Install Calico network policy on a Google Kubernetes Engine cluster
Google Kubernetes Engine (GKE) has built-in support for Calico, providing a robust implementation of the full Kubernetes Network Policy API. GKE users wanting to go beyond Kubernetes network policy capabilities can make full use of the Calico Network Policy API.
You can install Calico network policy by enabling it as you create a new GKE cluster.
The geeky details of what you get:
| Policy | IPAM | CNI | Overlay | Routing | Datastore |
|---|---|---|---|---|---|
Prerequisites
- You have a Google Cloud account, an active project, and permissions for creating clusters.
- You installed and configured the gcloud and kubectl CLIs on your workstation.
Create a GKE cluster with Calico enabled for network policy
-
Create a new GKE cluster with network policy by running the following command:
gcloud container clusters create <cluster-name> --enable-network-policyThis may take several minutes to complete.
-
Verify that the Calico pods are running in your cluster by entering the following command:
kubectl get pods -n kube-systemExample output:
NAME READY STATUS RESTARTS AGE
calico-node-hjnt5 1/1 Running 0 13m
calico-node-phcjw 1/1 Running 0 13m
calico-node-pmrkm 1/1 Running 0 12m
calico-node-vertical-autoscaler-8c79c8dc-q7z7c 1/1 Running 0 15m
calico-typha-547bf5ddbd-8jlnt 1/1 Running 0 13m
calico-typha-547bf5ddbd-d2qjd 1/1 Running 0 13m
calico-typha-horizontal-autoscaler-7d99b54d8b-f9fq6 1/1 Running 0 15m
calico-typha-vertical-autoscaler-bbdb9bc58-wsd6v 1/1 Running 0 15m
event-exporter-gke-545bc64577-rmgkn 2/2 Running 0 15m
fluentbit-gke-8p8tc 3/3 Running 0 14m
...
Additional resources
For complete GKE requirements, limitations, and other installation methods, see Enable network policy enforcement.
GKE documentation does not always refer to Calico by name. For clusters using Dataplane V1, references to "network policy" often describe integrated Calico network policy.
Next steps
Required
Recommended