Skip to main content

CNI - Calico

Docker network#

bridge#

β”Œβ”€β”€β”€ container0 ───┐
host eth0 ─── docker0(172.17.0.1) ┬── veth0 ─── eth0(172.17.0.2) β”‚
β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”‚ β”Œβ”€β”€β”€ container1 ───┐
β”œβ”€β”€ veth1 ─── eth0(172.17.0.3) β”‚
β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”‚ β”Œβ”€β”€β”€ container2 ───┐
└── veth2 ─── eth0(172.17.0.4) β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

host#

β”Œβ”€β”€β”€ container2 ───┐
β”Œβ”€β”€β”€ container1 ───┐ β”‚
β”Œβ”€β”€β”€ container0 ───┐ β”‚β”€β”˜
host eth0 ─── docker0(172.17.0.1) ─── veth0 ─── eth0(172.17.0.2) β”‚β”€β”˜
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Kubernetes network#

Kubernetes network κΈ°λ³Έ μš”κ΅¬ 사항

  • λ…Έλ“œμ˜ νŒŒλ“œλŠ” NAT 없이 λͺ¨λ“  λ…Έλ“œμ˜ λͺ¨λ“  νŒŒλ“œμ™€ 톡신할 수 μžˆλ‹€.
  • λ…Έλ“œμ˜ μ—μ΄μ „νŠΈ(예: μ‹œμŠ€ν…œ 데λͺ¬, kubelet)λŠ” ν•΄λ‹Ή λ…Έλ“œμ˜ λͺ¨λ“  νŒŒλ“œμ™€ 톡신할 수 μžˆλ‹€.
  • λ…Έλ“œμ˜ 호슀트 λ„€νŠΈμ›Œν¬μ— μžˆλŠ” νŒŒλ“œλŠ” NAT 없이 λͺ¨λ“  λ…Έλ“œμ— μžˆλŠ” λͺ¨λ“  νŒŒλ“œμ™€ 톡신할 수 μžˆλ‹€.

Pod#

Docker 의 host λ°©μ‹μœΌλ‘œ pod λ‚΄μ˜ μ»¨ν…Œμ΄λ„ˆκ°„ λ„€νŠΈμ›Œν¬λ₯Ό κ³΅μœ ν•©λ‹ˆλ‹€. PauseλΌλŠ” containerκ°€ μƒμ„±λ˜λ©° 이 μ»¨ν…Œμ΄λ„ˆκ°€ IPC, Network namespaceλ₯Ό μƒμ„±ν•˜κ³  μœ μ§€ν•©λ‹ˆλ‹€.

Calico#

Calico CNI and Calico IPAM

Installation#

kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
calico.yaml
# This section includes base Calico installation configuration.
# For more information, see: https://docs.projectcalico.org/v3.19/reference/installation/api#operator.tigera.io/v1.Installation
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
# Configures Calico networking.
calicoNetwork:
# Note: The ipPools section cannot be modified post-install.
ipPools:
- blockSize: 26
cidr: 10.130.0.0/16
encapsulation: VXLANCrossSubnet
natOutgoing: Enabled
nodeSelector: all()
kubectl create -f calico.yaml
watch kubectl get pods -n calico-system
kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl get nodes -o wide

Reference#

Last updated on