kubernetes(k8s)集群安装calico-优快云博客

本文档详细介绍了如何在Kubernetes集群中安装网络插件Calico，包括添加hosts解析，下载并配置Calico，设置etcd IP，调整mtu值，加密证书，修改CIDR值，以及解决安装过程中遇到的报错问题。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

添加hosts解析

cat /etc/hosts
10.39.7.51 k8s-master-51
10.39.7.57 k8s-master-57
10.39.7.52 k8s-master-52

下载calico

wget http://docs.projectcalico.org/v3.2/getting-started/kubernetes/installation/hosted/calico.yaml

下载所需镜像

# 建议下载后 推到自己的镜像仓库
[root@k8s-master-51 ~]# cat calico.yaml |grep image
image: quay.io/calico/node:v3.2.4 image: quay.io/calico/cni:v3.2.4 image: quay.io/calico/kube-controllers:v3.2.4

配置etcd的ip

etcd_endpoints: "https://10.39.7.51:2379,https://10.39.7.52:2379,https://10.39.7.57:2379"

根据注释添加相关值

 # If you're using TLS enabled etcd uncomment the following.
  # You must also populate the Secret below with these files.
  etcd_ca: "/calico-secrets/etcd-ca"   # "/calico-secrets/etcd-ca"
  etcd_cert: "/calico-secrets/etcd-cert" # "/calico-secrets/etcd-cert" etcd_key: "/calico-secrets/etcd-key # "/calico-secrets/etcd-key"

因使用青云关系需调整mtu值

veth_mtu: "1340"

将etcd 和ca 证书用base64加密添加到calico.yaml 的相关位置

apiVersion: v1
kind: Secret
type: Opaque
metadata: name: calico-etcd-secrets namespace: kube-system data: etcd-key: (cat /etc/kubernetes/ssl/etcd-key.pem | base64 | tr -d '\n') etcd-cert: (cat /etc/kubernetes/ssl/etcd.pem | base64 | tr -d '\n') etcd-ca: (cat /etc/kubernetes/ssl/ca.pem | base64 | tr -d '\n')

修改calico.yaml中的CALICO_IPV4POOL_CIDR 下的value值

- name: CALICO_IPV4POOL_CIDR
    value: "10.253.0.0/18"

安装calico

kubectl apply -f calico.yaml

修改kubelet.service 配置网络插件

cat > /etc/systemd/system/kubelet.service <<EOF
[Unit]
Description=Kubernetes Kubelet
Documentation=https://github.com/GoogleCloudPlatform/kubernetes
After=docker.service
Requires=docker.service

[Service]
WorkingDirectory=/var/lib/kubelet
ExecStart=/usr/local/bin/kubelet \
  --hostname-override=k8s-master-51 \
  --pod-infra-container-image=reg.enncloud.cn/enncloud/pause-amd64:3.1 \ --pod-manifest-path=/etc/kubernetes/manifests \ --bootstrap-kubeconfig=/etc/kubernetes/bootstrap.kubeconfig \ --kubeconfig=/etc/kubernetes/kubelet.config \ --config=/etc/kubernetes/kubelet.config.json \ --cert-dir=/etc/kubernetes/pki \ --allow-privileged=true \ --kube-reserved cpu=500m,memory=512m \ --image-gc-high-threshold=85 --image-gc-low-threshold=70 \ --logtostderr=true \ --network-plugin=cni \ --runtime-cgroups=/systemd/system.slice \ --kubelet-cgroups=/systemd/system.slice \ --v=2 [Install] WantedBy=multi-user.target EOF # 重启kubelet systemctl daemon-reload systemctl restart kubelet

报错记录

calico 相关的pod无法创建 日志如下

[root@k8s-master-51 ~]# docker ps -a
CONTAINER ID        IMAGE                                                                                                                 COMMAND                  CREATED              STATUS                      PORTS               NAMES
0dabd1835d53        65733b9f36a6                                                                                                          "/usr/bin/kube-con..." About a minute ago Exited (1) 53 seconds ago k8s_calico-kube-controllers_calico-kube-controllers-5cf99599ff-hsdqw_kube-system_9175cc10-fdd2-11e8-9144-525463f5581b_13 d434d4ed5e47 e537e5882f91 "start_runit" About a minute ago Exited (1) 55 seconds ago [root@k8s-master-51 ~]# docker logs 0dabd1835d53 #注意：Kubeconfig 字段为空无法连接etcd 2018-12-12 06:39:47.068 [INFO][1] main.go 73: Loaded configuration from environment config=&config.Config{
                                  LogLevel:"info", ReconcilerPeriod:"5m", CompactionPeriod:"10m", EnabledControllers:"policy,profile,workloadendpoint,node", WorkloadEndpointWorkers:1, ProfileWorkers:1, PolicyWorkers:1,