Stack Overflow
Stack Overflow

Questions tagged [project-calico]

Project Calico aims to simplify, scale, and secure cloud networks.

Per the project website, Project Calico aims to be:

Simple

Let's remove the complexity

Traditional SDNs are complex, making them hard to deploy and troubleshoot. Calico removes that complexity, with a simplified networking model designed for the demands of today's cloud-native applications.

Scalable

From dev/test to enterprise deployment

Unlike SDNs that require a central controller, limiting scalability, Calico is built on a fully distributed, scale-out architecture. So it scales smoothly from a single developer laptop to large enterprise deployments.

Secure

Policy-based micro-segmentation

Defining secure network policy used to be reserved for skilled network engineers. Calico's powerful micro-segmentation capabilities build on a simple policy language that naturally expresses the developer's intent.

160 questions
2
votes
1 answer

Outbound connection intermittent failed to response

I'm experiencing intermittent failed to response when make an outbound connection such as RPC call, it is logged by my application (Java) like this : org.apache.http.NoHttpResponseException: RPC_SERVER.com:443 failed to respond ! Outbound…
Heru Sebastian
  • 21
  • 2
2
votes
1 answer

pod routes don't match IP

I'm using Kubernetes 1.5.2 in CoreOS 1235.6.0 on bare metal, with calico v1.0.2 for the overlay network. Containers are getting correct IP addresses, but their routes don't match: / # ip addr show 1: lo: mtu 65536 qdisc…
Chris Jones
  • 3,597
  • 4
  • 28
  • 27
2
votes
2 answers

How to fix calico.yaml for kubernetes cluster?

Trying several options to resolve the issue with weave-net (How to fix weave-net CrashLoopBackOff for the second node?), I have decided to try calico instead of weave-net. The documentation for kubernetes tells I need only one or another. The…
Andrew
  • 1,430
  • 1
  • 14
  • 25
2
votes
1 answer

starting calicoctl container on coreos

I have CoreOS beta (1153.4.0) I'm trying to run calicoctl to check if my calico networking is properly configured. so I'm trying to run a calicoctl rkt container with the command rkt run quay.io/calico/ctl and I get the output image: using image…
ufk
  • 26,596
  • 55
  • 202
  • 346
1
vote
1 answer

Why can't I reach a pod in another namespace using the format http://..pod.cluster.local?

I created a namespace and a pod in it like this: # Create the namespace kubectl create namespace one # Create the pod (NOTE - Without a service) kubectl run rest -n one --image nginx --labels app=rest --expose --port 80 I then created a second…
Don Rhummy
  • 20,170
  • 31
  • 134
  • 252
1
vote
1 answer

Pods can't ping each other in a kubernetes cluster spawned over nodes from two different subnets

I am trying to bring up an on-prem k8 cluster using kubespray with 3 master and 5 worker nodes. The node IPs are from 2 different subnets. Ansible inventory: hosts: saba-k8-vm-m1: ansible_host: 192.168.100.1 ip: 192.168.100.1 access_ip:…
Raji
  • 33
  • 5
1
vote
1 answer

Project Calico: Priority between "global policy" and "network policy"

I am testing Project Calico on a small Kubernetes cluster and I try to figure out which one between "global policy" and "network policy" will be applied to the data stream first. What I understand: the data path with Calico is that the pod's host…
adbkp
  • 11
  • 1
1
vote
0 answers

Calico prints "Hit error connecting to datastore: connection refused"

I created a cluster on an Ubuntu server using this command: > kubeadm init --cri-socket /var/run/dockershim.sock --control-plane-endpoint servername.local --apiserver-cert-extra-sans servername.local I added Calico like this: > curl…
acl
  • 137
  • 1
  • 7
1
vote
0 answers

How to troubleshot: Kubernetes pods not creating or terminating

I am new at K8s so I am having troubles getting to the button of the issue. Last week I installed a cluster with 1 master 2 nodes in centos with kubeadm: kubectl get nodes NAME STATUS ROLES AGE …
Leandro De Mestico
  • 11
  • 1
1
vote
1 answer

Calico GlobalNetworkPolicy exclusion not working

Recently started with Calico network policies on a AKS cluster. The plan is to block all traffic for new namespaces with the exception of traffic destined for the coredeDNS pod labeled "kube-dns". The policy should not be applied to the namespaces:…
marc veen
  • 11
  • 1
1
vote
2 answers

accessing Kubernetes from remote hosts

I'm pretty sure I have something misconfigured or missing something. my home network is 10.11.0.0/16 I setup a kubernetes instance with sudo kubeadm init --pod-network-cidr=10.166.0.0/16 Then I installed calico…
phomlish
  • 139
  • 1
  • 2
  • 12
1
vote
0 answers

Kubernetes - Network Policy to allow traffic on port only within a namespace

I need to create a network policy which accept the traffic (ingress + egress) between all pods inside the same namespace on a specific port ONLY (for example on port 9200). I labeled my namespace called calico using kubectl label ns calico…
Y.jab
  • 11
  • 1
1
vote
1 answer

Calico works well in my k8s, but I can't Ping clusterip on the node

I installed calico according to the steps on the official website, and it can run normally, and there is no error reported in the log. However, when I Ping the clusterip, the Ping fails, and there is no error in the pod log, so I can't locate the…
Esc
  • 351
  • 2
  • 15
1
vote
0 answers

Does kubernetes use calico plugin support network policy or not when kube-proxy use ipvs mode?

Does kubernetes use calico plugin support network policy or not when kube-proxy use ipvs mode? Kubernetes+calico+kube-proxy(iptables mode) support network policy function.But I do not know whether it takes effect when kube-proxy uses ipvs(nat) mode…
mayidewenhen
  • 11
  • 2
1
vote
1 answer

how to explain couple of points on Kubernetes Calico Networking routing table?

Below is the output from ip route command in one of the worker nodes of Kubernetes cluster (aws based): $ip route default via 10.6.16.1 dev eth0 10.6.16.0/21 dev eth0 proto kernel scope link src 10.6.22.111 111.97.95.0/26 via 10.6.145.224 dev…
Viji
  • 63
  • 4
1 2
3
10 11