commit
824199fc7f
|
@ -21,7 +21,7 @@ The **calicoctl** command allows to check the status of the network workloads.
|
||||||
calicoctl node status
|
calicoctl node status
|
||||||
```
|
```
|
||||||
|
|
||||||
or for versions prior *v1.0.0*:
|
or for versions prior to *v1.0.0*:
|
||||||
|
|
||||||
```
|
```
|
||||||
calicoctl status
|
calicoctl status
|
||||||
|
@ -33,7 +33,7 @@ calicoctl status
|
||||||
calicoctl get ippool -o wide
|
calicoctl get ippool -o wide
|
||||||
```
|
```
|
||||||
|
|
||||||
or for versions prior *v1.0.0*:
|
or for versions prior to *v1.0.0*:
|
||||||
|
|
||||||
```
|
```
|
||||||
calicoctl pool show
|
calicoctl pool show
|
||||||
|
@ -73,7 +73,7 @@ In some cases you may want to route the pods subnet and so NAT is not needed on
|
||||||
For instance if you have a cluster spread on different locations and you want your pods to talk each other no matter where they are located.
|
For instance if you have a cluster spread on different locations and you want your pods to talk each other no matter where they are located.
|
||||||
The following variables need to be set:
|
The following variables need to be set:
|
||||||
`peer_with_router` to enable the peering with the datacenter's border router (default value: false).
|
`peer_with_router` to enable the peering with the datacenter's border router (default value: false).
|
||||||
you'll need to edit the inventory and add a and a hostvar `local_as` by node.
|
you'll need to edit the inventory and add a hostvar `local_as` by node.
|
||||||
|
|
||||||
```
|
```
|
||||||
node1 ansible_ssh_host=95.54.0.12 local_as=xxxxxx
|
node1 ansible_ssh_host=95.54.0.12 local_as=xxxxxx
|
||||||
|
@ -156,7 +156,7 @@ The inventory above will deploy the following topology assuming that calico's
|
||||||
|
|
||||||
##### Optional : Define default endpoint to host action
|
##### Optional : Define default endpoint to host action
|
||||||
|
|
||||||
By default Calico blocks traffic from endpoints to the host itself by using an iptables DROP action. When using it in kubernetes the action has to be changed to RETURN (default in kubespray) or ACCEPT (see https://github.com/projectcalico/felix/issues/660 and https://github.com/projectcalico/calicoctl/issues/1389). Otherwise all network packets from pods (with hostNetwork=False) to services endpoints (with hostNetwork=True) withing the same node are dropped.
|
By default Calico blocks traffic from endpoints to the host itself by using an iptables DROP action. When using it in kubernetes the action has to be changed to RETURN (default in kubespray) or ACCEPT (see https://github.com/projectcalico/felix/issues/660 and https://github.com/projectcalico/calicoctl/issues/1389). Otherwise all network packets from pods (with hostNetwork=False) to services endpoints (with hostNetwork=True) within the same node are dropped.
|
||||||
|
|
||||||
|
|
||||||
To re-define default action please set the following variable in your inventory:
|
To re-define default action please set the following variable in your inventory:
|
||||||
|
|
|
@ -9,7 +9,7 @@ Weave uses [**consensus**](https://www.weave.works/docs/net/latest/ipam/##consen
|
||||||
|
|
||||||
Weave encryption is supported for all communication
|
Weave encryption is supported for all communication
|
||||||
|
|
||||||
* To use Weave encryption, specify a strong password (if no password, no encrytion)
|
* To use Weave encryption, specify a strong password (if no password, no encryption)
|
||||||
|
|
||||||
```
|
```
|
||||||
# In file ./inventory/sample/group_vars/k8s-cluster.yml
|
# In file ./inventory/sample/group_vars/k8s-cluster.yml
|
||||||
|
|
Loading…
Reference in New Issue