Building Calico with Kubernetes

Integrating Calico with Kubernetes

Calico enables networking and network policy in Kubernetes clusters across the cloud. The instructions provided you the steps to integrate Calico with Kubernetes on Linux on IBM Z for following distribution:

• RHEL (7.1, 7.2, 7.3, 7.4)
• Ubuntu (16.04, 17.10)
• SLES (12, 12 SP1, 12 SP2, 12 SP3)

General Notes:

• When following the steps below please use a standard permission user unless otherwise specified.

• A directory /<source_root>/ will be referred to in these instructions, this is a temporary writable directory anywhere you'd like to place it.

1. Build Calico basic components

Instructions for building the basic Calico components, which includes calicoctl and calico/node can be found here

2. Build Kubernetes Support

2.1. Install Calico CNI plugins

• Create /opt/cni/bin on your machine

  mkdir -p /opt/cni/bin

• Download the source code for cni-plugin

  export GOPATH=/<source_root>/
  git clone https://github.com/projectcalico/cni-plugin.git $GOPATH/src/github.com/projectcalico/cni-plugin
  cd $GOPATH/src/github.com/projectcalico/cni-plugin
  git checkout v2.0.0
  mkdir dist

• Modify Makefile as follow

  @@ -13,6 +13,11 @@ ifeq ($(ARCH),ppc64le)
          GO_BUILD_VER:=latest
   endif
  
  +ifeq ($(ARCH),s390x)
  +        ARCHTAG:=-s390x
  +        GO_BUILD_VER:=latest
  +endif
  +
   # Disable make's implicit rules, which are not useful for golang, and slow down the build
   # considerably.
   .SUFFIXES:

• Create a Dockerfile for s390x

  cp Dockerfile Dockerfile-s390x

• Modify Dockerfile-s390x as follow

  @@ -1,13 +1,13 @@
  -FROM busybox
  +FROM s390x/busybox
  
   LABEL maintainer "Tom Denham <[email protected]>"
  
  -ADD dist/amd64/calico /opt/cni/bin/calico
  -ADD dist/amd64/flannel /opt/cni/bin/flannel
  -ADD dist/amd64/loopback /opt/cni/bin/loopback
  -ADD dist/amd64/host-local /opt/cni/bin/host-local
  -ADD dist/amd64/portmap /opt/cni/bin/portmap
  -ADD dist/amd64/calico-ipam /opt/cni/bin/calico-ipam
  +ADD dist/s390x/calico /opt/cni/bin/calico
  +ADD dist/s390x/flannel /opt/cni/bin/flannel
  +ADD dist/s390x/loopback /opt/cni/bin/loopback
  +ADD dist/s390x/host-local /opt/cni/bin/host-local
  +ADD dist/s390x/portmap /opt/cni/bin/portmap
  +ADD dist/s390x/calico-ipam /opt/cni/bin/calico-ipam
   ADD k8s-install/scripts/install-cni.sh /install-cni.sh
   ADD k8s-install/scripts/calico.conf.default /calico.conf.tmp
  

• Modify .dockerignore as follow

  @@ -13,3 +13,9 @@
   !dist/ppc64le/loopback
   !dist/ppc64le/host-local
   !dist/ppc64le/portmap
  +!dist/s390x/calico
  +!dist/s390x/calico-ipam
  +!dist/s390x/flannel
  +!dist/s390x/loopback
  +!dist/s390x/host-local
  +!dist/s390x/portmap

• Build CNI plugins binaries and CNI image

  ARCH=s390x make docker-image
  cp dist/* /opt/cni/bin
  docker tag calico/cni quay.io/calico/cni:v2.0.0

2.2. Build the Calico network policy controller

• Download the source code

  git clone https://github.com/projectcalico/k8s-policy.git $GOPATH/src/github.com/projectcalico/k8s-policy
  cd $GOPATH/src/github.com/projectcalico/k8s-policy
  git checkout v2.0.0

• Modify Makefile as follow

  @@ -13,6 +13,11 @@ ifeq ($(ARCH),ppc64le)
          GO_BUILD_VER?=latest
   endif
  
  +ifeq ($(ARCH),s390x)
  +        ARCHTAG:=-s390x
  +        GO_BUILD_VER?=latest
  +endif
  +
   HYPERKUBE_IMAGE?=gcr.io/google_containers/hyperkube-$(ARCH):v1.8.0-beta.1
   ETCD_IMAGE?=quay.io/coreos/etcd:v3.2.5$(ARCHTAG)
   

• create Dockerfile for s390x

  cp Dockerfile Dockerfile-s390x

• Modify Dockerfile-s390x as follow

  @@ -11,8 +11,8 @@
   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   # See the License for the specific language governing permissions and
   # limitations under the License.
  -FROM alpine:3.5
  -LABEL maintainer "Casey Davenport <[email protected]>"
  +FROM s390x/alpine:3.6
  +LABEL maintainer "Casey Davenport <[email protected]>"
  
  -ADD dist/kube-controllers-linux-amd64 /usr/bin/kube-controllers
  +ADD dist/kube-controllers-linux-s390x /usr/bin/kube-controllers
   ENTRYPOINT ["/usr/bin/kube-controllers"]

• Then build the image

  ARCH=s390x make docker-image
  docker tag calico/kube-controllers-s390x quay.io/calico/kube-controllers:v2.0.0

3. Install Calico in Kubernetes environment

Once you have all necessary components built on z systems, you can

• Run calico/node by

  sudo ETCD_ENDPOINTS=http://<ETCD_IP>:<ETCD_PORT> calicoctl node run --node-image=quay.io/calico/node:v3.0.1
  

  This assumes you already have calicoctl built from the basic calico building instruction and its location is in your PATH environment variable.

• Configure and run your Kubernetes following here

• Install the calico policy controller following here

4. Usage samples

The demos of the simple usage of calico with Kubernetes can be found at

• Simple policy demo
• Star policy demo
• Advanced policy demo

So far the Simple policy demo has been verified on s390x with Kubernetes v1.7.4, which was the latest stable Kubernetes version when the porting was conducted. Also note that all images (e.g., nginx, busybox) used in the demo should be s390x compatible. Images pulled directly from the Internet can be used for x86 only, using them on Linux on z will lead to errors.