Calico

Calico is open-source networking and network security solution for containers, virtual machines, and native host-based workloads. Calico supports a broad range of platforms including Kubernetes, OpenShift, Docker EE, OpenStack, and bare metal services.

For more information about Calico refer to calico documentation

Components and features

The deployment of Calico consists of a daemon set running on every node (including the control-plane) and a controller that implements:

• policy controller watches network policies and programs Calico policies.
• namespace controller watches namespaces and programs Calico profiles.
• serviceaccount controller watches service accounts and programs Calico profiles.
• workloadendpoint controller watches for changes to pod labels and updates Calico workload endpoints.
• node controller watches for the removal of Kubernetes nodes and removes corresponding data from Calico.

⚠️ please notice that the Calico packages is for cluster with less the 50 nodes. If your cluster has more than 50 nodes, you'll need to switch to Calico + Typha.

Image repository and tag

• calico images:
  • calico/kube-controllers:v3.27.3.
  • calico/cni:v3.27.3.
  • calico/node:v3.27.3.
• calico repositories:
  • https://github.com/projectcalico/kube-controllers.
  • https://github.com/projectcalico/cni-plugin.
  • https://github.com/projectcalico/node.

Requirements

• Tested with Kubernetes >= 1.26.X.
• Tested with Kustomize >= v3.5.3.
• Prometheus Operator, optional if you want to have metrics.

Configuration

The calico package is deployed with the following configuration:

• Default overlay pod CIDR: detected automatically for kubeadm based clusters.
• BGP (bird) mode configured instead of vxlan.
• kubernetes datastore.
• Enable support for traffic shaping.
• ServiceMonitor (Prometheus Operator) configured to scrape metrics every 15 seconds.

Deployment

You can deploy calico by running the following command in the root of this project:

kustomize build | kubectl apply -f -