Calico Components Overview and Their Roles in Kubernetes

Calico provides a set of components that enable networking and network policy for Kubernetes clusters.

Core components:

Calico API server – allows management of Calico resources via kubectl.

Felix – runs on every node, programs interfaces, routes, ACLs and reports status to the datastore.

BIRD – receives routes from Felix and distributes them to BGP peers for inter‑node routing.

confd – watches the Calico datastore for BGP and global configuration changes and generates BIRD configuration.

Dikastes – optional Envoy sidecar that enforces network policies for Istio service mesh.

CNI plugin – installed on each node to provide Calico networking to pods.

Datastore plugin – abstracts the backend store (Kubernetes API datastore or etcd).

IPAM plugin – allocates IP addresses from Calico IP pools to pods.

kube‑controllers – monitor the Kubernetes API and enforce policies, namespaces, service accounts, workload endpoints and nodes.

Typha – aggregates datastore updates to reduce load on the datastore in large clusters.

calicoctl – command‑line tool for creating, reading, updating and deleting Calico objects.

Calico also provides plugins for cloud orchestrators that translate orchestrator APIs into the Calico data model.

Datastore options include the native Kubernetes API datastore (kdd) for simpler management and etcd for high‑availability, multi‑cluster deployments.

A “policy‑only” mode can be enabled by setting CALICO_NETWORKING_BACKEND=none , allowing Felix to run without BIRD and confd.