This is the 9th day of my participation in the November Gwen Challenge. See details: The Last Gwen Challenge 2021.
The calico introduction
What is calico?
Calico is an open source networking and network security solution for containers, virtual machines, and host-based local workloads. Calico supports a wide range of platforms, including Kubernetes, OpenShift.
Whether using Calico’s eBPF data plane or Linux’s standard network pipeline, Calico delivers extremely fast performance and true cloud-native scalability
Calico supports public cloud and local running on a single node or in a cluster of thousands of nodes
The calico advantages
-
Supports Linux eBPF data channels, standard Linux network data channels, and Windows HNS data channels
-
Rich network policies, built-in support for WireGuard encryption, protect POD-POD data security
-
Calico enables Linux eBPF or Linux kernel highly optimized standard network pipes to provide high performance networks
-
Calico’s control plane and policy engine are well tuned to minimize CPU usage and usage
-
Support super scalability, meet the dozens of nodes, to ten thousand nodes scale
-
Supports layer L2 and L3 networks
-
It does not decompress data and does not require NAT and port mapping, providing strong performance
The calico installation
There are many ways to install Calico in a Kubenetes cluster, but here’s a convenient yamL file
#3.20Version only supported1.19 1.20 1.21This version may not be compatible with each other. For details, see wget HTTPS:/ / docs.projectcalico.org/v3.20/manifests/calico.yamlKubectl apply - f the calico. # yaml view deployed caclico, the default is A calico controller and N the calico node kubectl get wide pods - A - o | grep calicoCopy the codeCalico, installed by default, manages no more than 50 nodes, and the data is stored by the Kubenetes API, real and still in etCD
The calico components
-
Felix: The Agent process, which is installed on each node in DaemonSet mode, is responsible for network interface management, routing, ARP, and ACL management, status reporting, and synchronization
-
Calico-controller: Calico controller that listens to and changes resources from Kubernetes
-
Calicoctl: Calico CLI tool, convenient for Calico troubleshooting
-
Typha: More than 50 nodes, use Typha instead of apiServer to interact with ectD
-
Bird: Obtains a route from Felix and distributes it to BGP peers on the network for inter-host routing. Runs on each node hosting the Felix agent and is the routing daemon
-
Confd: Monitors Calico’s storage to view BGP configurations and global defaults for updates.
-
Datastore plugin: increases scale by reducing the impact of each node on the Datastore and is one of the Calico CNI plug-ins
-
IPAM Plugin: Uses Calico’s IP pool resources to control how IP addresses are assigned to pods in the cluster. Calico default CNI plug-in
-
Etcd: distributed key-value memory, mainly responsible for the consistency of network data, to ensure the accuracy of Calico network status. By default, etCD of K8S cluster is shared