526互联

kubectl 管理 Calico APIServer

发布时间 2023-08-18 17:18:30作者: 小吉猫

前提

1. calico使用kubernetes API作为数据存储。
2. Calico 版本要求 v3.20+

使用operator 部署 Calico APIServer

calico-apiserver.yaml

apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
  name: default
spec: {}

创建calico-apiserver资源

# kubectl apply -f calico-apiserver.yaml

查看calico-apiserver资源

# kubectl get tigerastatus apiserver
NAME        AVAILABLE   PROGRESSING   DEGRADED   SINCE
apiserver   True        False         False      1m10s

删除calico-apiserver资源

# kubectl delete apiserver default

使用manifests 部署Calico APIServer

部署 calico-apiserver

# kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/apiserver.yaml

生成证书

# openssl req -x509 -nodes -newkey rsa:4096 -keyout apiserver.key -out apiserver.crt -days 365 -subj "/" -addext "subjectAltName = DNS:calico-api.calico-apiserver.svc"

创建 secret  

# kubectl create secret -n calico-apiserver generic calico-apiserver-certs --from-file=apiserver.key --from-file=apiserver.crt

calico-apiserver 打补丁

# kubectl patch apiservice v3.projectcalico.org -p \
    "{\"spec\": {\"caBundle\": \"$(kubectl get secret -n calico-apiserver calico-apiserver-certs -o go-template='{{ index .data "apiserver.crt" }}')\"}}"

删除calico-apiserver资源

# kubectl delete -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/apiserver.yaml

查看 calico API资源

# kubectl api-resources | grep '\sprojectcalico.org'
bgpconfigurations                 bgpconfig,bgpconfigs                            projectcalico.org              false        BGPConfiguration
bgppeers                                                                          projectcalico.org              false        BGPPeer
clusterinformations               clusterinfo                                     projectcalico.org              false        ClusterInformation
felixconfigurations               felixconfig,felixconfigs                        projectcalico.org              false        FelixConfiguration
globalnetworkpolicies             gnp,cgnp,calicoglobalnetworkpolicies            projectcalico.org              false        GlobalNetworkPolicy
globalnetworksets                                                                 projectcalico.org              false        GlobalNetworkSet
hostendpoints                     hep,heps                                        projectcalico.org              false        HostEndpoint
ippools                                                                           projectcalico.org              false        IPPool
kubecontrollersconfigurations                                                     projectcalico.org              false        KubeControllersConfiguration
networkpolicies                   cnp,caliconetworkpolicy,caliconetworkpolicies   projectcalico.org              true         NetworkPolicy
networksets                       netsets                                         projectcalico.org              true         NetworkSet
profiles                                                                          projectcalico.org              false        Profile

kubectl 管理calico API 示例

# kubectl get ippools
NAME                  CREATED AT
default-ipv4-ippool   2021-03-19T16:47:12Z

参考文档

https://docs.tigera.io/calico/latest/operations/install-apiserver