Calico for Windows on a Rancher Kubernetes Engine cluster

Big picture

Install Calico for Windows on a Rancher Kubernetes Engine (RKE) cluster.

Value

Run Linux and Windows workloads on a RKE cluster with Calico.

Before you begin

Supported

• RKE Kubernetes 1.20, 1.19, or 1.18

Supported networking

• BGP with no encapsulation
• VXLAN

Required

• An RKE cluster provisioned with no network plugin but which otherwise meets the Calico for Windows Kubernetes cluster requirements. This guide was tested with RKE v1.18.9.
• One or more Windows nodes that meet the requirements.

How to

The following steps will outline the installation of Calico networking on the RKE cluster, then the installation of Calico for Windows on the Windows nodes.

1. Install the Tigera Calico operator and custom resource definitions.

   kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.3/manifests/tigera-operator.yaml
   note

   Due to the large size of the CRD bundle, kubectl apply might exceed request limits. Instead, use kubectl create or kubectl replace.

2. Download the necessary Installation custom resources.

   wget https://raw.githubusercontent.com/projectcalico/calico/v3.27.3/manifests/custom-resources.yaml

3. Update the calicoNetwork options, ensuring that the correct pod CIDR is set. (Rancher uses 10.42.0.0/16 by default.) Below are sample installations for VXLAN and BGP networking using the default Rancher pod CIDR:

   VXLAN

   apiVersion: operator.tigera.io/v1
   kind: Installation
   metadata:
     name: default
   spec:
      # Configures Calico networking.
     calicoNetwork:
       bgp: Disabled
        # Note: The ipPools section cannot be modified post-install.
       ipPools:
       - blockSize: 26
         cidr: 10.42.0.0/16
         encapsulation: VXLAN
         natOutgoing: Enabled
         nodeSelector: all()

   BGP

   apiVersion: operator.tigera.io/v1
   kind: Installation
   metadata:
     name: default
   spec:
      # Configures Calico networking.
     calicoNetwork:
        # Note: The ipPools section cannot be modified post-install.
       ipPools:
       - blockSize: 26
         cidr: 10.42.0.0/16
         encapsulation: None
         natOutgoing: Enabled
         nodeSelector: all()
   note

   For more information on configuration options available in this manifest, see the installation reference.

4. Apply the updated custom resources:

   kubectl create -f custom-resources.yaml

5. Configure strict affinity:

   kubectl patch ipamconfigurations default --type merge --patch='{"spec": {"strictAffinity": true}}'

6. Finally, install Calico for Windows. For an operator installation, follow the operator guide. For manual installation, follow the quickstart guide. For VXLAN clusters, follow the instructions under the "Kubernetes VXLAN" tab. For BGP clusters, follow the instructions under the "Kubernetes BGP" tab.

   note

   For Rancher default values for service CIDR and DNS cluster IP, see the Rancher kube-api service options.

7. Check the status of the nodes with kubectl get nodes. If you see that the Windows node has the status Ready, then you have a Calico for Windows on RKE cluster ready for Linux and Windows workloads!

Next steps

• Try the basic policy demo
• Secure pods with Calico network policy