Configuring Calico

Prerequisites

  • BIG-IP is licensed and setup as a cluster.
  • The networking setup is already complete.
  • The self IP has a portlock down setup to “Allow All” OR add a TCP custom port to the self IP: TCP port 179.

BIG-IP Calico Setup

  1. Allow BGP on the default route domain 0 on your BIG-IP systems. Connect to the BIG-IP GUI and go to Network > Route domain. Click on Route Domain 0 and allow BGP. Click Update.

    ../../_images/calico-config.jpeg
  2. Connect via SSH on both BIG-IP systems and run the following commands:

    #access the IMI Shell
    imish
    
    #Switch to enable mode
    enable
    
    #Enter configuration mode
    config terminal
    #Setup route bgp with AS Number 64512
    router bgp 64512
    
    #Create BGP Peer group
    neighbor calico-k8s peer-group
    
    #assign peer group as BGP neighbors
    neighbor calico-k8s remote-as 64512
    
    #we need to add all the peers: the other BIG-IP, our k8s components
    neighbor 10.1.20.20 peer-group calico-k8s
    neighbor 10.1.20.21 peer-group calico-k8s
    
    #on BIG-IP1, run
    neighbor 10.1.20.12 peer-group calico-k8s
    
    #on BIG-IP2, run
    neighbor  10.1.20.11 peer-group calico-k8s
    
    #save configuration
    write
    
    #exit
    end
    
  3. Review your setup by running the following command:

    show ip bgp neighbors
    

    Note

    Your other BIG-IP should be identified with a router ID and have a BGP state of Active. The k8s node will not have a router ID since BGP has not already been setup on those nodes.

Kubernetes Calico Setup

  1. Retrieve the calicoctl binary on the Master node (not root):

    curl -O -L https://github.com/projectcalico/calicoctl/releases/download/v3.10.0/calicoctl
    chmod +x calicoctl
    sudo mv calicoctl /usr/local/bin
    
  2. Set up calicoctl:

    sudo mkdir /etc/calico
    
  3. Create a file /etc/calico/calicoctl.cfg with your preferred editor (you will need sudo privileges). This file should contain the following:

    apiVersion: projectcalico.org/v3
    kind: CalicoAPIConfig
    metadata:
    spec:
    datastoreType: "kubernetes"
    kubeconfig: "/home/ubuntu/config"
    

    Note

    You may have to change the path specified by the kubeconfig parameter based on the user you use to run the kubectl command.

  4. To verify that calicoctl is properly set up, run the following command:

    calicoctl get nodes
    
  5. Setup the Calico/BGP configuration on the Master node by running the following command:

    cat << EOF | calicoctl create -f -
    apiVersion: projectcalico.org/v3
    kind: BGPConfiguration
    metadata:
    name: default
    spec:
    logSeverityScreen: Info
    nodeToNodeMeshEnabled: true
    asNumber: 64512
    EOF
    
  6. Set up the BIG-IP BGP peers by replacing the peerIP value with the IP of your BIG-IP systems:

    cat << EOF | calicoctl create -f -
    apiVersion: projectcalico.org/v3
    kind: BGPPeer
    metadata:
    name: bgppeer-global-bigip1
    spec:
    peerIP: 10.1.20.11
    asNumber: 64512
    EOF
    
    cat << EOF | calicoctl create -f -
    apiVersion: projectcalico.org/v3
    kind: BGPPeer
    metadata:
    name: bgppeer-global-bigip2
    spec:
    peerIP: 10.1.20.12
    asNumber: 64512
    EOF
    
  7. Review your setup by running the following command:

    calicoctl get bgpPeer
    

Note

To provide feedback on Container Ingress Services or this documentation, you can file a GitHub Issue.