Configuring Calico¶
Prerequisites¶
- BIG-IP is licensed and setup as a cluster.
- The networking setup is already complete.
- The self IP has a portlock down setup to “Allow All” OR add a TCP custom port to the self IP: TCP port 179.
BIG-IP Calico Setup¶
Allow BGP on the default route domain 0 on your BIG-IP systems. Connect to the BIG-IP GUI and go to Network > Route domain. Click on Route Domain
0
and allow BGP. Click Update.Connect via SSH on both BIG-IP systems and run the following commands:
#access the IMI Shell imish #Switch to enable mode enable #Enter configuration mode config terminal #Setup route bgp with AS Number 64512 router bgp 64512 #Create BGP Peer group neighbor calico-k8s peer-group #assign peer group as BGP neighbors neighbor calico-k8s remote-as 64512 #we need to add all the peers: the other BIG-IP, our k8s components neighbor 10.1.20.20 peer-group calico-k8s neighbor 10.1.20.21 peer-group calico-k8s #on BIG-IP1, run neighbor 10.1.20.12 peer-group calico-k8s #on BIG-IP2, run neighbor 10.1.20.11 peer-group calico-k8s #save configuration write #exit end
Review your setup by running the following command:
show ip bgp neighbors
Note
Your other BIG-IP should be identified with a router ID and have a BGP state of Active. The k8s node will not have a router ID since BGP has not already been setup on those nodes.
Kubernetes Calico Setup¶
Retrieve the
calicoctl
binary on the Master node (not root):curl -O -L https://github.com/projectcalico/calicoctl/releases/download/v3.10.0/calicoctl chmod +x calicoctl sudo mv calicoctl /usr/local/bin
Set up
calicoctl
:sudo mkdir /etc/calico
Create a file /etc/calico/calicoctl.cfg with your preferred editor (you will need sudo privileges). This file should contain the following:
apiVersion: projectcalico.org/v3 kind: CalicoAPIConfig metadata: spec: datastoreType: "kubernetes" kubeconfig: "/home/ubuntu/config"
Note
You may have to change the path specified by the kubeconfig parameter based on the user you use to run the kubectl command.
To verify that
calicoctl
is properly set up, run the following command:calicoctl get nodes
Setup the Calico/BGP configuration on the Master node by running the following command:
cat << EOF | calicoctl create -f - apiVersion: projectcalico.org/v3 kind: BGPConfiguration metadata: name: default spec: logSeverityScreen: Info nodeToNodeMeshEnabled: true asNumber: 64512 EOF
Set up the BIG-IP BGP peers by replacing the
peerIP
value with the IP of your BIG-IP systems:cat << EOF | calicoctl create -f - apiVersion: projectcalico.org/v3 kind: BGPPeer metadata: name: bgppeer-global-bigip1 spec: peerIP: 10.1.20.11 asNumber: 64512 EOF
cat << EOF | calicoctl create -f - apiVersion: projectcalico.org/v3 kind: BGPPeer metadata: name: bgppeer-global-bigip2 spec: peerIP: 10.1.20.12 asNumber: 64512 EOF
Review your setup by running the following command:
calicoctl get bgpPeer
Note
To provide feedback on Container Ingress Services or this documentation, you can file a GitHub Issue.