alexander brand
September 30, 2019

Creating a Kind Cluster With Calico Networking

Kind is a tool for running Kubernetes inside docker containers. Instead of using VMs or physical hosts as the Kubernetes nodes, Kind spins up docker containers that look like VMs and installs Kubernetes on them. Getting a cluster up and running with Kind is super fast, which makes it an excellent tool for creating test clusters on your laptop.

Kind has a default Container Networking Interface (CNI) plugin called kindnet, which is a minimal implementation of a CNI plugin. Last week, however, I needed to experiment with monitoring Calico pods, so I had to look into how to setup Calico as the CNI plugin for Kind clusters.

To use Calico as the CNI plugin in Kind clusters, we need to do the following:

  1. Disable the installation of kindnet
  2. Configure the pod subnet of the cluster
  3. Install Calico on the cluster
  4. Tweak Calico’s configuration

Kind Configuration

Kind clusters can be customized using a configuration file that exposes a variety of knobs. In our case, we need to disable kindnet and set the pod subnet to Calico’s default subnet.

To do so, create a kind-calico.yaml file that contains the following:

kind: Cluster
apiVersion: kind.sigs.k8s.io/v1alpha3
networking:
  disableDefaultCNI: true # disable kindnet
  podSubnet: 192.168.0.0/16 # set to Calico's default subnet

Create your Kind cluster, passing the configuration file using the --config flag:

kind create cluster --config kind-calico.yaml

Verify Kind Cluster

Once the cluster is up, list the pods in the kube-system namespace to verify that kindnet is not running:

export KUBECONFIG="$(kind get kubeconfig-path --name="kind")"
kubectl get pods -n kube-system

kindnet should be missing from the list of pods:

NAME                                         READY   STATUS    RESTARTS   AGE
coredns-5c98db65d4-dgfs9                     0/1     Pending   0          77s
coredns-5c98db65d4-gg4fh                     0/1     Pending   0          77s
etcd-kind-control-plane                      1/1     Running   0          16s
kube-apiserver-kind-control-plane            1/1     Running   0          24s
kube-controller-manager-kind-control-plane   1/1     Running   0          41s
kube-proxy-qsxp4                             1/1     Running   0          77s
kube-scheduler-kind-control-plane            1/1     Running   0          10s

Note: The coredns pods are in the pending state. This is expected. They will remain in the pending state until a CNI plugin is installed.

Install Calico

Use the following command to install Calico:

kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml

Relax Calico’s RPF Check Configuration

By default, Calico pods fail if the Kernel’s Reverse Path Filtering (RPF) check is not enforced. This is a security measure to prevent endpoints from spoofing their IP address.

The RPF check is not enforced in Kind nodes. Thus, we need to disable the Calico check by setting an environment variable in the calico-node DaemonSet:

kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true

Note: I am disabling this check because this is a dev environment. You probably do not want to do this otherwise.

Verify Calico Is Up

To verify that calico-node is running, list the pods in the kube-system namespace:

kubectl -n kube-system get pods | grep calico-node

You should see the calico-node pod running and ready (1/1 containers ready):

calico-node-v5k5z                            1/1     Running   0          11s

You should also see the CoreDNS pods running if you get a full listing of pods in the kube-system namespace.

Wrap Up

I hope this post is useful to anyone who is looking to quickly stand up a Kubernetes cluster with Calico (or any other CNI implementation) as the CNI plugin.

If you want to learn more about Kind, check out the following resources:

Did you find this post useful? Did I get something wrong? I would love to hear from you! Please reach out via @alexbrand.