calicoctl和kubectl一样它是在k8s集群之外运行的。为了避免以后在所有的节点上都安装,我们也可以将其以pod的方式运行在所有节点之上。

安装链接:https://docs.projectcalico.org/getting-started/clis/calicoctl/install

calicoctl工具的安装方法有以下几种:

  • Install calicoctl as a binary on a single host
  • Install calicoctl as a kubectl plugin on a single host
  • Install calicoctl as a container on a single host
  • Install calicoctl as a Kubernetes pod

插件方式安装calicoctl工具

1.下载calicoctl

1
root@k8s-master01:~# curl -o kubectl-calico -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.0/calicoctl"

2.将文件移动到/usr/bin目录下并添加执行权限

1
2
root@k8s-master01:~# cp kubectl-calico /usr/bin/kubectl-calico
root@k8s-master01:~# chmod +x /usr/bin/kubectl-calico

3.calicoctl工具已经可以使用了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
root@k8s-master01:~# kubectl calico -h
Usage:
  kubectl-calico [options] <command> [<args>...]

    create       Create a resource by file, directory or stdin.
    replace      Replace a resource by file, directory or stdin.
    apply        Apply a resource by file, directory or stdin.  This creates a resource
                 if it does not exist, and replaces a resource if it does exists.
    patch        Patch a pre-exisiting resource in place.
    delete       Delete a resource identified by file, directory, stdin or resource type and
                 name.
    get          Get a resource identified by file, directory, stdin or resource type and
                 name.
    label        Add or update labels of resources.
    convert      Convert config files between different API versions.
    ipam         IP address management.
    node         Calico node management.
    version      Display the version of this binary.
    export       Export the Calico datastore objects for migration
    import       Import the Calico datastore objects for migration
    datastore    Calico datastore management.

Options:
  -h --help                 Show this screen.
  -l --log-level=<level>    Set the log level (one of panic, fatal, error,
                            warn, info, debug) [default: panic]
  --context=<context>       The name of the kubeconfig context to use.
  --allow-version-mismatch  Allow client and cluster versions mismatch.

Description:
  The calico kubectl plugin is used to manage Calico network and security
  policy, to view and manage endpoint configuration, and to manage a Calico
  node instance.

  See 'kubectl-calico <command> --help' to read about a specific subcommand.

calicoctl是用来管理calico自己引入的API资源的。calicoctl使用来专门操作API Server或etcd中与自己状态相关的数据的命令行工具。

calicoctl配置文件

calicoctl与API Server通信时是需要kubeconfig文件的,所以需要为其提供kubeconfig配置文件,当其作为kubectl的插件运行时,系统会默认读取kubectl的配置文件。

官方文档:https://docs.projectcalico.org/getting-started/clis/calicoctl/configure/

calico的配置文件默认在/etc/calico目录下,需要手动创建

1
2
3
4
5
6
7
8
9
10
11
root@k8s-master01:~# mkdir /etc/calico
root@k8s-master01:~# cd /etc/calico

# 在此目录下创建一个calicoctl.cfg的配置文件,再其内部申明后端存储类型,和kubeconfig的文件路径。
root@k8s-master01:/etc/calico# vim calicoctl.cfg
apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
  datastoreType: "kubernetes"    # 此处申明后端存储为kubernetes
  kubeconfig: "/root/.kube/config"   # 因为后端存储为k8s,所以需要kubeconfig文件来指明k8s集群地址已经认证信息。

calicoctl使用

get子命令

1.get nodes

1
2
3
4
5
6
7
8
root@k8s-master01:/etc/calico# kubectl calico get nodes
NAME
k8s-master01
k8s-node01
k8s-node02
k8s-node03

# calico 也能使用get nodes此处的nodes并非k8s节点,而是calico的资源

2.获取地址池

1
2
3
4
5
6
7
# 此前使用kubectl get ippools -o yaml来获取,现在直接使用以下命令即可
root@k8s-master01:~# kubectl calico get ippool
NAME                  CIDR             SELECTOR
default-ipv4-ippool   192.168.0.0/16   all()

# calico支持多个地址池,当一个地址池用完时,可以增加一个地址池
# 只不过跨网段通信略微麻烦

3.查看指定地址池的资源抽象信息

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
root@k8s-master01:~# kubectl calico get ippool -o yaml
apiVersion: projectcalico.org/v3
items:
- apiVersion: projectcalico.org/v3
  kind: IPPool
  metadata:
    creationTimestamp: "2021-08-06T06:00:24Z"
    name: default-ipv4-ippool
    resourceVersion: "6789"
    uid: 943b85b2-9759-49ce-8f73-78f1f3f8a111
  spec:
    blockSize: 24
    cidr: 192.168.0.0/16
    ipipMode: Always
    natOutgoing: true
    nodeSelector: all()
    vxlanMode: Never
kind: IPPoolList
metadata:
  resourceVersion: "7984"

ipam子命令

1.查看地址分配信息

1
2
3
4
5
6
root@k8s-master01:~# kubectl calico ipam show
+----------+----------------+-----------+------------+--------------+
| GROUPING |      CIDR      | IPS TOTAL | IPS IN USE |   IPS FREE   |
+----------+----------------+-----------+------------+--------------+
| IP Pool  | 192.168.0.0/16 |     65536 | 7 (0%)     | 65529 (100%) |
+----------+----------------+-----------+------------+--------------+

2.查看每个节点上的地址分配信息

1
2
3
4
5
6
7
8
9
10
root@k8s-master01:~# kubectl calico ipam show --show-blocks
+----------+------------------+-----------+------------+--------------+
| GROUPING |       CIDR       | IPS TOTAL | IPS IN USE |   IPS FREE   |
+----------+------------------+-----------+------------+--------------+
| IP Pool  | 192.168.0.0/16   |     65536 | 7 (0%)     | 65529 (100%) |
| Block    | 192.168.130.0/24 |       256 | 3 (1%)     | 253 (99%)    |
| Block    | 192.168.131.0/24 |       256 | 2 (1%)     | 254 (99%)    |
| Block    | 192.168.30.0/24  |       256 | 1 (0%)     | 255 (100%)   |
| Block    | 192.168.96.0/24  |       256 | 1 (0%)     | 255 (100%)   |
+----------+------------------+-----------+------------+--------------+

3.查看ipam配置信息

1
2
3
4
5
6
7
8
root@k8s-master01:~# kubectl calico ipam show --show-configuration
+--------------------+-------+
|      PROPERTY      | VALUE |
+--------------------+-------+
| StrictAffinity     | false |			# pod被重建后是否使用原有地址
| AutoAllocateBlocks | true  |			# 是否支持自动分配地址
| MaxBlocksPerHost   |     0 |
+--------------------+-------+