0
0
KubernetesConceptBeginner · 4 min read

What is Calico in Kubernetes: Overview and Usage

Calico is a networking and network security solution for Kubernetes that provides fast, scalable, and secure communication between containers. It uses IP routing to connect pods across nodes without requiring overlays, making it efficient and simple to manage.
⚙️

How It Works

Calico works like a smart traffic controller for your Kubernetes cluster. Imagine each pod as a house in a neighborhood. Calico sets up clear roads (IP routes) between these houses so they can talk directly without detours or traffic jams.

Instead of creating a virtual network on top of your existing network (like some other tools), Calico uses the existing network infrastructure and adds rules to guide the traffic. This makes communication faster and easier to troubleshoot.

Additionally, Calico adds security by controlling who can visit which house. It uses network policies to allow or block traffic between pods, helping keep your cluster safe.

💻

Example

This example shows a simple Calico network policy that allows pods with the label role=frontend to receive traffic only from pods with the label role=backend.

yaml
apiVersion: projectcalico.org/v3
kind: NetworkPolicy
metadata:
  name: allow-backend-to-frontend
  namespace: default
spec:
  selector: role == 'frontend'
  ingress:
  - action: Allow
    source:
      selector: role == 'backend'
  egress:
  - action: Allow
    destination:
      selector: role == 'backend'
  order: 100
  types:
  - Ingress
  - Egress
Output
Network policy 'allow-backend-to-frontend' created in namespace 'default'. It restricts ingress and egress traffic to pods labeled 'role=frontend' to only communicate with pods labeled 'role=backend'.
🎯

When to Use

Use Calico when you want a simple, fast, and secure way to connect pods in Kubernetes without complex overlays. It is great for clusters that need high performance and clear network visibility.

Calico is ideal if you want to enforce strict network security rules between pods or namespaces. For example, in production environments where you must control which services can talk to each other, Calico’s network policies help keep your applications safe.

It also works well in cloud, on-premises, or hybrid Kubernetes setups, making it flexible for many real-world scenarios.

Key Points

  • Calico uses IP routing instead of overlays for pod networking.
  • It provides network security through flexible network policies.
  • Calico is scalable and works in various Kubernetes environments.
  • It improves network performance and visibility.

Key Takeaways

Calico connects Kubernetes pods using efficient IP routing without overlays.
It enforces network security with customizable policies between pods.
Calico improves network speed and visibility in Kubernetes clusters.
It is suitable for production environments needing strong network controls.
Calico works well across cloud, on-premises, and hybrid Kubernetes setups.

Related by keyword

What is Helm in Kubernetes: Overview and UsageHelmHow to Scale Kubernetes Pods Based on CPU UsageAuto ScalingHow to Scale Kubernetes Pods Based on Memory UsageAuto ScalingWhat is Kustomize in Kubernetes: Overview and UsageAdvancedWhat is API Server in Kubernetes: Role and Usage ExplainedGetting Started

Up next

When to Use DaemonSet in Kubernetes: Key Use Cases ExplainedStatefulSet vs Deployment: Key Differences and When to Use EachHow to Bind Role to Service Account in KubernetesHow to Create a Read Only User in Kubernetes

More in Networking

Calico vs Flannel in Kubernetes: Key Differences and UsageHow Networking Works in Kubernetes: Basics and ExamplesHow Pods Communicate in Kubernetes: Networking BasicsHow Service Discovery Works in Kubernetes: Explained Simply