Creating Calico-enabled Cluster with Platform9 Managed Kubernetes
Platform9 Managed Kubernetes integrates with Calico for pod-to-pod communication in Kubernetes clusters.
Calico is a Cluster Network Interface (CNI) plugin that can be used for Kubernetes networking.
Once Calico has been installed, you can create network policy on Kubernetes to define the incoming and outgoing network traffic.
Let us look at how Calico integrates with Kubernetes, before we understand how to enable Calico integration during cluster creation for Platform9 Managed Kubernetes.
Integration with Calico
Calico is a Layer 3 based networking solution that is used to interconnect virtual machines or Linux containers with the help of virtual routers. For more information on Calico, refer to Project Calico website.
Calico is installed within the Kubernetes environment.
calico-node run as pods on the Kubernetes nodes.
As Calico is a Layer 3 solution, it is not required to have an overlay network to be able to integrate with a Calico network.
Calico uses iptables and route table to route traffic between Kubernetes nodes.
You can configure a network policy to define security settings for Kubernetes pods, with the
NetworkPolicy Resource in Kubernetes.
Following is an example of a
NetworkPolicy file. (source: Kubernetes documentation)
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: default spec: podSelector: matchLabels: role: db policyTypes: - Ingress - Egress ingress: - from: - ipBlock: cidr: 172.17.0.0/16 except: - 172.17.1.0/24 - namespaceSelector: matchLabels: project: myproject - podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 6379 egress: - to: - ipBlock: cidr: 10.0.0.0/24 ports: - protocol: TCP port: 5978
Platform9 Managed Kubernetes uses the default upstream settings that are specified in Calico networking manifest, calico.yaml.
The following prerequisites must be met to be able to use Calico with a Kubernetes cluster.
- The VM or container running the Kubernetes cluster must have one of the following Linux-based operating system versions in order to run Calico.
- Ubuntu 16.04 or above
- CentOS 7 or above
- The following ports must be open on the nodes.
- 4001 (TCP)
- 2380 (for etcd communication)
- IP-in-IP protocol must be enabled if security rules have been configured on the firewall. Additionally, the firewall must allow IP-in-IP traffic.
- Contact Platform9 support to enable Kubernetes networking on your Platform9 Managed Kubernetes setup, before you can create a cluster having an integration with a network backend like Calico.
Create Calico-enabled Cluster
While creating the cluster, under Network Configuration, select Calico as the network backend.
To create a cluster, follow the steps in Create Multi-master, Highly Available Kubernetes Clusters.