Quickstart for Calico on Kubernetes

Overview

This quickstart gets you a single-host Kubernetes cluster with Calico in approximately 15 minutes. You can use this cluster for testing and development.

To deploy a cluster suitable for production, refer to Installation.

Requirements

• AMD64 processor
• 2CPU
• 2GB RAM
• 10GB free disk space
• RedHat Enterprise Linux 7.x+, CentOS 7.x+, Ubuntu 16.04+, or Debian 9.x+

Before you begin

• Ensure that Calico can manage cali and tunl interfaces on the host. If NetworkManager is present on the host, refer to Configure NetworkManager.

• Follow the Kubernetes instructions to install kubeadm.

  Note: After installing kubeadm, do not power down or restart the host. Instead, continue directly to the next section to create your cluster.

Create a single-host Kubernetes cluster

1. As a regular user with sudo privileges, open a terminal on the host that you installed kubeadm on.

2. Initialize the master using the following command.

   sudo kubeadm init --pod-network-cidr=192.168.0.0/16
   

   Note: If 192.168.0.0/16 is already in use within your network you must select a different pod network CIDR, replacing 192.168.0.0/16 in the above command as well as in any manifests applied below.

3. Execute the following commands to configure kubectl (also returned by kubeadm init).

   mkdir -p $HOME/.kube
   sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
   sudo chown $(id -u):$(id -g) $HOME/.kube/config
   

4. Install Calico with the following command.

   kubectl apply -f https://docs.projectcalico.org/v3.9/manifests/calico.yaml
   

   Note: You can also view the YAML in a new tab.

   You should see the following output.

   configmap "calico-config" created
   customresourcedefinition.apiextensions.k8s.io "felixconfigurations.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "ipamblocks.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "blockaffinities.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "ipamhandles.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "bgppeers.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "bgpconfigurations.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "ippools.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "hostendpoints.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "clusterinformations.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "globalnetworkpolicies.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "globalnetworksets.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "networksets.crd.projectcalico.org" created
   customresourcedefinition.apiextensions.k8s.io "networkpolicies.crd.projectcalico.org" created
   clusterrole.rbac.authorization.k8s.io "calico-kube-controllers" created
   clusterrolebinding.rbac.authorization.k8s.io "calico-kube-controllers" created
   clusterrole.rbac.authorization.k8s.io "calico-node" created
   clusterrolebinding.rbac.authorization.k8s.io "calico-node" created
   daemonset.extensions "calico-node" created
   serviceaccount "calico-node" created
   deployment.extensions "calico-kube-controllers" created
   serviceaccount "calico-kube-controllers" created
   

5. Confirm that all of the pods are running with the following command.

   watch kubectl get pods --all-namespaces
   

   Wait until each pod has the STATUS of Running.

   NAMESPACE    NAME                                       READY  STATUS   RESTARTS  AGE
   kube-system  calico-kube-controllers-6ff88bf6d4-tgtzb   1/1    Running  0         2m45s
   kube-system  calico-node-24h85                          1/1    Running  0         2m43s
   kube-system  coredns-846jhw23g9-9af73                   1/1    Running  0         4m5s
   kube-system  coredns-846jhw23g9-hmswk                   1/1    Running  0         4m5s
   kube-system  etcd-jbaker-1                              1/1    Running  0         6m22s
   kube-system  kube-apiserver-jbaker-1                    1/1    Running  0         6m12s
   kube-system  kube-controller-manager-jbaker-1           1/1    Running  0         6m16s
   kube-system  kube-proxy-8fzp2                           1/1    Running  0         5m16s
   kube-system  kube-scheduler-jbaker-1                    1/1    Running  0         5m41s
   

6. Press CTRL+C to exit watch.

7. Remove the taints on the master so that you can schedule pods on it.

   kubectl taint nodes --all node-role.kubernetes.io/master-
   

   It should return the following.

   node/<your-hostname> untainted
   

8. Confirm that you now have a node in your cluster with the following command.

   kubectl get nodes -o wide
   

   It should return something like the following.

   NAME              STATUS   ROLES    AGE   VERSION   INTERNAL-IP   EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION    CONTAINER-RUNTIME
   <your-hostname>   Ready    master   52m   v1.12.2   10.128.0.28   <none>        Ubuntu 18.04.1 LTS   4.15.0-1023-gcp   docker://18.6.1
   

Congratulations! You now have a single-host Kubernetes cluster equipped with Calico.

Next steps

Secure a simple application using the Kubernetes NetworkPolicy API

Control ingress and egress traffic using the Kubernetes NetworkPolicy API

Create a user interface that shows blocked and allowed connections in real time

Install and configure calicoctl