Integration With Calico
What is Calico
Calico is a popular Layer 3 based networking solution that is used to interconnect virtual machines or Linux containers with the help of virtual routers. For more information on Calico, refer to Project Calico website.
Calico provides a Cluster Network Interface (CNI) plugin that can be used for integration with Kubernetes.
Platform9 Managed Kubernetes supports integration with Calico for pod-to-pod communication within a Kubernetes cluster.
When Calico is installed in a Kubernetes cluster,
calico-node - the two key components of Calico - run as pods on the Kubernetes nodes.
Calico uses iptables and route table to route traffic between Kubernetes nodes.
Cloud Provider Support Matrix and Prerequisites
|Cloud provider||Support for Calico||Prerequisites|
|Bare Metal Provider||Yes||
|AWS Provider||Yes||None. All prerequisites are configured by the Managed Kubernetes AWS Provider|
|Azure Provider||No||Not supported today|
Platform9 Managed Kubernetes deploys Calico using the default upstream settings specified in Calico networking manifest calico.yaml.
Create a Calico-enabled Cluster
While creating the cluster, under Network Configuration, select Calico as the network backend.
Configure Network Policies
Once Calico has been installed, you can create network policies within Kubernetes for incoming and outgoing network traffic, by editing the
NetworkPolicy Kubernetes Resource.
Following is an example of a
NetworkPolicy file. (source: Kubernetes documentation)
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: default spec: podSelector: matchLabels: role: db policyTypes: - Ingress - Egress ingress: - from: - ipBlock: cidr: 172.17.0.0/16 except: - 172.17.1.0/24 - namespaceSelector: matchLabels: project: myproject - podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 6379 egress: - to: - ipBlock: cidr: 10.0.0.0/24 ports: - protocol: TCP port: 5978