Calicoctl in Tanzu Kubernetes Clusters

There are two CNIs that are avaiable for container networking in Tanzu kubernetes guest clusters: Antrea and Calico

In this post, lets take a closer look at Calico and how to deploy and use Calicoctl

Pods can fail if they do not get an ip address from the CNI. A common error is:

k get events

4m31s Warning FailedCreatePodSandBox pod/validationservice-59cbc867c-pt7k5 (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "2c0a340dfe947ad27564e0b73d5efac7f13951a77aa9c0a6e5e5d90b7d299e4c": rate: Wait(n=1) would exceed context deadline
4m31s Warning FailedCreatePodSandBox  pod/validationservice-59cbc867c-qhdjr (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox "c0f9ecf1f5a73954bbc3733ff1342fec6896d339bc6039473765e5f143b7850d": rate: Wait(n=1) would exceed context deadline

To view the ip blocks provided by IPAM(Calico) in the Tanzu Kubernetes cluster

Login to the tkc cluster

k vsphere login -u administrator@vsphere.local --server=kube.gs.labs --insecure-skip-tls-verify --tanzu-kubernetes-cluster-name demo-tkc --tanzu-kubernetes-cluster-namespace gs-dev

View the IPAM blocks

root@debian:~# k get ipamblocks
NAME                 AGE
192-168-200-0-26     22d
192-168-200-192-26   22d
192-168-200-64-26    24d

In order to find out how many IPs are used and to get more details from the Calico CNI, we will need to use Calicoctl

To install the calicoctl, the easiest way to do this is to download the binary - more info here: https://docs.projectcalico.org/getting-started/clis/calicoctl/install

root@debian:~# curl -o calicoctl -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.0/calicoctl" 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   615  100   615    0     0   1762      0 --:--:-- --:--:-- --:--:--  1757
100 43.2M  100 43.2M    0     0  17.1M      0  0:00:02  0:00:02 --:--:-- 38.4M
root@debian:~# chmod +x calicoctl

root@debian:~# ./calicoctl --allow-version-mismatch ipam show --show-blocks 
+----------+--------------------+-----------+------------+-----------+
| GROUPING |        CIDR        | IPS TOTAL | IPS IN USE | IPS FREE  |
+----------+--------------------+-----------+------------+-----------+
| IP Pool  | 192.168.200.0/24   |       256 | 11 (4%)    | 245 (96%) |
| Block    | 192.168.200.0/26   |        64 | 3 (5%)     | 61 (95%)  |
| Block    | 192.168.200.192/26 |        64 | 4 (6%)     | 60 (94%)  |
| Block    | 192.168.200.64/26  |        64 | 4 (6%)     | 60 (94%)  |
+----------+--------------------+-----------+------------+-----------+

You need to use --allow-version-mismatchas the latest version of calicoctl wont run with older versions of Calico by default.

root@debian:~# ./calicoctl version
Version mismatch.
Client Version:   v3.20.0
Cluster Version:  3.11.2
Use --allow-version-mismatch to override

For additional command line parameters, refer https://docs.projectcalico.org/reference/calicoctl/overview