The document discusses how Calico networking can be integrated with OpenShift to provide networking and network policy for container workloads. Some key points: - Calico is an open source networking and security solution that implements large, scalable cloud data center infrastructures using layer 3 networking. - It supports rich network policies to provide tenant isolation, security groups, and reachability constraints. - Calico can integrate easily with OpenShift via the openshift-ansible installer to provide the networking and network policy capabilities for OpenShift workloads. - It differs from the native OpenShift SDN in that it allocates dynamic IP ranges, connects pods directly to the kernel rather than OVS, and does not require

1. Anirban Sen Chowdhary

2. “Project Calico is the world's simplest, most scalable, open networking
solution for OpenStack”.
Calico, a pure layer3 approach to Virtual Networking for highly scalable &
flexible Data centers. It is a open-source technology, that implements
large, standards-based cloud data center infrastructures
Calico supports rich and flexible network policy that enforces on every
node in a cluster, to provide tenant isolation, security groups, and external
reachability constraints.

3. OpenShift on other hand is an open source container application platform
by Red Hat based on top of Docker containers and the Kubernetes
container cluster manager for enterprise app development and
deployment.
It is defined as a is a container application platform that brings docker and
Kubernetes to the enterprise.

4. OpenShift is a popular and widely deployed platform which supports
networking and networking seems to work there.
Calico which differs from traditional solutions like OpenShift SDN, can
integrated with OpenShift easily, that includes the openshift-ansible
installer, both in OpenShift Origin, and OpenShift Container Platform which
helps OpenShift deployments to benefit from the leading Network and
Network Policy implementation for Kubernetes, and rich feature set,
scalability and simplicity of Calico.
Calico that can be deployed to use etcd as its datastore driver, where etcd
can be shared with OpenShift.

5. The main reason of depending on etcd is because it is plugged into
orchestration and used to communicate with lot of states and use etcd as a
distributed key value store among all of the key nodes.
.

6. Another important reason was keeping in mind of Kubernetes.
Kubernetes itself depends on etcd and that will help to scale with given
orchestrator and communicate between nodes.
So, etcd can be shared with OpenShift for smaller deployments like a POC,
or a dedicated Calico-etcd cluster can be provisioned in case of larger scale
and production deployments.

7. Another important reason was keeping in mind of Kubernetes.
Kubernetes itself depends on etcd and that will help to scale with given
orchestrator and communicate between nodes.
So, etcd can be shared with OpenShift for smaller deployments like a POC,
or a dedicated Calico-etcd cluster can be provisioned in case of larger scale
and production deployments.

8. As we said earlier, Calico differs from traditional solutions like OpenShift
SDN.
Some of main highlights of difference are:
* In OpenShift SDN ,there is one subnet per host, where as in Calico, there
is a dynamic allocation of IP address ranges to host as additional container
scheduled.
* In OpenShift SDN , Pods are connected to OVS bridge, while in Calico,
Pods are connected to Linux Kernal routing engine.
* In OpenShift SDN , Connectivity outside cluster is via NAT, while in Calico,
since pods have real IPs now, NAT is not required to outside world.

10. We will just have an simple overview on the installation part and will see
how etcd is coming into the picture. Just as we have already discussed the
role of etcd .
Shared etcd:
In order to enable an installation of Calico that shares the etcd instance
used by the apiserver, set the following OSEv3:vars in our inventory file:
* os_sdn_network_plugin_name=cni
* openshift_use_calico=true
* openshift_use_openshift_sdn=false

11. We also needs to ensure that you have an explicitly defined host in the
[etcd] group :

12. Calico’s OpenShift-ansible integration supports connection to a custom
etcd which a user has already set up.
Following required:
* The etcd instance must have SSL authentication enabled.
* Certs must be present at the specified filepath on all nodes.
* All cert files must be in the same directory specified by
calico_etcd_cert_dir

13. For more information on technical details and full installation, we can
always refer to Calico’s awesome docs here :
https://docs.projectcalico.org

14. For more information visit
https://www.projectcalico.org/
https://docs.projectcalico.org/v2.6/introduction/
https://blog.tigera.io/tagged/calico