Calico provides a scalable networking solution for connecting containers, VMs, or bare metal. Calico provides connectivity using the scalable IP networking principle as a layer 3 approach. Calico can be deployed without overlays or encapsulation. The Calico service should be deployed as a container on each node and provides each container with its own IP address. It also handles all the necessary IP routing, security policy rules, and distribution of routes across a cluster of nodes.
The Calico architecture contains four important components in order to provide a better networking solution:
- Felix, the Calico worker process, is the heart of Calico networking, which primarily routes and provides desired connectivity to and from the workloads on host. It also provides the interface to kernels for outgoing endpoint traffic.
- BIRD, the route distribution open source BGP, exchanges routing information between hosts. The kernel endpoints, which are picked up by BIRD, are distributed to BGP peers in order to provide inter-host routing. Two BIRD processes run in the calico-node container, IPv4 (bird) and one for IPv6 (bird6).
- Confd, a templating process to auto-generate configuration for BIRD, monitors the etcd store for any changes to BGP configuration such as log levels and IPAM information. Confd also dynamically generates BIRD configuration files based on data from etcd and triggers automatically as updates are applied to data. Confd triggers BIRD to load new files whenever a configuration file is changed.
- calicoctl, the command line used to configure and start the Calico service, even allows the datastore (etcd) to define and apply security policy. The tool also provides the simple interface for general management of Calico configuration irrespective of whether Calico is running on VMs, containers, or bare metal. The following commands are supported at calicoctl:
$ calicoctlOverride the host:port of the ETCD server by setting the environment variable ETCD_AUTHORITY [default: 127.0.0.1:2379]Usage: calicoctl <command> [<args>...] status Print current status information node Configure the main calico/node container and establish Calico networking container Configure containers and their addresses profile Configure endpoint profiles endpoint Configure the endpoints assigned to existing containers pool Configure ip-pools bgp Configure global bgp ipam Configure IP address management checksystem Check for incompatibilities on the host system diags Save diagnostic information version Display the version of calicoctl config Configure low-level component configuration See 'calicoctl <command> --help' to read about a specific subcommand.
As per the official GitHub page of the Calico repository (https://github.com/projectcalico/calico-containers), the following integration of Calico exists:
- Calico as a Docker network plugin
- Calico without Docker networking
- Calico with Kubernetes
- Calico with Mesos
- Calico with Docker Swarm
The following figure shows the Calico architecture:
In the following tutorial we will run the manual set up of Calico on a single node machine with Docker 1.9, which finally brings libnetwork out of its experimental version to main release, and Calico can be configured directly without the need of other Docker experimental versions:
- Get the etcd latest release and configure it on the default port 2379:
$ curl -L https://github.com/coreos/etcd/releases/download/v2.2.1/etcd-v2.2.1-linux-amd64.tar.gz -o etcd-v2.2.1-linux-amd64.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 606 0 606 0 0 445 0 --:--:-- 0:00:01 --:--:-- 446 100 7181k 100 7181k 0 0 441k 0 0:00:16 0:00:16 --:--:-- 1387k $ tar xzvf etcd-v2.2.1-linux-amd64.tar.gz etcd-v2.2.1-linux-amd64/ etcd-v2.2.1-linux-amd64/Documentation/ etcd-v2.2.1-linux-amd64/Documentation/04_to_2_snapshot_migration.md etcd-v2.2.1-linux-amd64/Documentation/admin_guide.md etcd-v2.2.1-linux-amd64/Documentation/api.md contd.. etcd-v2.2.1-linux-amd64/etcd etcd-v2.2.1-linux-amd64/etcdctl etcd-v2.2.1-linux-amd64/README-etcdctl.md etcd-v2.2.1-linux-amd64/README.md $ cd etcd-v2.2.1-linux-amd64 $ ./etcd 2016-01-06 15:50:00.065733 I | etcdmain: etcd Version: 2.2.1 2016-01-06 15:50:00.065914 I | etcdmain: Git SHA: 75f8282 2016-01-06 15:50:00.065961 I | etcdmain: Go Version: go1.5.1 2016-01-06 15:50:00.066001 I | etcdmain: Go OS/Arch: linux/amd64 Contd.. 2016-01-06 15:50:00.107972 I | etcdserver: starting server... [version: 2.2.1, cluster version: 2.2] 2016-01-06 15:50:00.508131 I | raft: ce2a822cea30bfca is starting a new election at term 5 2016-01-06 15:50:00.508237 I | raft: ce2a822cea30bfca became candidate at term 6 2016-01-06 15:50:00.508253 I | raft: ce2a822cea30bfca received vote from ce2a822cea30bfca at term 6 2016-01-06 15:50:00.508278 I | raft: ce2a822cea30bfca became leader at term 6 2016-01-06 15:50:00.508313 I | raft: raft.node: ce2a822cea30bfca elected leader ce2a822cea30bfca at term 6 2016-01-06 15:50:00.509810 I | etcdserver: published {Name:default ClientURLs:[http://localhost:2379 http://localhost:4001]} to cluster 7e27652122e8b2ae
- Open the new terminal and configure the Docker daemon with the etcd key-value store by running the following commands:
$ service docker stop $ docker daemon --cluster-store=etcd://0.0.0.0:2379 INFO[0000] [graphdriver] using prior storage driver "aufs" INFO[0000] API listen on /var/run/docker.sock INFO[0000] Firewalld running: false INFO[0015] Default bridge (docker0) is assigned with an IP address 172.16.59.1/24. Daemon option --bip can be used to set a preferred IP address WARN[0015] Your kernel does not support swap memory limit. INFO[0015] Loading containers: start. .....INFO[0034] Skipping update of resolv.conf file with ipv6Enabled: false because file was touched by user INFO[0043] Loading containers: done. INFO[0043] Daemon has completed initialization INFO[0043] Docker daemon commit=a34a1d5 execdriver=native-0.2 graphdriver=aufs version=1.9.1 INFO[0043] GET /v1.21/version INFO[0043] GET /v1.21/version INFO[0043] GET /events INFO[0043] GET /v1.21/version
- Now, in the new terminal, start the Calico container in the following way:
$ ./calicoctl node --libnetwork No IP provided. Using detected IP: 10.22.0.1 Pulling Docker image calico/node:v0.10.0 Calico node is running with id: 79e75fa6d875777d31b8aead10c2712f54485c031df50667edb4d7d7cb6bb26c Pulling Docker image calico/node-libnetwork:v0.5.2 Calico libnetwork driver is running with id: bc7d65f6ab854b20b9b855abab4776056879f6edbcde9d744f218e556439997f $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7bb7a956af37 calico/node-libnetwork:v0.5.2 "./start.sh" 3 minutes ago Up 3 minutes calico-libnetwork 13a0314754d6 calico/node:v0.10.0 "/sbin/start_runit" 3 minutes ago Up 3 minutes calico-node 1f13020cc3a0 weaveworks/plugin:1.4.1 "/home/weave/plugin" 3 days ago Up 3 minutes weaveplugin
- Create the Calico bridge using the
docker networkcommand recently introduced in the Docker CLI:$docker network create –d calico net1 $ docker network ls NETWORK ID NAME DRIVER 9b5f06307cf2 docker_gwbridge bridge 1638f754fbaf host host 02b10aaa25d7 weave weavemesh 65dc3cbcd2c0 bridge bridge f034d78cc423 net1 calico
- Start the
busyboxcontainer connected to the Caliconet1bridge:$docker run --net=net1 -itd --name=container1 busybox 1731629b6897145822f73726194b1f7441b6086ee568e973d8a88b554e838366 $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1731629b6897 busybox "sh" 6 seconds ago Up 5 seconds container1 7bb7a956af37 calico/node-libnetwork:v0.5.2 "./start.sh" 6 minutes ago Up 6 minutes calico-libnetwork 13a0314754d6 calico/node:v0.10.0 "/sbin/start_runit" 6 minutes ago Up 6 minutes calico-node 1f13020cc3a0 weaveworks/plugin:1.4.1 "/home/weave/plugin" 3 days ago Up 6 minutes weaveplugin $ docker attach 1731 / # / # ifconfig cali0 Link encap:Ethernet HWaddr EE:EE:EE:EE:EE:EE inet addr:10.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::ecee:eeff:feee:eeee/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:29 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5774 (5.6 KiB) TX bytes:648 (648.0 B) eth1 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:21 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4086 (3.9 KiB) TX bytes:648 (648.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Inside the container we can see that the container is now connected to the Calico bridge and can connect to the other containers deployed on the same bridge.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.