diff --git a/doc_source/calico.md b/doc_source/calico.md index ac6efbb2..3e94f146 100644 --- a/doc_source/calico.md +++ b/doc_source/calico.md @@ -10,28 +10,36 @@ If you're using [security groups for pods](security-groups-for-pods.md), traffic **To install Calico on your Amazon EKS Linux nodes** 1. Apply the Calico manifest to your cluster by completing the option that corresponds to the Region that your cluster is in\. - + All regions other than China \(Ningxia\) or China \(Beijing\) – Apply the Calico manifest from the [`aws/amazon-vpc-cni-k8s` GitHub project](https://github.com/aws/amazon-vpc-cni-k8s)\. This manifest creates DaemonSets in the `kube-system` namespace\. + + All regions other than China \(Ningxia\) or China \(Beijing\) – Apply the Calico manifests from the [`aws/amazon-vpc-cni-k8s` GitHub project](https://github.com/aws/amazon-vpc-cni-k8s)\. These manifests create DaemonSets in the `calico-system` namespace\. ``` - kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.5/config/v1.7/calico.yaml + kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-operator.yaml ``` + + ``` + kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-crs.yaml + ``` + + China \(Ningxia\) or China \(Beijing\) - 1. Download the Calico manifest with the following command\. + 1. Download the Calico manifests with the following commands\. ``` - curl -o calico.yaml https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.5/config/v1.7/calico.yaml + curl -o calico-operator.yaml https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-operator.yaml + curl -o calico-crs.yaml https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-crs.yaml ``` 1. Modify the manifest\. - 1. View the manifest file or files that you downloaded and note the name of the image\. Download the image locally with the following command\. + 1. Download each of these images locally with the following command\. ``` - docker pull image: + docker pull quay.io/tigera/operator:v1.13.2 + docker pull quay.io/calico/node:v3.17.1 + docker pull quay.io/calico/typha:v3.17.1 ``` - 1. Tag the image to be pushed to an Amazon Elastic Container Registry repository in China with the following command\. + 1. Tag the images to be pushed to an Amazon Elastic Container Registry repository in China with the following command\. ``` docker tag image: .dkr.ecr..amazonaws.com/image: @@ -43,18 +51,25 @@ If you're using [security groups for pods](security-groups-for-pods.md), traffic docker push image: .dkr.ecr..amazonaws.com/image: ``` - 1. Update the Kubernetes manifest file or files to reference the Amazon ECR image URL in your Region\. + 1. Update the calico-operator.yaml file to reference the Amazon ECR image URL in your Region\. + + 1. Update the calico-crs.yaml file to reference the Amazon ECR image repository in your Region by adding the following to the spec\. + + ``` + registry: .dkr.ecr..amazonaws.com + ``` - 1. Apply the Calico manifest\. This manifest creates DaemonSets in the `kube-system` namespace\. + 1. Apply the Calico manifests\. These manifests create resources in the `calico-system` namespace\. ``` - kubectl apply -f calico.yaml + kubectl apply -f calico-operator.yaml + kubectl apply -f calico-crs.yaml ``` -1. Watch the `kube-system` DaemonSets and wait for the `calico-node` DaemonSet to have the `DESIRED` number of pods in the `READY` state\. When this happens, Calico is working\. +1. Watch the `calico-system` DaemonSets and wait for the `calico-node` DaemonSet to have the `DESIRED` number of pods in the `READY` state\. When this happens, Calico is working\. ``` - kubectl get daemonset calico-node --namespace kube-system + kubectl get daemonset calico-node --namespace calico-system ``` Output: @@ -65,10 +80,11 @@ If you're using [security groups for pods](security-groups-for-pods.md), traffic ``` **To delete Calico from your Amazon EKS cluster** -+ If you are done using Calico in your Amazon EKS cluster, you can delete the DaemonSet with the following command: ++ If you are done using Calico in your Amazon EKS cluster, you can delete it with the following commands: ``` - kubectl delete -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.5/config/v1.7/calico.yaml + kubectl delete -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-crs.yaml + kubectl delete -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-operator.yaml ``` ## Stars policy demo @@ -146,4 +162,4 @@ Before you create any network policies, all services can communicate bidirection kubectl delete -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/tutorials/stars-policy/manifests/00-namespace.yaml ``` - Even after deleting the resources, there can still be `iptables` rules on the nodes that might interfere in unexpected ways with networking in your cluster\. The only sure way to remove Calico is to terminate all of the nodes and recycle them\. To terminate all nodes, either set the Auto Scaling Group desired count to 0, then back up to the desired number, or just terminate the nodes\. If you are unable to recycle the nodes, then see [Disabling and removing Calico Policy](https://github.com/projectcalico/calico/blob/master/hack/remove-calico-policy/remove-policy.md) in the Calico GitHub repository for a last resort procedure\. \ No newline at end of file + Even after deleting the resources, there can still be `iptables` rules on the nodes that might interfere in unexpected ways with networking in your cluster\. The only sure way to remove Calico is to terminate all of the nodes and recycle them\. To terminate all nodes, either set the Auto Scaling Group desired count to 0, then back up to the desired number, or just terminate the nodes\. If you are unable to recycle the nodes, then see [Disabling and removing Calico Policy](https://github.com/projectcalico/calico/blob/master/hack/remove-calico-policy/remove-policy.md) in the Calico GitHub repository for a last resort procedure\.