Deploying Calico on Azure

Calico in Microsoft Azure is supported in policy-only mode. Calico IPAM needs to be configured in host-local mode and used in conjunction with Kubernetes pod CIDR assignments. Additional option would be to use Canal - Calico with flannel networking.

Routing Traffic

Azure user-defined routes (Azure UDR)

Azure user-defined routes is the only available option for traffic routing without overlay networking. To use Azure routing you must create Azure route table and associatе it with VMs subnet.

Flannel networking

Refer to the following Kubernetes self-hosted install guide in the Canal project for details on installing Calico with flannel.

Enabling IP forwarding (only for Azure UDR)

To allow pod traffic make sure VM network interfaces have IP forwarding enabled in Azure.

Enabling Kubernetes pod CIDR assignment (only for Azure UDR)

To enable automatic pod CIDR assignment make sure Kubernetes controller manager has allocate-node-cidrs set to true and a proper subnet in the cluster-cidr parameter. Make sure that the selected pod’s subnet is a part of your Azure virtual network IP range. You also must have Kubernetes Azure cloud provider configured with your routing table name in configuration file.

Why doesn’t Azure support Calico networking?

Azure does not allow BGP, IPIP traffic, and traffic with unknown source IPs.