add calico VXLAN mode, update docs and vars in sample inventory (#5731)
* calico VXLAN mode * check vars if calico backend defined
This commit is contained in:
parent
2c8bcc6722
commit
e60b9f796e
6 changed files with 81 additions and 18 deletions
|
@ -12,55 +12,55 @@ Check if the calico-node container is running
|
||||||
docker ps | grep calico
|
docker ps | grep calico
|
||||||
```
|
```
|
||||||
|
|
||||||
The **calicoctl** command allows to check the status of the network workloads.
|
The **calicoctl.sh** is wrap script with configured acces credentials for command calicoctl allows to check the status of the network workloads.
|
||||||
|
|
||||||
* Check the status of Calico nodes
|
* Check the status of Calico nodes
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
calicoctl node status
|
calicoctl.sh node status
|
||||||
```
|
```
|
||||||
|
|
||||||
or for versions prior to *v1.0.0*:
|
or for versions prior to *v1.0.0*:
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
calicoctl status
|
calicoctl.sh status
|
||||||
```
|
```
|
||||||
|
|
||||||
* Show the configured network subnet for containers
|
* Show the configured network subnet for containers
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
calicoctl get ippool -o wide
|
calicoctl.sh get ippool -o wide
|
||||||
```
|
```
|
||||||
|
|
||||||
or for versions prior to *v1.0.0*:
|
or for versions prior to *v1.0.0*:
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
calicoctl pool show
|
calicoctl.sh pool show
|
||||||
```
|
```
|
||||||
|
|
||||||
* Show the workloads (ip addresses of containers and their located)
|
* Show the workloads (ip addresses of containers and their located)
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
calicoctl get workloadEndpoint -o wide
|
calicoctl.sh get workloadEndpoint -o wide
|
||||||
```
|
```
|
||||||
|
|
||||||
and
|
and
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
calicoctl get hostEndpoint -o wide
|
calicoctl.sh get hostEndpoint -o wide
|
||||||
```
|
```
|
||||||
|
|
||||||
or for versions prior *v1.0.0*:
|
or for versions prior *v1.0.0*:
|
||||||
|
|
||||||
```ShellSession
|
```ShellSession
|
||||||
calicoctl endpoint show --detail
|
calicoctl.sh endpoint show --detail
|
||||||
```
|
```
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
### Optional : Define network backend
|
### Optional : Define network backend
|
||||||
|
|
||||||
In some cases you may want to define Calico network backend. Allowed values are 'bird', 'gobgp' or 'none'. Bird is a default value.
|
In some cases you may want to define Calico network backend. Allowed values are `bird`, `vxlan` or `none`. Bird is a default value.
|
||||||
|
|
||||||
To re-define you need to edit the inventory and add a group variable `calico_network_backend`
|
To re-define you need to edit the inventory and add a group variable `calico_network_backend`
|
||||||
|
|
||||||
|
@ -199,9 +199,29 @@ To re-define health host please set the following variable in your inventory:
|
||||||
calico_healthhost: "0.0.0.0"
|
calico_healthhost: "0.0.0.0"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Config encapsulation for cross server traffic
|
||||||
|
|
||||||
|
Calico supports two types of encapsulation: [VXLAN and IP in IP](https://docs.projectcalico.org/v3.11/networking/vxlan-ipip). VXLAN is supported in some environments where IP in IP is not (for example, Azure).
|
||||||
|
|
||||||
|
*IP in IP* and *VXLAN* is mutualy exclusive modes.
|
||||||
|
|
||||||
|
Configure Ip in Ip mode. Possible values is `Always`, `CrossSubnet`, `Never`.
|
||||||
|
|
||||||
|
```yml
|
||||||
|
calico_ipip_mode: 'Always'
|
||||||
|
```
|
||||||
|
|
||||||
|
Configure VXLAN mode. Possible values is `Always`, `CrossSubnet`, `Never`.
|
||||||
|
|
||||||
|
```yml
|
||||||
|
calico_vxlan_mode: 'Never'
|
||||||
|
```
|
||||||
|
|
||||||
|
If you use VXLAN mode, BGP networking is not required. You can disable BGP to reduce the moving parts in your cluster by `calico_network_backend: vxlan`
|
||||||
|
|
||||||
## Cloud providers configuration
|
## Cloud providers configuration
|
||||||
|
|
||||||
Please refer to the official documentation, for example [GCE configuration](http://docs.projectcalico.org/v1.5/getting-started/docker/installation/gce) requires a security rule for calico ip-ip tunnels. Note, calico is always configured with ``ipip: true`` if the cloud provider was defined.
|
Please refer to the official documentation, for example [GCE configuration](http://docs.projectcalico.org/v1.5/getting-started/docker/installation/gce) requires a security rule for calico ip-ip tunnels. Note, calico is always configured with ``calico_ipip_mode: Always`` if the cloud provider was defined.
|
||||||
|
|
||||||
### Optional : Ignore kernel's RPF check setting
|
### Optional : Ignore kernel's RPF check setting
|
||||||
|
|
||||||
|
|
|
@ -47,6 +47,17 @@
|
||||||
# Set max typha connections
|
# Set max typha connections
|
||||||
# typha_max_connections_lower_limit: 300
|
# typha_max_connections_lower_limit: 300
|
||||||
|
|
||||||
|
# Set calico network backend: "bird", "vxlan" or "none"
|
||||||
|
# bird enable BGP routing, required for ipip mode.
|
||||||
|
# calico_network_backend: bird
|
||||||
|
|
||||||
|
# IP in IP and VXLAN is mutualy exclusive modes.
|
||||||
|
# set IP in IP encapsulation mode: "Always", "CrossSubnet", "Never"
|
||||||
|
# calico_ipip_mode: 'Always'
|
||||||
|
|
||||||
|
# set VXLAN encapsulation mode: "Always", "CrossSubnet", "Never"
|
||||||
|
# calico_vxlan_mode: 'Never'
|
||||||
|
|
||||||
# If you want to use non default IP_AUTODETECTION_METHOD for calico node set this option to one of:
|
# If you want to use non default IP_AUTODETECTION_METHOD for calico node set this option to one of:
|
||||||
# * can-reach=DESTINATION
|
# * can-reach=DESTINATION
|
||||||
# * interface=INTERFACE-REGEX
|
# * interface=INTERFACE-REGEX
|
||||||
|
|
|
@ -9,6 +9,8 @@ calico_ipv4pool_ipip: "Off"
|
||||||
# Use IP-over-IP encapsulation across hosts
|
# Use IP-over-IP encapsulation across hosts
|
||||||
ipip: true
|
ipip: true
|
||||||
ipip_mode: "{{ 'Always' if ipip else 'Never' }}" # change to "CrossSubnet" if you only want ipip encapsulation on traffic going across subnets
|
ipip_mode: "{{ 'Always' if ipip else 'Never' }}" # change to "CrossSubnet" if you only want ipip encapsulation on traffic going across subnets
|
||||||
|
calico_ipip_mode: "{{ ipip_mode }}"
|
||||||
|
calico_vxlan_mode: 'Never'
|
||||||
|
|
||||||
calico_cert_dir: /etc/calico/certs
|
calico_cert_dir: /etc/calico/certs
|
||||||
|
|
||||||
|
|
|
@ -4,10 +4,38 @@
|
||||||
that:
|
that:
|
||||||
- "calico_pool_name is defined"
|
- "calico_pool_name is defined"
|
||||||
- "calico_pool_name is match('^[a-zA-Z0-9-_\\\\.]{2,63}$')"
|
- "calico_pool_name is match('^[a-zA-Z0-9-_\\\\.]{2,63}$')"
|
||||||
- "ipip_mode is defined"
|
msg: "calico_pool_name contains invalid characters"
|
||||||
- "ipip_mode in ['Always', 'CrossSubnet', 'Never']"
|
|
||||||
msg: "Check variable definitions seems something is wrong"
|
- name: "Check calico network backend defined correctly"
|
||||||
run_once: yes
|
assert:
|
||||||
|
that:
|
||||||
|
- "calico_network_backend in ['bird', 'vxlan', 'none']"
|
||||||
|
msg: "calico network backend is not 'bird', 'vxlan' or 'none'"
|
||||||
|
when:
|
||||||
|
- calico_network_backend is defined
|
||||||
|
|
||||||
|
- name: "Check ipip and vxlan mode defined correctly"
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "calico_ipip_mode in ['Always', 'CrossSubnet', 'Never']"
|
||||||
|
- "calico_vxlan_mode in ['Always', 'CrossSubnet', 'Never']"
|
||||||
|
msg: "calico inter host encapsulation mode is not 'Always', 'CrossSubnet' or 'Never'"
|
||||||
|
|
||||||
|
- name: "Check ipip and vxlan mode if simultaneously enabled"
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "calico_vxlan_mode in ['Never']"
|
||||||
|
msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
|
||||||
|
when:
|
||||||
|
- "calico_ipip_mode in ['Always', 'CrossSubnet']"
|
||||||
|
|
||||||
|
- name: "Check ipip and vxlan mode if simultaneously enabled"
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "calico_ipip_mode in ['Never']"
|
||||||
|
msg: "IP in IP and VXLAN mode is mutualy exclusive modes"
|
||||||
|
when:
|
||||||
|
- "calico_vxlan_mode in ['Always', 'CrossSubnet']"
|
||||||
|
|
||||||
- name: "Get current version of calico cluster version"
|
- name: "Get current version of calico cluster version"
|
||||||
shell: "{{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'"
|
shell: "{{ bin_dir }}/calicoctl.sh version | grep 'Cluster Version:' | awk '{ print $3}'"
|
||||||
|
|
|
@ -140,7 +140,8 @@
|
||||||
},
|
},
|
||||||
"spec": {
|
"spec": {
|
||||||
"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
|
"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
|
||||||
"ipipMode": "{{ ipip_mode }}",
|
"ipipMode": "{{ calico_ipip_mode }}",
|
||||||
|
"vxlanMode": "{{ calico_vxlan_mode }}",
|
||||||
"natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} " | {{ bin_dir }}/calicoctl.sh apply -f -
|
"natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} " | {{ bin_dir }}/calicoctl.sh apply -f -
|
||||||
when:
|
when:
|
||||||
- inventory_hostname == groups['kube-master'][0]
|
- inventory_hostname == groups['kube-master'][0]
|
||||||
|
@ -158,7 +159,8 @@
|
||||||
"spec": {
|
"spec": {
|
||||||
"blockSize": "{{ calico_pool_blocksize | default(kube_network_node_prefix) }}",
|
"blockSize": "{{ calico_pool_blocksize | default(kube_network_node_prefix) }}",
|
||||||
"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
|
"cidr": "{{ calico_pool_cidr | default(kube_pods_subnet) }}",
|
||||||
"ipipMode": "{{ ipip_mode }}",
|
"ipipMode": "{{ calico_ipip_mode }}",
|
||||||
|
"vxlanMode": "{{ calico_vxlan_mode }}",
|
||||||
"natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} " | {{ bin_dir }}/calicoctl.sh apply -f -
|
"natOutgoing": {{ nat_outgoing|default(false) and not peer_with_router|default(false) }} }} " | {{ bin_dir }}/calicoctl.sh apply -f -
|
||||||
when:
|
when:
|
||||||
- inventory_hostname == groups['kube-master'][0]
|
- inventory_hostname == groups['kube-master'][0]
|
||||||
|
|
|
@ -15,9 +15,9 @@ data:
|
||||||
# essential.
|
# essential.
|
||||||
typha_service_name: "calico-typha"
|
typha_service_name: "calico-typha"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if calico_network_backend is defined and calico_network_backend == 'none' %}
|
{% if calico_network_backend is defined %}
|
||||||
cluster_type: "kubespray"
|
cluster_type: "kubespray"
|
||||||
calico_backend: "none"
|
calico_backend: "{{ calico_network_backend }}"
|
||||||
{% else %}
|
{% else %}
|
||||||
cluster_type: "kubespray,bgp"
|
cluster_type: "kubespray,bgp"
|
||||||
calico_backend: "bird"
|
calico_backend: "bird"
|
||||||
|
|
Loading…
Reference in a new issue