This is the 9th day of my participation in the November Gwen Challenge. See details: The Last Gwen Challenge 2021.

The calico introduction

What is calico?

Calico is an open source networking and network security solution for containers, virtual machines, and host-based local workloads. Calico supports a wide range of platforms, including Kubernetes, OpenShift.

Whether using Calico’s eBPF data plane or Linux’s standard network pipeline, Calico delivers extremely fast performance and true cloud-native scalability

Calico supports public cloud and local running on a single node or in a cluster of thousands of nodes

The calico advantages

  • Supports Linux eBPF data channels, standard Linux network data channels, and Windows HNS data channels

  • Rich network policies, built-in support for WireGuard encryption, protect POD-POD data security

  • Calico enables Linux eBPF or Linux kernel highly optimized standard network pipes to provide high performance networks

  • Calico’s control plane and policy engine are well tuned to minimize CPU usage and usage

  • Support super scalability, meet the dozens of nodes, to ten thousand nodes scale

  • Supports layer L2 and L3 networks

  • It does not decompress data and does not require NAT and port mapping, providing strong performance

The calico installation

There are many ways to install Calico in a Kubenetes cluster, but here’s a convenient yamL file

#3.20Version only supported1.19 1.20  1.21This version may not be compatible with each other. For details, see wget HTTPS:/ / apply - f the calico. # yaml view deployed caclico, the default is A calico controller and N the calico node kubectl get wide pods - A - o | grep calicoCopy the code

Calico, installed by default, manages no more than 50 nodes, and the data is stored by the Kubenetes API, real and still in etCD

The calico components

  • Felix: The Agent process, which is installed on each node in DaemonSet mode, is responsible for network interface management, routing, ARP, and ACL management, status reporting, and synchronization

  • Calico-controller: Calico controller that listens to and changes resources from Kubernetes

  • Calicoctl: Calico CLI tool, convenient for Calico troubleshooting

  • Typha: More than 50 nodes, use Typha instead of apiServer to interact with ectD

  • Bird: Obtains a route from Felix and distributes it to BGP peers on the network for inter-host routing. Runs on each node hosting the Felix agent and is the routing daemon

  • Confd: Monitors Calico’s storage to view BGP configurations and global defaults for updates.

  • Datastore plugin: increases scale by reducing the impact of each node on the Datastore and is one of the Calico CNI plug-ins

  • IPAM Plugin: Uses Calico’s IP pool resources to control how IP addresses are assigned to pods in the cluster. Calico default CNI plug-in

  • Etcd: distributed key-value memory, mainly responsible for the consistency of network data, to ensure the accuracy of Calico network status. By default, etCD of K8S cluster is shared