Appendix 8: Replace Flannel w/ Calico

This appendix will walk through the steps to replace Flannel with Calico.

Expected time to complete: 15 minutes

Via RDP connect to the UDF lab “jumpbox” host.

Note

Username and password are: ubuntu/ubuntu

On the jumphost open a terminal and start an SSH session with kube-master1.

../../_images/start-term.png 
# If directed to, accept the authenticity of the host by typing "yes" and hitting Enter to continue.

ssh kube-master1
../../_images/sshtokubemaster1.png

Remove Flannel

  1. Show running Flannel pods

    kubectl get pods -n kube-system
    ../../_images/getpods.png

  2. Remove Flannel

    kubectl delete -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml

  3. Validate Flannel pods are removed. (Run previous kubectl command)

    kubectl get pods -n kube-system
    ../../_images/noflannelpods.png

    Note

    Run this command several times until you no longer see the “kube-flannel” pods.

  4. Cleanup CIS deployment file.

    Note

    This step can be skipped but several errors will appear in the CIS pod log.

    vim ~/agilitydocs/docs/class1/kubernetes/cluster-deployment.yaml

    Remove “–flannel-name=k8s-tunnel” from the bottom of the file. Be sure to remove the “,” on the line above the removed the line. After editing the file should look like the following:

    ../../_images/newclusterdeployment.png

Install Calico

  1. Change local directory to the lab calico dir.

    cd ~/agilitydocs/docs/class1/kubernetes/calico

  2. Download calico manifest

    curl https://docs.projectcalico.org/manifests/calico.yaml -O

  3. Modify the manifest with proper POD CIDR

    Important

    This lab was built with Flannel and the default POD CIDR of 10.244.0.0/16. The calico.yaml manifest uses 192.168.0.0/16 so has to be adjusted.

    vim calico.yaml

    Note

    If unfamiliar with VI the instructor will walk you through the commands.

    Find the “CALICO__IPV4POOL_CIDR variable and uncomment the two lines as shown below. Replacing “192.168.0.0/16” with “10.244.0.0/16”

    ../../_images/updatecidr.png

  4. Start Calico on the cluster

    kubectl apply -f calico.yaml

  5. Validate Calico pods are installed and running

    kubectl get pods -n kube-system
    ../../_images/calicopods.png

Install calicoctl

  1. Retrieve the calicoctl binary

    curl -O -L https://github.com/projectcalico/calicoctl/releases/download/v3.15.1/calicoctl

chmod +x calicoctl

sudo mv calicoctl /usr/local/bin

  2. Copy the the calicoctl.cfg file to /etc/calico/

    1apiVersion: projectcalico.org/v3
2kind: CalicoAPIConfig
3metadata:
4spec:
5  datastoreType: "kubernetes"
6  kubeconfig: "/home/ubuntu/.kube/config"

    sudo mkdir /etc/calico

sudo cp calicoctl.cfg /etc/calico/

  3. Verify calicoctl is properly set up

    calicoctl get nodes
    ../../_images/caligetnodes.png

  4. Set up the Calico BGP config

    1apiVersion: projectcalico.org/v3
2kind: BGPConfiguration
3metadata:
4  name: default
5spec:
6  logSeverityScreen: Info
7  nodeToNodeMeshEnabled: true
8  asNumber: 64512

    calicoctl create -f caliconf.yaml

  5. Set up the BIG-IP BGP peer

    1apiVersion: projectcalico.org/v3
2kind: BGPPeer
3metadata:
4  name: bgppeer-global-bigip1
5spec:
6  peerIP: 10.1.1.4
7  asNumber: 64512

    calicoctl create -f calipeer.yaml

  6. Verify setup

    calicoctl get bgpPeer

  7. Change dir back to working lab directory

    Note

    The necessary kubernetes lab files can be found in this directory.

    cd ..

# or

cd ~/agilitydocs/docs/class1/kubernetes/

Confgure BIG-IP for Calico

Open firefox and connect to bigip1 management console. For your convenience there’s a shortcut on the firefox toolbar.

Note

Username and password are: admin/admin

  1. Enable BGP on route domain 0

    1. Connect to the BIG-IP GUI and go to Network ‣ Route Domains
    2. Click on “0” to open route domain 0
    3. Under Dynamic Routing Protocols, move “BGP” from Available to Enabled
    4. Click Update
    ../../_images/enablebgp.png

  2. Open a new terminal tab and SSH to BIG-IP

    # If directed to, accept the authenticity of the host by typing "yes" and hitting Enter to continue.

# passwd = admin

ssh admin@10.1.1.4

  3. Configure BGP

    #access the IMI Shell
imish

#Switch to enable mode
enable

#Enter configuration mode
config terminal
#Setup route bgp with AS Number 64512
router bgp 64512

#Create BGP Peer group
neighbor calico-k8s peer-group

#assign peer group as BGP neighbors
neighbor calico-k8s remote-as 64512

#we need to add all the peers: the other BIG-IP, our k8s components
neighbor 10.1.1.7 peer-group calico-k8s
neighbor 10.1.1.8 peer-group calico-k8s
neighbor 10.1.1.9 peer-group calico-k8s

#on BIG-IP 1, run
neighbor 10.1.1.24 peer-group calico-k8s

#on BIG-IP 2, run
neighbor  10.1.1.4 peer-group calico-k8s

#save configuration
write

#exit
end

  4. Verify BGP is running

    show ip bgp neighbors

  5. Check BIG-IP routes

    exit # Exit Zebos first

route
    ../../_images/routes.png