Stack Overflow
Stack Overflow

Questions tagged [project-calico]

Project Calico aims to simplify, scale, and secure cloud networks.

Per the project website, Project Calico aims to be:

Simple

Let's remove the complexity

Traditional SDNs are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified networking model designed for the demands of today's cloud-native applications.

Scalable

From dev/test to enterprise deployment

Unlike SDNs that require a central controller, limiting scalability, Calico is built on a fully distributed, scale-out architecture. So it scales smoothly from a single developer laptop to large enterprise deployments.

Secure

Policy-based micro-segmentation

Defining secure network policy used to be reserved for skilled network engineers. Calico's powerful micro-segmentation capabilities build on a simple policy language that naturally expresses the developer's intent.

171 questions
0
votes
2 answers

Starting with Calico network policy in Kubernetes

I have a application running with kubernetes orchestrator. I want to implement calico network policy on the basis of CIDR so that I can control the pod's traffic (incoming and outgoing). I am looking for prerequisite installation (any plugin) and…
solveit
  • 869
  • 2
  • 12
  • 32
0
votes
1 answer

Q: Rancher + Calico + Ununtu 20.04 bare metal - no access to service network (10.43.0.10)

Looking for a peice of advice on troubleshooting an issue with Rancher + Calico on a bare metal Ubuntu 20.04. Here is the issue. We have few Rancher (2.5.7) clusters built on top of Ubuntu 20.04 running on KVM(Proxmox) VMs. All clusters have similar…
Dmitry Kerov
  • 11
  • 1
0
votes
1 answer

Kubernetes Networkpolicy dosen't block traffic

i've a namespace called: test, and containing 3 pods: frontend, backend and database. this is the manifest of pods: kind: Pod apiVersion: v1 metadata: name: frontend namespace: test labels: app: todo tier: frontend spec: containers: …
Quentin Merlin
  • 664
  • 1
  • 6
  • 31
0
votes
2 answers

Running calicoctl on Windows results in error: Failed to create Calico API client: invalid configuration: no configuration has been provided

I'm using k3d with calico, and trying to use calicoctl to set a network policy. I am able to get this working on Ubuntu, but on Windows it doesn't. To set it up I did the following: # Download Calico YAML # DOWNLOAD:…
Don Rhummy
  • 24,730
  • 42
  • 175
  • 330
0
votes
1 answer

Why does this pod get a 403 Forbidden when calling the Kubernetes API despite a RoleBinding (same with ClusterRoleBinding)?

I created a pod (an Alpine "BusyBox" to run commands in) which then gets the default service account associated with it. I then created a RoleBinding (and later ClusterRoleBinding when the first didn't work) but it still won't let me call the K8s…
Don Rhummy
  • 24,730
  • 42
  • 175
  • 330
0
votes
1 answer

Unable to run calico ingress and egress rules

I have been trying to experiment with the calico network rules and I'm finding it tough to get the ingress and the egress rules to work with order in calico after denying all ingress and egress rules. kubectl get pods --show-labels NAME …
user3398900
  • 795
  • 2
  • 13
  • 31
0
votes
1 answer

error converting YAML to JSON: yaml: line 182: did not find expected '-' indicator in calico yaml

I am setting up Kubernetes cluster network configuration through calico and while performing 'kubectl apply -f calico.yaml', I get the following error error: error parsing calico.yaml: error converting YAML to JSON: yaml: line 182: did not find…
Karthick M
  • 3
  • 4
0
votes
0 answers

DNS lookup still getting blocked even when authorized

My rule allowing DNS with Calico's Network Policy isn't working. Using CURL with a DNS is still blocked ! My use case : I want all external networking to be dropped except communication to an S3 service. Allowing ONLY the S3's ip works as everything…
Doctor
  • 7,115
  • 4
  • 37
  • 55
0
votes
1 answer

Unable to "get" my calico node using calicoctl

I am trying to examine my node to potentially fix my nodes, but the command "get" is failing. the error is Failed to create Calico API client... error parsing document: fields in document are not recognized or are in the wrong location: clusters,…
user3877654
  • 1,045
  • 1
  • 16
  • 40
0
votes
2 answers

Kubernetes: Calio not working on remote worker, local ok

I setup a Kubernetes cluster with calico. The setup is "simple" 1x master (local network, ok) 1x node (local network, ok) 1x node (cloud server, not ok) All debian buster with docker 19.03 On the cloud server the calico pods do not come…
Yakuraku
  • 11
  • 1
  • 2
0
votes
0 answers

Kubernetes: can't join on different subnet - TLS Bootstrap timeout

I have two Ubuntu 18.04 Server machines on AWS (the network conf its okay, I'm able even to connect through SSH between them but they are on different subnets of the same LAN). Ubuntu firewall also disabled. M1: 172.31.32.210/255.255.240.0 ->…
unaigwimbi
  • 1
  • 1
0
votes
1 answer

Global Policy to default allow traffic within namespaces

We are setting up a strict default deny policy with calico to disable any traffic except the failsafe rules. Now we have multiple namespaces that are increasing since every application is scoped with several namespaces. Now the idea is to default…
Julian Dm
  • 363
  • 2
  • 17
0
votes
1 answer

Kubernetes - Network Policy to allow traffic on port only within a namespace

I need to create a network policy which accept the traffic (ingress + egress) between all pods inside the same namespace on a specific port ONLY (for example on port 9200). I labeled my namespace called calico using kubectl label ns calico…
Y.jab
  • 9
  • 2
0
votes
0 answers

no matches for kind "CalicoAPIConfig" in version "projectcalico.org/v3

My calico is configured to be associated with etcd, so I create a configfile to configure the etcd's ca certificate, certs and key, but when I apply the config file, notes me that didn't have this kind. This file is the template I copied from the…
Esc
  • 521
  • 13
  • 30
0
votes
1 answer

Calico CNI networkPolicy not affecting pods running on nodes

I've been trying to implement a network policy on my cluster (k8s bare-metal) and no policies seem to be implemented on pods running on cluster nodes, only on pods running directly on the master. What I've tried: A single namespace with a…
Daniel
  • 131
  • 1
  • 1
  • 7
1 2 3
11 12