Quickstart for Calico on Kubernetes


This quickstart gets you a single-host Kubernetes cluster with Calico in approximately 15 minutes. You can use this cluster for testing and development.

To deploy a cluster suitable for production, refer to Installation.


  • AMD64 processor
  • 2CPU
  • 2GB RAM
  • 10GB free disk space
  • RedHat Enterprise Linux 7.x+, CentOS 7.x+, Ubuntu 16.04+, or Debian 8.x+

Before you begin

Follow the Kubernetes instructions to install kubeadm.

Note: After installing kubeadm, do not power down or restart the host. Instead, continue directly to the next section to create your cluster.

Create a single-host Kubernetes cluster

  1. As a regular user with sudo privileges, open a terminal on the host that you installed kubeadm on.

  2. Initialize the master using the following command.

    sudo kubeadm init --pod-network-cidr=
  3. Execute the following commands to configure kubectl (also returned by kubeadm init).

    mkdir -p $HOME/.kube
    sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    sudo chown $(id -u):$(id -g) $HOME/.kube/config
  4. Install Calico and a single node etcd with the following command.

    kubectl apply -f \

    Note: You can also view the YAML in a new tab.

    You should see the following output.

    configmap "calico-config" created
    daemonset "calico-etcd" created
    service "calico-etcd" created
    daemonset "calico-node" created
    deployment "calico-kube-controllers" created
    clusterrolebinding "calico-cni-plugin" created
    clusterrole "calico-cni-plugin" created
    serviceaccount "calico-cni-plugin" created
    clusterrolebinding "calico-kube-controllers" created
    clusterrole "calico-kube-controllers" created
    serviceaccount "calico-kube-controllers" created
  5. Confirm that all of the pods are running with the following command.

    watch kubectl get pods --all-namespaces

    Wait until each pod has the STATUS of Running.

    NAMESPACE    NAME                                       READY  STATUS   RESTARTS  AGE
    kube-system  calico-etcd-x2482                          1/1    Running  0         2m
    kube-system  calico-kube-controllers-6ff88bf6d4-tgtzb   1/1    Running  0         2m
    kube-system  calico-node-24h85                          2/2    Running  0         2m
    kube-system  etcd-jbaker-virtualbox                     1/1    Running  0         6m
    kube-system  kube-apiserver-jbaker-virtualbox           1/1    Running  0         6m
    kube-system  kube-controller-manager-jbaker-virtualbox  1/1    Running  0         6m
    kube-system  kube-dns-545bc4bfd4-67qqp                  3/3    Running  0         5m
    kube-system  kube-proxy-8fzp2                           1/1    Running  0         5m
    kube-system  kube-scheduler-jbaker-virtualbox           1/1    Running  0         5m
  6. Press CTRL+C to exit watch.

  7. Remove the taints on the master so that you can schedule pods on it.

    kubectl taint nodes --all node-role.kubernetes.io/master-

    It should return the following.

    node "<your-hostname>" untainted
  8. Confirm that you now have a node in your cluster with the following command.

    kubectl get nodes -o wide

    It should return something like the following.

    <your-hostname>  Ready   master  1h   v1.8.x   <none>       Ubuntu 16.04.3 LTS  4.10.0-28-generic  docker://1.12.6

Congratulations! You now have a single-host Kubernetes cluster equipped with Calico.

Next steps

Secure a simple application using the Kubernetes NetworkPolicy API

Control ingress and egress traffic using the Kubernetes NetworkPolicy API

Create a user interface that shows blocked and allowed connections in real time

Install and configure calicoctl