Calico and open shift

15
Anirban Sen Chowdhary

Transcript of Calico and open shift

Page 1: Calico and open shift

Anirban Sen Chowdhary

Page 2: Calico and open shift

“Project Calico is the world's simplest, most scalable, open networking solution for OpenStack”. 

Calico, a pure layer3 approach to Virtual Networking for highly scalable & flexible Data centers. It is a open-source technology, that  implements  large, standards-based cloud data center infrastructures 

Calico supports rich and flexible network policy that enforces on every node in a cluster, to provide tenant isolation, security groups, and external reachability constraints.

Page 3: Calico and open shift

OpenShift on other hand is an open source container application platform by Red Hat based on top of Docker containers and the Kubernetes container cluster manager for enterprise app development and deployment. 

It is defined as a is a container application platform that brings docker and Kubernetes to the enterprise.

Page 4: Calico and open shift

OpenShift is a popular and widely deployed platform which supports networking and networking seems to work there.

Calico which differs from traditional solutions like OpenShift SDN, can integrated with OpenShift easily, that includes the openshift-ansible installer, both in OpenShift Origin, and OpenShift Container Platform which helps OpenShift deployments to benefit from the leading Network and Network Policy implementation for Kubernetes, and rich feature set, scalability and simplicity of Calico. 

Calico that can be deployed to use etcd as its datastore driver, where etcd can be shared with OpenShift.

Page 5: Calico and open shift

The main reason of depending on etcd is because it is plugged into orchestration and used to communicate with lot of states and use etcd as a distributed key value store among all of the key nodes.

.

Page 6: Calico and open shift

Another important reason was keeping in mind of Kubernetes.Kubernetes itself depends on etcd and that will help to scale with given orchestrator and communicate between nodes.

So, etcd can be shared with OpenShift for smaller deployments like a POC, or a dedicated Calico-etcd cluster can be provisioned in case of larger scale and production deployments.

Page 7: Calico and open shift

Another important reason was keeping in mind of Kubernetes.Kubernetes itself depends on etcd and that will help to scale with given orchestrator and communicate between nodes.

So, etcd can be shared with OpenShift for smaller deployments like a POC, or a dedicated Calico-etcd cluster can be provisioned in case of larger scale and production deployments.

Page 8: Calico and open shift

As we said earlier, Calico differs from traditional solutions like OpenShift SDN.Some of main highlights of difference are:

* In OpenShift SDN ,there is one subnet per host, where as in Calico, there is a dynamic allocation of IP address ranges to host as additional container scheduled.* In OpenShift SDN , Pods are connected to OVS bridge, while in Calico, Pods are connected to Linux Kernal routing engine.* In OpenShift SDN , Connectivity outside cluster is via NAT, while in Calico, since pods have real IPs now, NAT is not required to outside world.

Page 9: Calico and open shift
Page 10: Calico and open shift

We will just have an simple overview on the installation part and will see how etcd is coming into the picture. Just as we have already discussed the role of etcd .

Shared etcd:

In order to enable an installation of Calico that shares the etcd instance used by the apiserver, set the following OSEv3:vars in our inventory file:

* os_sdn_network_plugin_name=cni* openshift_use_calico=true* openshift_use_openshift_sdn=false

Page 11: Calico and open shift

We also needs to ensure that you have an explicitly defined host in the [etcd] group :

Page 12: Calico and open shift

Calico’s OpenShift-ansible integration supports connection to a custom etcd which a user has already set up.

Following required:

* The etcd instance must have SSL authentication enabled.* Certs must be present at the specified filepath on all nodes.* All cert files must be in the same directory specified by calico_etcd_cert_dir

Page 13: Calico and open shift

For more information on technical details and full installation, we can always refer to Calico’s awesome docs here :

https://docs.projectcalico.org

Page 14: Calico and open shift

For more information visit

https://www.projectcalico.org/

https://docs.projectcalico.org/v2.6/introduction/

https://blog.tigera.io/tagged/calico

Page 15: Calico and open shift