kubeadm Hosted Install

This document outlines how to install Calico on a kubeadm cluster. If you have already built your cluster with kubeadm, please review the Requirements / Limitations at the bottom of this page. It is likely you will need to recreate your cluster with the --pod-network-cidr and --service-cidr arguments to kubeadm.


You can easily create a cluster compatible with these manifests by following the official kubeadm guide.

Calico installations require kubeadm initialized clusters to have set a --pod-network-cidr which should match the value set by CALICO_IPV4POOL_CIDR in the manifest:

  value: ""

This value can be changed to any CIDR that does not overlap the cluster’s service CIDR. The manifests are currently setup to use the CIDR so you would initialize the cluster with the following command:

kubeadm init --pod-network-cidr=

etcd datastore

Users who have deployed their own etcd cluster outside of kubeadm should use the Calico only manifest instead, as it does not deploy its own etcd.

To install this Calico and a single node etcd on a run the following command:

Note: The following manifest requires Kubernetes 1.6.0 or later.

kubectl apply -f https://docs.projectcalico.org/master/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml

Click here to view the above yaml directly.

Kubernetes datastore

To install Calico configured to use the Kubernetes API as its sole data source, run the following commands:

Note: The following manifests require Kubernetes 1.7.0 or later.

kubectl apply -f https://docs.projectcalico.org/master/getting-started/kubernetes/installation/hosted/rbac-kdd.yaml
kubectl apply -f https://docs.projectcalico.org/master/getting-started/kubernetes/installation/hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml

Click here to view the above RBAC yaml directly.

Click here to view the above Calico yaml directly.

Using calicoctl in a kubeadm cluster

The simplest way to use calicoctl in kubeadm is by running it as a pod. See using calicoctl with Kubernetes for more information.

Requirements / Limitations

  • This install assumes no other pod network configurations have been installed in /etc/cni/net.d (or equivilent directory).
  • The CIDR(s) specified with the kubeadm flag --cluster-cidr (pre 1.6) or --pod-network-cidr (1.6+) must match the Calico IP Pools to have Network Policy function correctly. The default is
  • The CIDR specified with the kubeadm flag --service-cidr should not overlap with the Calico IP Pool.
    • The default CIDR for --service-cidr is
    • The calico.yaml(s) linked sets the Calico IP Pool to