Add digital ocean guide. #315
Conversation
ozdanborne
force-pushed
the
digital-ocean
branch
from
69d51c9
to
b14b52d
Compare
| ensuring Calico services are not accessible from the wider internet. | ||
|
|
||
| However, hosts in different Datacenter Regions will not have IP connectivity with one | ||
| another on their private address, and therefore will not be able to establish |
There was a problem hiding this comment.
-> "another through their private address, and therefore they will not be able to establish"
|
|
||
| However, hosts in different Datacenter Regions will not have IP connectivity with one | ||
| another on their private address, and therefore will not be able to establish | ||
| BGP sessions with one another. For mluti-region digital ocean clusters, |
There was a problem hiding this comment.
"digital ocean" -> "Digital Ocean"
| ###### Enable Encapsulation | ||
|
|
||
| In Digital Ocean, cross-host container-to-container traffic will travel over an | ||
| L3 hop. Since Digital Ocean does not allow peering to the L3 hop, it will |
There was a problem hiding this comment.
"L3 hop" doesn't sound right. There could be more than 1 L3 hops involved in this. Maybe call it "L3 network"?
| take over. Turn on traffic encapsulation in pool settings by enabling: | ||
|
|
||
| - `ipip` for container-to-container traffic. | ||
| - `nat-outgoing` for container-to-ec2-instance traffic. |
| address if the droplet is configured to have a private interface. | ||
|
|
||
| Ensure you manually specify `--ip` when launching `calicoctl node run` if you | ||
| want it to bind to the public interface. |
There was a problem hiding this comment.
might be a good idea to link to calicoctl node run docs page here
| Calico can be launched on either: | ||
|
|
||
| - Public Interface | ||
| - Private Interface [Optional] |
There was a problem hiding this comment.
not sure I understand why there's an [Optional] tag here. You can have a Calico network completely on the Private interface, same goes for Public interface, [Optional] suggests Public one is mandatory but Private is not. WDYT?
There was a problem hiding this comment.
In digital ocean, all droplets have a public interface, but you can optionally add a private interface. I'll clarify that that's what I'm referring to here.
ozdanborne
force-pushed
the
digital-ocean
branch
from
541167a
to
51287fb
Compare
|
Why was this closed? I do notice DO firewalls lack support for IPIP, related? |
|
@dghubble no particular reason. Calico works on DO, so there should be no problem. The doc just never got in for some reason. If you're having trouble deploying there, do open a github issue |
|
Thanks, filed #1095 |
Add make target to publish to docs-staging project
No description provided.