System requirements

Node requirements

  • AMD64 processor

  • Linux kernel 3.10 or later with required dependencies. The following distributions have the required kernel, its dependencies, and are known to work well with Calico and OpenShift.

    • RedHat Linux 7
    • CentOS 7

Key/value store

Calico v3.4 requires a key/value store accessible by all Calico components. On OpenShift, Calico can share an etcdv3 cluster with OpenShift, or you can set up an etcdv3 cluster dedicated to Calico.

Network requirements

Ensure that your hosts and firewalls allow the necessary traffic based on your configuration.

Configuration Host(s) Connection type Port/protocol
Calico networking (BGP) All Bidirectional TCP 179
Calico networking with IP-in-IP enabled (default) All Bidirectional IP-in-IP, often represented by its protocol number 4
All etcd hosts Incoming Officially TCP 2379 but can vary
All kube-apiserver host Incoming Often TCP 443 or 8443*

* The value passed to kube-apiserver using the --secure-port flag. If you cannot locate this, check the targetPort value returned by kubectl get svc kubernetes -o yaml.

Privileges

Ensure that Calico has the CAP_SYS_ADMIN privilege.

The simplest way to provide the necessary privilege is to run Calico as root or in a privileged container.

OpenShift requirements

Calico v3.4 supports:

  • OpenShift Origin 3.6 and 3.7
  • OpenShift Container Platform 3.6 and 3.7

Refer to the OpenShift documentation for additional requirements.

Kernel dependencies

Tip: If you are using one of the recommended distributions, you will already satisfy these.

  • nf_conntrack_netlink subsystem
  • ip_tables (for IPv4)
  • ip6_tables (for IPv6)
  • ip_set
  • xt_set
  • ipt_set
  • ipt_rpfilter
  • ipt_REJECT
  • ipip (if using Calico networking)