Calico
Calico is a widely adopted, battle-tested open source networking and network security solution for Kubernetes, virtual machines, and bare-metal workloads. Calico provides two major services for Cloud Native applications:
- Network connectivity between workloads.
- Network security policy enforcement between workloads.
Calico’s flexible architecture supports a wide range of deployment options, using modular components and technologies, including:
- Choice of data plane technology, whether it be eBPF, standard Linux, Windows HNS or VPP
- Enforcement of the full set of Kubernetes network policy features, plus for those needing a richer set of policy features, Calico network policies.
- An optimized Kubernetes Service implementation using eBPF.
- Kubernetes apiserver integration, for managing Calico configuration and Calico network policies.
- Both non-overlay and overlay (via IPIP or VXLAN) networking options in either public cloud or on-prem deployments.
- CNI plugins for Kubernetes to provide highly efficient pod networking and IP Address Management (IPAM).
- A BGP routing stack that can advertise routes for workload and service IP addresses to physical network infrastructure.
Installing
- Add the projectcalico helm repository.
$helm repo add projectcalico https://projectcalico.docs.tigera.io/charts - Create the tigera-operator namespace.
$kubectl create namespace tigera-operator - Install the helm chart into the tigera-operator namespace.
$helm install calico projectcalico/tigera-operator --namespace tigera-operator
Upgrading
Prior to release v3.23, the Calico helm chart itself deployed the tigera-operator namespace and required that the helm release was installed in the default namespace. Newer releases properly defer creation of the tigera-operator namespace to the user and allow installation of the chart into the tigera-operator namespace.
When upgrading from a version of Calico v3.22 or lower to a version of Calico v3.23 or greater, you must complete the following steps to migrate ownership of the helm resources to the new chart location.
Upgrade from Calico versions prior to v3.23.0
- Patch existing resources so that the new chart can assume ownership.
$kubectl patch installation default --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
$kubectl patch apiserver default --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
$kubectl patch podsecuritypolicy tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
$kubectl patch -n tigera-operator deployment tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
$kubectl patch -n tigera-operator serviceaccount tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
$kubectl patch clusterrole tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
$kubectl patch clusterrolebinding tigera-operator tigera-operator --type=merge -p '{"metadata": {"annotations": {"meta.helm.sh/release-namespace": "tigera-operator"}}}'
2. Install the helm chart in the tigera-operator namespace.
$helm install {{site.prodname | downcase}} projectcalico/tigera-operator --version {{site.data.versions[0].title}} --namespace tigera-operator3.
Once the install has succeeded, you can delete any old releases in the default namespace.
$kubectl delete secret -n default -l name=calico,owner=helm --dry-run
Note: The above command uses --dry-run to avoid making changes to your cluster. We recommend reviewing the output and then re-running the command without --dry-run to commit to the changes.
All other upgrades
- Run the helm upgrade:
$helm upgrade {{site.prodname | downcase}} projectcalico/tigera-operatorValues reference
The default values.yaml should be suitable for most basic deployments.
# Image pull secrets to provision for pulling images from private registries.
# This field is a map of desired Secret name to .dockerconfigjson formatted data to use for the secret.
# Populates the `imagePullSecrets` property for all Pods controlled by the `Installation` resource.
imagePullSecrets: {}
# Configures general installation parameters for Calico. Schema is based
# on the operator.tigera.io/Installation API documented
# here: https://projectcalico.docs.tigera.io/reference/installation/api#operator.tigera.io/v1.InstallationSpec
installation:
enabled: true
kubernetesProvider: ""
# Configures general installation parameters for Calico. Schema is based
# on the operator.tigera.io/Installation API documented
# here: https://projectcalico.docs.tigera.io/reference/installation/api#operator.tigera.io/v1.APIServerSpec
apiServer:
enabled: true
# Certificates for communications between calico/node and calico/typha.
# If left blank, will be automatically provisioned.
certs:
node:
key:
cert:
commonName:
typha:
key:
cert:
commonName:
caBundle:
# Resources for the tigera/operator pod itself.
# By default, no resource requests or limits are specified.
resources: {}
# Tolerations for the tigera/operator pod itself.
# By default, will schedule on all possible place.
tolerations:
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
# NodeSelector for the tigera/operator pod itself.
nodeSelector:
kubernetes.io/os: linux
# Custom annotations for the tigera/operator pod itself
podAnnotations: {}
# Custom labels for the tigera/operator pod itself
podLabels: {}
# Configuration for the tigera operator images to deploy.
tigeraOperator:
image: tigera/operator
registry: quay.io
calicoctl:
image: docker.io/calico/ctl'컴퓨터 활용(한글, 오피스 등) > 50_2.운영체제_리눅스' 카테고리의 다른 글
| How to Set Up an NFS Mount on Rocky Linux 9 (0) | 2023.08.04 |
|---|---|
| 리눅스 편리한 기능 (0) | 2023.08.04 |
| Rocky Linux에서 Kubeadm으로 Kubernetes 클러스터를 설치하는 방법 (0) | 2023.08.03 |
| 리눅스 wget curl 차이 (0) | 2023.08.03 |
| Linux에서 PowerShell 시작하기 [초보자 가이드] (0) | 2023.08.03 |
