# Episode 45 : Calico (CNI) - Hosted by @kris-nova - Recorded: 2018-08-02 <!--- Thumbnailed embed of the video, n8Xo_ghCIOSY is the video id from the youtube url Note the 0.jpg for the thumbnail ---> <a href="http://www.youtube.com/watch?feature=player_embedded&v=VKtudjLc1oc " target="_blank"><img src="http://img.youtube.com/vi/VKtudjLc1oc/0.jpg" alt="IMAGE ALT TEXT HERE" width="560" height="315" border="10" /></a> ## Table of Contents - 00:00:00 - Welcome to TGIK! - 00:10:40 - Week in Review - 00:18:15 - Call for golang questions - 00:19:00 - Getting Started with Calico - 00:20:20 - Thoughts on versioning in golang - 00:22:22 - Back to kubicorn/Calico - 00:25:00 - Thoughts on golang dependency management and vgo - 00:28:00 - Kris loves $GOPATH - 00:30:00 - Why Calico? What about other CNIs? - 00:32:30 - Using an nginx pod for debugging - 00:36:00 - So you set up a k8s cluster and it's stuck on pending - you need a CNI - 00:42:00 - Checking out the Kubernetes CNI Documentation - 00:45:38 - The Container Network Interface Specification - 00:50:30 - Playing with iptables - 00:53:30 - Let's install Calico ## Week in Review - Linux Foundation is having a [sale on Kubernetes training](https://training.linuxfoundation.org/sysadmin-day-2018/) - Sebastian Goasgouen talks about [kNative Build Primitives](https://itnext.io/knative-build-primitive-32b69c3974a1) - Kubecon [CFP closes](https://linuxfoundation.smapply.io/prog/kubecon_cloudnativecon_na_2018/) on Aug 12th! - Kubernetes [1.9.10](https://discuss.kubernetes.io/t/kubernetes-v1-9-10-released/1346) and [1.12alpha1](https://discuss.kubernetes.io/t/new-kubernetes-release-v1-12-0-alpha-1/1320) are out. Release manager Tim Pepper has posted a bunch of [release updates for v1.12](https://discuss.kubernetes.io/tags/v112) that you might find handy - Lachlan Evenson checks out the [Kubernetes Extension for Visual Studio Code](https://www.youtube.com/watch?v=oHCCiKn9A44) - KubeVirt: [Extending Kubernetes with CRDs for Virtualized Workloads](https://kubernetes.io/blog/2018/07/27/kubevirt-extending-kubernetes-with-crds-for-virtualized-workloads/) - NFS Persistent Volumes with Kubernetes — [A Case Study](https://medium.com/platformer-blog/nfs-persistent-volumes-with-kubernetes-a-case-study-ce1ed6e2c266) ## Show Notes Deploy a cluster without Calico using Kubicorn. This is a start of a series for exploring the differences between different CNI plugins, we're starting with Calico via Kubicorn in AWS. ```bash # From this directory kubicorn create tgik-calico-cluster -S kubicorn -p aws -M serverPool.bootstrapScripts[0]=amazon_k8s_ubuntu_16.04_master.sh kubicorn apply tgik-calico-cluster -S kubicorn ``` - What about other CNIs? What about Cilium with BPF? - Tim St. Clair mentions that BPF support is still nascent in k8s. - Cromefire_ recommends kuard for debugging a cluster, Kris uses an nginx pod. Alex Pollit confirms that Calico does support ipvs kube-proxy ## Hacks for the episode Start the episode off trying to deploy a pod, so we can start debugging ```bash kubectl run nginx --image nginx ``` List all iptables rules ```bash iptables -vL -t filter iptables -vL -t nat iptables -vL -t mangle iptables -vL -t raw iptables -vL -t security # or alias iptables-list-all="iptables -vL -t filter && iptables -vL -t nat && iptables -vL -t mangle && iptables -vL -t raw && iptables -vL -t security" ``` Show the route table ```bash route netstat -tlpn ip route list ``` Show the network interfaces ```bash ifconfig ``` Show cgroups ```bash # Looks at our cgroups in /proc cat /proc/cgroups ``` Show the kubelet journal ```bash journalctl -fu kubelet ``` Inspect docker containers ```bash docker ps -a docker inspect <id> | jq ``` Cat kubelet unit files ```bash cat /etc/systemd/system/kubelet.service.d/* ``` ## Reference Links - [Shared notepad](https://hackmd.io/EPAzAheuRbqlMGi4uATLlQ#) - [Kubernetes CNI Plugin documentation](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#cni) - [Container Networking Interface specification](https://github.com/containernetworking/cni/blob/master/SPEC.md) - [Kubicorn bootstrap scripts](https://github.com/kubicorn/bootstrap) - [Examples of configuring a cluster bootstrap script](https://github.com/kubicorn/kubicorn/tree/master/examples/pipeline) - [`ip` command cheatsheet](https://access.redhat.com/sites/default/files/attachments/rh_ip_command_cheatsheet_1214_jcs_print.pdf) - [Getting started with Calico](https://docs.projectcalico.org/v3.1/getting-started/kubernetes/) - [Network policies and isolation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) - Configuring calicoctl [v2.3](https://docs.projectcalico.org/v2.3/reference/calicoctl/setup/) [v3.1](https://docs.projectcalico.org/v3.1/usage/calicoctl/configure/) - Running calicoctl in a pod [v2.3](https://docs.projectcalico.org/v2.3/getting-started/kubernetes/tutorials/using-calicoctl) [v3.1](https://docs.projectcalico.org/v3.1/usage/calicoctl/install) - [Sign up for Calico slack](http://slack.projectcalico.org/) - [Simple policy demo with Calico](https://docs.projectcalico.org/v3.1/getting-started/kubernetes/tutorials/simple-policy) ## Credits <!--- If you're helping taking notes please add yourself here! --> Notetakers: - Jane Container, @foo - Naadir Jeewa, @naadirjeewa