Installing Calico for policy and networking (recommended)
Before you begin
Ensure that you have a Kubernetes cluster that meets the Calico system requirements. If you don’t, follow the steps in Using kubeadm to create a cluster.
If you’re installing on CoreOS, you should also see this FAQ as there are required changes to the provided manifests.
Installing Calico for policy and networking
Selecting your datastore type and number of nodes
The procedure differs according to the type of datastore you want Calico to use and the number of nodes. Refer to the section that matches your desired datastore type and number of nodes.
Installing with the Kubernetes API datastore—50 nodes or less
-
Download the Calico networking manifest for the Kubernetes API datastore.
$ curl https://docs.projectcalico.org/archive/v3.12/manifests/calico.yaml -O -
If you are using pod CIDR
192.168.0.0/16, skip to the next step. If you are using a different pod CIDR, use the following commands to set an environment variable calledPOD_CIDRcontaining your pod CIDR and replace192.168.0.0/16in the manifest with your pod CIDR.$ POD_CIDR="<your-pod-cidr>" \ sed -i -e "s?192.168.0.0/16?$POD_CIDR?g" calico.yaml -
Apply the manifest using the following command.
$ kubectl apply -f calico.yaml -
If you wish to enforce application layer policies and secure workload-to-workload communications with mutual TLS authentication, continue to Enabling application layer policy (optional).
Installing with the Kubernetes API datastore—more than 50 nodes
-
Download the Calico networking manifest for the Kubernetes API datastore.
$ curl https://docs.projectcalico.org/archive/v3.12/manifests/calico-typha.yaml -o calico.yaml -
If you are using pod CIDR
10.244.0.0/16, skip to the next step. If you are using a different pod CIDR, use the following commands to set an environment variable calledPOD_CIDRcontaining your pod CIDR and replace10.244.0.0/16in the manifest with your pod CIDR.$ POD_CIDR="<your-pod-cidr>" \ sed -i -e "s?10.244.0.0/16?$POD_CIDR?g" calico-typha.yaml -
Modify the replica count in the
Deploymentnamedcalico-typhato the desired number of replicas.We recommend at least one replica for every 200 nodes and no more than 20 replicas. In production, we recommend a minimum of three replicas to reduce the impact of rolling upgrades and failures. The number of replicas should always be less than the number of nodes, otherwise rolling upgrades will stall. In addition, Typha only helps with scale if there are fewer Typha instances than there are nodes.
Warning: If you set
typha_service_namewithout increasing the replica count from its default of0Felix will try to connect to Typha, find no Typha instances to connect to, and fail to start. -
Apply the manifest.
$ kubectl apply -f calico.yaml -
If you wish to enforce application layer policies and secure workload-to-workload communications with mutual TLS authentication, continue to Enabling application layer policy (optional).
Installing with the etcd datastore
-
Download the Calico networking manifest for etcd.
$ curl https://docs.projectcalico.org/archive/v3.12/manifests/calico-etcd.yaml%20-o%20calico.yaml -
If you are using pod CIDR
10.244.0.0/16, skip to the next step. If you are using a different pod CIDR, use the following commands to set an environment variable calledPOD_CIDRcontaining your pod CIDR and replace10.244.0.0/16in the manifest with your pod CIDR.$ POD_CIDR="<your-pod-cidr>" \ sed -i -e "s?10.244.0.0/16?$POD_CIDR?g" calico-etcd.yaml -
In the
ConfigMapnamedcalico-config, set the value ofetcd_endpointsto the IP address and port of your etcd server.Tip: You can specify more than one using commas as delimiters.
-
Apply the manifest using the following command.
$ kubectl apply -f calico.yaml -
If you wish to enforce application layer policies and secure workload-to-workload communications with mutual TLS authentication, continue to Enabling application layer policy (optional).