Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update documentation for Calico operator #341

Merged
merged 1 commit into from
Apr 2, 2021
Merged

Update documentation for Calico operator #341

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 31 additions & 15 deletions doc_source/calico.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,28 +10,36 @@ If you're using [security groups for pods](security-groups-for-pods.md), traffic
**To install Calico on your Amazon EKS Linux nodes**

1. Apply the Calico manifest to your cluster by completing the option that corresponds to the Region that your cluster is in\.
+ All regions other than China \(Ningxia\) or China \(Beijing\) – Apply the Calico manifest from the [`aws/amazon-vpc-cni-k8s` GitHub project](https://github.com/aws/amazon-vpc-cni-k8s)\. This manifest creates DaemonSets in the `kube-system` namespace\.
+ All regions other than China \(Ningxia\) or China \(Beijing\) – Apply the Calico manifests from the [`aws/amazon-vpc-cni-k8s` GitHub project](https://github.com/aws/amazon-vpc-cni-k8s)\. These manifests create DaemonSets in the `calico-system` namespace\.

```
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.5/config/v1.7/calico.yaml
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-operator.yaml
```

```
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-crs.yaml
```

+ China \(Ningxia\) or China \(Beijing\)

1. Download the Calico manifest with the following command\.
1. Download the Calico manifests with the following commands\.

```
curl -o calico.yaml https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.5/config/v1.7/calico.yaml
curl -o calico-operator.yaml https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-operator.yaml
curl -o calico-crs.yaml https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-crs.yaml
```

1. Modify the manifest\.

1. View the manifest file or files that you downloaded and note the name of the image\. Download the image locally with the following command\.
1. Download each of these images locally with the following command\.

```
docker pull image:<tag>
docker pull quay.io/tigera/operator:v1.13.2
docker pull quay.io/calico/node:v3.17.1
docker pull quay.io/calico/typha:v3.17.1
```

1. Tag the image to be pushed to an Amazon Elastic Container Registry repository in China with the following command\.
1. Tag the images to be pushed to an Amazon Elastic Container Registry repository in China with the following command\.

```
docker tag image:<tag> <aws_account_id>.dkr.ecr.<cn-north-1>.amazonaws.com/image:<tag>
Expand All @@ -43,18 +51,25 @@ If you're using [security groups for pods](security-groups-for-pods.md), traffic
docker push image:<tag> <aws_account_id>.dkr.ecr.<cn-north-1>.amazonaws.com/image:<tag>
```

1. Update the Kubernetes manifest file or files to reference the Amazon ECR image URL in your Region\.
1. Update the calico-operator.yaml file to reference the Amazon ECR image URL in your Region\.

1. Update the calico-crs.yaml file to reference the Amazon ECR image repository in your Region by adding the following to the spec\.

```
registry: <aws_account_id>.dkr.ecr.<cn-north-1>.amazonaws.com
```

1. Apply the Calico manifest\. This manifest creates DaemonSets in the `kube-system` namespace\.
1. Apply the Calico manifests\. These manifests create resources in the `calico-system` namespace\.

```
kubectl apply -f calico.yaml
kubectl apply -f calico-operator.yaml
kubectl apply -f calico-crs.yaml
```

1. Watch the `kube-system` DaemonSets and wait for the `calico-node` DaemonSet to have the `DESIRED` number of pods in the `READY` state\. When this happens, Calico is working\.
1. Watch the `calico-system` DaemonSets and wait for the `calico-node` DaemonSet to have the `DESIRED` number of pods in the `READY` state\. When this happens, Calico is working\.

```
kubectl get daemonset calico-node --namespace kube-system
kubectl get daemonset calico-node --namespace calico-system
```

Output:
Expand All @@ -65,10 +80,11 @@ If you're using [security groups for pods](security-groups-for-pods.md), traffic
```

**To delete Calico from your Amazon EKS cluster**
+ If you are done using Calico in your Amazon EKS cluster, you can delete the DaemonSet with the following command:
+ If you are done using Calico in your Amazon EKS cluster, you can delete it with the following commands:

```
kubectl delete -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.5/config/v1.7/calico.yaml
kubectl delete -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-crs.yaml
kubectl delete -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/master/calico-operator.yaml
```

## Stars policy demo<a name="calico-stars-demo"></a>
Expand Down Expand Up @@ -146,4 +162,4 @@ Before you create any network policies, all services can communicate bidirection
kubectl delete -f https://docs.projectcalico.org/v3.3/getting-started/kubernetes/tutorials/stars-policy/manifests/00-namespace.yaml
```

Even after deleting the resources, there can still be `iptables` rules on the nodes that might interfere in unexpected ways with networking in your cluster\. The only sure way to remove Calico is to terminate all of the nodes and recycle them\. To terminate all nodes, either set the Auto Scaling Group desired count to 0, then back up to the desired number, or just terminate the nodes\. If you are unable to recycle the nodes, then see [Disabling and removing Calico Policy](https://github.com/projectcalico/calico/blob/master/hack/remove-calico-policy/remove-policy.md) in the Calico GitHub repository for a last resort procedure\.
Even after deleting the resources, there can still be `iptables` rules on the nodes that might interfere in unexpected ways with networking in your cluster\. The only sure way to remove Calico is to terminate all of the nodes and recycle them\. To terminate all nodes, either set the Auto Scaling Group desired count to 0, then back up to the desired number, or just terminate the nodes\. If you are unable to recycle the nodes, then see [Disabling and removing Calico Policy](https://github.com/projectcalico/calico/blob/master/hack/remove-calico-policy/remove-policy.md) in the Calico GitHub repository for a last resort procedure\.