Creating a Kind Cluster With Calico Networking
Kind is a tool for running Kubernetes inside docker containers. Instead of using VMs or physical hosts as the Kubernetes nodes, Kind spins up docker containers that look like VMs and installs Kubernetes on them. Getting a cluster up and running with Kind is super fast, which makes it an excellent tool for creating test clusters on your laptop.
Kind has a default Container Networking Interface (CNI) plugin called
which is a minimal implementation of a CNI plugin. Last week, however, I needed
to experiment with monitoring Calico pods, so I
had to look into how to setup Calico as the CNI plugin for Kind clusters.
To use Calico as the CNI plugin in Kind clusters, we need to do the following:
- Disable the installation of
- Configure the pod subnet of the cluster
- Install Calico on the cluster
- Tweak Calico’s configuration
Kind clusters can be customized using a configuration file that exposes a
variety of knobs. In our case, we need to disable
kindnet and set the pod
subnet to Calico’s default subnet.
To do so, create a
kind-calico.yaml file that contains the following:
kind: Cluster apiVersion: kind.sigs.k8s.io/v1alpha3 networking: disableDefaultCNI: true # disable kindnet podSubnet: 192.168.0.0/16 # set to Calico's default subnet
Create your Kind cluster, passing the configuration file using the
kind create cluster --config kind-calico.yaml
Verify Kind Cluster
Once the cluster is up, list the pods in the
kube-system namespace to verify
kindnet is not running:
export KUBECONFIG="$(kind get kubeconfig-path --name="kind")" kubectl get pods -n kube-system
kindnet should be missing from the list of pods:
NAME READY STATUS RESTARTS AGE coredns-5c98db65d4-dgfs9 0/1 Pending 0 77s coredns-5c98db65d4-gg4fh 0/1 Pending 0 77s etcd-kind-control-plane 1/1 Running 0 16s kube-apiserver-kind-control-plane 1/1 Running 0 24s kube-controller-manager-kind-control-plane 1/1 Running 0 41s kube-proxy-qsxp4 1/1 Running 0 77s kube-scheduler-kind-control-plane 1/1 Running 0 10s
Note: The coredns pods are in the
pending state. This is expected. They will
remain in the
pending state until a CNI plugin is installed.
Use the following command to install Calico:
kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml
Relax Calico’s RPF Check Configuration
By default, Calico pods fail if the Kernel’s Reverse Path Filtering (RPF) check is not enforced. This is a security measure to prevent endpoints from spoofing their IP address.
The RPF check is not enforced in Kind nodes. Thus, we need to disable the Calico
check by setting an environment variable in the
kubectl -n kube-system set env daemonset/calico-node FELIX_IGNORELOOSERPF=true
Note: I am disabling this check because this is a dev environment. You probably do not want to do this otherwise.
Verify Calico Is Up
To verify that
calico-node is running, list the pods in the
kubectl -n kube-system get pods | grep calico-node
You should see the
calico-node pod running and ready (1/1 containers ready):
calico-node-v5k5z 1/1 Running 0 11s
You should also see the CoreDNS pods running if you get a full listing of pods
I hope this post is useful to anyone who is looking to quickly stand up a Kubernetes cluster with Calico (or any other CNI implementation) as the CNI plugin.
If you want to learn more about Kind, check out the following resources:
Did you find this post useful? Did I get something wrong? I would love to hear from you! Please reach out via @alexbrand.