Warning: You're not viewing the latest Calico documentation.

Installing Calico in DC/OS

The following information details Calico’s installation and runtime dependencies in DC/OS, and looks at how to leverage Calico-DC/OS Framework to get up and running.

Background

Calico provides multi-host networking for DC/OS, giving each task its own IP address and isolated networking namespace, with highly flexible policy configuration.

Calico has the following prerequisites in DC/OS:

An available etcd store
Docker configured with a cluster-store (if networking Docker Tasks)

Since many default DC/OS clusters do not meet these basic requirements, Calico maintains a simple Universe package for DC/OS that can get Calico installed and running in one-click. The package performs the following steps on every agent in the cluster:

Run etcd (in proxy mode)
Configure docker with a cluster store
Install Calico CNI binaries and configs (for Unified Containerizer networking)
Run calico-libnetwork (for Docker Containerizer networking)
Run calico-node.

The framework is flexible, allowing users to enable, disable, or customize each step. Below, we’ll see what each step does, and how it can be modified.

Alternatives: Installing Manually

The framework runs Calico (and its configuration) within DC/OS. This means it registers as a Mesos Framework, and uses Mesos Resource offers to run and configure the cluster with Calico. Alternative to this approach, Calico can be manually installed directly onto Agents as a daemon service integrated with the OS (using systemd) to ensure it is available when tasks are eventually provisioned.

Next, we’ll dive into each task the Framework performs.

etcd

Calico uses etcd as its central database. There are two popular ways to run etcd in DC/OS:

Use the Universe etcd package

The Universe etcd package launches a Mesos Framework that uses Mesos resource offers to spawn a multi-node etcd cluster. The endpoint endpoint address can be resolved via a SRV lookup of _etcd-server._tcp.etcd.mesos.

Calico doesn’t support connections to etcd via SRV record, so the Calico-DC/OS Framework first runs its own instance of etcd in proxy mode on every agent, which it relies on to forward requests made to localhost:2379 onwards to the actual etcd cluster.
Manually running etcd

Running the etcd cluster manually across all masters can be considered more stable than the previous option, as the endpoint address is static. Users launching etcd in this way can skip running etcd in proxy mode, and can simply change ETCD_ENDPOINTS to point directly at their static etcd cluster.

Docker Cluster Store

Calico networks Docker Containerizer tasks at the Docker-engine layer. To do multi-host networking in Docker, each docker engine must be configured to use the same cluster-store.

By default, the Calico-DC/OS Framework will parse the value set for ETCD_ENDPOINTS, configure Docker to use it by adding it to /etc/docker/daemon.json, and finally restart Docker.

Users can set override-docker-cluster-store to manually choose a different cluster store (e.g. the existing zookeeper on master), or, if they are only planning to use Calico for Unified Containerizer networking, can disable modification of the docker daemon altogether.

Calico CNI Installation

To perform networking on Unified Containerizer tasks, Calico’s CNI binaries and configuration file must be installed on every agent, and the slave process must be restarted to pick up the change. The Framework then performs the following steps:

Download calico to /opt/mesosphere/active/cni/
Download calico-ipam to /opt/mesosphere/active/cni/
Create the following JSON file at /opt/mesosphere/etc/dcos/network/cni/calico.cni:
```
{
    "name": "calico",
    "type": "calico",
    "etcd_endpoints": "http://localhost:2379",
    "ipam": {
        "type": "calico-ipam"
    }
}
```
Note: If not running etcd in proxy mode, be sure to change etcd_endpoints to your correct etcd endpoint address.
Restart the slave process with systemctl restart dcos-mesos-slave

Calico Libnetwork

To receive networking hook calls from the Docker engine, Calico’s libnetwork plugin must be running on every agent. This task ensures the calico/node-libnetwork container is running.

Run Calico Node

No matter which networking plugin you use, Calico’s core processes must be run on each agent. This task ensures the calico/node container is running.

Next Steps: Installing

For a walkthrough of how to deploy common configurations of the Calico-DC/OS Framework, see The Calico-DC/OS Framework Install Guide

Provide Feedback Get Help via Slack Training