- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
i’ve been mucking about with calico on my #homelab #kubernetes cluster, and it took me far far too long to visit the whisker console: https://docs.tigera.io/calico/latest/observability/view-flow-logs
this is unbelievably helpful for debugging firewall rules
i’m very tempted to switch to calico on my non-k8s systems now (e.g. Linux gaming PC), so i can be back to only having 1 firewall abstraction in my brain
You must log in or register to comment.
I’ve just spent 16 hours setting my first cluster and I hate calico so much. Easy to setup, hard to keep it running.
yeah, when I say “far far too long” I think I’m on roughly the same window of time there 🫂 that said, still manage my nftables firewall on my other systems with
firewalldand those concepts of zones has never really clicked in my braini did try cilium first, but it currently doesn’t work on Raspberry Pi 4B nodes: https://github.com/cilium/proxy/issues/1027
and now that my understanding of calico has improved, i appreciate that it works outside of Kubernetes, too
So its like Ntop for Kubernetes? Is it better than Ntop?
thanks, i hadn’t actually heard of ntop / ntopng before!
i believe ntopng works everywhere independent of whether calico is installed or not (and even calico is a Kubernetes-compatible and Kubernetes-optional system, just like ntopng)
but, calico whisker displays networking information made available by the rest of calico, so it’s able to give you a live display of when a firewall rule managed by calico is allowing or blocking traffic
i think this particular feature is absent from ntopng, but i could be wrong
