Calico charm
Calico is a new approach to virtual networking and network security for containers, VMs, and bare metal services, that provides a rich set of security enforcement capabilities running on top of a highly scalable and efficient virtual network fabric.
This charm will deploy calico as a background service, and configure CNI for use with calico, on any principal charm that implements the kubernetes-cni interface.
Usage
The calico charm is a subordinate. This charm will require a principal charm
that implements the kubernetes-cni interface in order to properly deploy.
juju deploy cs:~containers/calico
juju deploy cs:~containers/etcd
juju deploy cs:~containers/kubernetes-master
juju deploy cs:~containers/kubernetes-worker
juju add-relation calico etcd
juju add-relation calico kubernetes-master
juju add-relation calico kubernetes-worker
| name | type | Default | Description |
|---|---|---|---|
| calico-node-image | string | See notes | The image id to use for calico/node. |
| calico-policy-image | string | See notes | The image id to use for calico/kube-controllers. |
| cidr | string | 192.168.0.0/16 | Network CIDR assigned to Calico. This is applied to the default Calico pool, and is also communicated to the Kubernetes charms for use in kube-proxy configuration. |
| global-as-number | int | 64512 | Global AS number. |
| global-bgp-peers | string | [] | List of global BGP peers. Each BGP peer is specified with an address and an as-number. Example value: "[{address: 10.0.0.1, as-number: 65000}, {address: 10.0.0.2, as-number: 65001}]" |
| ipip | string | Never | IPIP mode. Must be one of "Always", "CrossSubnet", or "Never". |
| manage-pools | boolean | True | If true, a default pool is created using the cidr and ipip charm configuration values. Warning: When manage-pools is enabled, the charm will delete any pools that are unrecognized. |
| nat-outgoing | boolean | True | NAT outgoing traffic |
| node-to-node-mesh | boolean | True | When enabled, each Calico node will peer with every other Calico node in the cluster. |
| route-reflector-cluster-ids | string | {} | Mapping of unit IDs to route reflector cluster IDs. Assigning a route reflector cluster ID allows the node to function as a route reflector. Example value: "{0: 224.0.0.1, 2: 224.0.0.1}" |
| subnet-as-numbers | string | {} | See notes |
| subnet-bgp-peers | string | {} | See notes |
| unit-as-numbers | string | {} | See notes |
| unit-bgp-peers | string | {} | See notes |
calico-node-image
rocks.canonical.com:443/cdk/calico/node:v3.10.1
calico-policy-image
rocks.canonical.com:443/cdk/calico/kube-controllers:v3.10.1
subnet-as-numbers
Mapping of subnets to AS numbers, specified as YAML. Each Calico node will be assigned an AS number based on the entries in this mapping.
Example value: "{10.0.0.0/24: 64512, 10.0.1.0/24: 64513}"
If a node's IP matches any of the specified subnets, then the corresponding AS number is used instead of the global one.
If a node's IP matches no subnets, then the global AS number will be used instead.
If a node's IP matches multiple subnets, then the most specific subnet will be used, e.g. a /24 subnet will take precedence over a /16.
subnet-bgp-peers
Mapping of subnets to lists of BGP peers. Each BGP peer is specified with an address and an as-number.
Example value: "{10.0.0.0/24: [{address: 10.0.0.1, as-number: 65000}, {address: 10.0.0.2, as-number: 65001}], 10.0.1.0/24: [{address: 10.0.1.1, as-number: 65002}]}"
If a node's IP matches multiple subnets, then peerings will be added for each matched subnet.
unit-as-numbers
Mapping of unit IDs to AS numbers, specified as YAML. Each Calico node will be assigned an AS number based on the entries in this mapping.
Example value: "{0: 64512, 1: 64513}"
This takes precedence over global-as-number and subnet-as-numbers.
unit-bgp-peers
Mapping of unit IDs to lists of BGP peers. Each BGP peer is specified with an address and an as-number.
Example value: "{0: [{address: 10.0.0.1, as-number: 65000}, {address: 10.0.0.2, as-number: 65001}], 1: [{address: 10.0.1.1, as-number: 65002}]}"