“This is the 10th day of my participation in the November Gwen Challenge. See details of the event: The Last Gwen Challenge 2021”.
This article will introduce the use of the Calicoctl command tool
The installation
Calicoctl tool, installed in the host in binary command mode
curl -o calicoctl -O -L "https://github.com/projectcalico/calicoctl/releases/download/v3.20.0/calicoctl"
mv calicoctl /usr/local/bin
chmod +x calicoctl
Copy the codeNote that the versions must be consistent, otherwise they cannot be used
use
Viewing the Node List
Calicoctl get node -o yamlCopy the code
Viewing Node Status
calicoctl node status
Copy the codeIn node-to-Node mesh mode, all nodes are in up state and routed connections are established
The node to check
Check whether all modules and kernels of the current node meet calico installation requirements
calicoctl node checksystem
Copy the code
Nodes in the diagnosis of
After the diagnostic command is executed, system and Calico logs are collected and output to a file
calicoctl node diags
Copy the codeThis command returns an error, but the collected logs are actually fine. You can directly view the diagnostic logs in the red box directory
Check the IP pool
calicoctl get ippool
Copy the codeIn the initial K8S cluster, there is no specified CDIR network segment, which is 192.168.0.0/16 by default. In addition, ipIP mode, NAT egress are enabled, and VXLAN virtual subnet mode is disabled
ipam
Ipam is an IP management module of Calico
View the total number of IP addresses and the details about assigned IP addresses
calicoctl ipam show
Copy the code
View the current details of ipAM
calicoctl ipam check
Copy the code
Ipam network management configuration
To release IP addresses, only the IP addresses that are not used are released. Use this command with caution
calicoctl ipam release --ip=192.1681.2.
Copy the codeAllow IP address Borrowing
calicoctl ipam configure --strictaffinity=true
Copy the codeNetwork Resource Management
Create a new network
Because calico was created by default when we installed it, it didn’t need to be touched, and there was almost no human intervention
calicoctl create -f xxx.json
Copy the codeView network resource information
Filter out resources created by Calico
calicoctl get profile | grep calico
Copy the codeViewing Resource Details
calicoctl get profile projectcalico-default-allow -o json
Copy the codeReplacing Network Resources
Update resources that have been created. Do not modify resources before they are configured
calicoctl replace -f xxxx2.json
Copy the codeapply
Combines the create and replace commands. Create when there are no resources, replace when there are resources. Similar to Kubectl’s Appley technology
Deleting Network Resources
With caution, the command may crash the cluster
calicoctl delete profile xxxxxx
Copy the codeLook at the get
The get command can view all valid resources except node,profile, etc. If the resource is not created, the return is null
Metadata Backup
Before backing up data, the configuration file corresponding to Calicoctl must be available. In addition, lock the configuration file when exporting or importing data. Unlock the configuration file after exporting or importing data successfully.
Calicoctl default configuration file: / etc/calico/calicoctl CFG, but we are in the binary installation, in fact is not. You need to create your own
Configuration file Examples
Modify the certificate based on the certificate path
apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
etcdEndpoints: https://etcd1:2379,https://etcd2:2379,https://etcd3:2379
etcdKeyFile: /etc/calico/key.pem
etcdCertFile: /etc/calico/cert.pem
etcdCACertFile: /etc/calico/ca.pem
Copy the codeExport data
calicoctl datastore migrate lock
calicoctl datastore migrate export
calicoctl datastore migrate unlock
Copy the codeData import
calicoctl datastore migrate lock
calicoctl datastore migrate import
calicoctl datastore migrate unlock
Copy the code