Open in app

Sign in

Write

Sign in

Huawei Cloud CCE Calico Installation

Yagiz Ozturk
Huawei Developers
Published in
5 min readSep 4, 2023
Huawei Cloud

Hello Everyone!

Introduction

This time I’m in front of you guys with another topic. This time we are gonna go with Calico, its features, components, deployment options also installing and using Calico in Huawei Cloud CCE.

What is Calico?

Calico is a networking and security solution that enables Kubernetes workloads and non-Kubernetes/legacy workloads to communicate seamlessly and securely.

It provides IPAM for Kubernetes workloads/Pods and management of IPtables rules, routing tables, and BGP peering of the Kubernetes Nodes.

What is CCE?

CCE is a one-stop platform integrating computing, networking, storage, and many other services. It supports heterogeneous computing architectures such as GPU, NPU, and Arm. Supporting multi-AZ and multi-region disaster recovery, CCE ensures the high availability of Kubernetes clusters.

Calico Components and Features

Calico CNI for Networking

Calico CNI is a control plane that programs several dataplanes. It is an L3/L4 networking solution that secures containers, Kubernetes clusters, virtual machines, and native host-based workloads.

• Built-in data encryption

• Advanced IPAM management

• Overlay and non-overlay networking options

• Choice of data planes: iptables, eBPF, Windows HNS, or VPP

Calico network policy suite for network policy

Calico network policy suite is an interface to the Calico CNI that contains rules for the data plane to execute.

Calico network policy:

• Is designed with a zero-trust security model (deny-all, allow only where needed)

• Integrates with the Kubernetes API server (so you can still use Kubernetes network policy) • Supports legacy systems (bare metal, non-cluster hosts) using the same network policy model.

• Namespace and global policy to allow/deny traffic within a cluster, between pods and the outside world, and for non-cluster hosts.

• Network sets (an arbitrary set of IP subnetworks, CIDRs, or domains) to limit IP ranges for egress and ingress traffic to workloads.

• Application layer (L7) policy to enforce traffic using attributes like HTTP methods, paths, and cryptographically-secure identities.

Before getting into the subject take a look at the following:

How to Create a CCE Cluster?

Calico Installation in CCE

First, we need to configure our connection information on our CCE page to connect our cluster.

1.1 Bind an EIP then click configure.

CCE Cluster Information

1.2 — Now go to your client CLI. First, check whether kubectl is downloaded or not with

kubectl version
Access cluster through kubectl

1.2.1 — If your client has kubectl, the output should be similar to this.

Output

1.2.2 — If your client doesn’t have the kubectl. Download it by using this

curl -LO https://dl.k8s.io/release/v1.25.3/bin/linux/amd64/kubectl

Download kubectl checksum file:

curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"

Validate the kubectl binary against the checksum file:

echo "$(cat kubectl.sha256)  kubectl" | sha256sum --check

the output should be:

Output

If the output is not like the above rest of the commands beginning from the third step in this document :

https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/

1.3 After seeing the kubectl: OK output. Start from the second step.

cd /home
nano <your cluster name>-kubeconfig.yaml

Now the config file you copied earlier paste it in <your cluster name>-kubeconfig.yaml. Save and exit from the file.

mv -f <your cluster name>-kubeconfig.yaml $HOME/.kube/config

Switch the kubectl access mode based on application scenarios.

kubectl config use-context internal
kubectl config use-context external
kubectl config use-context externalTLSVerify

Check your cluster-info

kubectl cluster-info
Output

Now we configured our connection information section successfully.

2. Now let's create a node. Configure the specifications as shown below.

Node Specifications
Node Specifications
Node Specifications

3.1 In the client we configured kubectl config file. Paste the command below.

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yaml
Output

3.2 Now paste this command.

kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/custom-resources.yaml
Output

3.3 Paste the command below.

watch kubectl get pods -n calico-system

Output should be similar to:

Output

4.1 Lets install calicoctl.

curl -L https://github.com/projectcalico/calico/releases/latest/download/calicoctl-linux-amd64 -o calicoctl
Output

4.2 Set the file to be executable.

chmod +x ./calicoctl

4.3 Type calicoctl to see if the installation is successful.

Output
Output
Output

As we can see the help installation is successful.

Conclusion

This is it now. Now you can use calico and calicoctl in your Huawei Cloud Cloud Container Engine. Next time we can do complex jobs by using calicoctl and calico. For further articles keep in touch🤙🤙. Goodbye for now👋👋

Install Calico | Calico Documentation

Install Calico on nodes and hosts for popular orchestrators, and install the calicoctl command line interface (CLI)…

docs.tigera.io

Install calicoctl | Calico Documentation

Install the CLI for Calico.

docs.tigera.io

What Is Cloud Container Engine?

Cloud Container Engine (CCE) is a scalable, enterprise-class hosted Kubernetes service. With CCE, you can easily…

support.huaweicloud.com

Cloud
Kubernetes
Security
Huawei
Calico

--

--

Yagiz Ozturk
Huawei Developers

Written by Yagiz Ozturk

53 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams