►
From YouTube: Best practices for Calico installation
A
But
before
we
get
started,
let's
get
to
know
each
other
a
little
bit
more.
My
name
is
Reza
and
I'm.
A
developer
Advocate
at
Tiger
Tiger
Tiger
is
the
company
behind
the
open
source
project
Calico,
where
we
do
all
kind
of
fun
stuff
to
revolutionize,
kubernetes,
networking
and
security
I
used
to
be
a
security
consultant,
a
system
engineer,
network
administrator
and
a
full
stack
developer,
currently
I'm,
advocating
for
a
community
that
I
love,
I'm,
always
eager
to
learn
new
stuff
and
open
to
suggestions.
So,
let's
connect
and
exchange
ideas.
A
This
presentation
is
divided
into
five
sections.
First
I'm
going
to
talk
about
project
Calico
and
give
you
a
brief
overview
of
what
it
is
that
we
do
at
Tiger.
Then
I'm
going
to
talk
a
bit
about
tigera
operator
and
our
motivation
behind
making
it
an
open
source
project.
Then,
in
a
short
demo,
I'm
going
to
demonstrate
how
to
install
Calico
in
a
kubernetes
cluster
by
using
the
tiger
operator.
A
After
that,
we
will
explore
some
basic
kubernetes
networking
and
container
networking
interface
Concepts
to
get
everyone
up
to
speed
for
our
journey
into
the
inner
working
of
cni
installation,
where
I'm
going
to
demonstrate
how
to
install
a
cni
manually
in
a
kubernetes
cluster.
If
you
are
new
to
Cloud
networking,
don't
worry
I
got
you
covered.
There
is
a
slide
at
the
end
of
this
presentation,
with
all
the
links
and
information
that
you
might
need
for
your
adventure.
A
A
We
have
a
thriving
Community
with
more
than
300
contributors
and
8
000
slack
channel
members
feel
free
to
join
our
community
using
these
social
networking
handles
and
drive
the
conversation
where
you
feel
a
need
for
a
change
or
seek
help
for
your
Calico
Adventure
from
developers
who
are
actively
working
on
the
project.
Our
slack
channel
slack.projectcalico.org
is
an
inclusive
environment
dedicated
to
Calico
and
support
for
our
open
source
community
members
project
Calico
offers
a
pure
layer,
3D
approach
to
Virtual
networking
and
security
for
highly
scalable
data.
Centers
Calico
is
a
free
and
open
source.
A
A
Calico
is
designed
to
be
modular
and
has
pluggable
data
plane
approach
offers
evpf
and
iptables
data
planes
for
Linux
environments
and
host
network
service
or
hns
for
Windows
environments.
This
modular
architecture
makes
Calico
a
great
choice
for
any
environment
and
gives
you
the
required
tools
to
be
in
charge
of
your
software-defined
networking
traffic.
A
A
The
operator
then
monitors
the
installation
resource
to
make
sure
your
Calico
is
always
configured
correctly.
The
operator
provides
a
simple
way
to
troubleshoot
each
Calico
components
that
are
installed
on
your
cluster
and
just
like
Calico.
The
tiger
operator
is
free
and
open
source.
In
fact,
you
can
use
the
secure
code
to
check
its
GitHub
page
and
get
involved
with
its
development
and
shape
its
feature.
A
An
operator
can
create
or
modify
pods
deployments,
config
Maps
or
services
that
are
required
for
your
Cloud
native
application,
by
providing
a
single
interface
to
manage
and
deploy
it.
If
you're
interested
to
know
more
about
the
operator
framework,
use
this
QR
code
and
head
to
their
web
page
all
right
now
that
we
have
a
basic
understanding
about
tigera
operator,
let's
use
it
to
install
Calico.
A
A
All
right
to
change
my
node's
status
to
ready
I
just
need
to
install
a
cni,
so
let's
go
ahead
and
apply
the
yaml
file
for
the
tigera
operator
inside
the
tiger
operator
manifest.
There
is
a
tigera
status
capability
that
will
be
added
to
the
kubernetes
API
server
and
could
be
query
to
get
information
about
the
state
of
Calico
components.
A
A
A
A
Calico
has
its
own
IP
address
management
plugin,
which
allows
you
to
create
different
type:
people's
allocate
static,
IP
to
end
points
or
tunnels,
and
a
lot
of
other
cool
things.
Calico
uses
Bert
to
implement
bgp
or
border
Gateway
protocol
routing
between
your
cluster
resources
and
other
bgp
capable
devices
in
your
network.
A
You
could
take
advantage
of
this
feature
by
pairing
your
on-prem
environment,
directly
to
your
kubernetes
cluster
Calico,
extends
the
kubernetes
network
policies
and
allows
you
to
write
cluster-wide
security
policies
to
secure
your
cluster.
It
also
offers
a
range
of
new
selectors
that
can
tailor
security
policy
to
Target
any
resource
from
inside
or
outside
of
your
cluster
Calico
has
a
plugable
data,
plane
architecture
and
multiple
data
planes.
These
data
planes
are
based
on
iptables,
evpf
technology,
fdio
or
Cisco's
VPP
and
windows
SNS.
A
That
allows
you
to
be
in
charge
of
your
software-defined
networking
traffic
Calico
offers
multiple
networking
overlays
such
as
vxlan
and
ipip.
That
can
help
you
to
establish
networking
and
restricted
environments
such
as
Cloud
providers,
Calico
integrates
with
other
awesome,
open
source
projects
like
istio
to
establish
application
layer
policy
enforcement
service,
mesh
and
observability
Calico
has
integration
with
wireguard
for
node
to
node
or
pod
to
pod
traffic
encryption
for
busy
clusters.
Calico
deploys
typha
that
holds
a
cached
version
of
kubernetes
API
server
information
that
will
be
used
by
Calico
components.
A
A
Okay,
now
that
we
got
a
cluster,
let's
go
and
verify
that
our
nodes
are
not
ready.
Now,
last
time
we
used
Coupe
Kettle,
get
notes
after
our
cluster
provisioning
to
verify
that
the
kubernetes
nodes
are
not
running
this
time.
Let's
go
inside
the
control,
plane,
node
and
check
this
from
the
CRI
perspective.
A
A
A
A
A
After
creating
an
identity,
it's
always
good
to
tie
it
to
some
permissions
so
that
our
credentials
cannot
do
anything
more
than
they're
supposed
to
here.
You
can
see
the
cluster
role
that
I'm
going
to
deploy
for
my
Calico
cni
in
order
to
only
be
able
to
access
some
parts
of
the
information
that
kubernetes
API
server
offers.
A
Now
that
we
have
the
permissions
in
place
and
actually
copied
the
cube
config
file
inside
our
config
directory,
let's
go
ahead
and
create
a
conf
list.
A
conflict
will
be
used
by
kubernetes
or
kublet
to
tell
the
cluster
about
capabilities
that
our
cni
will
offer.
Now,
if
we
go
ahead
and
issue
a
coupe
cattle
get
notes
command.
But
you
know
the
control
plane
is
now
ready
for
the
action
from
here.
A
All
right,
so,
if
we
go
ahead
and
issue
a
get
notes
command
again,
we
will
see
all
nodes
are
now
in
a
radio
state.
However,
our
pods
are
not
able
to
acquire
any
IP
addresses.
We
can
verify
this
by
issuing
a
coupe
Kettle
get
parts
command,
as
you
can
see,
both
core
DNS
pods
are
now
stucking
in
the
container,
creating
phase
and
that's
because
they
cannot
get
an
IP
address.
A
A
All
right
everything
is
set
now
we
can
basically
just
deploy
the
Calico
node
Daemon
set
and
wait
for
it
to
come
up
after
this
phase.
If
we
go
ahead
and
issue,
another
Coop
cataloget
pod
stash
a
command,
we
should
see
all
our
pods
are
now
in
a
running
State
and
we
have
a
fully
functional
kubernetes
cluster.