Installing Calico for policy and flannel for networking
Before you begin
Ensure that you have a Kubernetes cluster that meets the Calico system requirements. If you don’t, follow the steps in Using kubeadm to create a cluster.
Installing Calico for policy and flannel for networking
Selecting a datastore type
The procedure differs according to your datastore type. Refer to the section that matches your type.
- 
    Kubernetes API datastore (recommended) 
Installing with the Kubernetes API datastore (recommended)
- 
    Ensure that the Kubernetes controller manager has the following flags set: 
 --cluster-cidr=10.244.0.0/16and--allocate-node-cidrs=true.Tip: If you’re using kubeadm, you can pass --pod-network-cidr=10.244.0.0/16to kubeadm to set the Kubernetes controller flags.
- 
    If your cluster has RBAC enabled, issue the following command to configure the roles and bindings that Calico requires. kubectl apply -f \ https://just-master--zealous-perlman-827aaa.netlify.com/v3.2/getting-started/kubernetes/installation/hosted/canal/rbac.yamlNote: You can also view the manifest in your browser. 
- 
    Issue the following command to install Calico. kubectl apply -f \ https://just-master--zealous-perlman-827aaa.netlify.com/v3.2/getting-started/kubernetes/installation/hosted/canal/canal.yamlNote: You can also view the manifest in your browser. 
- 
    If you wish to enforce application layer policies and secure workload-to-workload communications with mutual TLS authentication, continue to Enabling application layer policy (optional). 
Installing with the etcd datastore
We strongly recommend using the Kubernetes API datastore, but if you prefer to use etcd, complete the following steps.
- 
    If your cluster has RBAC enabled, issue the following command to configure the roles and bindings that Calico requires. kubectl apply -f \ https://just-master--zealous-perlman-827aaa.netlify.com/v3.2/getting-started/kubernetes/installation/hosted/canal/rbac-etcd.yamlNote: You can also view the manifest in your browser. 
- 
    Download the Calico networking manifest for the Kubernetes API datastore. curl \ https://just-master--zealous-perlman-827aaa.netlify.com/v3.2/getting-started/kubernetes/installation/hosted/canal/canal-etcd.yaml \ -O
- 
    In the ConfigMapnamedcalico-config, set the value ofetcd_endpointsto the IP address and port of your etcd server.Tip: You can specify more than one using commas as delimiters. 
- 
    Apply the manifest using the following command. kubectl apply -f canal-etcd.yaml
- 
    If you wish to enforce application layer policies and secure workload-to-workload communications with mutual TLS authentication, continue to Enabling application layer policy (optional).