Stack Overflow
Stack Overflow

Questions tagged [calico]

Project Calico is an open-source networking and security solution for Kubernetes. Use this tag to mark questions related to the project.

Project Calico

Project Calico is an open source networking and network security solution for containers, virtual machines, and native host-based workloads. Calico supports a broad range of platforms including Kubernetes, OpenShift, Docker EE, OpenStack, and bare metal services.

207 questions
2
votes
0 answers

Windows RKE2 nodes networking isn't working

In AWS, I have created a RKE2 cluster using the Rancher 2.6.2 UI. There are two Ubuntu 20.04 control plane nodes, and pods on these hosts can reach other pods/ the internet. My Windows node (Server 2019, 1809 Datacenter) joins the cluster without…
Mike
  • 21
  • 1
2
votes
2 answers

Kubernetes: Unable to mount a projected volume, no space on device when clearly there is

I have a local k3d cluster in stalled on Mac (Big Sur 12) that I am attempting to install calico (their default manifest https://k3d.io/v5.3.0/usage/advanced/calico/). In the logs for the calico-kube-controller pod, I get this: Warning FailedMount…
Phili
  • 21
  • 4
2
votes
1 answer

Network policy behavior for multi-node cluster

I have a multi-node cluster setup. There are Kubernetes network policies defined for the pods in the cluster. I can access the services or pods using their clusterIP/podIP only from the node where the pod resides. For services with multiple pods, I…
Parvathy Mohan
  • 89
  • 11
2
votes
1 answer

Kubernetes node firewall

The self-managed bare-metal Kubernetes worker node is using NodePort (there is a reason for using NodePort) for ingress traffic. I need to allow incoming connections only to NodePort port. This is what I did and it is working but it is not ideal as…
Jonas
  • 4,683
  • 4
  • 45
  • 81
2
votes
3 answers

Kubernetes Network Policy, allow communication within namespace

On an Azure AKS cluster with the Calico network policies plugin enabled, I want to: by default block all incoming traffic. allow all traffic within a namespace (from a pod in a namespace, to another pod in the same namespace. I tried something…
Wouter
  • 1,290
  • 2
  • 16
  • 24
2
votes
1 answer

Kubernetes Pods get IP from docker network

I have 3 masters, several workers and Calico as cni. Pods created on masters get 172.17.0.* IPs and this is docker network. Pods on workers get IP from calico pool as it should be. calicoctl shows status ok for all nodes. Also I have same kubelet…
mzv
  • 187
  • 1
  • 3
  • 11
2
votes
1 answer

How can i get Egress Static IP per namespace within a EKS cluster

My current setup involves an EKS Cluster with multiple namespaces (multi-tenant) across many different EKS nodes in private subnets. I would like the egress traffic from the pods to have a dedicated EIP per namespace. AFAIK there are no off the…
Karthik Balasubramanian
  • 1,127
  • 4
  • 13
  • 36
2
votes
2 answers

Kubernetes Container runtime network not ready

I installed a Kubernetes cluster of three nodes, the control node looked ok, when I tried to join the other two nodes the status for both of is: Not Ready On control node: [root@alva-anstawx01 /]# kubectl get nodes NAME …
alvsam
  • 23
  • 1
  • 1
  • 6
2
votes
1 answer

Deploying AWS Application Load Balancer by Ingress annotations failed. Calico involved

There is EKS Cluster, AWS CNI plugin replaced by Calico(the cause of installing Calico here). After installing chart by helm I execute kubectl describe ingress -n my-ns and see an error: ...Failed deploy model due to Internal error occurred: failed…
GutsOut
  • 131
  • 1
  • 9
2
votes
0 answers

Kubelet does not start when network plugin is calico

Trying to install an offline K8s HA cluster with kubespray. Installed all packages including calico and also docker images. But, it stacked at step kubernetes/master: Create kubeadm token for joining nodes with 24h expiration After a little digging,…
fth
  • 2,478
  • 2
  • 30
  • 44
2
votes
1 answer

What is the appropriate coredns config using calico?

None of the pods resolve public domains or any internal pods. The resolv.conf points to an ip that doesn't belong to coredns IP of coredns: 192.168.208.7 #cat etc/resolv.conf nameserver 10.96.0.10 search default.svc.cluster.local svc.cluster.local…
Jeel
  • 2,227
  • 5
  • 23
  • 38
2
votes
1 answer

Kubernetes cluster with flannel - port forwarding

Setup on machine: Ubuntu 20.04 Kubernetes cluster started with kubeadm and flannel network plugin On my working machine I installed Jenkins on cluster and want to configure network to be able to access jenkins from port 8081. By default it's…
OLA
  • 47
  • 1
  • 6
2
votes
2 answers

How to find out what podcidr is assigned to each node by calico CNI in kubernetes

Is there any direct command to fetch the podcidr assigned to each node when using calico CNI. I am looking for exact network and netmask assigned to each node. I am not able to fetch it from kubectl get nodes neither via podCIDR value nor via…
apoorva kamath
  • 816
  • 1
  • 7
  • 19
2
votes
2 answers

unable to ping remote ipv6 with calico CNI for k8s

Below is the manifest file i used to enable calico CNI for k8s, pods are able to communicate over ipv4 but i am unable to reach outside using ipv6, k8s version v1.14 and calico version v3.11, am i missing some settings, forwarding is enabled on host…
Raghav
  • 89
  • 10
2
votes
3 answers

Kubernetes Nodeport preserve source IP

I have a small Kubernetes on prem cluster (Rancher 2.3.6) consisting of three nodes. The deployments inside the cluster are provisioned dynamically by an external application and always have their replica count set to 1, because these are stateful…
frinsch
  • 21
  • 1
  • 2
1 2
3
13 14