docs: Add docs on Calico networking support

* Digital Ocean firewalls don't yet support the required IP tunneling protocol so Calico cannot be used without disabling firewalls right now.
poseidon · Sep 6, 2017 · 00b61a2 · 00b61a2
1 parent 1efe39d
commit 00b61a2
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 3 deletions.
diff --git a/docs/bare-metal.md b/docs/bare-metal.md
@@ -357,6 +357,8 @@ Learn about [version pinning](concepts.md#versioning), maintenance, and [addons]
 | install_disk | Disk device where Container Linux should be installed | "/dev/sda" | "/dev/sdb" |
 | container_linux_oem | Specify alternative OEM image ids for the disk install | "" | "vmware_raw", "xen" |
 | experimental_self_hosted_etcd | Self-host etcd as pods on Kubernetes (not recommended) | false | true |
+| networking | Choice of networking provider | "flannel" | "flannel" or "calico" |
+| network_mtu | CNI interface MTU (calico-only) | 1480 | - | 
 | pod_cidr | CIDR range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" |
 | service_cidr | CIDR range to assgin to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" |
 
diff --git a/docs/digital-ocean.md b/docs/digital-ocean.md
@@ -238,8 +238,12 @@ If you uploaded an SSH key to DigitalOcean (not required), find the fingerprint
 | controller_type | Digital Ocean droplet size | 2gb | 2gb (min), 4gb, 8gb |
 | worker_count | Number of workers | 1 | 3 |
 | worker_type | Digital Ocean droplet size | 512mb | 512mb, 1gb, 2gb, 4gb |
+| networking | Choice of networking provider | "flannel" | "flannel" |
 | pod_cidr | CIDR range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" |
 | service_cidr | CIDR range to assgin to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" |
 
 !!! warning
     Do not choose a `controller_type` smaller than `2gb`. The `1gb` droplet is not sufficient for running a controller and bootstrapping will fail.
+
+!!! bug
+    Digital Ocean firewalls do not yet support the IP tunneling (IP in IP) protocol used by Calico. You can try using "calico" for `networking`, but it will only work if the cloud firewall is removed (unsafe).
diff --git a/docs/google-cloud.md b/docs/google-cloud.md
@@ -230,6 +230,7 @@ resource "google_dns_managed_zone" "zone-for-clusters" {
 | controller_count | Number of controllers (i.e. masters) | 1 | 1 |
 | worker_count | Number of workers | 1 | 3 |
 | worker_preemptible | If enabled, Compute Engine will terminate controllers randomly within 24 hours | false | true |
+| networking | Choice of networking provider | "flannel" | "flannel" or "calico" |
 | pod_cidr | CIDR range to assign to Kubernetes pods | "10.2.0.0/16" | "10.22.0.0/16" |
 | service_cidr | CIDR range to assgin to Kubernetes services | "10.3.0.0/16" | "10.3.0.0/24" |
 

diff --git a/docs/index.md b/docs/index.md
@@ -12,9 +12,9 @@ Typhoon distributes upstream Kubernetes, architectural conventions, and cluster
 ## Features
 
 * Kubernetes v1.7.3 (upstream, via [kubernetes-incubator/bootkube](https://github.com/kubernetes-incubator/bootkube))
-* Self-hosted control plane, single or multi master, workloads isolated to workers
-* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled
-* Ready for Ingress, Metrics, Dashboards, and other optional [addons](addons/overview.md)
+* Single or multi-master, workloads isolated on workers, [flannel](https://github.com/coreos/flannel) or [Calico](https://www.projectcalico.org/) networking (with BGP peering)
+* On-cluster etcd with TLS, [RBAC](https://kubernetes.io/docs/admin/authorization/rbac/)-enabled, [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/)
+* Ready for Ingress, Dashboards, Metrics and other optional [addons](addons/overview.md)
 * Provided via Terraform Modules
 
 ## Modules