Skip to content

Add calico cni#386

Open
vsoch wants to merge 7 commits into
rootless-containers:masterfrom
converged-computing:add-calico-cni
Open

Add calico cni#386
vsoch wants to merge 7 commits into
rootless-containers:masterfrom
converged-computing:add-calico-cni

Conversation

@vsoch
Copy link
Copy Markdown
Contributor

@vsoch vsoch commented May 16, 2026

This is an update to converged-computing#7 to add calico as a CNI. We get the upstream manifests and calicoctl from a specific version in the Dockerfile and make all changes with yq. Updates from previous discussion:

  • Calico version and all downloads are done in the Dockerfile, and sha256sum files are added
  • wget dependency is removed, curl is used instead, and documented.
  • yq is also downloaded in the Dockerfile
  • Our customizations (in previous service directory) are removed, along with the extra certs and --insecure
  • The customization to the bgp is moved to install-calico.sh and explained

I have removed the additions that were custom to our setup, and can not test this branch there. Commits can be squashed when ready.

@vsoch vsoch force-pushed the add-calico-cni branch 3 times, most recently from b8946bb to e272c28 Compare May 16, 2026 00:39
vsoch and others added 7 commits May 15, 2026 17:40
@vsoch
on-premises: infiniband fullly working with this setup
2d51fcc 
Infiniband is working on TOSS
4.18.0-553.56.1.1toss.t4 based on RHEL 8.10.
For this to work, most of the issue was with
respect to network firewalls, kernel modules,
and system security. Fixes here include
needing to create unique CNI names for podman,
add a flag to ignore preflight errors (for
the old kernel) and update the flannel install
to be before 0.25.x when a check for br_netfilter
was added. This used to be part of kubeadm, and
it was removed with K8s 1.30. It is not technically
needed in the podman container (it is needed on
the physical host) but since the check is done
in the container, this will fail flannel from
starting up. For the time being, we will use
an older flannel, and I will open an issue
on the repository to ask for the ability
to disable the check.

Signed-off-by: vsoch <vsoch@users.noreply.github.com>
@vsoch
Add script to start Usernetes control plane and workers
6ce97c2 
Signed-off-by: vsoch <vsoch@users.noreply.github.com>
@vsoch
feat: example to add amd gpus
f9e0fda 
Signed-off-by: vsoch <vsoch@users.noreply.github.com>
@vsoch
feat: add option to install calico
441a9a7 
The user can install calico (even using the same flannel
port) via a CRD for it, adding the rules for it, customizing
the Daemonset env and the addresses that the containers use.

Signed-off-by: vsoch <vsoch@users.noreply.github.com>
@vsoch
wip: updating to simplify calico deploy
c2bffee 
Signed-off-by: vsoch <vsoch@users.noreply.github.com>
@vsoch
wip: cleanup calico install
471bb7c 
Signed-off-by: vsoch <vsoch@users.noreply.github.com>
@vsoch
update: remove extra configs in favor of yq
2172d03 
Signed-off-by: vsoch <vsoch@users.noreply.github.com>
@vsoch vsoch force-pushed the add-calico-cni branch from e272c28 to 2172d03 Compare May 16, 2026 00:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vsoch