Calico provides a scalable networking solution for connecting containers, VMs, or bare metal. Calico provides connectivity using the scalable IP networking principle as a layer 3 approach. Calico can be deployed without overlays or encapsulation. The Calico service should be deployed as a container on each node and provides each container with its own IP address. It also handles all the necessary IP routing, security policy rules, and distribution of routes across a cluster of nodes.
The Calico architecture contains four important components in order to provide a better networking solution:
$ calicoctlOverride the host:port of the ETCD server by setting the environment variable ETCD_AUTHORITY [default: 127.0.0.1:2379]Usage: calicoctl <command> [<args>...] status Print current status information node Configure the main calico/node container and establish Calico networking container Configure containers and their addresses profile Configure endpoint profiles endpoint Configure the endpoints assigned to existing containers pool Configure ip-pools bgp Configure global bgp ipam Configure IP address management checksystem Check for incompatibilities on the host system diags Save diagnostic information version Display the version of calicoctl config Configure low-level component configuration See 'calicoctl <command> --help' to read about a specific subcommand.
As per the official GitHub page of the Calico repository (https://github.com/projectcalico/calico-containers), the following integration of Calico exists:
The following figure shows the Calico architecture:
In the following tutorial we will run the manual set up of Calico on a single node machine with Docker 1.9, which finally brings libnetwork out of its experimental version to main release, and Calico can be configured directly without the need of other Docker experimental versions:
$ curl -L https://github.com/coreos/etcd/releases/download/v2.2.1/etcd-v2.2.1-linux-amd64.tar.gz -o etcd-v2.2.1-linux-amd64.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 606 0 606 0 0 445 0 --:--:-- 0:00:01 --:--:-- 446 100 7181k 100 7181k 0 0 441k 0 0:00:16 0:00:16 --:--:-- 1387k $ tar xzvf etcd-v2.2.1-linux-amd64.tar.gz etcd-v2.2.1-linux-amd64/ etcd-v2.2.1-linux-amd64/Documentation/ etcd-v2.2.1-linux-amd64/Documentation/04_to_2_snapshot_migration.md etcd-v2.2.1-linux-amd64/Documentation/admin_guide.md etcd-v2.2.1-linux-amd64/Documentation/api.md contd.. etcd-v2.2.1-linux-amd64/etcd etcd-v2.2.1-linux-amd64/etcdctl etcd-v2.2.1-linux-amd64/README-etcdctl.md etcd-v2.2.1-linux-amd64/README.md $ cd etcd-v2.2.1-linux-amd64 $ ./etcd 2016-01-06 15:50:00.065733 I | etcdmain: etcd Version: 2.2.1 2016-01-06 15:50:00.065914 I | etcdmain: Git SHA: 75f8282 2016-01-06 15:50:00.065961 I | etcdmain: Go Version: go1.5.1 2016-01-06 15:50:00.066001 I | etcdmain: Go OS/Arch: linux/amd64 Contd.. 2016-01-06 15:50:00.107972 I | etcdserver: starting server... [version: 2.2.1, cluster version: 2.2] 2016-01-06 15:50:00.508131 I | raft: ce2a822cea30bfca is starting a new election at term 5 2016-01-06 15:50:00.508237 I | raft: ce2a822cea30bfca became candidate at term 6 2016-01-06 15:50:00.508253 I | raft: ce2a822cea30bfca received vote from ce2a822cea30bfca at term 6 2016-01-06 15:50:00.508278 I | raft: ce2a822cea30bfca became leader at term 6 2016-01-06 15:50:00.508313 I | raft: raft.node: ce2a822cea30bfca elected leader ce2a822cea30bfca at term 6 2016-01-06 15:50:00.509810 I | etcdserver: published {Name:default ClientURLs:[http://localhost:2379 http://localhost:4001]} to cluster 7e27652122e8b2ae
$ service docker stop $ docker daemon --cluster-store=etcd://0.0.0.0:2379 INFO[0000] [graphdriver] using prior storage driver "aufs" INFO[0000] API listen on /var/run/docker.sock INFO[0000] Firewalld running: false INFO[0015] Default bridge (docker0) is assigned with an IP address 172.16.59.1/24. Daemon option --bip can be used to set a preferred IP address WARN[0015] Your kernel does not support swap memory limit. INFO[0015] Loading containers: start. .....INFO[0034] Skipping update of resolv.conf file with ipv6Enabled: false because file was touched by user INFO[0043] Loading containers: done. INFO[0043] Daemon has completed initialization INFO[0043] Docker daemon commit=a34a1d5 execdriver=native-0.2 graphdriver=aufs version=1.9.1 INFO[0043] GET /v1.21/version INFO[0043] GET /v1.21/version INFO[0043] GET /events INFO[0043] GET /v1.21/version
$ ./calicoctl node --libnetwork No IP provided. Using detected IP: 10.22.0.1 Pulling Docker image calico/node:v0.10.0 Calico node is running with id: 79e75fa6d875777d31b8aead10c2712f54485c031df50667edb4d7d7cb6bb26c Pulling Docker image calico/node-libnetwork:v0.5.2 Calico libnetwork driver is running with id: bc7d65f6ab854b20b9b855abab4776056879f6edbcde9d744f218e556439997f $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7bb7a956af37 calico/node-libnetwork:v0.5.2 "./start.sh" 3 minutes ago Up 3 minutes calico-libnetwork 13a0314754d6 calico/node:v0.10.0 "/sbin/start_runit" 3 minutes ago Up 3 minutes calico-node 1f13020cc3a0 weaveworks/plugin:1.4.1 "/home/weave/plugin" 3 days ago Up 3 minutes weaveplugin
docker network
command recently introduced in the Docker CLI:$docker network create –d calico net1 $ docker network ls NETWORK ID NAME DRIVER 9b5f06307cf2 docker_gwbridge bridge 1638f754fbaf host host 02b10aaa25d7 weave weavemesh 65dc3cbcd2c0 bridge bridge f034d78cc423 net1 calico
busybox
container connected to the Calico net1
bridge:$docker run --net=net1 -itd --name=container1 busybox 1731629b6897145822f73726194b1f7441b6086ee568e973d8a88b554e838366 $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1731629b6897 busybox "sh" 6 seconds ago Up 5 seconds container1 7bb7a956af37 calico/node-libnetwork:v0.5.2 "./start.sh" 6 minutes ago Up 6 minutes calico-libnetwork 13a0314754d6 calico/node:v0.10.0 "/sbin/start_runit" 6 minutes ago Up 6 minutes calico-node 1f13020cc3a0 weaveworks/plugin:1.4.1 "/home/weave/plugin" 3 days ago Up 6 minutes weaveplugin $ docker attach 1731 / # / # ifconfig cali0 Link encap:Ethernet HWaddr EE:EE:EE:EE:EE:EE inet addr:10.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.0 inet6 addr: fe80::ecee:eeff:feee:eeee/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:29 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5774 (5.6 KiB) TX bytes:648 (648.0 B) eth1 Link encap:Ethernet HWaddr 02:42:AC:11:00:02 inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0 inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:21 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4086 (3.9 KiB) TX bytes:648 (648.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Inside the container we can see that the container is now connected to the Calico bridge and can connect to the other containers deployed on the same bridge.