Calico is a third-party solution developed to provide flexibility and simplify the configuration of Kubernetes network connectivity. It is available on all major cloud platforms and can be installed on bare metal servers.
Network management in Kubernetes is a complex job that requires experienced administrators. While plugins like kubenet offer some additional basic functionality, they don’t provide features like network policy or node-to-node networking.
This tutorial will show you how to install Calico on a Kubernetes cluster, focusing on the steps required to deploy it to a bare metal instance.
- A system running a Linux server distribution (article uses Ubuntu Server 20.04).
- Sudo privileges
What is Calico?
Calico is an open source CNI (Container Network Interface) plugin for network management developed by Tigera. The plugin aims to simplify Kubernetes networks while making them more scalable and secure.
The NetworkPolicy API, the out-of-the-box network policy management solution for Kubernetes, has a restricted set of features. Limited to a single environment, users can apply network policies created with this API only to tagged pods. Network rules only deal with protocols and ports and can be applied to pods, environments, and subnets.
Calico enhances the default Kubernetes networking experience in the following ways:
- Rules can use actions such as logging, restricting, or allowing. This feature provides administrators with greater flexibility in network configuration.
- In addition to ports and protocols, rules can specify port ranges, IPs, node selectors, etc., allowing for a more granular approach to networks.
- Expands the list of Kubernetes objects to which users can apply network policies with containers, interfaces, and virtual machines.
- Allows the use of DNAT settings and traffic flow management policies.
- Interoperability between Kubernetes and non-Kubernetes workloads is possible.
How to install Calico on a bare metal instance
All popular cloud platforms, such as phoenixNAP’s Bare Metal Cloud, OpenShift, Rancher, AWS, Azure, and Google Cloud Platform, support Calico. Installing Calico on a cloud-hosted Kubernetes cluster is done by downloading and applying the following file:
In addition to cloud platforms, Calico supports bare metal installations. Follow the steps below to set up a Kubernetes cluster with Calico on a bare metal instance.
Step 1: Install the Kubernetes management tools
If you have a clean installation of the operating system on your bare metal server instance, install the dependencies and tools required for a Kubernetes cluster deployment
1. Update system repositories:
sudo apt update
2. Install the apt-transport-https and ca-certificates packages, along with the curl CLI tool.
sudo apt install -y apt-transport-https ca-certificates curl
3. Use curl to download the GPG key from Google Cloud and verify the integrity of the downloads.
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
4. Add the Kubernetes repository to your system.
Echo “deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ Kubernetes-Xenial main” | sudo tee /etc/apt/sources.list.d/kubernetes.list
5. Update the package list.
Sudo apt update
6. Install the Kubernetes management tools: the kubelet node agent, the kubeadm command, and the kubectl CLI tool for cluster management.
sudo apt install -y kubelet kubeadm kubectl
7. Use the apt-mark hold command to ensure that tools cannot be accidentally reinstalled, updated, or removed.
sudo apt-mark hold kubelet kubeadm kubectl
Step 2: Install
Kubernetes requires Docker for container management operations. Install Docker with the following command
: sudo apt install docker.io -y
Add your user to the Docker user group when the installation is complete
. sudo usermod -aG docker [username]
Step 3: Disable
swapping For the
kubelet node agent to function properly, system swapping must be disabled. Follow the steps below to disable sharing on your system.
1. Open the /etc/fstab file in a text editor: sudo nano /etc/fstab
2. Find the line that begins with /swap.img and comment it out by typing # in front of it.
3. Save and exit the file. Editing /etc/fstab ensures that the swap configuration persists after the system restarts.
4. Disable swap for the current session by issuing the following command
: sudo swapoff -a
Step 4: Initialize Kubernetes
1. Initialize the Kubernetes cluster with kubeadm init. Replace [server-ip] with the IP address of your server.
sudo kubeadm init -pod-network-cidr=[server-ip]/16
2. When the cluster initializes, create the . kube for the user.
mkdir -p $HOME/.kube
3. Link the contents of the admin.conf file to the user’s home directory.
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
4. Set the required permissions for the new file.
sudo chown $(id -u):$(id -g) $HOME/.kube/config Kubernetes
is now configured to run on the server instance
Step 5: Install Calico Operator Install Calico
using the kubectl create command and the tigera-operator.yaml available online. kubectl create -f https://docs.projectcalico.org/manifests/tigera-operator.yaml
The installation creates several Kubernetes objects in the tigera-operator and calico-system namespaces
Step 6: Apply custom resources
After you deploy Calico, configure it to work with your network.
Provide additional configuration by editing the custom-resources.yaml file.
1. Use the wget command to download custom-resources.yaml: wget
2. Open the downloaded file in a text editor.
3. Edit the ipPools section in the file to reflect your configuration. Place the IP address of the server in the cidr field.
4. Save and exit the file.
5. Apply the settings with kubectl create.
kubectl create -f custom-resources.yaml
The output shows that Kubernetes created two more objects
Step 7: Confirm
If successful, the Calico deployment displays three pods running in the calico-system namespace. Check the status of the pods by typing:
kubectl get pods -n calico-system
The output confirms that the pods are ready and running
Remove node blobs from the node
. kubectl taint nodes -all node-role.kubernetes.io/master- Use kubectl get to
enumerate nodes and check their status. kubectl get
nodes -o wide
The result shows the node as ready
You have successfully configured Calico to work with the cluster.
Line The article introduced you to Calico, a network management plugin that offers a more flexible way to control Kubernetes network connectivity. The guide also provided steps to install Calico on a bare metal server instance running Ubuntu Server.
For more information about Kubernetes networking, see our Kubernetes Networking Guide.