官方文档：

Calico Documentation | Calico Documentation

插件方式安装 calicoctl 工具

curl -o kubectl-calico -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.0/calicoctl"

cp kubectl-calico /usr/bin/kubectl-calico

chmod +x /usr/bin/kubectl-calico


kubectl calico -h
Usage:
  kubectl-calico [options] <command> [<args>...]

    create       Create a resource by file, directory or stdin.
    replace      Replace a resource by file, directory or stdin.
    apply        Apply a resource by file, directory or stdin.  This creates a resource
                 if it does not exist, and replaces a resource if it does exists.
    patch        Patch a pre-exisiting resource in place.
    delete       Delete a resource identified by file, directory, stdin or resource type and
                 name.
    get          Get a resource identified by file, directory, stdin or resource type and
                 name.
    label        Add or update labels of resources.
    convert      Convert config files between different API versions.
    ipam         IP address management.
    node         Calico node management.
    version      Display the version of this binary.
    export       Export the Calico datastore objects for migration
    import       Import the Calico datastore objects for migration
    datastore    Calico datastore management.

Options:
  -h --help                 Show this screen.
  -l --log-level=<level>    Set the log level (one of panic, fatal, error,
                            warn, info, debug) [default: panic]
  --context=<context>       The name of the kubeconfig context to use.
  --allow-version-mismatch  Allow client and cluster versions mismatch.

Description:
  The calico kubectl plugin is used to manage Calico network and security
  policy, to view and manage endpoint configuration, and to manage a Calico
  node instance.

  See 'kubectl-calico <command> --help' to read about a specific subcommand.

calicoctl 是用来管理 calico 自己引入的 API 资源的。calicoctl 使用来专门操作 API Server 或 etcd 中与自己状态相关的数据的命令行工具。

calicoctl 配置文件

calicoctl 与 API Server 通信时是需要 kubeconfig 文件的，所以需要为其提供 kubeconfig 配置文件，当其作为 kubectl 的插件运行时，系统会默认读取 kubectl 的配置文件。

官方文档：https://docs.projectcalico.org/getting-started/clis/calicoctl/configure/

calico 的配置文件默认在 /etc/calico目录下，需要手动创建

mkdir /etc/calico

cd /etc/calico

# 在此目录下创建一个 calicoctl.cfg 的配置文件，再其内部申明后端存储类型，和 kubeconfig 的文件路径

vim calicoctl.cfg

apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
  datastoreType: "kubernetes"        # 此处申明后端存储为kubernetes
  kubeconfig: "/root/.kube/config"   # 因为后端存储为k8s，所以需要kubeconfig文件来指明k8s集群地址已经认证信息。

calicoctl 使用

kubectl calico get nodes

# calico 也能使用 get nodes 此处的 nodes 并非 k8s 节点，而是 calico 的资源


# 此前使用 kubectl get ippools -o yaml 来获取，现在直接使用以下命令即可

kubectl calico get ippool

# calico 支持多个地址池，当一个地址池用完时，可以增加一个地址池
# 只不过跨网段通信略微麻烦

# 查看指定地址池的资源抽象信息

kubectl calico get ippool -o yaml
apiVersion: projectcalico.org/v3
items:
- apiVersion: projectcalico.org/v3
  kind: IPPool
  metadata:
    creationTimestamp: "2024-05-06T06:00:24Z"
    name: default-ipv4-ippool
    resourceVersion: "6789"
    uid: 943b85b2-9759-49ce-8f73-78f1f3f8a111
  spec:
    blockSize: 24
    cidr: 192.168.0.0/16
    ipipMode: Always
    natOutgoing: true
    nodeSelector: all()
    vxlanMode: Never
kind: IPPoolList
metadata:
  resourceVersion: "7984"

ipam 子命令

# 查看地址分配信息

kubectl calico ipam show

# 查看每个节点上的地址分配信息

kubectl calico ipam show --show-blocks

# 查看 ipam 配置信息

kubectl calico ipam show --show-configuration

+--------------------+-------+
|      PROPERTY      | VALUE |
+--------------------+-------+
| StrictAffinity     | false |   # pod被重建后是否使用原有地址
| AutoAllocateBlocks | true  |   # 是否支持自动分配地址
| MaxBlocksPerHost   |     0 |
+--------------------+-------+