Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add digital ocean guide. #315

Closed
wants to merge 2 commits into from
Closed

Add digital ocean guide. #315

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b14b52d
Add digital ocean guide.
ozdanborne Dec 5, 2016
51287fb
Review.
ozdanborne Dec 9, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions _data/master/navbars/reference.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,8 @@ toc:
path: /reference/public-cloud/overview
- title: AWS
path: /reference/public-cloud/aws
- title: Digital Ocean
path: /reference/public-cloud/digital-ocean
- title: Deploying on Private Cloud
section:
- title: Overview
Expand Down
45 changes: 45 additions & 0 deletions master/reference/public-cloud/digital-ocean.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
title: Calico on Digital Ocean
---

Calico is designed to provide high performance massively scalable virtual
networking for containers in public cloud environments such as Digital Ocean.

## How to Run Calico in Digital Ocean

Digital Ocean offers two networking options for droplets:

- Public Interface
- Private Interface

Calico can be launched on either.
We recommend running Calico on the private interface, as it enhances security by
ensuring Calico services are not accessible from the wider internet.

However, hosts in different Datacenter Regions will not have IP connectivity with one
another through their private address, and therefore will not be able to establish
BGP sessions with one another. For mluti-region Digital Ocean clusters,
bind Calico to the public interface.

###### Enable Encapsulation

In Digital Ocean, cross-host container-to-container traffic will travel over at least one
L3 hop. Since Digital Ocean does not allow peering to its networking fabric, it will
not know how to route this container traffic, and will drop it.

To remedy this, Calico can encapsulate container traffic with the IP so that the
networking fabric never sees the container IPs, allowing standard routing to
take over. Turn on traffic encapsulation in pool settings by enabling:

- `ipip` for container-to-container traffic.
- `nat-outgoing` for container-to-droplet traffic.

See [pool configuration]({{site.baseurl}}/{{page.version}}/reference/calicoctl/resources/ippool) for information on how to enable this for IP pools.

###### Ensure Calico Chooses Correct IP

Note that calicoctl's automatic IP detection will launch calico/node on the private
address if the droplet is configured to have a private interface.

Ensure you manually specify `--ip` when launching `calicoctl node run` if you
want it to bind to the public interface.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

might be a good idea to link to calicoctl node run docs page here