Appendix 8: Replace Flannel w/ Calico

This appendix will walk through the steps to replace Flannel with Calico.

Expected time to complete: 15 minutes

Via RDP connect to the UDF lab “jumpbox” host.

Note

Username and password are: ubuntu/ubuntu

On the jumphost open a terminal and start an SSH session with kube-master1.

../../_images/start-term.png
# If directed to, accept the authenticity of the host by typing "yes" and hitting Enter to continue.

ssh kube-master1
../../_images/sshtokubemaster1.png

Remove Flannel

  1. Show running Flannel pods

    kubectl get pods -n kube-system
    
    ../../_images/getpods.png
  2. Remove Flannel

    kubectl delete -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
    
  3. Validate Flannel pods are removed. (Run previous kubectl command)

    kubectl get pods -n kube-system
    
    ../../_images/noflannelpods.png

    Note

    Run this command several times until you no longer see the “kube-flannel” pods.

  4. Cleanup CIS deployment file.

    Note

    This step can be skipped but several errors will appear in the CIS pod log.

    vim ~/agilitydocs/docs/class1/kubernetes/cluster-deployment.yaml
    

    Remove “–flannel-name=k8s-tunnel” from the bottom of the file. Be sure to remove the “,” on the line above the removed the line. After editing the file should look like the following:

    ../../_images/newclusterdeployment.png

Install Calico

  1. Change local directory to the lab calico dir.

    cd ~/agilitydocs/docs/class1/kubernetes/calico
    
  2. Download calico manifest

    curl https://docs.projectcalico.org/manifests/calico.yaml -O
    
  3. Modify the manifest with proper POD CIDR

    Important

    This lab was built with Flannel and the default POD CIDR of 10.244.0.0/16. The calico.yaml manifest uses 192.168.0.0/16 so has to be adjusted.

    vim calico.yaml
    

    Note

    If unfamiliar with VI the instructor will walk you through the commands.

    Find the “CALICO__IPV4POOL_CIDR variable and uncomment the two lines as shown below. Replacing “192.168.0.0/16” with “10.244.0.0/16”

    ../../_images/updatecidr.png
  4. Start Calico on the cluster

    kubectl apply -f calico.yaml
    
  5. Validate Calico pods are installed and running

    kubectl get pods -n kube-system
    
    ../../_images/calicopods.png

Install calicoctl

  1. Retrieve the calicoctl binary

    curl -O -L https://github.com/projectcalico/calicoctl/releases/download/v3.15.1/calicoctl
    
    chmod +x calicoctl
    
    sudo mv calicoctl /usr/local/bin
    
  2. Copy the the calicoctl.cfg file to /etc/calico/

    1apiVersion: projectcalico.org/v3
    2kind: CalicoAPIConfig
    3metadata:
    4spec:
    5  datastoreType: "kubernetes"
    6  kubeconfig: "/home/ubuntu/.kube/config"
    
    sudo mkdir /etc/calico
    
    sudo cp calicoctl.cfg /etc/calico/
    
  3. Verify calicoctl is properly set up

    calicoctl get nodes
    
    ../../_images/caligetnodes.png
  4. Set up the Calico BGP config

    1apiVersion: projectcalico.org/v3
    2kind: BGPConfiguration
    3metadata:
    4  name: default
    5spec:
    6  logSeverityScreen: Info
    7  nodeToNodeMeshEnabled: true
    8  asNumber: 64512
    
    calicoctl create -f caliconf.yaml
    
  5. Set up the BIG-IP BGP peer

    1apiVersion: projectcalico.org/v3
    2kind: BGPPeer
    3metadata:
    4  name: bgppeer-global-bigip1
    5spec:
    6  peerIP: 10.1.1.4
    7  asNumber: 64512
    
    calicoctl create -f calipeer.yaml
    
  6. Verify setup

    calicoctl get bgpPeer
    
  7. Change dir back to working lab directory

    Note

    The necessary kubernetes lab files can be found in this directory.

    cd ..
    
    # or
    
    cd ~/agilitydocs/docs/class1/kubernetes/
    

Confgure BIG-IP for Calico

Open firefox and connect to bigip1 management console. For your convenience there’s a shortcut on the firefox toolbar.

Note

Username and password are: admin/admin

  1. Enable BGP on route domain 0

    1. Connect to the BIG-IP GUI and go to Network ‣ Route Domains
    2. Click on “0” to open route domain 0
    3. Under Dynamic Routing Protocols, move “BGP” from Available to Enabled
    4. Click Update
    ../../_images/enablebgp.png
  2. Open a new terminal tab and SSH to BIG-IP

    # If directed to, accept the authenticity of the host by typing "yes" and hitting Enter to continue.
    
    # passwd = admin
    
    ssh admin@10.1.1.4
    
  3. Configure BGP

    #access the IMI Shell
    imish
    
    #Switch to enable mode
    enable
    
    #Enter configuration mode
    config terminal
    #Setup route bgp with AS Number 64512
    router bgp 64512
    
    #Create BGP Peer group
    neighbor calico-k8s peer-group
    
    #assign peer group as BGP neighbors
    neighbor calico-k8s remote-as 64512
    
    #we need to add all the peers: the other BIG-IP, our k8s components
    neighbor 10.1.1.7 peer-group calico-k8s
    neighbor 10.1.1.8 peer-group calico-k8s
    neighbor 10.1.1.9 peer-group calico-k8s
    
    #on BIG-IP 1, run
    neighbor 10.1.1.24 peer-group calico-k8s
    
    #on BIG-IP 2, run
    neighbor  10.1.1.4 peer-group calico-k8s
    
    #save configuration
    write
    
    #exit
    end
    
  4. Verify BGP is running

    show ip bgp neighbors
    
  5. Check BIG-IP routes

    exit # Exit Zebos first
    
    route
    
    ../../_images/routes.png