Appendix 8: Replace Flannel w/ Calico

This appendix will walk through the steps to replace Flannel with Calico.

Expected time to complete: 15 minutes

Via RDP connect to the UDF lab “jumpbox” host.


Username and password are: ubuntu/ubuntu

On the jumphost open a terminal and start an SSH session with kube-master1.

# If directed to, accept the authenticity of the host by typing "yes" and hitting Enter to continue.

ssh kube-master1

Remove Flannel

  1. Show running Flannel pods

    kubectl get pods -n kube-system
  2. Remove Flannel

    kubectl delete -f
  3. Validate Flannel pods are removed. (Run previous kubectl command)

    kubectl get pods -n kube-system


    Run this command several times until you no longer see the “kube-flannel” pods.

  4. Cleanup CIS deployment file.


    This step can be skipped but several errors will appear in the CIS pod log.

    vim ~/agilitydocs/docs/class1/kubernetes/cluster-deployment.yaml

    Remove “–flannel-name=k8s-tunnel” from the bottom of the file. Be sure to remove the “,” on the line above the removed the line. After editing the file should look like the following:


Install Calico

  1. Change local directory to the lab calico dir.

    cd ~/agilitydocs/docs/class1/kubernetes/calico
  2. Download calico manifest

    curl -O
  3. Modify the manifest with proper POD CIDR


    This lab was built with Flannel and the default POD CIDR of The calico.yaml manifest uses so has to be adjusted.

    vim calico.yaml


    If unfamiliar with VI the instructor will walk you through the commands.

    Find the “CALICO__IPV4POOL_CIDR variable and uncomment the two lines as shown below. Replacing “” with “”

  4. Start Calico on the cluster

    kubectl apply -f calico.yaml
  5. Validate Calico pods are installed and running

    kubectl get pods -n kube-system

Install calicoctl

  1. Retrieve the calicoctl binary

    curl -O -L
    chmod +x calicoctl
    sudo mv calicoctl /usr/local/bin
  2. Copy the the calicoctl.cfg file to /etc/calico/

    2kind: CalicoAPIConfig
    5  datastoreType: "kubernetes"
    6  kubeconfig: "/home/ubuntu/.kube/config"
    sudo mkdir /etc/calico
    sudo cp calicoctl.cfg /etc/calico/
  3. Verify calicoctl is properly set up

    calicoctl get nodes
  4. Set up the Calico BGP config

    2kind: BGPConfiguration
    4  name: default
    6  logSeverityScreen: Info
    7  nodeToNodeMeshEnabled: true
    8  asNumber: 64512
    calicoctl create -f caliconf.yaml
  5. Set up the BIG-IP BGP peer

    2kind: BGPPeer
    4  name: bgppeer-global-bigip1
    6  peerIP:
    7  asNumber: 64512
    calicoctl create -f calipeer.yaml
  6. Verify setup

    calicoctl get bgpPeer
  7. Change dir back to working lab directory


    The necessary kubernetes lab files can be found in this directory.

    cd ..
    # or
    cd ~/agilitydocs/docs/class1/kubernetes/

Confgure BIG-IP for Calico

Open firefox and connect to bigip1 management console. For your convenience there’s a shortcut on the firefox toolbar.


Username and password are: admin/admin

  1. Enable BGP on route domain 0

    1. Connect to the BIG-IP GUI and go to Network ‣ Route Domains
    2. Click on “0” to open route domain 0
    3. Under Dynamic Routing Protocols, move “BGP” from Available to Enabled
    4. Click Update
  2. Open a new terminal tab and SSH to BIG-IP

    # If directed to, accept the authenticity of the host by typing "yes" and hitting Enter to continue.
    # passwd = admin
    ssh admin@
  3. Configure BGP

    #access the IMI Shell
    #Switch to enable mode
    #Enter configuration mode
    config terminal
    #Setup route bgp with AS Number 64512
    router bgp 64512
    #Create BGP Peer group
    neighbor calico-k8s peer-group
    #assign peer group as BGP neighbors
    neighbor calico-k8s remote-as 64512
    #we need to add all the peers: the other BIG-IP, our k8s components
    neighbor peer-group calico-k8s
    neighbor peer-group calico-k8s
    neighbor peer-group calico-k8s
    #on BIG-IP 1, run
    neighbor peer-group calico-k8s
    #on BIG-IP 2, run
    neighbor peer-group calico-k8s
    #save configuration
  4. Verify BGP is running

    show ip bgp neighbors
  5. Check BIG-IP routes

    exit # Exit Zebos first