Kubernetes - Calico - All about Calico
Calico in Kubernetes — Complete Guide
What is Calico?
Calico is a Container Network Interface (CNI) plugin for Kubernetes. It provides:
- Networking between Pods
- Network security (Network Policies)
- Routing between nodes
-
High-performance networking using eBPF (optional)
eBPF stands for extended Berkeley Packet Filter. It is a technology in the Linux kernel that allows programs to run safely inside the kernel without modifying the kernel's source code or loading traditional kernel modules.
It was originally designed for packet filtering, but it has evolved into a general-purpose framework for networking, observability, security, and performance optimization.
It is one of the most widely used CNI plugins in production Kubernetes clusters
Why is eBPF used for high-performance networking?
Traditional networking often requires packets to move between the kernel and user space, which adds overhead. eBPF lets you process packets directly in the kernel, reducing latency and improving throughput.
Some common networking uses include:
- Load balancing
- Firewalling
- Packet filtering
- Traffic shaping
- DDoS mitigation
- Network monitoring
Why do we need Calico?
When Kubernetes creates a Pod, it only knows that the Pod needs an IP address.
Something must:
- Assign an IP
- Connect Pods together
- Allow Pods on different nodes to communicate
- Control which Pods are allowed to talk to each other
That "something" is the CNI plugin.
Calico is one of those plugins.
Without Calico
Imagine two Pods.
Node 1
-------
Pod A (10.244.1.2)
Node 2
-------
Pod B (10.244.2.3)
With Calico
Calico
│
┌──────────┴──────────┐
│
Node 1 │ Node 2
-------│---------------------│--------
Pod A │ ←────Traffic────→ │ Pod B
Calico configures Linux networking so Pods can communicate.
Comments
Post a Comment