Questions tagged [project-calico]

Project Calico aims to simplify, scale, and secure cloud networks.

Per the project website, Project Calico aims to be:

Simple

Let's remove the complexity

Traditional SDNs are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified networking model designed for the demands of today's cloud-native applications.

Scalable

From dev/test to enterprise deployment

Unlike SDNs that require a central controller, limiting scalability, Calico is built on a fully distributed, scale-out architecture. So it scales smoothly from a single developer laptop to large enterprise deployments.

Secure

Policy-based micro-segmentation

Defining secure network policy used to be reserved for skilled network engineers. Calico's powerful micro-segmentation capabilities build on a simple policy language that naturally expresses the developer's intent.

171 questions

votes

5 answers

How to allow access to kubernetes api using egress network policy?

Init container with kubectl get pod command is used to get ready status of other pod. After Egress NetworkPolicy was turned on init container can't access Kubernetes API: Unable to connect to the server: dial tcp 10.96.0.1:443: i/o timeout. CNI is…

kubernetes project-calico kubernetes-networkpolicy

asked Apr 30 '18 at 14:46

Igor Stepin

votes

0 answers

Kube-proxy or ELB "delaying" packets of HTTP requests

We're running a web API app on Kubernetes (1.9.3) in AWS (set with KOPS). The app is a Deployment and represented by a Service (type: LoadBalancer) which is actually an ELB (v1) on AWS. This generally works - except that some packets (fragments of…

kubernetes amazon-elb kops kube-proxy project-calico

asked Aug 01 '18 at 11:05

ArAr

votes

7 answers

calico/node is not ready: BIRD is not ready: BGP not established

I'm running Kubernetes 1.13.2, setup using kubeadm and struggling with getting calico 3.5 up and running. The cluster is run on top of KVM. Setup: kubeadm init --apiserver-advertise-address=10.255.253.20 --pod-network-cidr=192.168.0.0/16 modified…

kubernetes project-calico

asked Jan 31 '19 at 17:17

phone_melter

votes

4 answers

Whitelist "kube-system" namespace using NetworkPolicy

I have a multi-tenant cluster, where multi-tenancy is achieved via namespaces. Every tenant has their own namespace. Pods from a tenant cannot talk to pods of other tenants. However, some pods in every tenant have to expose a service to the…

kubernetes project-calico kubernetes-networkpolicy

asked Jun 12 '18 at 00:03

mitchkman

6,201
8
39
67

votes

3 answers

kubernetes networkpolicy namespaceSelector select when namespace has no labels

I am trying to add a calico network policy to allow my namespace to talk to kube-system namespace. But in my k8s cluster kube-system has no labels attached to it, so I am not able to select pods in there. Below is what I tried but its not…

kubernetes project-calico calico kubernetes-networkpolicy

asked Jun 12 '19 at 13:28

Hemant_Negi

1,910
1
20
25

votes

1 answer

Monitor or log dropped network traffic for Kubernetes NetworkPolicy

I'm interested in using Kubernetes NetworkPolicy to control network policy. I want to know if the NetworkPolicy is blocking traffic so I can either fix the policies or fix/stop whatever is in violation. We use Calico and they view this as a paid…

kubernetes project-calico cilium kubernetes-networkpolicy

asked Dec 19 '17 at 23:20

Ben Mathews

2,939
2
19
25

votes

1 answer

Kubernetes DNS no longer resolving names

I have a cluster consisting of 6 servers, 3 masters and 3 workers. Up to this morning everything worked fine, until I removed two workers from the cluster. Now the internal DNS is not working anymore. I cannot resolve an internal name. Apparently…

kubernetes dns project-calico kubespray

asked May 25 '20 at 13:37

Paul

20,883
7
57
74

votes

1 answer

Can't connect to mongodb replicaset via kubectl port-forward

I'm trying to get access to mongodb replicaset via kubectl, so I won't expose it to internet, I can't use OpenVPN since Calico blocks it. So I'm using this script: export MONGO_POD_NAME1=$(kubectl get pods --namespace develop -l…

mongodb kubernetes google-kubernetes-engine kubectl project-calico

asked Feb 28 '19 at 12:01

animekun

1,789
4
28
45

votes

2 answers

How to make the pod CIDR range larger in kubernetes cluster deployed with kubeadm?

I deployed my cluster with the --pod-network-cidr added, and have created the new ip pool using calicoctl to change the pods to this range. The problem I am having is exactly what I need to change on the kubernetes side to make the pod cidr range…

kubernetes kubernetes-pod project-calico calico

asked Feb 11 '20 at 19:49

mmiara

votes

2 answers

How to stop kubernetes from reporting to usage.projectcalico.org?

I found that my kubernetes cluster was sending reports to usage.projectcalico.org, how can this be disabled and how exactly is it using usage.projectcalico.org?

kubernetes project-calico

asked May 22 '19 at 17:47

Alex Cohen

5,596
16
54
104

votes

1 answer

Kubernetes NetworkPolicy limit egress traffic to service

Is it possible to allow egress traffic only to the specific service? This is my naive try to do that: kind: NetworkPolicy metadata: name: default-deny-all-egress namespace: default spec: podSelector: {} egress: - ports: - protocol:…

kubernetes project-calico kubernetes-networkpolicy

asked Mar 01 '21 at 13:43

Jonas

4,683
4
45
81

votes

2 answers

Calico based pod is not coming up

I am setting up a pod using calico but it keeps on failing with some authorization error. By default following is the node cidr of my system: [root@k8master-1 ~]# kubeadm config view | grep Subnet podSubnet: 10.244.0.0/16 serviceSubnet:…

kubernetes project-calico

asked Jul 12 '20 at 03:58

drifter

votes

2 answers

Unable to access to service from kubernetes master node

[root@kubemaster ~]# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod1deployment-c8b9c74cb-hkxmq 1/1 Running 0 12s …

docker kubernetes kubernetes-service project-calico

asked May 16 '20 at 18:56

confused genius

2,876
2
16
29

votes

2 answers

How to explicitely define an Endpoint of an Kubernetes Service

I've provisioned a kubernetes cluster on my own couple of virtual machines via kubespray. Kubespray uses project-calico as default network-plugin which fits my requirements of proxying services in the cluster network to the outer world pretty…

kubernetes kubernetes-service project-calico kubespray

asked Dec 19 '19 at 15:41

Jürgen Zornig

1,174
20
48

votes

1 answer

MySQL replication with masters and slaves in different Kubernetes clusters using Calico as CNI plugin

I have a Kubernetes cluster in which there are some MySQL databases. I want to have a replication slave for each database in a different Kubernetes cluster in a different datacenter. I'm using Calico as CNI plugin. To make the replication process…

mysql kubernetes project-calico

asked Mar 21 '19 at 14:58

Manel R. Doménech

2 3

…

11 12 Next