New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using Calico with Azure #949

Closed
ghost opened this Issue Apr 27, 2016 · 9 comments

Comments

Projects
None yet
10 participants
@ghost
Copy link

ghost commented Apr 27, 2016

Will it be possible use Calico for building Kubernetes in Azure? I have not found any documentation on this. Under what circumstances, do we need to use --ipip mode? Does Azure need that?

Thanks.

@robbrockbank

This comment has been minimized.

Copy link
Member

robbrockbank commented Apr 27, 2016

Hi @codefx9,

Azure don't support IPIP so it's not currently possible to use Calico on Azure. However, we are working with the Azure team on a solution for this. Keep an eye on this issue, and we'll update it with any developments.

@evan2645

This comment has been minimized.

Copy link

evan2645 commented Aug 11, 2016

@robbrockbank any idea if the proposed solution will enable native non-IPIP operation on Azure, similar to an AWS VPC with instance Source/Dest checks disabled?

@matthewdupre

This comment has been minimized.

Copy link
Member

matthewdupre commented Sep 16, 2016

For the time being people may want to use Calico policy with some other network (e.g. Flannel => Canal).

Assigning this to @lxpollitt because I think he might be more in touch with any Azure discussions.

@josephjacks

This comment has been minimized.

Copy link

josephjacks commented Nov 28, 2016

Hi @robbrockbank - any new developments? We are seeing customers looking to use Calico on Azure.

@brendandburns

This comment has been minimized.

Copy link

brendandburns commented Feb 3, 2017

Update, there are templates here:

Azure/acs-engine#151

@ghost ghost closed this Feb 19, 2017

@frankgreco

This comment has been minimized.

Copy link

frankgreco commented May 12, 2017

Could I get an explanation as to why this issue was closed? Was a native networking solution being implemented that didn't force you down the asc-engine path

@ozdanborne

This comment has been minimized.

Copy link
Member

ozdanborne commented May 23, 2017

This is the top search result when googling "Calico azure". We should do a better job of explaining current azure support here.

@ozdanborne ozdanborne reopened this May 23, 2017

@caseydavenport

This comment has been minimized.

Copy link
Member

caseydavenport commented May 23, 2017

@ozdanborne sounds like we might need a doc like this one but for Azure.

@caseydavenport

This comment has been minimized.

Copy link
Member

caseydavenport commented May 28, 2017

I think the status of this is:

  • You can use Calico on Azure in policy-only mode for enforcing policy on top of Azure networking.
  • Calico is integrated into acs-engine today.
  • Calico BGP / IP-in-IP networking is not supported (or needed) in Azure.
  • We're missing some documentation, which is covered here: projectcalico/calico#220

@r7vme r7vme referenced this issue Nov 23, 2017

Merged

Adds Azure public cloud reference doc #1403

1 of 1 task complete

cruwe added a commit to cruwe/kubespray that referenced this issue May 14, 2018

enable usage of Calico network policies on MS Azure
It is possible to use Calico on MS Azure provided that routes are not
propagated via BGP, but are added to MS Azure "Native" route tables.

Relevant documentation regrettably is
somewhat scattered, please cf.
- projectcalico/calicoctl#949 closing remarks,
- https://docs.projectcalico.org/v3.1/reference/public-cloud/azure and
- Azure/acs-engine#151, which describes how to
  use calico in differently built clusters.

In essence, it is necessary to
- make the controller manager assign each node a pod-subnet and
  provision routes to the pod-subnets via the Azure API,
- make calico take IPs for pods from that pod-subnet and
- prevent calico from using bird, which restricts calico to a
  "policy-only" mode.

This pull request solves _some_ issues mentioned in the discussion of
PR kubernetes-sigs#2286.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment