Kubernetes Networking With Calico…
Before you start with calico its mandatory to have basic understanding on Kubernetes concepts such as pods, containers, and namespaces etc, though you definitely don’t have to be a Kubernetes expert.
In-depth networking knowledge is not required. If you know what an IP address is, what DNS is, and what a load balancer is, then that is more than enough to start with calico.
The Kubernetes Network Model
Networking in k8s is clearly explained how pods ,containers and services communicate with each other.
Each pods get its own IP address and containers within the pods share the ip address and can communicate with each other.
Pods can communicate with other pods in the cluster using their ip address their network address translation.
Network isolation that is restrict in where each pod can communicate define in network policy as a result pod can be treated much like vm/host where each pods have unique ip addresses.
containers within the pods much like process running on the vm/host where they share same ip address becoz isolation is defined using network policy rather structure of the network and network remains very simple as a flat network.
Now its time start talking about the calico…
What is Calico?
Calico is an open source networking and network security solution for containers, virtual machines, and native host-based workloads. Calico supports a broad range of platforms including Kubernetes, OpenShift, Mirantis Kubernetes Engine (MKE), OpenStack, and bare metal services.
Calico uses a pure IP networking fabric to deliver high performance Kubernetes networking, and its policy engine enforces developer intent for high-level network policy management. Together, Calico and Kubernetes provide a secure, cloud-native platform that can scale your infrastructure to support hundreds of thousands of users.
Calico provides Layer 3 networking capabilities and associates a virtual router with each node. It enables host to host and pod to pod networking, IPAM. Calico allows establishment of zone boundaries through BGP or encapsulation through IP on IP or VXLAN methods.
Calico can be used for establishing a network backend (BGP, Pod IPAM) and establishing network policy or only for the latter. Calico supports both IPv4 and IPv6 networks
Using Calico for Kubernetes Networking
Calico integrates with Kubernetes through the CNI networking interface and offers a number of capabilities that have made it a stand out within the Kubernetes eco-system, compared to alternatives, such as Weave, Canal, or Flannel.
Why Calico is popular?
Within the Kubernetes eco-system, Calico is emerging as one of the most popular framework plug-ins with hundreds of enterprises using it at scale. There are three important characteristics that, together, have made Calico stand out:
- Scalability — Calico is built on a fully distributed, layer 3 based scale-out architecture, so it scales smoothly from a single developer laptop to large enterprise deployments
- Debugging — Calico relies on an IP layer and is relatively easy to debug with existing tools, an important aspect for enterprise security.
- Micro-Segmentation Support — The plug-in makes it possible for administrators or end-users to define networking policies between multiple parts or containers, so you can control which parts communicate with other parts, which is very important in the security world. By leveraging the native Linux Kernel, Calico users can also utilize existing network tools, including IP-Tables, to perform high-level micro-segmentation.
Due to the above mentioned reasons, community adoption of Calico has increased significantly with even Azure, AWS, and Google Cloud adopting Calico as their cloud-native container networking policy standard.
Happy learning…
