Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
168 lines (122 sloc) 6.52 KB
title redirect_from canonical_url
Quickstart for Calico on Kubernetes


This quickstart gets you a single-host Kubernetes cluster with {{site.prodname}} in approximately 15 minutes. You can use this cluster for testing and development.

To deploy a cluster suitable for production, refer to Installation.


  • AMD64 processor
  • 2CPU
  • 2GB RAM
  • 10GB free disk space
  • RedHat Enterprise Linux 7.x+, CentOS 7.x+, Ubuntu 16.04+, or Debian 9.x+

Before you begin

Create a single-host Kubernetes cluster

  1. As a regular user with sudo privileges, open a terminal on the host that you installed kubeadm on.

  2. Initialize the master using the following command.

    sudo kubeadm init --pod-network-cidr=

    Note: If is already in use within your network you must select a different pod network CIDR, replacing in the above command as well as in any manifests applied below. {: .alert .alert-info}

  3. Execute the following commands to configure kubectl (also returned by kubeadm init).

    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config
  4. Install {{site.prodname}} with the following command.

    kubectl apply -f {{site.url}}/{{page.version}}/manifests/calico.yaml

    Note: You can also view the YAML in a new tab{:target="_blank"}. {: .alert .alert-info}

    You should see the following output.

    configmap "calico-config" created "" created "" created "" created "" created "" created "" created "" created "" created "" created "" created "" created "" created "" created "calico-kube-controllers" created "calico-kube-controllers" created "calico-node" created "calico-node" created
    daemonset.extensions "calico-node" created
    serviceaccount "calico-node" created
    deployment.extensions "calico-kube-controllers" created
    serviceaccount "calico-kube-controllers" created

    {: .no-select-button}

  5. Confirm that all of the pods are running with the following command.

    watch kubectl get pods --all-namespaces

    Wait until each pod has the STATUS of Running.

    NAMESPACE    NAME                                       READY  STATUS   RESTARTS  AGE
    kube-system  calico-kube-controllers-6ff88bf6d4-tgtzb   1/1    Running  0         2m45s
    kube-system  {{site.noderunning}}-24h85                          1/1    Running  0         2m43s
    kube-system  coredns-846jhw23g9-9af73                   1/1    Running  0         4m5s
    kube-system  coredns-846jhw23g9-hmswk                   1/1    Running  0         4m5s
    kube-system  etcd-jbaker-1                              1/1    Running  0         6m22s
    kube-system  kube-apiserver-jbaker-1                    1/1    Running  0         6m12s
    kube-system  kube-controller-manager-jbaker-1           1/1    Running  0         6m16s
    kube-system  kube-proxy-8fzp2                           1/1    Running  0         5m16s
    kube-system  kube-scheduler-jbaker-1                    1/1    Running  0         5m41s

    {: .no-select-button}

  6. Press CTRL+C to exit watch.

  7. Remove the taints on the master so that you can schedule pods on it.

    kubectl taint nodes --all

    It should return the following.

    node/<your-hostname> untainted

    {: .no-select-button}

  8. Confirm that you now have a node in your cluster with the following command.

    kubectl get nodes -o wide

    It should return something like the following.

    <your-hostname>   Ready    master   52m   v1.12.2   <none>        Ubuntu 18.04.1 LTS   4.15.0-1023-gcp   docker://18.6.1

    {: .no-select-button}

Congratulations! You now have a single-host Kubernetes cluster equipped with {{site.prodname}}.

Next steps

Secure a simple application using the Kubernetes NetworkPolicy API

Control ingress and egress traffic using the Kubernetes NetworkPolicy API

Create a user interface that shows blocked and allowed connections in real time

Install and configure calicoctl

You can’t perform that action at this time.