How to Run Kubernetes with Calico | phoenixNAP KB


Calico is a third-party solution developed to provide flexibility and simplify the configuration of Kubernetes network connectivity. It is available on all major cloud platforms and can be installed on bare metal servers.

Network management in Kubernetes is a complex job that requires experienced administrators. While plugins like kubenet offer some additional basic functionality, they don’t provide features like network policy or node-to-node networking.

This tutorial will show you how to install Calico on a Kubernetes cluster, focusing on the steps required to deploy it to a bare metal instance.


  • A system running a Linux server distribution (article uses Ubuntu Server 20.04).
  • Sudo privileges


What is Calico?

Calico is an open source CNI (Container Network Interface) plugin for network management developed by Tigera. The plugin aims to simplify Kubernetes networks while making them more scalable and secure.

The NetworkPolicy API, the out-of-the-box network policy management solution for Kubernetes, has a restricted set of features. Limited to a single environment, users can apply network policies created with this API only to tagged pods. Network rules only deal with protocols and ports and can be applied to pods, environments, and subnets.

Calico enhances the default Kubernetes networking experience in the following ways:

  • Rules can use actions such as logging, restricting, or allowing. This feature provides administrators with greater flexibility in network configuration.
  • In addition to ports and protocols, rules can specify port ranges, IPs, node selectors, etc., allowing for a more granular approach to networks.
  • Expands the list of Kubernetes objects to which users can apply network policies with containers, interfaces, and virtual machines.
  • Allows the use of DNAT settings and traffic flow management policies.
  • Interoperability between Kubernetes and non-Kubernetes workloads is possible.

How to install Calico on a bare metal instance

All popular cloud platforms, such as phoenixNAP’s Bare Metal Cloud, OpenShift, Rancher, AWS, Azure, and Google Cloud Platform, support Calico. Installing Calico on a cloud-hosted Kubernetes cluster is done by downloading and applying the following file:

In addition to cloud platforms, Calico supports bare metal installations. Follow the steps below to set up a Kubernetes cluster with Calico on a bare metal instance.

Step 1: Install the Kubernetes management tools

If you have a clean installation of the operating system on your bare metal server instance, install the dependencies and tools required for a Kubernetes cluster deployment


1. Update system repositories:

sudo apt update

2. Install the apt-transport-https and ca-certificates packages, along with the curl CLI tool.

sudo apt install -y apt-transport-https ca-certificates curl

3. Use curl to download the GPG key from Google Cloud and verify the integrity of the downloads.

sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg

4. Add the Kubernetes repository to your system.

Echo “deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] Kubernetes-Xenial main” | sudo tee /etc/apt/sources.list.d/kubernetes.list

5. Update the package list.

Sudo apt update

6. Install the Kubernetes management tools: the kubelet node agent, the kubeadm command, and the kubectl CLI tool for cluster management.

sudo apt install -y kubelet kubeadm kubectl

7. Use the apt-mark hold command to ensure that tools cannot be accidentally reinstalled, updated, or removed.

sudo apt-mark hold kubelet kubeadm kubectl

Step 2: Install


Kubernetes requires Docker for container management operations. Install Docker with the following command

: sudo apt install -y

Add your user to the Docker user group when the installation is complete

. sudo usermod -aG docker [username]

Step 3: Disable

swapping For the

kubelet node agent to function properly, system swapping must be disabled. Follow the steps below to disable sharing on your system.

1. Open the /etc/fstab file in a text editor: sudo nano /etc/fstab

2. Find the line that begins with /swap.img and comment it out by typing # in front of it.

3. Save and exit the file. Editing /etc/fstab ensures that the swap configuration persists after the system restarts.

4. Disable swap for the current session by issuing the following command

: sudo swapoff -a

Step 4: Initialize Kubernetes

1. Initialize the Kubernetes cluster with kubeadm init. Replace [server-ip] with the IP address of your server.

sudo kubeadm init -pod-network-cidr=[server-ip]/16

2. When the cluster initializes, create the . kube for the user.

mkdir -p $HOME/.kube

3. Link the contents of the admin.conf file to the user’s home directory.

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

4. Set the required permissions for the new file.

sudo chown $(id -u):$(id -g) $HOME/.kube/config Kubernetes

is now configured to run on the server instance


Step 5: Install Calico Operator Install Calico

using the kubectl create command and the tigera-operator.yaml available online. kubectl create -f

The installation creates several Kubernetes objects in the tigera-operator and calico-system namespaces


Step 6: Apply custom resources

After you deploy Calico, configure it to work with your network.

Provide additional configuration by editing the custom-resources.yaml file.

1. Use the wget command to download custom-resources.yaml: wget

2. Open the downloaded file in a text editor.

nano custom-resources.yaml

3. Edit the ipPools section in the file to reflect your configuration. Place the IP address of the server in the cidr field.

4. Save and exit the file.

5. Apply the settings with kubectl create.

kubectl create -f custom-resources.yaml

The output shows that Kubernetes created two more objects


Step 7: Confirm

successful deployment

If successful, the Calico deployment displays three pods running in the calico-system namespace. Check the status of the pods by typing:

kubectl get pods -n calico-system

The output confirms that the pods are ready and running


Remove node blobs from the node

. kubectl taint nodes -all Use kubectl get to

enumerate nodes and check their status. kubectl get

nodes -o wide

The result shows the node as ready


You have successfully configured Calico to work with the cluster.



Line The article introduced you to Calico, a network management plugin that offers a more flexible way to control Kubernetes network connectivity. The guide also provided steps to install Calico on a bare metal server instance running Ubuntu Server.

For more information about Kubernetes networking, see our Kubernetes Networking Guide.

Contact US