Migration from Calico to Cilium guide.

🏢 Preparation: Pod CIDR

The first step is to select a new CIDR for pods. It must be distinct from all other CIDRs in use.

Let's check the CIDR used by Calico:

shell

copyrun

kubectl get installations.operator.tigera.io default\\
-ojsonpath='{.spec.calicoNetwork.ipPools[*].cidr}{"\\n"}'

Calico is using its default CIDR, which is 192.168.0.0/16. In order to avoid conflicts, we will use 10.244.0.0/16 —which is the usual default on Kind— as the pod CIDR for Cilium.

root@server:~# kubectl get installations.operator.tigera.io default \ -o jsonpath='{.spec.calicoNetwork.ipPools[*].cidr}{"\n"}' 192.168.0.0/16

💼 Preparation: Encapsulation Protocol

The second step is to select a different encapsulation protocol (Geneve instead of VXLAN for example) or a distinct encapsulation port.

Check which encapsulation protocol Calico is using:

shell

copyrun

kubectl get installations.operator.tigera.io default\\
-ojsonpath='{.spec.calicoNetwork.ipPools[*].encapsulation}{"\\n"}'

Calico is using VXLANCrossSubnet. In order to avoid clashing with Calico's VXLAN port, we need to use VXLAN with a non-default port. Since the standard port is 8472, let's use 8473 instead.

kubectl get installations.operator.tigera.io default \ -o jsonpath='{.spec.calicoNetwork.ipPools[*].encapsulation}{"\n"}' VXLANCrossSubnet

⬢ Cilium Values for Migration

We have pre-created a Cilium Helm configuration file values-migration.yaml based on the details above: