Check the connection status.

# calicoctl node statusCalico process is running.IPv4 BGP status+-+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +-+- -+ | 192.168.56.201 | node-to-node mesh | up | 2017-11-06 | Established | + -+ IPv6 BGP statusNo IPv6 peers found.2.3.5. Create a docker network

Note: this step only needs to be created on any dockerhost node, and different nodes share the calico network.

# docker network create-- driver calico--ipam-driver calico-ipam ${network name}

Here, we create a calico network called "calico-network".

# docker network create-- driver calico--ipam-driver calico-ipam "calico-network" 2.3.6. Verify the calico network

Execute commands on hostnode1

# docker run-- net calico-network--name workload-A-tid busybox

Execute commands on hostnode2

# docker run-- net calico-network--name workload-B-tid busybox

Then ping the IP address of the container workload-B on the container workload-A, which indicates that the configuration is successful.

First get the IP address of workload-B and execute the command on hostnode2.

# docker exec workload-B hostname-i192.168.0.17

Then ping the IP address on hostnode1.

# docker exec workload-A ping 192.168.0.17PING 192.168.0.17 (192.168.0.17) 56 (84) bytes of data.64 bytes from 192.168.0.17: icmp_seq=1ttl=64 time=0.165 ms …

Ping means the interworking of two container networks using the same calico network on different docker host.

2.3.7. Configure ingress featur

If you need docker host to access the container network, in the above example, if you want to be able to access the IP address of workload-An on hostnode2, you need to configure the ingress feature of the calico network.

Export the existing configuration first.

# calicoctl get profile "calico-network"-o json > profile.json

The ingress section of profile.json, here is a configuration of incoming traffic. Let's add another configuration, especially the source- > nets section, which is roughly as follows:

"ingress": [{"action": "allow", "source": {"tag": "calico-network"}, "destination": {}}, {"action": "allow" "source": {"nets": ["192.168.56.1 Universe 24"]}, "destination": {}}]

Then replace the modified profile.json file.

# calicoctl replace-f profile.json

Then, try the IP address of workload-A with ping on hostnode2 to ping.

The above content is how to deploy and verify calico on docker. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.