Creating a Kind Cluster With Calico Networking
Kind is a tool for running Kubernetes inside docker containers. Instead of using VMs or physical hosts as the Kubernetes nodes, Kind spins up docker containers that look like VMs and installs Kubernetes on them. Getting a cluster up and running with Kind is super fast, which makes it an excellent tool for creating test clusters on your laptop.
Kind has a default Container Networking Interface (CNI) plugin called kindnet,
which is a minimal implementation of a CNI plugin. Last week, however, I needed
to experiment with monitoring Calico pods, so I
had to look into how to setup Calico as the CNI plugin for Kind clusters.
To use Calico as the CNI plugin in Kind clusters, we need to do the following:
- Disable the installation of
kindnet - Configure the pod subnet of the cluster
- Install Calico on the cluster
- Tweak Calico’s configuration
Kind Configuration
Kind clusters can be customized using a configuration file that exposes a
variety of knobs. In our case, we need to disable kindnet and set the pod
subnet to Calico’s default subnet.
To do so, create a kind-calico.yaml file that contains the following:
kind: Cluster
apiVersion: kind.sigs.k8s.io/v1alpha3
networking:
disableDefaultCNI: true # disable kindnet
podSubnet: 192.168.0.0/16 # set to Calico's default subnet
Create your Kind cluster, passing the configuration file using the --config flag:
kind create cluster --config kind-calico.yaml
Verify Kind Cluster
Once the cluster is up, list the pods in the kube-system namespace to verify
that kindnet is not running:
export KUBECONFIG="$(kind get kubeconfig-path --name="kind")"
kubectl get pods -n kube-system
kindnet should be missing from the list of pods:
NAME READY STATUS RESTARTS AGE
coredns-5c98db65d4-dgfs9 0/1 Pending 0 77s
coredns-5c98db65d4-gg4fh 0/1 Pending 0 77s
etcd-kind-control-plane 1/1 Running 0 16s
kube-apiserver-kind-control-plane 1/1 Running 0 24s
kube-controller-manager-kind-control-plane 1/1 Running 0 41s
kube-proxy-qsxp4 1/1 Running 0 77s
kube-scheduler-kind-control-plane 1/1 Running 0 10s
Note: The coredns pods are in the pending state. This is expected. They will
remain in the pending state until a CNI plugin is installed.
Install Calico
Use the following command to install Calico:
kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml
Relax Calico’s RPF Check Configuration
By default, Calico pods fail if the Kernel’s Reverse Path Filtering (RPF) check is not enforced. This is a security measure to prevent endpoints from spoofing their IP address.
The RPF check is not enforced in Kind nodes. Thus, we need to disable the Calico
check by setting an environment variable in the calico-node DaemonSet:
kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
Note: I am disabling this check because this is a dev environment. You probably do not want to do this otherwise.
Verify Calico Is Up
To verify that calico-node is running, list the pods in the kube-system namespace:
kubectl -n kube-system get pods | grep calico-node
You should see the calico-node pod running and ready (1/1 containers ready):
calico-node-v5k5z 1/1 Running 0 11s
You should also see the CoreDNS pods running if you get a full listing of pods
in the kube-system namespace.
Wrap Up
I hope this post is useful to anyone who is looking to quickly stand up a Kubernetes cluster with Calico (or any other CNI implementation) as the CNI plugin.
If you want to learn more about Kind, check out the following resources:
Did you find this post useful? Did I get something wrong? I would love to hear from you! Please reach out via @alexbrand.