You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

163 lines
4.2 KiB

  1. Calico
  2. ===========
  3. Check if the calico-node container is running
  4. ```
  5. docker ps | grep calico
  6. ```
  7. The **calicoctl** command allows to check the status of the network workloads.
  8. * Check the status of Calico nodes
  9. ```
  10. calicoctl node status
  11. ```
  12. or for versions prior *v1.0.0*:
  13. ```
  14. calicoctl status
  15. ```
  16. * Show the configured network subnet for containers
  17. ```
  18. calicoctl get ippool -o wide
  19. ```
  20. or for versions prior *v1.0.0*:
  21. ```
  22. calicoctl pool show
  23. ```
  24. * Show the workloads (ip addresses of containers and their located)
  25. ```
  26. calicoctl get workloadEndpoint -o wide
  27. ```
  28. and
  29. ```
  30. calicoctl get hostEndpoint -o wide
  31. ```
  32. or for versions prior *v1.0.0*:
  33. ```
  34. calicoctl endpoint show --detail
  35. ```
  36. ##### Optional : Define network backend
  37. In some cases you may want to define Calico network backend. Allowed values are 'bird', 'gobgp' or 'none'. Bird is a default value.
  38. To re-define you need to edit the inventory and add a group variable `calico_network_backend`
  39. ```
  40. calico_network_backend: none
  41. ```
  42. ##### Optional : BGP Peering with border routers
  43. In some cases you may want to route the pods subnet and so NAT is not needed on the nodes.
  44. For instance if you have a cluster spread on different locations and you want your pods to talk each other no matter where they are located.
  45. The following variables need to be set:
  46. `peer_with_router` to enable the peering with the datacenter's border router (default value: false).
  47. you'll need to edit the inventory and add a and a hostvar `local_as` by node.
  48. ```
  49. node1 ansible_ssh_host=95.54.0.12 local_as=xxxxxx
  50. ```
  51. ##### Optional : Define global AS number
  52. Optional parameter `global_as_num` defines Calico global AS number (`/calico/bgp/v1/global/as_num` etcd key).
  53. It defaults to "64512".
  54. ##### Optional : BGP Peering with route reflectors
  55. At large scale you may want to disable full node-to-node mesh in order to
  56. optimize your BGP topology and improve `calico-node` containers' start times.
  57. To do so you can deploy BGP route reflectors and peer `calico-node` with them as
  58. recommended here:
  59. * https://hub.docker.com/r/calico/routereflector/
  60. * http://docs.projectcalico.org/v2.0/reference/private-cloud/l3-interconnect-fabric
  61. You need to edit your inventory and add:
  62. * `calico-rr` group with nodes in it. At the moment it's incompatible with
  63. `kube-node` due to BGP port conflict with `calico-node` container. So you
  64. should not have nodes in both `calico-rr` and `kube-node` groups.
  65. * `cluster_id` by route reflector node/group (see details
  66. [here](https://hub.docker.com/r/calico/routereflector/))
  67. Here's an example of Kargo inventory with route reflectors:
  68. ```
  69. [all]
  70. rr0 ansible_ssh_host=10.210.1.10 ip=10.210.1.10
  71. rr1 ansible_ssh_host=10.210.1.11 ip=10.210.1.11
  72. node2 ansible_ssh_host=10.210.1.12 ip=10.210.1.12
  73. node3 ansible_ssh_host=10.210.1.13 ip=10.210.1.13
  74. node4 ansible_ssh_host=10.210.1.14 ip=10.210.1.14
  75. node5 ansible_ssh_host=10.210.1.15 ip=10.210.1.15
  76. [kube-master]
  77. node2
  78. node3
  79. [etcd]
  80. node2
  81. node3
  82. node4
  83. [kube-node]
  84. node2
  85. node3
  86. node4
  87. node5
  88. [k8s-cluster:children]
  89. kube-node
  90. kube-master
  91. [calico-rr]
  92. rr0
  93. rr1
  94. [rack0]
  95. rr0
  96. rr1
  97. node2
  98. node3
  99. node4
  100. node5
  101. [rack0:vars]
  102. cluster_id="1.0.0.1"
  103. ```
  104. The inventory above will deploy the following topology assuming that calico's
  105. `global_as_num` is set to `65400`:
  106. ![Image](figures/kargo-calico-rr.png?raw=true)
  107. ##### Optional : Define default endpoint to host action
  108. By default Calico blocks traffic from endpoints to the host itself by using an iptables DROP action. When using it in kubernetes the action has to be changed to RETURN (default in kargo) or ACCEPT (see https://github.com/projectcalico/felix/issues/660 and https://github.com/projectcalico/calicoctl/issues/1389). Otherwise all network packets from pods (with hostNetwork=False) to services endpoints (with hostNetwork=True) withing the same node are dropped.
  109. To re-define default action please set the following variable in your inventory:
  110. ```
  111. calico_endpoint_to_host_action: "ACCEPT"
  112. ```
  113. Cloud providers configuration
  114. =============================
  115. Please refer to the official documentation, for example [GCE configuration](http://docs.projectcalico.org/v1.5/getting-started/docker/installation/gce) requires a security rule for calico ip-ip tunnels. Note, calico is always configured with ``ipip: true`` if the cloud provider was defined.