k8s |kubeadm init cluster | cni network calico
k8s |kubeadm init cluster | cni network calico
kubeadm init
kubeadm init \
--kubernetes-version=v1.23.5 \
--pod-network-cidr=10.244.0.0/16 \
--service-cidr=10.96.0.0/12 \
--apiserver-advertise-address=172.16.59.30 \
--ignore-preflight-errors=all --v=6 \
--image-repository registry.aliyuncs.com/google_containers
kubeadm join 172.16.59.30:6443 --token yup5oo.s5ui8hfrrcm5jf2j \
--discovery-token-ca-cert-hash sha256:3fe816c50e13da9491b277711e6e77dc0d6d10c03b23f2d7487d5b3bea9b9525
Install Calico with Kubernetes API datastore, 50 nodes or less
使用 Kubernetes API 数据存储安装 Calico,50 个节点或更少
1. Download the Calico networking manifest for the Kubernetes API datastore.
下载 Kubernetes API 数据存储的 Calico 网络清单。
curl https://projectcalico.docs.tigera.io/manifests/calico.yaml -O---
# Source: calico/templates/calico-config.yaml
# This ConfigMap is used to configure a self-hosted Calico installation.
kind: ConfigMap
apiVersion: v1
metadata:
name: calico-config
namespace: kube-system
data:
# Typha is disabled.
typha_service_name: "none"
# Configure the backend to use.
calico_backend: "bird"
# Configure the MTU to use for workload interfaces and tunnels.
# By default, MTU is auto-detected, and explicitly setting this field should not be required.
# You can override auto-detection by providing a non-zero value.
veth_mtu: "0"
# The CNI network configuration to install on each node. The special
# values in this config will be automatically populated.
cni_network_config: |-
{
"name": "k8s-pod-network",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "calico",
"log_level": "info",
"log_file_path": "/var/log/calico/cni/cni.log",
"datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__",
"mtu": __CNI_MTU__,
"ipam": {
"type": "calico-ipam"
},
"policy": {
"type": "k8s"
},
"kubernetes": {
"kubeconfig": "__KUBECONFIG_FILEPATH__"
}
},
{
"type": "portmap",
"snat": true,
"capabilities": {"portMappings": true}
},
{
"type": "bandwidth",
"capabilities": {"bandwidth": true}
}
]
}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: bgpconfigurations.crd.projectcalico.org
spec:
group: crd.projectcalico.org
names:
kind: BGPConfiguration
listKind: BGPConfigurationList
plural: bgpconfigurations
singular: bgpconfiguration
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: BGPConfiguration contains the configuration for any BGP routing.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#
resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.m
d#types-kinds'
type: string
metadata:
type: object
spec:
description: BGPConfigurationSpec contains the values of the BGP configuration.
properties:
asNumber:
description: 'ASNumber is the default AS number used by a node. [Default:
64512]'
format: int32
type: integer
communities:
description: Communities is a list of BGP community values and their
arbitrary names for tagging routes.
items:
description: Community contains standard or large community value
and its name.
properties:
name:
description: Name given to community value.
type: string
value:
description: Value must be of format `aa:nn` or `aa:nn:mm`.
For standard community use `aa:nn` format, where `aa` and
`nn` are 16 bit number. For large community use `aa:nn:mm`
format, where `aa`, `nn` and `mm` are 32 bit number. Where,
`aa` is an AS Number, `nn` and `mm` are per-AS identifier.
pattern: ^(\d+):(\d+)$|^(\d+):(\d+):(\d+)$
type: string
type: object
type: array
listenPort:
description: ListenPort is the port where BGP protocol should listen.
Defaults to 179
maximum: 65535
minimum: 1
type: integer
logSeverityScreen:
description: 'LogSeverityScreen is the log severity above which logs
are sent to the stdout. [Default: INFO]'
type: string
nodeToNodeMeshEnabled:
description: 'NodeToNodeMeshEnabled sets whether full node to node
BGP mesh is enabled. [Default: true]'
type: boolean
prefixAdvertisements:
description: PrefixAdvertisements contains per-prefix advertisement
configuration.
items:
description: PrefixAdvertisement configures advertisement properties
for the specified CIDR.
properties:
cidr:
description: CIDR for which properties should be advertised.
type: string
communities:
description: Communities can be list of either community names
already defined in `Specs.Communities` or community value
of format `aa:nn` or `aa:nn:mm`. For standard community use
`aa:nn` format, where `aa` and `nn` are 16 bit number. For
large community use `aa:nn:mm` format, where `aa`, `nn` and
`mm` are 32 bit number. Where,`aa` is an AS Number, `nn` and
`mm` are per-AS identifier.
items:
type: string
type: array
type: object
type: array
serviceClusterIPs:
description: ServiceClusterIPs are the CIDR blocks from which service
cluster IPs are allocated. If specified, Calico will advertise these
blocks, as well as any cluster IPs within them.
items:
description: ServiceClusterIPBlock represents a single allowed ClusterIP
CIDR block.
properties:
cidr:
type: string
type: object
type: array
serviceExternalIPs:
description: ServiceExternalIPs are the CIDR blocks for Kubernetes
Service External IPs. Kubernetes Service ExternalIPs will only be
advertised if they are within one of these blocks.
items:
description: ServiceExternalIPBlock represents a single allowed
External IP CIDR block.
properties:
cidr:
type: string
type: object
type: array
serviceLoadBalancerIPs:
description: ServiceLoadBalancerIPs are the CIDR blocks for Kubernetes
Service LoadBalancer IPs. Kubernetes Service status.LoadBalancer.Ingress
IPs will only be advertised if they are within one of these blocks.
items:
description: ServiceLoadBalancerIPBlock represents a single allowed
LoadBalancer IP CIDR block.
properties:
cidr:
type: string
type: object
type: array
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: bgppeers.crd.projectcalico.org
spec:
group: crd.projectcalico.org
names:
kind: BGPPeer
listKind: BGPPeerList
plural: bgppeers
singular: bgppeer
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#
resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.m
d#types-kinds'
type: string
metadata:
type: object
spec:
description: BGPPeerSpec contains the specification for a BGPPeer resource.
properties:
asNumber:
description: The AS Number of the peer.
format: int32
type: integer
keepOriginalNextHop:
description: Option to keep the original nexthop field when routes
are sent to a BGP Peer. Setting "true" configures the selected BGP
Peers node to use the "next hop keep;" instead of "next hop self;"(default)
in the specific branch of the Node on "bird.cfg".
type: boolean
maxRestartTime:
description: Time to allow for software restart. When specified,
this is configured as the graceful restart timeout. When not specified,
the BIRD default of 120s is used.
type: string
node:
description: The node name identifying the Calico node instance that
is targeted by this peer. If this is not set, and no nodeSelector
is specified, then this BGP peer selects all nodes in the cluster.
type: string
nodeSelector:
description: Selector for the nodes that should have this peering. When
this is set, the Node field must be empty.
type: string
password:
description: Optional BGP password for the peerings generated by this
BGPPeer resource.
properties:
secretKeyRef:
description: Selects a key of a secret in the node pod's namespace.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
type: object
peerIP:
description: The IP address of the peer followed by an optional port
number to peer with. If port number is given, format should be `[<IPv6>]:port`
or `<IPv4>:<port>` for IPv4. If optional port number is not set,
and this peer IP and ASNumber belongs to a calico/node with ListenPort
set in BGPConfiguration, then we use that port to peer.
type: string
peerSelector:
description: Selector for the remote nodes to peer with. When this
is set, the PeerIP and ASNumber fields must be empty. For each
peering between the local node and selected remote nodes, we configure
an IPv4 peering if both ends have NodeBGPSpec.IPv4Address specified,
and an IPv6 peering if both ends have NodeBGPSpec.IPv6Address specified. The
remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
or the global default if that is not set.
type: string
sourceAddress:
description: Specifies whether and how to configure a source address
for the peerings generated by this BGPPeer resource. Default value
"UseNodeIP" means to configure the node IP as the source address. "None"
means not to configure a source address.
type: string
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: blockaffinities.crd.projectcalico.org
spec:
group: crd.projectcalico.org
names:
kind: BlockAffinity
listKind: BlockAffinityList
plural: blockaffinities
singular: blockaffinity
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#
resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.m
d#types-kinds'
type: string
metadata:
type: object
spec:
description: BlockAffinitySpec contains the specification for a BlockAffinity
resource.
properties:
cidr:
type: string
deleted:
description: Deleted indicates that this block affinity is being deleted.
This field is a string for compatibility with older releases that
mistakenly treat this field as a string.
type: string
node:
type: string
state:
type: string
required:
- cidr
- deleted
- node
- state
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []2. If you are using pod CIDR 192.168.0.0/16, skip to the next step. If you are using a different pod CIDR with kubeadm, no changes are required - Calico will automatically detect the CIDR based on the running configuration. For other platforms, make sure you uncomment the CALICO_IPV4POOL_CIDR variable in the manifest and set it to the same value as your chosen pod CIDR.
如果您使用的是 Pod CIDR 192.168.0.0/16,请跳到下一步。如果您将不同的 pod CIDR 与 kubeadm 配合使用,则无需进行任何更改 - Calico 将根据正在运行的配置自动检测 CIDR。对于其他平台,请确保取消对清单中CALICO_IPV4POOL_CIDR变量的注释,并将其设置为与所选容器 CIDR 相同的值。
3. Customize the manifest as necessary.
根据需要自定义清单。
4. Apply the manifest using the following command.
使用以下命令应用清单。
kubectl apply -f calico.yamlEach manifest contains all the necessary resources for installing Calico on each node in your Kubernetes cluster.
每个清单都包含在 Kubernetes 集群中的每个节点上安装 Calico 所需的所有资源。
It installs the following Kubernetes resources:它安装以下 Kubernetes 资源:
- Installs the
calico/nodecontainer on each host using a DaemonSet. - 使用守护程序集在每个主机上安装 calico/node 容器。
- Installs the Calico CNI binaries and network config on each host using a DaemonSet.
- 使用守护程序集在每个主机上安装 Calico CNI 二进制文件和网络配置。
- Runs
calico/kube-controllersas a deployment. - 将 calico/kube-controllers 作为部署运行。
- The
calico-etcd-secretssecret, which optionally allows for providing etcd TLS assets. - calico-etcd-secrets secrets,它可以选择提供 etcd TLS 资产。
- The
calico-configConfigMap, which contains parameters for configuring the install. calico-config Map,其中包含用于配置安装的参数。
The sections that follow discuss the configurable parameters in greater depth.
以下各节将更深入地讨论可配置参数。
Configuring the pod IP range
配置容器 IP 范围
Calico IPAM assigns IP addresses from IP pools.
Calico IPAM 从 IP 池分配 IP 地址。
To change the default IP range used for pods, modify the CALICO_IPV4POOL_CIDR section of the calico.yaml manifest. For more information, see Configuring calico/node.
要更改用于 Pod 的默认 IP 范围,请修改 calico.yaml 清单的CALICO_IPV4POOL_CIDR部分。有关详细信息,请参阅配置 calico/node。
Configuring IP-in-IP
配置 IP 中的 IP
By default, the manifests enable IP-in-IP encapsulation across subnets. Many users may want to disable IP-in-IP encapsulation, such as under the following circumstances.
默认情况下,清单启用跨子网的 IP 中 IP 封装。许多用户可能希望禁用 IP 中的 IP 封装,例如在以下情况下。
- Their cluster is running in a properly configured AWS VPC.
- 他们的集群在正确配置的 AWS VPC 中运行。
- All their Kubernetes nodes are connected to the same layer 2 network.
- 他们所有的Kubernetes节点都连接到同一个第2层网络。
- They intend to use BGP peering to make their underlying infrastructure aware of pod IP addresses.
- 他们打算使用 BGP 对等互连来使其底层基础架构了解 Pod IP 地址。
To disable IP-in-IP encapsulation, modify the CALICO_IPV4POOL_IPIP section of the manifest. For more information, see Configuring calico/node.
若要禁用 IP 中的 IP 封装,请修改清单的"CALICO_IPV4POOL_IPIP"部分。有关详细信息,请参阅配置 calico/node。
https://projectcalico.docs.tigera.io/reference/node/configuration
Calico uses IP pools to configure how addresses are allocated to pods, and how networking works for certain sets of addresses. You can see the full schema for IP pools here.
Calico 使用 IP 池来配置如何将地址分配给 Pod,以及网络如何为某些地址集工作。可以在此处查看 IP 池的完整架构。
calico/node can be configured to create a default IP pool for you, but only if none already exist in the cluster. The following options control the parameters on the created pool.
可以将 calico/node 配置为为您创建默认 IP 池,但前提是群集中尚不存在任何 IP 池。以下选项控制所创建池上的参数。
Environment | Description | Schema |
|---|---|---|
CALICO_IPV4POOL_CIDR | The IPv4 Pool to create if none exists at start up. It is invalid to define this variable and NO_DEFAULT_POOLS. [Default: First not used in locally of (192.168.0.0/16, 172.16.0.0/16, .., 172.31.0.0/16) 要创建的 IPv4 池(如果启动时不存在)。定义此变量和NO_DEFAULT_POOLS是无效的。[默认值:首先不在本地使用 (192.168.0.0/16, 172.16.0.0/16, .., 172.31.0.0/16) ]] | IPv4 CIDR |
CALICO_IPV4POOL_BLOCK_SIZE | Block size to use for the IPv4 POOL created at startup. Block size for IPv4 should be in the range 20-32 (inclusive) [Default: 26用于启动时创建的 IPv4 池的块大小。IPv4 的块大小应在 20-32(含)范围内 [默认值:26]] | int |
CALICO_IPV4POOL_IPIP | IPIP Mode to use for the IPv4 POOL created at start up. If set to a value other than Never, CALICO_IPV4POOL_VXLAN should not be set. [Default: Always用于启动时创建的 IPv4 池的 IPIP 模式。如果设置为"从不"以外的值,则不应设置CALICO_IPV4POOL_VXLAN。[默认值:始终]] | Always, CrossSubnet, Never (“Off” is also accepted as a synonym for “Never”) |
CALICO_IPV4POOL_VXLAN | VXLAN Mode to use for the IPv4 POOL created at start up. If set to a value other than Never, CALICO_IPV4POOL_IPIP should not be set. [Default: Never用于启动时创建的 IPv4 池的 VXLAN 模式。如果设置为"从不"以外的值,则不应设置CALICO_IPV4POOL_IPIP。[默认值:从不]] | Always, CrossSubnet, Never |
CALICO_IPV4POOL_NAT_OUTGOING | Controls NAT Outgoing for the IPv4 Pool created at start up. [Default: true]控制启动时创建的 IPv4 池的 NAT 传出。[默认值:真] | boolean |
CALICO_IPV4POOL_NODE_SELECTOR | Controls the NodeSelector for the IPv4 Pool created at start up. [Default: all()控制启动时创建的 IPv4 池的节点选择器。[默认值:全部()]] | selector |
CALICO_IPV6POOL_CIDR | The IPv6 Pool to create if none exists at start up. It is invalid to define this variable and NO_DEFAULT_POOLS. [Default: <a randomly chosen /48 ULA>要创建的 IPv6 池(如果启动时不存在)。定义此变量和NO_DEFAULT_POOLS是无效的。[默认值:<随机选择的 /48 ULA>]] | IPv6 CIDR |
CALICO_IPV6POOL_BLOCK_SIZE | Block size to use for the IPv6 POOL created at startup. Block size for IPv6 should be in the range 116-128 (inclusive) [Default: 122用于启动时创建的 IPv6 池的块大小。IPv6 的块大小应在 116-128(含)范围内 [默认值:122]] | int |
CALICO_IPV6POOL_NAT_OUTGOING | Controls NAT Outgoing for the IPv6 Pool created at start up. [Default: false控制启动时创建的 IPv6 池的 NAT 传出。[默认值:假]] | boolean |
CALICO_IPV6POOL_NODE_SELECTOR | Controls the NodeSelector for the IPv6 Pool created at start up. [Default: all()控制启动时创建的 IPv6 池的节点选择器。[默认值:全部()]] | selector |
NO_DEFAULT_POOLS | Prevents Calico from creating a default pool if one does not exist. [Default: false控制启动时创建的 IPv6 池的节点选择器。[默认值:全部()]] | boolean |
Configuring CNI Plugin
配置 CNI 插件
calico/node has a few options that are configurable based on the CNI plugin and CNI plugin configuration used on the cluster.
calico/node 有几个选项,这些选项可根据集群上使用的 CNI 插件和 CNI 插件配置进行配置。
Environment | Description | Schema |
|---|---|---|
USE_POD_CIDR | Use the Kubernetes Node.Spec.PodCIDR field when using host-local IPAM. Requires Kubernetes API datastore. This field is required when using the Kubernetes API datastore with host-local IPAM. [Default: false]使用主机本地 IPAM 时,请使用 Kubernetes Node.Spec.PodCIDR 字段。需要 Kubernetes API 数据存储。将 Kubernetes API 数据存储与主机本地 IPAM 配合使用时,此字段是必需的。[默认值:假] | boolean |
CALICO_MANAGE_CNI | Tells Calico to update the kubeconfig file at /host/etc/cni/net.d/calico-kubeconfig on credentials change. [Default: true]告诉 Calico 在凭据更改时更新 /host/etc/cni/net.d/calico-kubeconfig 上的 kubeconfig 文件。[默认值:真] |
Environment | Description | Schema |
|---|---|---|
DISABLE_NODE_IP_CHECK | Skips checks for duplicate Node IPs. This can reduce the load on the cluster when a large number of Nodes are restarting. [Default: false]跳过对重复节点 IP 的检查。这可以减少大量节点重新启动时群集上的负载。[默认值:假] | boolean |
WAIT_FOR_DATASTORE | Wait for connection to datastore before starting. If a successful connection is not made, node will shutdown. [Default: false]在开始之前,请等待连接到数据存储。如果未建立成功的连接,节点将关闭。[默认值:假] | boolean |
CALICO_NETWORKING_BACKEND | The networking backend to use. In bird mode, Calico will provide BGP networking using the BIRD BGP daemon; VXLAN networking can also be used. In vxlan mode, only VXLAN networking is provided; BIRD and BGP are disabled. If set to none (also known as policy-only mode), both BIRD and VXLAN are disabled. [Default: bird]要使用的网络后端。在bird模式下,Calico将使用BIRD BGP守护进程提供BGP网络;也可以使用 VXLAN 网络。在 vxlan 模式下,仅提供 VXLAN 网络;BIRD 和 BGP 被禁用。如果设置为 none(也称为仅策略模式),则同时禁用 BIRD 和 VXLAN。[默认值:鸟] | bird, vxlan, none |
CLUSTER_TYPE | Contains comma delimited list of indicators about this cluster. e.g. k8s, mesos, kubeadm, canal, bgp包含以逗号分隔的有关此群集的指示器列表。例如 k8s、mesos、kubeadm、canal、bgp | string |
The calico/node must know the name of the node on which it is running. The node name is used to retrieve the Node resource configured for this node if it exists, or to create a new node resource representing the node if it does not. It is also used to associate the node with per-node BGP configuration, felix configuration, and endpoints.
calico/节点必须知道运行它的节点的名称。节点名称用于检索为此节点配置的 Node 资源(如果存在),或者用于创建表示节点的新节点资源(如果不存在)。它还用于将节点与每个节点的 BGP 配置、felix 配置和终结点相关联。
When launched, the calico/node container sets the node name according to the following order of precedence:
- The value specified in the
NODENAMEenvironment variable, if set. - The value specified in
/var/lib/calico/nodename, if it exists. - The value specified in the
HOSTNAMEenvironment variable, if set. - The hostname as returned by the operating system, converted to lowercase.
Once the node has determined its name, the value will be cached in /var/lib/calico/nodename for future use.
启动时,calico/node 容器将根据以下优先顺序设置节点名称:
在 NODENAME 环境变量中指定的值(如果已设置)。
在 /var/lib/calico/nodename 中指定的值(如果存在)。
在 HOSTNAME 环境变量中指定的值(如果已设置)。
操作系统返回的主机名,转换为小写。
节点确定其名称后,该值将缓存在 /var/lib/calico/nodename 中以供将来使用。
For example, if given the following conditions:
NODENAME=""/var/lib/calico/nodenamedoes not existHOSTNAME="host-A"- The operating system returns “host-A.internal.myorg.com” for the hostname
calico/node will use “host-a” for its name and will write the value in /var/lib/calico/nodename. If calico/node is then restarted, it will use the cached value of “host-a” read from the file on disk.
calico/node 将使用 "host-a" 作为其名称,并将值写入 /var/lib/calico/nodename 中。如果随后重新启动 calico/node,它将使用从磁盘上的文件读取的缓存值"host-a"。
IP setting
The IP (for IPv4) and IP6 (for IPv6) environment variables are used to set, force autodetection, or disable auto detection of the address for the appropriate IP version for the node. When the environment variable is set, the address is saved in the node resource configuration for this host, overriding any previously configured value.
IP(对于 IPv4)和 IP6(对于 IPv6)环境变量用于设置、强制自动检测或禁用对节点相应 IP 版本的地址的自动检测。设置环境变量后,地址将保存在此主机的节点资源配置中,并覆盖以前配置的任何值。
calico/node will attempt to detect subnet information from the host, and augment the provided address if possible.
calico/node 将尝试检测来自主机的子网信息,并在可能的情况下扩充提供的地址。
IP setting special case values IP 设置特殊情况值
There are several special case values that can be set in the IP(6) environment variables, they are:
可以在 IP(6) 环境变量中设置几个特殊情况值,它们是:
- Not set or empty string: Any previously set address on the node resource will be used. If no previous address is set on the node resource the two versions behave differently:
- IP will do autodetection of the IPv4 address and set it on the node resource.
- IP6 will not do autodetection.
- 未设置或空字符串:将使用节点资源上以前设置的任何地址。如果未在节点资源上设置以前的地址,则两个版本的行为不同:
- IP 将自动检测 IPv4 地址,并在节点资源上进行设置。
- IP6 不会自动检测。
autodetect: Autodetection will always be performed for the IP address and the detected address will overwrite any value configured in the node resource.- 将始终对 IP 地址执行自动检测,并且检测到的地址将覆盖节点资源中配置的任何值。
none: Autodetection will not be performed (this is useful to disable IPv4).- 不会执行自动检测(这对于禁用 IPv4 很有用)。
IP autodetection methods IP 自动检测方法
When Calico is used for routing, each node must be configured with an IPv4 address and/or an IPv6 address that will be used to route between nodes. To eliminate node specific IP address configuration, the calico/node container can be configured to autodetect these IP addresses. In many systems, there might be multiple physical interfaces on a host, or possibly multiple IP addresses configured on a physical interface. In these cases, there are multiple addresses to choose from and so autodetection of the correct address can be tricky.
当 Calico 用于路由时,必须为每个节点配置一个 IPv4 地址和/或一个 IPv6 地址,该地址将用于在节点之间进行路由。为了消除特定于节点的 IP 地址配置,可以将 calico/节点容器配置为自动检测这些 IP 地址。在许多系统中,主机上可能有多个物理接口,或者一个物理接口上可能配置了多个 IP 地址。在这些情况下,有多个地址可供选择,因此自动检测正确的地址可能很棘手。
The IP autodetection methods are provided to improve the selection of the correct address, by limiting the selection based on suitable criteria for your deployment.
提供 IP 自动检测方法是为了改进正确地址的选择,方法是根据部署的合适条件限制选择。
first-found
The first-found option enumerates all interface IP addresses and returns the first valid IP address (based on IP version and type of address) on the first valid interface. Certain known “local” interfaces are omitted, such as the docker bridge. The order that both the interfaces and the IP addresses are listed is system dependent.
This is the default detection method. However, since this method only makes a very simplified guess, it is recommended to either configure the node with a specific IP address, or to use one of the other detection methods.
e.g.
IP_AUTODETECTION_METHOD=first-found
IP6_AUTODETECTION_METHOD=first-found
kubernetes-internal-ip
The kubernetes-internal-ip method will select the first internal IP address listed in the Kubernetes node’s Status.Addresses field
Example:
IP_AUTODETECTION_METHOD=kubernetes-internal-ip
IP6_AUTODETECTION_METHOD=kubernetes-internal-ip
can-reach=DESTINATION
The can-reach method uses your local routing to determine which IP address will be used to reach the supplied destination. Both IP addresses and domain names may be used.
Example using IP addresses:
IP_AUTODETECTION_METHOD=can-reach=8.8.8.8
IP6_AUTODETECTION_METHOD=can-reach=2001:4860:4860::8888
Example using domain names:
IP_AUTODETECTION_METHOD=can-reach=www.google.com
IP6_AUTODETECTION_METHOD=can-reach=www.google.com
interface=INTERFACE-REGEX
The interface method uses the supplied interface regular expression to enumerate matching interfaces and to return the first IP address on the first matching interface. The order that both the interfaces and the IP addresses are listed is system dependent.
Example with valid IP address on interface eth0, eth1, eth2 etc.:
IP_AUTODETECTION_METHOD=interface=eth.*
IP6_AUTODETECTION_METHOD=interface=eth.*
skip-interface=INTERFACE-REGEX
The skip-interface method uses the supplied interface regular expression to exclude interfaces and to return the first IP address on the first interface that does not match. The order that both the interfaces and the IP addresses are listed is system dependent.
Example with valid IP address on interface exclude enp6s0f0, eth0, eth1, eth2 etc.:
IP_AUTODETECTION_METHOD=skip-interface=enp6s0f0,eth.*
IP6_AUTODETECTION_METHOD=skip-interface=enp6s0f0,eth.*
cidr=CIDR
The cidr method will select any IP address from the node that falls within the given CIDRs. For example:
Example:
IP_AUTODETECTION_METHOD=cidr=10.0.1.0/24,10.0.2.0/24
IP6_AUTODETECTION_METHOD=cidr=2001:4860::0/64
Node readiness
The calico/node container supports an exec readiness endpoint.
To access this endpoint, use the following command.
$ docker exec calico-node /bin/calico-node [flag]
Substitute [flag] with one or more of the following.
-bird-ready-bird6-ready-felix-ready