Calico

Calico is open-source networking and network security solution for containers, virtual machines, and native host-based workloads. Calico supports a broad range of platforms including Kubernetes, OpenShift, Docker EE, OpenStack, and bare metal services.

For more information about Calico refer to calico documentation

The deployment of Calico consists of a daemon set running on every node (including the control-plane) and a controller that implements:

• policy controller watches network policies and programs Calico policies.
• namespace controller watches namespaces and programs Calico profiles.
• serviceaccount controller watches service accounts and programs Calico profiles.
• workloadendpoint controller watches for changes to pod labels and updates Calico workload endpoints.
• node controller watches for the removal of Kubernetes nodes and removes corresponding data from Calico.

⚠️ please notice that the Calico packages is for cluster with less the 50 nodes. If your cluster has more than 50 nodes, you'll need to switch to Calico + Typha.

Image repository and tag

• calico images:
  • calico/kube-controllers:v3.26.3.
  • calico/cni:v3.26.3.
  • calico/node:v3.26.3.
• calico repositories:
  • https://github.com/projectcalico/kube-controllers.
  • https://github.com/projectcalico/cni-plugin.
  • https://github.com/projectcalico/node.

Requirements

• Tested with Kubernetes >= 1.25.X.
• Tested with Kustomize >= v3.3.X.
• Prometheus Operator, optional if you want to have metrics.

Configuration

The calico package is deployed with the following configuration:

• Default overlay pod CIDR: detected automatically for kubeadm based clusters.
• BGP (bird) mode configured instead of vxlan.
• kubernetes datastore.
• Enable support for traffic shaping.
• ServiceMonitor (Prometheus Operator) configured to scrape metrics every 15 seconds.

Deployment

You can deploy calico by running the following command in the root of this project:

kustomize build | kubectl apply -f -