Kubernetes - Calico - All about Calico

 

Calico in Kubernetes — Complete Guide

What is Calico?

Calico is a Container Network Interface (CNI) plugin for Kubernetes. It provides:

  • Networking between Pods
  • Network security (Network Policies)
  • Routing between nodes
  • High-performance networking using eBPF (optional)

    eBPF stands for extended Berkeley Packet Filter. It is a technology in the Linux kernel that allows programs to run safely inside the kernel without modifying the kernel's source code or loading traditional kernel modules.

    It was originally designed for packet filtering, but it has evolved into a general-purpose framework for networking, observability, security, and performance optimization.

It is one of the most widely used CNI plugins in production Kubernetes clusters

Why is eBPF used for high-performance networking?

Traditional networking often requires packets to move between the kernel and user space, which adds overhead. eBPF lets you process packets directly in the kernel, reducing latency and improving throughput.

Some common networking uses include:

  • Load balancing
  • Firewalling
  • Packet filtering
  • Traffic shaping
  • DDoS mitigation
  • Network monitoring

Why do we need Calico?

When Kubernetes creates a Pod, it only knows that the Pod needs an IP address.

Something must:

  • Assign an IP
  • Connect Pods together
  • Allow Pods on different nodes to communicate
  • Control which Pods are allowed to talk to each other

That "something" is the CNI plugin.

Calico is one of those plugins.


Without Calico

Imagine two Pods.

Node 1

-------

Pod A (10.244.1.2)


Node 2

-------

Pod B (10.244.2.3)


With Calico

                                   Calico

                                      │

       ┌──────────┴──────────┐

       │                                                            

Node 1                           │                        Node 2

              -------│---------------------│--------

Pod A  │  ←────Traffic────→  │ Pod B


Calico configures Linux networking so Pods can communicate.


Comments

Post a Comment

Popular posts from this blog

IP Ranges

 IP addresses are divided into different ranges based on their purpose and usage. Here's a breakdown of the various IP ranges used for different scenarios: 1. Private IP Ranges Purpose: Used within private networks, such as home or corporate LANs. These IPs are not routable on the internet. Ranges: Defined by RFC 1918 Class A: 10.0.0.0 to 10.255.255.255 Subnet Mask: 255.0.0.0 or /8 Class B: 172.16.0.0 to 172.31.255.255 Subnet Mask: 255.240.0.0 or /12 Class C: 192.168.0.0 to 192.168.255.255 Subnet Mask: 255.255.0.0 or /16 Use Cases: Home routers, corporate LANs, Virtual Private Networks (VPNs). 2. Public IP Ranges Purpose: Used for communication over the internet. These IPs are routable and must be unique across the internet. Ranges: Any IP address not in the private ranges mentioned above is considered a public IP address. Examples: 8.8.8.8 (Google Public DNS) 192.0.2.0/24 (TEST-NET-1, reserved for documentation and examples) Public IPs are assigned by Internet A...
Read more

K8 : Networking : Switches

 How does system A connect system B  What is a Switch ? A network switch is a fundamental device used in various scenarios to manage and direct data traffic within a network. Switches are crucial for building efficient and scalable networks, particularly in Local Area Networks (LANs). Here’s when and why you would use a network switch: 1. Connecting Multiple Devices within a Local Network (LAN) Scenario: In an office, home, or data center where multiple computers, printers, servers, and other devices need to communicate with each other. Purpose: A switch connects these devices to form a local network, allowing them to share resources like printers or access the internet through a single router. Function: The switch intelligently forwards data packets between devices on the same network, based on MAC addresses, without flooding all ports.
Read more

Setting Linux Host as a Router

 Setting up a Linux server as a router involves configuring the server to forward network traffic between different network interfaces. Here’s a step-by-step guide to achieve this: 1. Install and Configure Network Interfaces Ensure your server has at least two network interfaces: WAN (External Interface): Connected to the internet (e.g., eth0 ). LAN (Internal Interface): Connected to your internal network (e.g., eth1 ). Example Setup: eth0 : 192.168.1.2 (WAN, connected to your ISP or upstream router). eth1 : 10.0.0.1 (LAN, connected to your internal network switch or directly to other devices). 2. Configure IP Addressing Assign static IP addresses to your network interfaces. Edit the network configuration: sudo nano /etc/network/interfaces # WAN Interface (eth0) auto eth0 iface eth0 inet static   address 192.168.1.2   netmask 255.255.255.0   gateway 192.168.1.1 # Your upstream router or ISP gateway # LAN Interface (eth1) auto eth1 iface eth1 inet static   addr...
Read more