Scribd Logo
Upload

Welcome to Scribd!

  • k8s Calico v1.0

    Uploaded by

    VankaVanka
    4 views9 pages
    Kubernetes networking with Calico provides: - IP address management and network connectivity for containers using the Container Network Interface (CNI) specification. Calico implements this specification. - Distributed routing and network policy enforcement using BGP and iptables rules. Nodes exchange routing information and enforce network policies using Calico's Felix agent and BGP client. - A layer 3 routing approach with policies implemented through iptables, providing connectivity and security for container workloads in Kubernetes clusters.

    Original Description:

    Original Title

    k8s-calico-v1.0

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Kubernetes networking with Calico provides: - IP address management and network connectivity for containers using the Container Network Interface (CNI) specification. Calico implements this specification. - Distributed routing and network policy enforcement using BGP and iptables rules. Nodes exchange routing information and enforce network policies using Calico's Felix agent and BGP client. - A layer 3 routing approach with policies implemented through iptables, providing connectivity and security for container workloads in Kubernetes clusters.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views9 pages

    k8s Calico v1.0

    Uploaded by

    VankaVanka
    Kubernetes networking with Calico provides: - IP address management and network connectivity for containers using the Container Network Interface (CNI) specification. Calico implements this specification. - Distributed routing and network policy enforcement using BGP and iptables rules. Nodes exchange routing information and enforce network policies using Calico's Felix agent and BGP client. - A layer 3 routing approach with policies implemented through iptables, providing connectivity and security for container workloads in Kubernetes clusters.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    Kubernetes networking

    with Calico

    Hemanth Nakkina, Solution Architect, Ericsson


    Abhijeet Singh, Director, AT&T
    Uday T Kumar, Solution Architect, Ericsson
    “ There is no such thing as Container
    Networking “
    — Kelsey Hightower, Google Dev Evangelist.
    Title of his talk. Source: devopsnetworkingforum2016.sched.com
    Networking for Containers
    C

    — CNI (Container Network Interface): Specification that Sample CNI configuration

    {
    act as interface between Container runtime and "name": "k8s-pod-network",
    "cniVersion": "0.3.0",

    networking model implementations "plugins": [


    {
    "type": "calico",
    "etcd_endpoints": "http://10.96.232.136:6666",
    Container Runtime "log_level": "info",
    "mtu": 1500,
    "ipam": {
    "type": "calico-ipam"
    },
    Container Network Interface "policy": {
    "type": "k8s",
    "k8s_api_root": "https://10.96.0.1:443",
    "k8s_auth_token": "<auth token>"
    Weave Calico Romana Cilium },
    "kubernetes": {
    "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
    }
    Basic Network requirements },
    {

    — IPAM and lifecycle management of network devices "type": "portmap",


    "snat": true,
    "capabilities": {"portMappings": true}
    — Connectivity in Container network ]
    }

    — Route advertisement }
    Calico Architecture
    Orchestrator
    Designed to simplify, scale and secure cloud
    networks by Orchestrator
    plugin
    — Layer 3 based routing approach
    — BGP for Routes distribution
    — Policy driven network security implemented ETCD Database
    by iptable rules

    Components
    calico BGP Felix
    — Felix ctl client
    — Orchestrator plugin
    — Etcd
    Linux Kernel
    — BGP Client routing iptables

    — BGP Route reflector


    Calico – Deployment on k8s
    Helm chart - https://github.com/openstack/openstack-helm-infra/tree/master/calico

    Configuration updates
    Calico – How it works

    API server Controller C-Controller

    Scheduler proxy nginx


    ETCD C-ETCD busybox

    BGP Peer
    Kube-dns proxy Calico node Calico node

    dockerd kubelet kubelet dockerd


    Cali xxx Cali xxx
    Cali xxx
    Kernel
    Routng iptables Routing iptables Kernel

    enp0s3 enp0s8 enp0s3 enp0s8


    10.0.2.6 192.168.81.101 10.0.2.7 192.168.81.102

    default via 10.0.2.1 dev enp0s3 default via 10.0.2.1 dev enp0s3
    10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.6 10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.7
    192.168.81.0/24 dev enp0s8 proto kernel scope link src 192.168.81.101 192.168.81.0/24 dev enp0s8 proto kernel scope link src 192.168.81.102
    blackhole 192.200.59.192/26 proto bird 192.200.59.192/26 via 192.168.81.101 dev tunl0 proto bird onlink
    192.200.59.193 dev calidf072d3c423 scope link blackhole 192.200.203.0/26 proto bird
    192.200.59.198 dev cali0aa3720a2c7 scope link 192.200.203.4 dev cali7bb4560a7c2 scope link
    192.200.203.0/26 via 192.168.81.102 dev tunl0 proto bird onlink
    Iptable rules related to services
    NAT to resolve Service IP to Pod IP
    Thanks ! Merci !

    You might also like