Quickstart for Calico on Kubernetes
Overview
This quickstart gets you a single-host Kubernetes cluster with Calico in approximately 15 minutes. You can use this cluster for testing and development.
To deploy a cluster suitable for production, refer to Installation.
Requirements
- AMD64 processor
- 2CPU
- 2GB RAM
- 10GB free disk space
- RedHat Enterprise Linux 7.x+, CentOS 7.x+, Ubuntu 16.04+, or Debian 8.x+
Before you begin
Follow the Kubernetes instructions to install kubeadm.
Note: After installing kubeadm, do not power down or restart the host. Instead, continue directly to the next section to create your cluster.
Create a single-host Kubernetes cluster
-
As a regular user with sudo privileges, open a terminal on the host that you installed kubeadm on.
-
Initialize the master using the following command.
sudo kubeadm init --pod-network-cidr=192.168.0.0/16 -
Execute the following commands to configure kubectl (also returned by
kubeadm init).mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config -
Install an etcd instance with the following command.
kubectl apply -f \ https://just-master--zealous-perlman-827aaa.netlify.com/v3.2/getting-started/kubernetes/installation/hosted/etcd.yamlNote: You can also view the YAML in a new tab.
You should see the following output.
daemonset "calico-etcd" created service "calico-etcd" created -
Install the RBAC roles required for Calico
kubectl apply -f \ https://just-master--zealous-perlman-827aaa.netlify.com/v3.2/getting-started/kubernetes/installation/rbac.yamlNote: You can also view the YAML in a new tab.
You should see the following output.
clusterrole.rbac.authorization.k8s.io "calico-kube-controllers" created clusterrolebinding.rbac.authorization.k8s.io "calico-kube-controllers" created clusterrole.rbac.authorization.k8s.io "calico-node" created clusterrolebinding.rbac.authorization.k8s.io "calico-node" created -
Install Calico with the following command.
kubectl apply -f \ https://just-master--zealous-perlman-827aaa.netlify.com/v3.2/getting-started/kubernetes/installation/hosted/calico.yamlNote: You can also view the YAML in a new tab.
You should see the following output.
configmap "calico-config" created secret "calico-etcd-secrets" created daemonset.extensions "calico-node" created serviceaccount "calico-node" created deployment.extensions "calico-kube-controllers" created serviceaccount "calico-kube-controllers" created -
Confirm that all of the pods are running with the following command.
watch kubectl get pods --all-namespacesWait until each pod has the
STATUSofRunning.NAMESPACE NAME READY STATUS RESTARTS AGE kube-system calico-etcd-x2482 1/1 Running 0 2m kube-system calico-kube-controllers-6ff88bf6d4-tgtzb 1/1 Running 0 2m kube-system calico-node-24h85 2/2 Running 0 2m kube-system etcd-jbaker-virtualbox 1/1 Running 0 6m kube-system kube-apiserver-jbaker-virtualbox 1/1 Running 0 6m kube-system kube-controller-manager-jbaker-virtualbox 1/1 Running 0 6m kube-system kube-dns-545bc4bfd4-67qqp 3/3 Running 0 5m kube-system kube-proxy-8fzp2 1/1 Running 0 5m kube-system kube-scheduler-jbaker-virtualbox 1/1 Running 0 5m -
Press CTRL+C to exit
watch. -
Remove the taints on the master so that you can schedule pods on it.
kubectl taint nodes --all node-role.kubernetes.io/master-It should return the following.
node "<your-hostname>" untainted -
Confirm that you now have a node in your cluster with the following command.
kubectl get nodes -o wideIt should return something like the following.
NAME STATUS ROLES AGE VERSION EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME <your-hostname> Ready master 1h v1.8.x <none> Ubuntu 16.04.3 LTS 4.10.0-28-generic docker://1.12.6
Congratulations! You now have a single-host Kubernetes cluster equipped with Calico.
Next steps
Secure a simple application using the Kubernetes NetworkPolicy API
Control ingress and egress traffic using the Kubernetes NetworkPolicy API
Create a user interface that shows blocked and allowed connections in real time