Huawei Cloud CCE Calico Installation
Hello Everyone!
Introduction
This time I’m in front of you guys with another topic. This time we are gonna go with Calico, its features, components, deployment options also installing and using Calico in Huawei Cloud CCE.
What is Calico?
Calico is a networking and security solution that enables Kubernetes workloads and non-Kubernetes/legacy workloads to communicate seamlessly and securely.
It provides IPAM for Kubernetes workloads/Pods and management of IPtables rules, routing tables, and BGP peering of the Kubernetes Nodes.
What is CCE?
CCE is a one-stop platform integrating computing, networking, storage, and many other services. It supports heterogeneous computing architectures such as GPU, NPU, and Arm. Supporting multi-AZ and multi-region disaster recovery, CCE ensures the high availability of Kubernetes clusters.
Calico Components and Features
Calico CNI for Networking
Calico CNI is a control plane that programs several dataplanes. It is an L3/L4 networking solution that secures containers, Kubernetes clusters, virtual machines, and native host-based workloads.
• Built-in data encryption
• Advanced IPAM management
• Overlay and non-overlay networking options
• Choice of data planes: iptables, eBPF, Windows HNS, or VPP
Calico network policy suite for network policy
Calico network policy suite is an interface to the Calico CNI that contains rules for the data plane to execute.
Calico network policy:
• Is designed with a zero-trust security model (deny-all, allow only where needed)
• Integrates with the Kubernetes API server (so you can still use Kubernetes network policy) • Supports legacy systems (bare metal, non-cluster hosts) using the same network policy model.
• Namespace and global policy to allow/deny traffic within a cluster, between pods and the outside world, and for non-cluster hosts.
• Network sets (an arbitrary set of IP subnetworks, CIDRs, or domains) to limit IP ranges for egress and ingress traffic to workloads.
• Application layer (L7) policy to enforce traffic using attributes like HTTP methods, paths, and cryptographically-secure identities.
Before getting into the subject take a look at the following:
Calico Installation in CCE
First, we need to configure our connection information on our CCE page to connect our cluster.
1.1 Bind an EIP then click configure.
1.2 — Now go to your client CLI. First, check whether kubectl is downloaded or not with
kubectl version
1.2.1 — If your client has kubectl, the output should be similar to this.
1.2.2 — If your client doesn’t have the kubectl. Download it by using this
curl -LO https://dl.k8s.io/release/v1.25.3/bin/linux/amd64/kubectl
Download kubectl checksum file:
curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"
Validate the kubectl binary against the checksum file:
echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
the output should be:
If the output is not like the above rest of the commands beginning from the third step in this document :
https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/
1.3 After seeing the kubectl: OK output. Start from the second step.
cd /home
nano <your cluster name>-kubeconfig.yaml
Now the config file you copied earlier paste it in <your cluster name>-kubeconfig.yaml. Save and exit from the file.
mv -f <your cluster name>-kubeconfig.yaml $HOME/.kube/config
Switch the kubectl access mode based on application scenarios.
kubectl config use-context internal
kubectl config use-context external
kubectl config use-context externalTLSVerify
Check your cluster-info
kubectl cluster-info
Now we configured our connection information section successfully.
2. Now let's create a node. Configure the specifications as shown below.
3.1 In the client we configured kubectl config file. Paste the command below.
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/tigera-operator.yaml
3.2 Now paste this command.
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/custom-resources.yaml
3.3 Paste the command below.
watch kubectl get pods -n calico-system
Output should be similar to:
4.1 Lets install calicoctl.
curl -L https://github.com/projectcalico/calico/releases/latest/download/calicoctl-linux-amd64 -o calicoctl
4.2 Set the file to be executable.
chmod +x ./calicoctl
4.3 Type calicoctl to see if the installation is successful.
As we can see the help installation is successful.
Conclusion
This is it now. Now you can use calico and calicoctl in your Huawei Cloud Cloud Container Engine. Next time we can do complex jobs by using calicoctl and calico. For further articles keep in touch🤙🤙. Goodbye for now👋👋