website/docs/tasks/administer-cluster/calico-network-policy.md

---
approvers:
- caseydavenport
title: Use Calico for NetworkPolicy
---

{% capture overview %}
This page shows how to use Calico for NetworkPolicy.
{% endcapture %}

{% capture prerequisites %}
* [Install Calico for Kubernetes](https://docs.projectcalico.org/latest/getting-started/kubernetes/installation/).
{% endcapture %}

{% capture steps %}
## Deploying a cluster using Calico

You can deploy a cluster using Calico for network policy in the default [GCE deployment](/docs/getting-started-guides/gce/) using the following set of commands:

```shell
export NETWORK_POLICY_PROVIDER=calico
export KUBE_NODE_OS_DISTRIBUTION=debian
curl -sS https://get.k8s.io | bash
```

See the [Calico documentation](http://docs.projectcalico.org/) for more options to deploy Calico with Kubernetes.
{% endcapture %}

{% capture discussion %}
##  Understanding Calico components

Deploying a cluster with Calico adds Pods that support Kubernetes NetworkPolicy.  These Pods run in the `kube-system` Namespace.

To see this list of Pods run:

```shell
kubectl get pods --namespace=kube-system
```

You'll see a list of Pods similar to this:

```console
NAME                                                 READY     STATUS    RESTARTS   AGE
calico-node-kubernetes-minion-group-jck6             1/1       Running   0          46m
calico-node-kubernetes-minion-group-k9jy             1/1       Running   0          46m
calico-node-kubernetes-minion-group-szgr             1/1       Running   0          46m
calico-policy-controller-65rw1                       1/1       Running   0          46m
...
```

There are two main components to be aware of:

- One `calico-node` Pod runs on each node in your cluster and enforces network policy on the traffic to/from Pods on that machine by configuring iptables.
- The `calico-policy-controller` Pod reads the policy and label information from the Kubernetes API and configures Calico appropriately.
{% endcapture %}

{% capture whatsnext %}
Once your cluster is running, you can follow the [Declare Network Policy](/docs/tasks/administer-cluster/declare-network-policy/) to try out Kubernetes NetworkPolicy.
{% endcapture %}

{% include templates/task.md %}
Move Guide topics: NetworkPolicy. (#3298) 2017-04-10 17:26:28 +00:00			`---`
Rename OWNERS assignees: to approvers: They are effectively the same, assignees is deprecated 2017-08-03 23:22:52 +00:00			`approvers:`
Move Guide topics: NetworkPolicy. (#3298) 2017-04-10 17:26:28 +00:00			`- caseydavenport`
Change Task titles to imperative: Admin. (#4033) 2017-06-08 22:13:29 +00:00			`title: Use Calico for NetworkPolicy`
Move Guide topics: NetworkPolicy. (#3298) 2017-04-10 17:26:28 +00:00			`---`

Docs - Calico NetworkPolicy (#3756) * Add task template for calico-network-policy * Add discussion section 2017-05-14 21:26:41 +00:00			`{% capture overview %}`
			`This page shows how to use Calico for NetworkPolicy.`
			`{% endcapture %}`

			`{% capture prerequisites %}`
Adds link to Calico install instructions (#5423) 2017-09-14 02:46:14 +00:00			`* [Install Calico for Kubernetes](https://docs.projectcalico.org/latest/getting-started/kubernetes/installation/).`
Docs - Calico NetworkPolicy (#3756) * Add task template for calico-network-policy * Add discussion section 2017-05-14 21:26:41 +00:00			`{% endcapture %}`

			`{% capture steps %}`
			`## Deploying a cluster using Calico`

Update links to avoid redirects. (#5627) * Update links to avoid redirects. * Fix double forward slash. 2017-09-26 02:14:20 +00:00			`You can deploy a cluster using Calico for network policy in the default [GCE deployment](/docs/getting-started-guides/gce/) using the following set of commands:`
Move Guide topics: NetworkPolicy. (#3298) 2017-04-10 17:26:28 +00:00
			```shell
			`export NETWORK_POLICY_PROVIDER=calico`
			`export KUBE_NODE_OS_DISTRIBUTION=debian`
			`curl -sS https://get.k8s.io \| bash`
			```

			`See the [Calico documentation](http://docs.projectcalico.org/) for more options to deploy Calico with Kubernetes.`
Docs - Calico NetworkPolicy (#3756) * Add task template for calico-network-policy * Add discussion section 2017-05-14 21:26:41 +00:00			`{% endcapture %}`

			`{% capture discussion %}`
			`## Understanding Calico components`

Changes for move to Netlify (#4464) * disable jekyll-redirect-from gem * add _redirects file * disable 404 redirect script * add 301 redirect to test * retain _redirects file * Convert redirect_from's to _redirect file. (#4409) * Remove redirect_from's. (#4424) * Add 301's to _redirects. (#4427) * add whitespace before 301 * move redirects in /js/redirects/js to _redirects * add disabled option for cn redirect * convert include to array in _config.yml * enable redirects.js script for legacy support 2017-07-28 15:23:11 +00:00			Deploying a cluster with Calico adds Pods that support Kubernetes NetworkPolicy. These Pods run in the `kube-system` Namespace.
Move Guide topics: NetworkPolicy. (#3298) 2017-04-10 17:26:28 +00:00
Docs - Calico NetworkPolicy (#3756) * Add task template for calico-network-policy * Add discussion section 2017-05-14 21:26:41 +00:00			`To see this list of Pods run:`

			```shell
			`kubectl get pods --namespace=kube-system`
			```

			`You'll see a list of Pods similar to this:`
Move Guide topics: NetworkPolicy. (#3298) 2017-04-10 17:26:28 +00:00
			```console
			`NAME READY STATUS RESTARTS AGE`
			`calico-node-kubernetes-minion-group-jck6 1/1 Running 0 46m`
			`calico-node-kubernetes-minion-group-k9jy 1/1 Running 0 46m`
			`calico-node-kubernetes-minion-group-szgr 1/1 Running 0 46m`
			`calico-policy-controller-65rw1 1/1 Running 0 46m`
			`...`
			```

			`There are two main components to be aware of:`

Docs - Calico NetworkPolicy (#3756) * Add task template for calico-network-policy * Add discussion section 2017-05-14 21:26:41 +00:00			- One `calico-node` Pod runs on each node in your cluster and enforces network policy on the traffic to/from Pods on that machine by configuring iptables.
			- The `calico-policy-controller` Pod reads the policy and label information from the Kubernetes API and configures Calico appropriately.
			`{% endcapture %}`
Move Guide topics: NetworkPolicy. (#3298) 2017-04-10 17:26:28 +00:00
Docs - Calico NetworkPolicy (#3756) * Add task template for calico-network-policy * Add discussion section 2017-05-14 21:26:41 +00:00			`{% capture whatsnext %}`
Update network policy link (#5701) * Update network policy link * Direct link to 'Declare Network Policy' page 2017-10-02 15:52:06 +00:00			`Once your cluster is running, you can follow the [Declare Network Policy](/docs/tasks/administer-cluster/declare-network-policy/) to try out Kubernetes NetworkPolicy.`
Docs - Calico NetworkPolicy (#3756) * Add task template for calico-network-policy * Add discussion section 2017-05-14 21:26:41 +00:00			`{% endcapture %}`

			`{% include templates/task.md %}`