Building Calico with Kubernetes

Integrating Calico with Kubernetes

Calico enables networking and network policy in Kubernetes clusters across the cloud. The instructions provided you the steps to integrate Calico with Kubernetes on Linux on z Systems for following distribution:

• RHEL (7.1, 7.2, 7.3)
• Ubuntu (16.04, 16.10)
• SLES (12, 12 SP1, 12 SP2)

General Notes:

• When following the steps below please use a standard permission user unless otherwise specified.

• A directory /<source_root>/ will be referred to in these instructions, this is a temporary writable directory anywhere you'd like to place it.

1. Build Calico basic components

Instructions for building the basic Calico components, which includes calicoctl and calico/node can be found here

2. Build Kubernetes Support

2.1. Install Calico CNI plugins

mkdir -p /opt/cni/bin

Build CNI plugins binaries calico and calico-ipam

cd /<source_root>/calico/src/github.com/projectcalico/
git clone https://github.com/projectcalico/cni-plugin.git
cd cni-plugin
git checkout v1.8.3
make dist/calico dist/calico-ipam
cp dist/* /opt/cni/bin

Build the standard CNI binary loopback

cd /<source_root>/calico/src/github.com/projectcalico/
git clone https://github.com/containernetworking/cni.git
cd cni
git checkout v0.5.2
CGO_ENABLED=0 GOARCH=s390x ./build.sh -a --ldflags '-extldflags \"-static\"'
cp bin/loopback /opt/cni/bin

2.2. Build the Calico network policy controller

Build calico/kube-policy-controller image

cd /<source_root>/calico/src/github.com/projectcalico/
git clone https://github.com/projectcalico/k8s-policy.git
cd k8s-policy
git checkout v0.6.0

Make changes to Dockerfile

@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

-FROM alpine:3.4
+FROM tmh1999/alpine-s390x

ADD *.py /code/
ADD handlers /code/handlers
@@ -22,8 +22,8 @@ RUN /build.sh

# Symlinks needed to workaround Alpine/Pyinstaller incompatibilties
# https://github.com/gliderlabs/docker-alpine/issues/48
-RUN ln -s /lib/libc.musl-x86_64.so.1 ldd
+RUN ln -s /lib/libc.musl-s390x.so.1 ldd
RUN ln -s /lib /lib64
-RUN ln -s /lib/ld-musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
+RUN ln -s /lib/ld-musl-s390x.so.1 /lib64/ld-linux-s390x.so.2

-ENTRYPOINT ["/dist/controller"]
+CMD python /code/controller.py

Make changes to build.sh

@@ -3,18 +3,10 @@ set -e
set -x

# Install the system packages needed for building the PyInstaller based binary
-apk -U add --virtual temp python-dev py-pip alpine-sdk python py-setuptools openssl-dev libffi-dev
+apk -U add --virtual temp python python-dev py-pip alpine-sdk python py-setuptools openssl-dev libffi-dev

# Install python dependencies
pip install --upgrade pip
pip install -r https://raw.githubusercontent.com/projectcalico/libcalico/master/build-requirements-frozen.txt
pip install git+https://github.com/projectcalico/libcalico.git
pip install simplejson
-
-# Produce a binary - outputs to /dist/controller
-pyinstaller /code/controller.py -ayF
-
-# Cleanup everything that was installed now that we have a self contained binary
-apk del temp && rm -rf /var/cache/apk/*
-rm -rf /usr/lib/python2.7
-rm -rf /build

Then build the image,

make docker-image
docker tag calico/kube-policy-controller quay.io/calico/kube-policy-controller:v0.6.0

3. Install Calico in Kubernetes environment

Once you have all necessary components built on z systems, you can

1. Configure and run your Kubernetes following here

2. Run calico/node by

sudo ETCD_ENDPOINTS=http://<ETCD_IP>:<ETCD_PORT> calicoctl node run

This assumes you already have calicoctl built from the basic calico building instruction and its location is in your PATH environment variable.

3. Install the calico policy controller following here

4. Usage samples

The demos of the simple usage of calico with Kubernetes can be found at

• Simple policy demo
• Star policy demo
• Advanced policy demo

So far the Simple policy demo has been verified on s390x with Kubernetes v1.6.4, which was the latest stable Kubernetes version when the porting was conducted. Also note that all images (e.g., nginx, busybox) used in the demo should be s390x compatible. Images pulled directly from the Internet can be used for x86 only, using them on Linux on z will lead to errors.