Stack Overflow
Stack Overflow

Questions tagged [project-calico]

Project Calico aims to simplify, scale, and secure cloud networks.

Per the project website, Project Calico aims to be:

Simple

Let's remove the complexity

Traditional SDNs are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified networking model designed for the demands of today's cloud-native applications.

Scalable

From dev/test to enterprise deployment

Unlike SDNs that require a central controller, limiting scalability, Calico is built on a fully distributed, scale-out architecture. So it scales smoothly from a single developer laptop to large enterprise deployments.

Secure

Policy-based micro-segmentation

Defining secure network policy used to be reserved for skilled network engineers. Calico's powerful micro-segmentation capabilities build on a simple policy language that naturally expresses the developer's intent.

171 questions
0
votes
1 answer

Can I block connection between a pod and ElastiCache in AWS

I have my K8s setup(Pods A,B and C) and Elastic cache ("xxx.xxxx.xx.cache.amazonaws.com")in AWS. Right now all my pods have access to elastic cache. I am looking for a solution by which I can restrict the communication. I read about calico but I…
Vikas Rathore
  • 8,242
  • 8
  • 35
  • 54
0
votes
1 answer

Enabling hostNetwork: true for IPv6 oly

Im looking for a way to use hostNetwork: true but only for IPv6, I need the hosts ipv6 capabilities but would also like to have an internal network for the pods (For example for prometheus or a ready HTTP Server) If I enable hostNetwork = true I…
Repulsr
  • 51
  • 3
0
votes
1 answer

Kubernetes + calico + replicaSet

So I found myself in a pretty sticky situation. I'm trying to create a simple replicaSet, but unfortunately I ran into some problems with the calico. I have 2 VM running on OracleVM. I have them configured to use enp0s8 interface. The IP of the…
minihulk22
  • 149
  • 3
  • 14
0
votes
1 answer

Kubernetes 1.7 calico log message calico-node -felix-live -bird-live] and timeout 1 (s)

I am running Kubernetes 1.17 cluster with Calico CNI running on containerd. my servers are running CentOS 8, all my nodes I am getting this log message. how to stop these messages? Mar 8 21:15:48 node03 systemd[1]: Removed slice…
sfgroups
  • 18,151
  • 28
  • 132
  • 204
0
votes
1 answer

Mutation Webhooks in EKS isn't working when calico used as cni

I want to replace aws-node cni to calico. I've removed aws-node daemonset and installed calico. Network between pods works great, but when I'm using mutation webhooks, kube-api-server couldn't connect to the target service, because there are no…
Nycodym Achuprynkin
  • 41
  • 5
0
votes
0 answers

Docker in docker routing within Kubernetes

I've network related issue on the Kubernetes host, using Calico network layer. For continuous integration I need to run docker in docker, but running simple docker build with this Dockerfile: FROM praqma/network-multitool AS build RUN route RUN ping…
Jan Zahradník
  • 2,417
  • 2
  • 33
  • 44
0
votes
1 answer

Kubernate: Unable to ping pod ip on other node

Pod ips are only pinging from same node. When i try pinging pod ip from other node/worker its not pinging. master2@master2:~$ kubectl get pods --namespace=kube-system -o wide NAME READY STATUS RESTARTS …
piyush
  • 418
  • 1
  • 4
  • 13
0
votes
1 answer

Calico IP-in-IP connectivity issues with nested containers on Kubernetes

I am implementing a cluster-api controller using Kubernetes as the infrastructure provider - that is, I am trying to run Kubernetes Nodes as Kubernetes Pods and form a cluster within a cluster. I have this working apart from network connectivity…
dippynark
  • 2,743
  • 20
  • 58
0
votes
1 answer

Why doesn't Kubernetes networking model ask for service cluster ip range to be opened on firewall?

The only requirement in Kubernetes networking docs is to open firewall between pods. How does pod to service connectivity works, as service cluster ip range and pod cidrs are different?
user6317694
  • 962
  • 1
  • 9
  • 19
0
votes
1 answer

Setting up logging on ingress

I'm setting up a global network policy as follows, however the documentation claims the entries are in /var/log/syslog. But which pod or resource would let me see this information? apiVersion: projectcalico.org/v3 kind:…
ergonaut
  • 6,929
  • 1
  • 17
  • 47
0
votes
1 answer

EKS GlobalNetworkPolicies default-deny with pod exceptions

Currently I have a GlobalNetworkPolicy 'default-deny' to limit all traffic within my cluster, all ingress/egress is set to deny for all(). I have attempted to allow exceptions for certain labels pods, using 'order'. When I don't specify 'action'…
alaika sokawk
  • 1
0
votes
1 answer

Calico CNI pod networking not working across different hosts on EKS Kubernetes worker nodes

I am running vanilla EKS Kubernetes at version 1.12. I've used CNI Genie to allow custom selection of the CNI that pods use when starting and I've installed the standard Calico CNI setup. With CNI Genie I configured the default CNI to be the AWS CNI…
Shogan
  • 1,154
  • 1
  • 10
  • 24
0
votes
0 answers

Kubernetes bind address

I have previously setup kubernetes clusters in dev environments, using private servers without any issues. Now i created a new cluster in a datacenter (hetzner) I been trying to get everything working for several days now, reinstalling the servers…
Randy Deborggraeve
  • 1
  • 1
0
votes
1 answer

Installing Kubernetes on IPV6

I am trying to install Kubernetes 1.14.3 on IPV6 environment. I don't have any IPV4 interface on this environment , only IPV6. I tried with p-lain kubeadm config file and it seems to work but when I try to apply the calico cni the calico-node keeps…
eran meiri
  • 1,322
  • 3
  • 12
  • 29
0
votes
2 answers

Improper cni install preventing coredns pods from starting

Just installed a single master cluster using kubeadm v1.15.0. However, coredns seems stuck in pending mode: coredns-5c98db65d4-4pm65 0/1 Pending 0 2m17s
horcle_buzz
  • 2,101
  • 3
  • 30
  • 59
1 2 3
11 12