Will you be at KubeCon this year? Join us for CalicoCon 2019!

Deploying Calico on GCE

To deploy Calico in Google Compute Engine, you must ensure that traffic between containers on different hosts is not dropped by the GCE fabric. There are a few different options for doing this depending on your deployment.

IP-in-IP encapsulation

Container traffic routing can be enabled by setting IP-in-IP encapsulation and NAT outgoing on the configured Calico IP pools.

See the IP pool configuration reference for information on how to configure Calico IP pools.

GCE cloud routes

Traffic routing in GCE can be achieved by utilizing GCE cloud routes and running Calico in policy-only mode. Kubernetes GCE cloud provider integration simplifies route configuration by enabling Kubernetes to handle creating routes.

Enabling Workload-to-WAN Traffic

To allow Calico networked containers to reach resources outside of GCE, you must configure outgoing NAT on your Calico IP pool.

GCE will perform outbound NAT on any traffic which has the source address of a virtual machine instance. By enabling outgoing NAT on your Calico IP pool, Calico will NAT any outbound traffic from the containers hosted on the virtual machine instances.