K8S calico

一、calico部署

1、部署calico认证:

kubectl apply -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml

2、下载calico配置文件

wget  https://docs.projectcalico.org/v3.3/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml

3、配置文件解析

kind: ConfigMap
apiVersion: v1
metadata:
  name: calico-config
  namespace: kube-system
data:
  # To enable Typha, set this to "calico-typha" *and* set a non-zero value for Typha replicas
  # below.  We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is
  # essential.
  typha_service_name: "none"
  # Configure the Calico backend to use.
  calico_backend: "bird"     //Calico的后端，默认为bird

  # Configure the MTU to use
  veth_mtu: "1440"

  # The CNI network configuration to install on each node.  The special
  # values in this config will be automatically populated.
  cni_network_config: |-  //符合CNI规范的网络配置，其中type=calico表示，Kubelet从 CNI_PATH(默认为/opt/cni/bin)找名为calico的可执行文件，用于容器IP地址的分配
    {
      "name": "k8s-pod-network",
      "cniVersion": "0.3.0",
      "plugins": [

二、查看calico的配置

# kubectl describe IPPool default-ipv4-ippool
Name:         default-ipv4-ippool
Namespace:    
Labels:       <none>
Annotations:  projectcalico.org/metadata: {"uid":"3507663f-f659-11ea-bd73-b4055d102a60","creationTimestamp":"2020-09-14T07:09:19Z"}
API Version:  crd.projectcalico.org/v1
Kind:         IPPool
Metadata:
  Creation Timestamp:  2020-09-14T07:09:19Z
  Generation:          2
  Resource Version:    353676851
  Self Link:           /apis/crd.projectcalico.org/v1/ippools/default-ipv4-ippool
  UID:                 35077770-f659-11ea-bb45-6c92bffa81a2
Spec:
  Block Size:    26
  Cidr:          10.42.0.0/16   //子网的范围
  Ipip Mode:     CrossSubnet    //子网的模式
  Nat Outgoing:  true
Events:          <none>

三、数据包转发过程

1、3层方案则pod和node ip不同，其本质是在node下发pod ip的路由规则，令pod ip可以物理3层送达pod所在node。

host-gw 模式的工作原理，其实就是将每个 Flannel 子网（Flannel Subnet，比如：10.244.1.0/24）的“下一跳”，设置成了该子网对应的宿主机的 IP 地址。

2、所以说，Flannel host-gw 模式必须要求集群宿主机之间是二层连通的

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         169.254.1.1     0.0.0.0         UG    0      0        0 eth0
169.254.1.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0

四、配置文件解析

配置文件目录：/etc/cni/net.d/10-calico.conflist