From 90c19610ba877141bc642894d5b43db66f0d3ecf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stian=20L=C3=A5gstad?= Date: Tue, 7 Jun 2022 20:10:16 +0200 Subject: [PATCH] Clarify: No need for calico for network policies (#1081) Co-authored-by: Thorsten Klein --- docs/usage/advanced/calico.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/usage/advanced/calico.md b/docs/usage/advanced/calico.md index ddb1b5a4..2e276dc5 100644 --- a/docs/usage/advanced/calico.md +++ b/docs/usage/advanced/calico.md @@ -1,6 +1,8 @@ # Use Calico instead of Flannel -If you want to use NetworkPolicy you can use Calico in k3s instead of Flannel. +!!! info "Network Policies" + k3s comes with a controller that enforces network policies by default. You do not need to switch to Calico for network policies to be enforced. See for more information. + The docs below assume you want to switch to Calico's policy engine, thus setting `--disable-network-policy`. ## 1. Download and modify the Calico descriptor @@ -20,7 +22,7 @@ Or you can directly use this [calico.yaml](calico.yaml) manifest On the k3s cluster creation : -- add the flag `--flannel-backend=none`. For this, on k3d you need to forward this flag to k3s with the option `--k3s-arg`. +- add the flags `--flannel-backend=none` and `--disable-network-policy`. For this, on k3d you need to forward this flag to k3s with the option `--k3s-arg`. - mount (`--volume`) the calico descriptor in the auto deploy manifest directory of k3s `/var/lib/rancher/k3s/server/manifests/` So the command of the cluster creation is (when you are at root of the k3d repository) @@ -28,6 +30,7 @@ So the command of the cluster creation is (when you are at root of the k3d repos ```bash k3d cluster create "${clustername}" \ --k3s-arg '--flannel-backend=none@server:*' \ + --k3s-arg '--disable-network-policy' \ --volume "$(pwd)/docs/usage/guides/calico.yaml:/var/lib/rancher/k3s/server/manifests/calico.yaml" ```