In this EKS-focused scenario, you will learn how to implement Calico Cluster Mesh in VXLAN/overlay mode in order to achieve policy federation across clusters as well as federate services across clusters to achieve high availability.
Calico Enterprise/Cloud federated endpoint identity and federated services are implemented in Kubernetes at the network layer. To apply fine-grained network policy between multiple clusters, the pod source and destination IPs must be preserved. Calico VXLAN/overlay cluster mesh is able to do so by using Calico CNI to federate clusters over a VXLAN overlay network setup between the participating clusters with minimal VPC/underlay configuration needed. There is no need to advertise pod and service CIDRs to the underlay/VPC network with this mode, and it makes configuration of the cluster mesh easier.
- Cloud Professionals
- DevSecOps Professional
- Site Reliability Engineers (SRE)
- Solutions Architects
- Anyone interested in Calico Cloud :)
This workshop is organized in sequential modules. One module will build up on top of the previous module, so please, follow the order as proposed below.
Module 1 - Getting Started
Module 2 - Deploy the EKS Clusters
Module 3 - Install Calico Enterprise or Install Calico Cloud
Module 4 - Setup VPC Peering
Module 5 - Setup VXLAN Cluster Mesh
Module 6 - Install Demo Apps
Module 7 - Testing Federated Endpoint Policy
Module 8 - Testing Federated Service
Module 9.1 - Setup Redis HA Database
Module 9.2 - Setup Redis HA Demo App (Hipstershop)
Module 9.3 - Test Redis HA Demo App (Hipstershop)
Module 10 - Cleanup
- Project Calico
- Calico Academy - Get Calico Certified!
- O’REILLY EBOOK: Kubernetes security and observability
- Calico Users - Slack
Note: The examples and sample code provided in this repo are intended to be consumed as instructional content. These will help you understand how Calico Cloud can be configured to build a functional solution. These examples are not intended for use in production environments.