Stack Overflow
Stack Overflow

Questions tagged [project-calico]

Project Calico aims to simplify, scale, and secure cloud networks.

Per the project website, Project Calico aims to be:

Simple

Let's remove the complexity

Traditional SDNs are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified networking model designed for the demands of today's cloud-native applications.

Scalable

From dev/test to enterprise deployment

Unlike SDNs that require a central controller, limiting scalability, Calico is built on a fully distributed, scale-out architecture. So it scales smoothly from a single developer laptop to large enterprise deployments.

Secure

Policy-based micro-segmentation

Defining secure network policy used to be reserved for skilled network engineers. Calico's powerful micro-segmentation capabilities build on a simple policy language that naturally expresses the developer's intent.

171 questions
0
votes
1 answer

Kubernetes Service does not forward to ports other than 80 and 443

Cluster setup: OS: Ubuntu 18.04, w/ Kubernetes recommended install settings Cluster is bootstrapped with Kubespray CNI is Calico Quick Facts (when redis service ip is 10.233.90.37): Host machine: psql 10.233.90.37:6379 => success Host machine:…
Shain Lafazan
  • 323
  • 5
  • 6
0
votes
1 answer

Calico advertising all Kubernetes node subnets from all nodes

Diagram of Nodes I have Calico Node2Node Mesh running. And successfully setup peering with my upstream switches. What Looks strange, is it appears that every node is advertising all the node networks. I would think that each node should…
Roogles
  • 41
  • 4
0
votes
1 answer

How to detect which pod makes network request in k8s?

External firewall logs show blocked connection from < node IP >:< big port >. The current cluster uses calico networking. How do I detect which pod trying to connect?
Pav K.
  • 2,548
  • 2
  • 19
  • 29
0
votes
0 answers

Why pod in the same node can ping each other but can't ping in different node?

I have two k8s cluster with different network environment, their installation configuration is exactly same. k8s's version is 1.14.0, and network addon use calico. One cluster is fine, but the other is not. The problem is pod's ip can't ping each…
Juey
  • 123
  • 1
  • 6
0
votes
1 answer

Are network policies applied to service or endpoints?

If I have Kubernetes service (cluster IP with port 12345) with three pods behind it as endpoints (port 16789) in a namespace, what should be whitelisted in network policy, just the service port or the endpoint port or DNS port? Network policy can…
Hem
  • 619
  • 13
  • 26
0
votes
3 answers

Are these pods inside the overlay network?

How can I confirm whether or not some of the pods in this Kubernetes cluster are running inside the Calico overlay network? Pod Names: Specifically, when I run kubectl get pods --all-namespaces, only two of the nodes in the resulting list have…
CodeMed
  • 9,527
  • 70
  • 212
  • 364
0
votes
1 answer

How can I enable external access to my Kubernetes service via the master with Calico on GCP?

I have a one master and one worker Kubernetes cluster with Calico deployed from here with no changes to the manifests. The master has an internal IP address of 10.132.0.30 and I am trying to expose my service (running on the worker) on the master as…
dippynark
  • 2,743
  • 20
  • 58
0
votes
1 answer

How to use LoadBalancer IP as the outgoing / outbound / egress IP of the pods

I have 1 deployment on ManagedKubernetes Cluster on Alibaba Cloud with service spec.type=LoadBalancer I can successfuly use that IP for incoming traffic But the outbound ip seems still use the NAT Gateway IP for the deployment that have service…
Fauzan
  • 654
  • 1
  • 7
  • 15
0
votes
1 answer

Something seems to be catching TCP traffic to pods

I'm trying to deploy Kubernetes with Calico (IPIP) with Kubeadm. After deployment is done I'm deploying Calico using these manifests kubectl apply -f…
inc0
  • 215
  • 2
  • 8
0
votes
2 answers

Issue upgrading calico-node in kubeadm cluster

I am going to upgrade Calico node and cni as per this link for "Upgrading Components Individually" The directions are very clear (I will cordon each node and do the step for the calico/cni and calico/node), but I am not sure what is meant by Update…
horcle_buzz
  • 2,101
  • 3
  • 30
  • 59
0
votes
0 answers

Kubernetes networking: connecting to cluster namespaced services from an external server with Calico

I have a kubernetes cluster where projects from many customers are running. Each customer has its own namespace. Projects are managed. This means customers have no access to the cluster. Each project is implemented on a PHP + MySQL stack. I'm using…
Manel R. Doménech
  • 173
  • 1
  • 15
0
votes
1 answer

calico-etcd not scheduled on GKE 1.11 k8s

I recently upgraded my GKE cluster from 1.10.x to 1.11.x and since then my calico-node pods fail to connect to the etcd cluster and end up in a CrashLoopBackOff due to livenessProbe error. I saw that the calico-etcd DaemonSet has desired state 0 and…
SoJeN
  • 429
  • 5
  • 7
0
votes
2 answers

eks calico allow inbound from aws classic elb to pod

I'm trying to set up network policies to allow only inbound traffic from the aws classic load balancer to the pods. Nothing else should be able to talk to the pods which includes any pod replicas. I've configured the following but it does not work.…
kgmc
  • 5
  • 4
0
votes
2 answers

Kubernetes calico networkpolicy

I am a newbie to Kubernetes and trying to learn calico networking. I am following this documentation (https://docs.aws.amazon.com/eks/latest/userguide/calico.html) and I tried to create a networkpolicy for the traffic to flow between backend to…
user_01_02
  • 711
  • 2
  • 15
  • 31
0
votes
1 answer

Calico etcd has no key named calico

I have a 2 node kubernetes cluster with calico networking. All the pods are up and running. NAMESPACE NAME READY STATUS RESTARTS AGE kube-system calico-etcd-94466 1/1 …
Pradeep
  • 1,198
  • 3
  • 12
  • 22
1 2 3
11 12