Skip to main content

CNI - Calico


Docker network​

bridge​

                                              β”Œβ”€β”€β”€ container0 ───┐
host eth0 ─── docker0(172.17.0.1) ┬── veth0 ─── eth0(172.17.0.2) β”‚
β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”‚ β”Œβ”€β”€β”€ container1 ───┐
β”œβ”€β”€ veth1 ─── eth0(172.17.0.3) β”‚
β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
β”‚ β”Œβ”€β”€β”€ container2 ───┐
└── veth2 ─── eth0(172.17.0.4) β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

host​

                                                  β”Œβ”€β”€β”€ container2 ───┐
β”Œβ”€β”€β”€ container1 ───┐ β”‚
β”Œβ”€β”€β”€ container0 ───┐ β”‚β”€β”˜
host eth0 ─── docker0(172.17.0.1) ─── veth0 ─── eth0(172.17.0.2) β”‚β”€β”˜
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Kubernetes network​

Kubernetes network κΈ°λ³Έ μš”κ΅¬ 사항

  • λ…Έλ“œμ˜ νŒŒλ“œλŠ” NAT 없이 λͺ¨λ“  λ…Έλ“œμ˜ λͺ¨λ“  νŒŒλ“œμ™€ 톡신할 수 μžˆλ‹€.
  • λ…Έλ“œμ˜ μ—μ΄μ „νŠΈ(예: μ‹œμŠ€ν…œ 데λͺ¬, kubelet)λŠ” ν•΄λ‹Ή λ…Έλ“œμ˜ λͺ¨λ“  νŒŒλ“œμ™€ 톡신할 수 μžˆλ‹€.
  • λ…Έλ“œμ˜ 호슀트 λ„€νŠΈμ›Œν¬μ— μžˆλŠ” νŒŒλ“œλŠ” NAT 없이 λͺ¨λ“  λ…Έλ“œμ— μžˆλŠ” λͺ¨λ“  νŒŒλ“œμ™€ 톡신할 수 μžˆλ‹€.

Pod​

Docker 의 host λ°©μ‹μœΌλ‘œ pod λ‚΄μ˜ μ»¨ν…Œμ΄λ„ˆκ°„ λ„€νŠΈμ›Œν¬λ₯Ό κ³΅μœ ν•©λ‹ˆλ‹€. PauseλΌλŠ” containerκ°€ μƒμ„±λ˜λ©° 이 μ»¨ν…Œμ΄λ„ˆκ°€ IPC, Network namespaceλ₯Ό μƒμ„±ν•˜κ³  μœ μ§€ν•©λ‹ˆλ‹€.

Calico​

Calico CNI and Calico IPAM(pod-network-cidr=10.130.0.0/16)

Installation​

wget https://docs.projectcalico.org/manifests/tigera-operator.yaml
kubectl create -f tigera-operator.yaml
PolicyIPAMCNIOverlayRoutingDatastore
CalicoCalicoCalicoIPIPBGPKubernetes
calico.yaml
# This section includes base Calico installation configuration.
# For more information, see: https://docs.projectcalico.org/v3.19/reference/installation/api#operator.tigera.io/v1.Installation
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
# Configures Calico networking.
calicoNetwork:
# Note: The ipPools section cannot be modified post-install.
ipPools:
- blockSize: 26
cidr: 192.168.0.0/16
encapsulation: IPIP
natOutgoing: Enabled
nodeSelector: all()
bgp: Enabled
---
# This section configures the Calico API server.
# For more information, see: https://docs.projectcalico.org/v3.20/reference/installation/api#operator.tigera.io/v1.APIServer
apiVersion: operator.tigera.io/v1
kind: APIServer
metadata:
name: default
spec: {}

μ•„λž˜μ™€ 같이 operatorκ°€ μƒμ„±ν•˜λŠ” λ¦¬μ†ŒμŠ€μ— λŒ€ν•œ tolerations을 μΆ”κ°€ν•  수 μžˆμŠ΅λ‹ˆλ‹€.

apiVersion: operator.tigera.io/v1
kind: Installation
spec:
controlPlaneTolerations:
- effect: NoSchedule
key: node.cloudprovider.kubernetes.io/uninitialized
value: 'true'
kubectl apply -f calico.yaml
watch kubectl get pods -n calico-system

λ§ˆμŠ€ν„° λ…Έλ“œμ— Pod이 생성 될 수 μžˆλ„λ‘ μ„€μ •ν•˜λ €λ©΄ μ•„λž˜ λͺ…λ Ήμ–΄λ₯Ό μ‹€ν–‰ν•˜λ©΄ λ©λ‹ˆλ‹€.

kubectl taint nodes <name> node-role.kubernetes.io/master:NoSchedule-
kubectl taint nodes <name> node-role.kubernetes.io/master:NoSchedule
kubectl get nodes -o wide

Test​

kubectl run tmp-shell --rm -i --tty --image nicolaka/netshoot -- /bin/bash

Reference​