A host endpoint resource (HostEndpoint) in Calico represents one or more real or virtual interfaces attached to a host that is running Calico. It enforces Calico policy on the traffic that is entering or leaving the host’s default network namespace through those interfaces.
This component makes sure new nodes get Calico HostEndpoint objects when they're created and those objects get removed when nodes they refer to are deleted.
This is relevant for Lokomotive clusters in bare-metal or Packet because there are no external security primitives and nodes must rely on HostEndpoint objects to be secured.
-
A Lokomotive cluster accessible via
kubectldeployed on Packet. -
Calico as the CNI plugin.
This component does not require any specific configuration.
An empty configuration block is also accepted as valid configuration.
Calico HostEndpoint controller component configuration example:
component "calico-hostendpoint-controller" {}This component does not accept any arguments in its configuration.
To apply the Calico HostEndpoint controller component:
lokoctl component apply calico-hostendpoint-controllerThis component is installed in the kube-system namespace.
To destroy the component:
lokoctl component render-manifest calico-hostendpoint-controller | kubectl delete -f -