1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
| # 安装 Pod 网络附加组件 calico
## 在线安装最新版 calico
mkdir -p /data/calico/
cd /data/calico/
helm repo add projectcalico https://docs.tigera.io/calico/charts
helm search repo tigera-operator
helm show values projectcalico/tigera-operator --version v3.28.1
helm pull projectcalico/tigera-operator --version v3.28.1
tar xf tigera-operator-v3.28.1.tgz
cat <<EOF | tee /data/calico/tigera-operator/values.yaml
# imagePullSecrets is a special helm field which, when specified, creates a secret
# containing the pull secret which is used to pull all images deployed by this helm chart and the resulting operator.
# this field is a map where the key is the desired secret name and the value is the contents of the imagePullSecret.
#
# Example: --set-file imagePullSecrets.gcr=./pull-secret.json
imagePullSecrets: {}
installation:
enabled: true
kubernetesProvider: ""
calicoNetwork:
ipPools:
- cidr: 10.244.0.0/16
# imagePullSecrets are configured on all images deployed by the tigera-operator.
# secrets specified here must exist in the tigera-operator namespace; they won't be created by the operator or helm.
# imagePullSecrets are a slice of LocalObjectReferences, which is the same format they appear as on deployments.
#
# Example: --set installation.imagePullSecrets[0].name=my-existing-secret
imagePullSecrets: []
apiServer:
enabled: true
defaultFelixConfiguration:
enabled: false
certs:
node:
key:
cert:
commonName:
typha:
key:
cert:
commonName:
caBundle:
# Resource requests and limits for the tigera/operator pod.
resources: {}
# Tolerations for the tigera/operator pod.
tolerations:
- effect: NoExecute
operator: Exists
- effect: NoSchedule
operator: Exists
# NodeSelector for the tigera/operator pod.
nodeSelector:
kubernetes.io/os: linux
# Affinity for the tigera/operator pod.
affinity: {}
# PriorityClassName for the tigera/operator pod.
priorityClassName: ""
# Custom annotations for the tigera/operator pod.
podAnnotations: {}
# Custom labels for the tigera/operator pod.
podLabels: {}
# Image and registry configuration for the tigera/operator pod.
tigeraOperator:
image: tigera/operator
version: v1.34.3
registry: quay.io
calicoctl:
image: docker.io/calico/ctl
tag: v3.28.1
kubeletVolumePluginPath: /var/lib/kubelet
# Optionally configure the host and port used to access the Kubernetes API server.
kubernetesServiceEndpoint:
host: ""
port: "6443"
EOF
helm upgrade --install --debug --dry-run \
--namespace tigera-operator \
--create-namespace \
calico ./tigera-operator
# ctr 导出镜像
mkdir -p /data/images/calico/
cd /data/images/calico/
ctr -n k8s.io images ls | awk '{print $1}' | grep -v '^sha256:' | grep -v '@sha256:'
ctr -n k8s.io images ls | grep calico | awk '{print $1}' | grep v3.28.1
ctr -n k8s.io images export calico-apiserver-v3.28.1.tar docker.io/calico/apiserver:v3.28.1 --platform linux/amd64
ctr -n k8s.io images export calico-cni-v3.28.1.tar docker.io/calico/cni:v3.28.1 --platform linux/amd64
ctr -n k8s.io images export calico-csi-v3.28.1.tar docker.io/calico/csi:v3.28.1 --platform linux/amd64
ctr -n k8s.io images export calico-kube-controllers-v3.28.1.tar docker.io/calico/kube-controllers:v3.28.1 --platform linux/amd64
ctr -n k8s.io images export calico-node-driver-registrar-v3.28.1.tar docker.io/calico/node-driver-registrar:v3.28.1 --platform linux/amd64
ctr -n k8s.io images export calico-node-v3.28.1.tar docker.io/calico/node:v3.28.1 --platform linux/amd64
ctr -n k8s.io images export calico-pod2daemon-flexvol-v3.28.1.tar docker.io/calico/pod2daemon-flexvol:v3.28.1 --platform linux/amd64
ctr -n k8s.io images export calico-typha-v3.28.1.tar docker.io/calico/typha:v3.28.1 --platform linux/amd64
ctr -n k8s.io images ls | grep tigera | awk '{print $1}' | grep v1.34.3
ctr -n k8s.io images export tigera-operator-v1.34.3.tar quay.io/tigera/operator:v1.34.3 --platform linux/amd64
# ctr 导入镜像
ctr -n k8s.io images import calico-apiserver-v3.28.1.tar --platform linux/amd64
ctr -n k8s.io images import calico-cni-v3.28.1.tar --platform linux/amd64
ctr -n k8s.io images import calico-csi-v3.28.1.tar --platform linux/amd64
ctr -n k8s.io images import calico-kube-controllers-v3.28.1.tar --platform linux/amd64
ctr -n k8s.io images import calico-node-driver-registrar-v3.28.1.tar --platform linux/amd64
ctr -n k8s.io images import calico-node-v3.28.1.tar --platform linux/amd64
ctr -n k8s.io images import calico-pod2daemon-flexvol-v3.28.1.tar --platform linux/amd64
ctr -n k8s.io images import calico-typha-v3.28.1.tar --platform linux/amd64
ctr -n k8s.io images import tigera-operator-v1.34.3.tar --platform linux/amd64
helm upgrade --install \
--namespace tigera-operator \
--create-namespace \
calico ./tigera-operator
watch kubectl get pods -n tigera-operator
watch kubectl get pods -n calico-system
helm -n tigera-operator list
helm -n tigera-operator uninstall calico
|