| title | parent | tags | categories | thumbnail | date | description | author | mrm | xredirect | slug | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Installing and using Calico on Oracle Container Engine (OKE) |
|
|
|
assets/calico-on-oracle-graph.png |
2021-11-24 13:16 |
Ali walks you through configuring OKE with Calico, an open-source networking tool for Kubernetes. |
ali-mukadam |
WWMK211125P00010 |
calico-with-oke |
There are many cluster networking options for Kubernetes. Two of the most popular are: Flannel and Calico.
Flannel is a simple and easy way to configure a layer 3 network fabric designed for Kubernetes. It is also used by default by Oracle Container Services for use with Kubernetes (aka Kubernetes on Oracle Linux) and by Oracle Container Engine (OKE).
Calico provides both a layer 3 networking and a network policy engine. Its policy engine can also be used together with Flannel.
This tutorial will focus on Calico. In this tutorial, you'll install Calico for network pod policy on your OKE Cluster. You will then test your new installation.
For additional information, see:
To successfully complete this tutorial, you must have the following:
-
An Oracle Cloud Infrastructure account (required for use with Terraform). See Signing Up for Oracle Cloud Infrastructure.
-
A MacOS, Linux, or Windows computer with
sshsupport installed.
There are two routes available to you depending on how you've created your OKE cluster. If you've used Terraform in the past, you can follow the section on installing with Terraform below. Or, if you've previously used the cli or the Oracle Cloud Infrastructure (OCI) console, you can continue with the section on manual installation.
If you're provisioning your cluster with the terraform-oci-oke module, there is an option to automate its installation.
The Calico installation script in terraform-oci-oke also handles the cases when you have more than 50 nodes in your cluster and and the number of replicas needed are calculated and scaled to accordingly.
To install Calico using Terraform:
-
Set the following variables in your
terraform.tfvarsfile:create_bastion = "true" install_calico = "true"
-
Run
terraform apply:terraform apply -auto-approve
Calico is now installed. Next, test your Calico installation.
If you've manually created the OKE Cluster using the cli or the Oracle Cloud Infrastructure (OCI) console, you can use the following procedure:
-
Set up your
KUBECONFIGenvironment variable:export KUBECONFIG=/path/to/kubeconfig -
Download the Calico policy-only manifest for the Kubernetes API datastore:
curl \ https://docs.projectcalico.org/v3.6/getting-started/kubernetes/installation/hosted/kubernetes-datastore/policy-only/1.7/calico.yaml \ -O
-
Set a POD_CID environment varible. By default, the pod CIDR block on OKE is
10.244.0.0/16. To set this as an environment variable, use:export POD_CID="10.244.0.0/16" -
Replace the default pod CIDR block value (
192.168.0.0/16) in thecalico.yamlfile.
You can skip this step if your pod CIDR block is already set to192.168.0.0/16.sed -i -e "s?192.168.0.0/16?$POD_CIDR?g" calico.yaml -
[ OKE cluster with more than 50 worker nodes only ] If your cluster consists of more than 50 worker nodes, then you need to do one additional step:
sed -i -e 's/typha_service_name:\s"none"/typha_service_name: calico-typha/g' calico.yaml -
Apply the manifest:
kubectl apply -f calico.yaml -
[ Recommended ] Calico also recommends a minimum of 3 replicas in production environment and 1 replica per every 200 nodes:
kubectl -n kube-system scale --current-replicas=1 --replicas=3 deployment/calico-typhaThe installation steps and other recommendations can be viewed on the Calico website.
If you want to dive right in and test Calico as a network pod policy engine, there are some excellent recipes ready and available for you. You should be able to take any of these for a spin.
Alternatively, if you'd prefer a more directed approach, you can always try the security tutorials on the Calico website.
Congratulations! You've successfully installed Calico on your OKE Cluster.
To explore more information about development with Oracle products: