Calico charm

Calico is a new approach to virtual networking and network security for containers, VMs, and bare metal services, that provides a rich set of security enforcement capabilities running on top of a highly scalable and efficient virtual network fabric.

This charm will deploy calico as a background service, and configure CNI for use with calico, on any principal charm that implements the kubernetes-cni interface.

Usage

The calico charm is a subordinate. This charm will require a principal charm that implements the kubernetes-cni interface in order to properly deploy.

juju deploy cs:~containers/calico
juju deploy cs:~containers/etcd
juju deploy cs:~containers/kubernetes-master
juju deploy cs:~containers/kubernetes-worker
juju add-relation calico etcd
juju add-relation calico kubernetes-master
juju add-relation calico kubernetes-worker
name type Default Description
calico-node-image string See notes The image id to use for calico/node.
calico-policy-image string See notes The image id to use for calico/kube-controllers.
cidr string 192.168.0.0/16 Network CIDR assigned to Calico. This is applied to the default Calico pool, and is also communicated to the Kubernetes charms for use in kube-proxy configuration.
global-as-number int 64512 Global AS number.
global-bgp-peers string [] List of global BGP peers. Each BGP peer is specified with an address and an as-number. Example value: “[{address: 10.0.0.1, as-number: 65000}, {address: 10.0.0.2, as-number: 65001}]”
ipip string Never IPIP mode. Must be one of “Always”, “CrossSubnet”, or “Never”.
manage-pools boolean True If true, a default pool is created using the cidr and ipip charm configuration values. Warning: When manage-pools is enabled, the charm will delete any pools that are unrecognized.
nat-outgoing boolean True NAT outgoing traffic
node-to-node-mesh boolean True When enabled, each Calico node will peer with every other Calico node in the cluster.
route-reflector-cluster-ids string {} Mapping of unit IDs to route reflector cluster IDs. Assigning a route reflector cluster ID allows the node to function as a route reflector. Example value: “{0: 224.0.0.1, 2: 224.0.0.1}”
subnet-as-numbers string {} See notes
subnet-bgp-peers string {} See notes
unit-as-numbers string {} See notes
unit-bgp-peers string {} See notes

calico-node-image

Default:

rocks.canonical.com:443/cdk/calico/node:v3.10.1

Back to table

calico-policy-image

Default:

rocks.canonical.com:443/cdk/calico/kube-controllers:v3.10.1

Back to table

subnet-as-numbers

Description:

Mapping of subnets to AS numbers, specified as YAML. Each Calico node will be assigned an AS number based on the entries in this mapping.

Example value: “{10.0.0.0/24: 64512, 10.0.1.0/24: 64513}”

If a node’s IP matches any of the specified subnets, then the corresponding AS number is used instead of the global one.

If a node’s IP matches no subnets, then the global AS number will be used instead.

If a node’s IP matches multiple subnets, then the most specific subnet will be used, e.g. a /24 subnet will take precedence over a /16.

Back to table

subnet-bgp-peers

Description:

Mapping of subnets to lists of BGP peers. Each BGP peer is specified with an address and an as-number.

Example value: “{10.0.0.0/24: [{address: 10.0.0.1, as-number: 65000}, {address: 10.0.0.2, as-number: 65001}], 10.0.1.0/24: [{address: 10.0.1.1, as-number: 65002}]}”

If a node’s IP matches multiple subnets, then peerings will be added for each matched subnet.

Back to table

unit-as-numbers

Description:

Mapping of unit IDs to AS numbers, specified as YAML. Each Calico node will be assigned an AS number based on the entries in this mapping.

Example value: “{0: 64512, 1: 64513}”

This takes precedence over global-as-number and subnet-as-numbers.

Back to table

unit-bgp-peers

Description:

Mapping of unit IDs to lists of BGP peers. Each BGP peer is specified with an address and an as-number.

Example value: “{0: [{address: 10.0.0.1, as-number: 65000}, {address: 10.0.0.2, as-number: 65001}], 1: [{address: 10.0.1.1, as-number: 65002}]}”

Back to table

Further information