how to install policy-only calico with an existing cni-less flannel on kubernetes?

Question

I have a kubernetes cluster. It uses flannel to provide network functionalities. And it closes cni network plugin.

However, flannel doesn't support kubernetes network policy, which I will test. What I want is to reserve existing network configuration, and install calico with policy-only mode.

Canal is a project that combines flannel and calico. But it regards flannel and calico both as cni plugins.

I changed canal_etcd_tls.yaml to just install policy-only calico. Unfortunately, it didn't work well. Here is my changed cni network configuration:

{   
  "name": "calico",
  "cniVersion": "0.3.0",
  "plugins": [
    {   
      "type": "calico",
      "etcd_endpoints": "__ETCD_ENDPOINTS__",
      "etcd_key_file": "__ETCD_KEY_FILE__",
      "etcd_cert_file": "__ETCD_CERT_FILE__",
      "etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__",
      "log_level": "info",
      "policy": {
          "type": "k8s",
          "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
          "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
      },  
      "kubernetes": {
          "kubeconfig": "/etc/cni/net.d/__KUBECONFIG_FILENAME__"
      }   
    }   
  ]   
}

So, is there a method to install policy-only calico as a cni plugin, and keep existing cni-less flannel working?

You can ask this on Calico Slack channel, https://calicousers.slack.com/ — Junaid, Dec 17 '17 at 05:09
Thank you. It seems that I have to install calico and flannel both as cni plugins. I will reconfigure my network. — duye, Dec 18 '17 at 03:07

how to install policy-only calico with an existing cni-less flannel on kubernetes?

0 Answers0