Clarify: No need for calico for network policies (#1081)

Co-authored-by: Thorsten Klein <tk@thklein.io>
2 years ago · 90c19610ba
parent 7e4b1124c8
commit 90c19610ba
1 changed files with 5 additions and 2 deletions
--- a/docs/usage/advanced/calico.md
+++ b/docs/usage/advanced/calico.md
@ -1,6 +1,8 @@
 # Use Calico instead of Flannel

-If you want to use NetworkPolicy you can use Calico in k3s instead of Flannel.
+!!! info "Network Policies"
+    k3s comes with a controller that enforces network policies by default. You do not need to switch to Calico for network policies to be enforced. See <https://github.com/k3s-io/k3s/issues/1308> for more information.  
+    The docs below assume you want to switch to Calico's policy engine, thus setting `--disable-network-policy`.

 ## 1. Download and modify the Calico descriptor

@ -20,7 +22,7 @@ Or you can directly use this [calico.yaml](calico.yaml) manifest

 On the k3s cluster creation :

- add the flag `--flannel-backend=none`. For this, on k3d you need to forward this flag to k3s with the option `--k3s-arg`.
+- add the flags `--flannel-backend=none` and `--disable-network-policy`. For this, on k3d you need to forward this flag to k3s with the option `--k3s-arg`.
 - mount (`--volume`) the calico descriptor in the auto deploy manifest directory of k3s `/var/lib/rancher/k3s/server/manifests/`

 So the command of the cluster creation is (when you are at root of the k3d repository)
@ -28,6 +30,7 @@ So the command of the cluster creation is (when you are at root of the k3d repos
 ```bash
 k3d cluster create "${clustername}" \
  --k3s-arg '--flannel-backend=none@server:*' \
+  --k3s-arg '--disable-network-policy' \
  --volume "$(pwd)/docs/usage/guides/calico.yaml:/var/lib/rancher/k3s/server/manifests/calico.yaml"
 ```