Skip to main content

Calico

Palette Network Pack(s) helps provision resources for setting up Cluster networking in Kubernetes. Design goals for the Kubernetes network model can be found here.

Project Calico is an open-source container networking provider and network policy engine.

Calico provides highly scalable networking and network policy solution for connecting Kubernetes pods based on the same IP networking principles as the internet, for both Linux (open source) and Windows (proprietary - available from Tigera). Calico can be deployed without encapsulation or overlays to provide high-performance, high-scale data center networking. Calico also provides a fine-grained, intent-based network security policy for Kubernetes pods via its distributed firewall.

Calico manifest used for networking does the following:

  • Installs the calico/node container on each host using a DaemonSet.
  • Installs the Calico CNI binaries and network config on each host using a DaemonSet.
  • Runs calico/kube-controllers as a deployment.
  • The calico-etcd-secrets secret, which optionally allows for providing etcd TLS assets.
  • The calico-config ConfigMap, which contains parameters for configuring the install.
caution

Limitations: AWS, VMWare supports IP-in-IP encapsulation type. Azure supports VXLAN encapsulation type.

Versions Supported

Parameters

NameSupported ValuesDefault valueDescription
calico.encapsulationTypeCALICO_IPV4POOL_IPIP, CALICO_IPV4POOL_VXLANCALICO_IPV4POOL_IPIP - AWS, VMware cloudsThe encapsulation type to be used for networking (depends on the cloud)
CALICO_IPV4POOL_VXLAN - Azure cloud
calico.encapsulationModeAlways, CrossSubnet, NeverAlwaysThe mode to use the IPv4 POOL created at start up
calico.calicoNetworkCIDRCIDR range192.168.0.0/16CIDR range to be assigned for Pods. This range should match the podCIDR range specified in the Kubernetes layer

Troubleshooting

  • A daemon set is installed and so a calico-node pod should run on all the nodes in the cluster to provide networking.
  • For any issues with networking, check calico-node and calico-kube-controller pods on the cluster.

References