calico

Calico Ipip 切换为 Vxlan

Calico Ipip to Vxlan

Posted by BlueFat on Tuesday, September 22, 2020

https://projectcalico.docs.tigera.io/getting-started/kubernetes/installation/config-options https://projectcalico.docs.tigera.io/networking/vxlan-ipip

calico_backend: “bird"修改为calico_backend: “vxlan”

$ kubectl edit cm -nkube-system calico-config
calico_backend: vxlan

禁用IP,开启VXLAN,禁止bird-live检查

$ kubectl edit ds calico-node -nkube-system

        - name: CALICO_IPV4POOL_IPIP
          value: Never
        - name: CALICO_IPV4POOL_VXLAN
          value: Always    
          
# 禁止bird-live检查
           livenessProbe:
            exec:
              command:
              - /bin/calico-node
              - -felix-live
             # - -bird-live
          readinessProbe:
            exec:
              command:
              - /bin/calico-node
              # - -bird-ready
              - -felix-ready

设置ipipMode为Never 设置vxlanMode为CrossSubnet

$ kubectl edit ippool/default-ipv4-ippool
...
spec:
  allowedUses:
  - Workload
  - Tunnel
  blockSize: 26
  cidr: 10.233.64.0/18
  ipipMode: Never
  natOutgoing: true
  nodeSelector: all()
  vxlanMode: CrossSubnet

卸载ipip模块就看不到tunl0接口了

ip addr 
3: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/ipip 0.0.0.0 brd 0.0.0.0

modprobe -r ipip

#配置文件 取消加载ipip
cat  /etc/modules-load.d/ipvs.conf 
ip_vs
ip_vs_lc
ip_vs_wlc
ip_vs_rr
ip_vs_wrr
ip_vs_lblc
ip_vs_lblcr
ip_vs_dh
ip_vs_sh
ip_vs_fo
ip_vs_nq
ip_vs_sed
ip_vs_ftp
ip_vs_sh
nf_conntrack
ip_tables
ip_set
xt_set
ipt_set
ipt_rpfilter
ipt_REJECT
#ipip

可看到vxlan.calico

4: kube-ipvs0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default 
    link/ether 9a:f5:de:30:2a:29 brd ff:ff:ff:ff:ff:ff
    inet 10.96.0.1/32 scope global kube-ipvs0
       valid_lft forever preferred_lft forever
    inet 10.96.97.42/32 scope global kube-ipvs0
       valid_lft forever preferred_lft forever
5: cali65b3082b339@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
    link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netns cni-7d63965e-762c-caf6-b439-440138114bd7
    inet6 fe80::ecee:eeff:feee:eeee/64 scope link 
       valid_lft forever preferred_lft forever
8: vxlan.calico: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 66:54:d1:67:d3:6d brd ff:ff:ff:ff:ff:ff
    inet 10.244.32.130/32 scope global vxlan.calico
       valid_lft forever preferred_lft forever
    inet6 fe80::6454:d1ff:fe67:d36d/64 scope link 
       valid_lft forever preferred_lft forever
CATALOG
    FEATURED TAGS
    ansible bash calico containerd docker firewalld flannel grpc https iptables keepalived kernel kubernetes linux lvs mysql network nginx prometheus python rabbitmq rocketmq shell sort ssh tcp tcpdump ubuntu ufw 性能 排序 正则表达式 算法 递归 闭包
    FRIENDS