Configuring Calico

Prerequisites

• BIG-IP is licensed and setup as a cluster.
• The networking setup is already complete.
• The self IP has a portlock down setup to “Allow All” OR add a TCP custom port to the self IP: TCP port 179.

BIG-IP Calico Setup

1. Allow BGP on the default route domain 0 on your BIG-IP systems. Connect to the BIG-IP GUI and go to Network > Route domain. Click on Route Domain 0 and allow BGP. Click Update.

   

2. Connect via SSH on both BIG-IP systems and run the following commands:

   #access the IMI Shell
   imish
   
   #Switch to enable mode
   enable
   
   #Enter configuration mode
   config terminal
   #Setup route bgp with AS Number 64512
   router bgp 64512
   
   #Create BGP Peer group
   neighbor calico-k8s peer-group
   
   #assign peer group as BGP neighbors
   neighbor calico-k8s remote-as 64512
   
   #we need to add all the peers: the other BIG-IP, our k8s components
   neighbor 10.1.20.20 peer-group calico-k8s
   neighbor 10.1.20.21 peer-group calico-k8s
   
   #on BIG-IP1, run
   neighbor 10.1.20.12 peer-group calico-k8s
   
   #on BIG-IP2, run
   neighbor  10.1.20.11 peer-group calico-k8s
   
   #save configuration
   write
   
   #exit
   end
   

3. Review your setup by running the following command:

   show ip bgp neighbors
   

   Note

   Your other BIG-IP should be identified with a router ID and have a BGP state of Active. The k8s node will not have a router ID since BGP has not already been setup on those nodes.

Kubernetes Calico Setup

1. Retrieve the calicoctl binary on the Master node (not root):

   curl -O -L https://github.com/projectcalico/calicoctl/releases/download/v3.10.0/calicoctl
   chmod +x calicoctl
   sudo mv calicoctl /usr/local/bin
   

2. Set up calicoctl:

   sudo mkdir /etc/calico
   

3. Create a file /etc/calico/calicoctl.cfg with your preferred editor (you will need sudo privileges). This file should contain the following:

   apiVersion: projectcalico.org/v3
   kind: CalicoAPIConfig
   metadata:
   spec:
   datastoreType: "kubernetes"
   kubeconfig: "/home/ubuntu/config"
   

   Note

   You may have to change the path specified by the kubeconfig parameter based on the user you use to run the kubectl command.

4. To verify that calicoctl is properly set up, run the following command:

   calicoctl get nodes
   

5. Setup the Calico/BGP configuration on the Master node by running the following command:

   cat << EOF | calicoctl create -f -
   apiVersion: projectcalico.org/v3
   kind: BGPConfiguration
   metadata:
   name: default
   spec:
   logSeverityScreen: Info
   nodeToNodeMeshEnabled: true
   asNumber: 64512
   EOF
   

6. Set up the BIG-IP BGP peers by replacing the peerIP value with the IP of your BIG-IP systems:

   cat << EOF | calicoctl create -f -
   apiVersion: projectcalico.org/v3
   kind: BGPPeer
   metadata:
   name: bgppeer-global-bigip1
   spec:
   peerIP: 10.1.20.11
   asNumber: 64512
   EOF
   

   cat << EOF | calicoctl create -f -
   apiVersion: projectcalico.org/v3
   kind: BGPPeer
   metadata:
   name: bgppeer-global-bigip2
   spec:
   peerIP: 10.1.20.12
   asNumber: 64512
   EOF
   

7. Review your setup by running the following command:

   calicoctl get bgpPeer
   

Note

To provide feedback on Container Ingress Services or this documentation, you can file a GitHub Issue.