how to install policy-only calico with an existing cni-less flannel on kubernetes?

[clouduol]

I have a kubernetes cluster. It uses flannel to provide network functionalities. And it closes cni network plugin.

However, flannel doesn't support kubernetes network policy, which I will test. What I want is to reserve existing network configuration, and install calico with policy-only mode.

Canal is a project that combines flannel and calico. But it regards flannel and calico both as cni plugins.

I changed canal_etcd_tls.yaml to just install policy-only calico. Unfortunately, it didn't work well. Here is my changed cni network configuration:

{   
  "name": "calico",
  "cniVersion": "0.3.0",
  "plugins": [
    {   
      "type": "calico",
      "etcd_endpoints": "__ETCD_ENDPOINTS__",
      "etcd_key_file": "__ETCD_KEY_FILE__",
      "etcd_cert_file": "__ETCD_CERT_FILE__",
      "etcd_ca_cert_file": "__ETCD_CA_CERT_FILE__",
      "log_level": "info",
      "policy": {
          "type": "k8s",
          "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
          "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
      },  
      "kubernetes": {
          "kubeconfig": "/etc/cni/net.d/__KUBECONFIG_FILENAME__"
      }   
    }   
  ]   
} 

So, is there a method to install policy-only calico as a cni plugin, and keep existing cni-less flannel working?

It is not convenient to change existing flannel network, will canal add a function to meet this requirement?

[caseydavenport]

@learnMachining it's not currently supported to add Calico to a pre-exising flannel installation. It's a lot of work because flannel connects pods to a bridge by default whereas Calico uses ptp veths.

It's possible to install Calico as a DaemonSet and keep flannel running on the host, but you will need to use the flannel CNI plugin to delegate to the Calico one, and you'll need to re-deploy all of the workloads on your host.

[clouduol]

@caseydavenport Thank you for explanation, I will try to install the whole Canal.