官方文档:
Calico Documentation | Calico Documentation
插件方式安装 calicoctl 工具
curl -o kubectl-calico -O -L "https://github.com/projectcalico/calicoctl/releases/download/v3.20.0/calicoctl"
cp kubectl-calico /usr/bin/kubectl-calico
chmod +x /usr/bin/kubectl-calico
kubectl calico -h
Usage:
kubectl-calico [options] <command> [<args>...]
create Create a resource by file, directory or stdin.
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
patch Patch a pre-exisiting resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
name.
label Add or update labels of resources.
convert Convert config files between different API versions.
ipam IP address management.
node Calico node management.
version Display the version of this binary.
export Export the Calico datastore objects for migration
import Import the Calico datastore objects for migration
datastore Calico datastore management.
Options:
-h --help Show this screen.
-l --log-level=<level> Set the log level (one of panic, fatal, error,
warn, info, debug) [default: panic]
--context=<context> The name of the kubeconfig context to use.
--allow-version-mismatch Allow client and cluster versions mismatch.
Description:
The calico kubectl plugin is used to manage Calico network and security
policy, to view and manage endpoint configuration, and to manage a Calico
node instance.
See 'kubectl-calico <command> --help' to read about a specific subcommand.
calicoctl
是用来管理 calico 自己引入的 API
资源的。calicoctl 使用来专门操作 API Server
或 etcd
中与自己状态相关的数据的命令行工具。
calicoctl 配置文件
calicoctl 与 API Server
通信时是需要 kubeconfig
文件的,所以需要为其提供 kubeconfig 配置文件,当其作为 kubectl 的插件运行时,系统会默认读取 kubectl 的配置文件。
官方文档:https://docs.projectcalico.org/getting-started/clis/calicoctl/configure/
calico 的配置文件默认在 /etc/calico目录下,需要手动创建
mkdir /etc/calico
cd /etc/calico
# 在此目录下创建一个 calicoctl.cfg 的配置文件,再其内部申明后端存储类型,和 kubeconfig 的文件路径
vim calicoctl.cfg
apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
datastoreType: "kubernetes" # 此处申明后端存储为kubernetes
kubeconfig: "/root/.kube/config" # 因为后端存储为k8s,所以需要kubeconfig文件来指明k8s集群地址已经认证信息。
calicoctl 使用
kubectl calico get nodes
# calico 也能使用 get nodes 此处的 nodes 并非 k8s 节点,而是 calico 的资源
# 此前使用 kubectl get ippools -o yaml 来获取,现在直接使用以下命令即可
kubectl calico get ippool
# calico 支持多个地址池,当一个地址池用完时,可以增加一个地址池
# 只不过跨网段通信略微麻烦
# 查看指定地址池的资源抽象信息
kubectl calico get ippool -o yaml
apiVersion: projectcalico.org/v3
items:
- apiVersion: projectcalico.org/v3
kind: IPPool
metadata:
creationTimestamp: "2024-05-06T06:00:24Z"
name: default-ipv4-ippool
resourceVersion: "6789"
uid: 943b85b2-9759-49ce-8f73-78f1f3f8a111
spec:
blockSize: 24
cidr: 192.168.0.0/16
ipipMode: Always
natOutgoing: true
nodeSelector: all()
vxlanMode: Never
kind: IPPoolList
metadata:
resourceVersion: "7984"
ipam 子命令
# 查看地址分配信息
kubectl calico ipam show
# 查看每个节点上的地址分配信息
kubectl calico ipam show --show-blocks
# 查看 ipam 配置信息
kubectl calico ipam show --show-configuration
+--------------------+-------+
| PROPERTY | VALUE |
+--------------------+-------+
| StrictAffinity | false | # pod被重建后是否使用原有地址
| AutoAllocateBlocks | true | # 是否支持自动分配地址
| MaxBlocksPerHost | 0 |
+--------------------+-------+