Anirban Sen Chowdhary
“Project Calico is the world's simplest, most scalable, open networking solution for OpenStack”.
Calico, a pure layer3 approach to Virtual Networking for highly scalable & flexible Data centers. It is a open-source technology, that implements large, standards-based cloud data center infrastructures
Calico supports rich and flexible network policy that enforces on every node in a cluster, to provide tenant isolation, security groups, and external reachability constraints.
OpenShift on other hand is an open source container application platform by Red Hat based on top of Docker containers and the Kubernetes container cluster manager for enterprise app development and deployment.
It is defined as a is a container application platform that brings docker and Kubernetes to the enterprise.
OpenShift is a popular and widely deployed platform which supports networking and networking seems to work there.
Calico which differs from traditional solutions like OpenShift SDN, can integrated with OpenShift easily, that includes the openshift-ansible installer, both in OpenShift Origin, and OpenShift Container Platform which helps OpenShift deployments to benefit from the leading Network and Network Policy implementation for Kubernetes, and rich feature set, scalability and simplicity of Calico.
Calico that can be deployed to use etcd as its datastore driver, where etcd can be shared with OpenShift.
The main reason of depending on etcd is because it is plugged into orchestration and used to communicate with lot of states and use etcd as a distributed key value store among all of the key nodes.
.
Another important reason was keeping in mind of Kubernetes.Kubernetes itself depends on etcd and that will help to scale with given orchestrator and communicate between nodes.
So, etcd can be shared with OpenShift for smaller deployments like a POC, or a dedicated Calico-etcd cluster can be provisioned in case of larger scale and production deployments.
Another important reason was keeping in mind of Kubernetes.Kubernetes itself depends on etcd and that will help to scale with given orchestrator and communicate between nodes.
So, etcd can be shared with OpenShift for smaller deployments like a POC, or a dedicated Calico-etcd cluster can be provisioned in case of larger scale and production deployments.
As we said earlier, Calico differs from traditional solutions like OpenShift SDN.Some of main highlights of difference are:
* In OpenShift SDN ,there is one subnet per host, where as in Calico, there is a dynamic allocation of IP address ranges to host as additional container scheduled.* In OpenShift SDN , Pods are connected to OVS bridge, while in Calico, Pods are connected to Linux Kernal routing engine.* In OpenShift SDN , Connectivity outside cluster is via NAT, while in Calico, since pods have real IPs now, NAT is not required to outside world.
We will just have an simple overview on the installation part and will see how etcd is coming into the picture. Just as we have already discussed the role of etcd .
Shared etcd:
In order to enable an installation of Calico that shares the etcd instance used by the apiserver, set the following OSEv3:vars in our inventory file:
* os_sdn_network_plugin_name=cni* openshift_use_calico=true* openshift_use_openshift_sdn=false
We also needs to ensure that you have an explicitly defined host in the [etcd] group :
Calico’s OpenShift-ansible integration supports connection to a custom etcd which a user has already set up.
Following required:
* The etcd instance must have SSL authentication enabled.* Certs must be present at the specified filepath on all nodes.* All cert files must be in the same directory specified by calico_etcd_cert_dir
For more information on technical details and full installation, we can always refer to Calico’s awesome docs here :
https://docs.projectcalico.org
For more information visit
https://www.projectcalico.org/
https://docs.projectcalico.org/v2.6/introduction/
https://blog.tigera.io/tagged/calico