Deploying Calico on Azure

About Calico on Azure

While Azure does not support Calico networking, you can use Calico policy with one of the following networking options.

• Azure user-defined routes: This option provides networking without overlays. Disable Calico networking by setting CALICO_NETWORKING_BACKEND to none in calico/node. (Also called “policy-only mode”.) Refer to Configuring calico/node and Azure user-defined routes for more information. If you’re on Kubernetes, refer to Installing Calico for policy (advanced) for a sample manifest.

• flannel (Kubernetes only): Refer to Installing Calico for policy and flannel for networking for specific instructions and a manifest. This option does use overlays.

• Azure CNI IPAM plug-in: Configure Calico to use the Azure CNI plug-in instead of the Calico CNI plug-in.

Azure user-defined routes

To configure Azure user-defined routes (UDR):

• Create an Azure route table and associatе it with the VMs subnet.

• Enable IP forwarding enabled in your VM network interfaces.

On Kubernetes, also complete the following.

• Ensure that the selected pod’s subnet is a part of your Azure virtual network IP range.

• Include the name of your routing table in the configuration file of your Kubernetes Azure cloud provider.

Why doesn’t Azure support Calico networking?

Azure does not allow traffic with unknown source IPs.