> ## Documentation Index > Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt > Use this file to discover all available pages before exploring further. # Deploy Calico CNI > In this guide you will learn how to set up Calico CNI on Talos in two modes: eBPF and NFTables. export const k8s_release = '1.36.0'; This documentation is designed to get you up and running with Talos and Calico CNI. Since both Calico and Talos support multiple networking technologies, you will learn how to run your environment with both the [Calico eBPF dataplane](https://docs.tigera.io/calico/latest/operations/ebpf/enabling-ebpf) and [NFTables](https://docs.tigera.io/calico/latest/getting-started/kubernetes/nftables). Optionally, you can also enable Calico's network [observability stack](https://docs.tigera.io/calico/latest/observability/) to gain insights into your cluster networking and policy behavior. ## Configuring Talos To install Calico, you first need to disable the default CNI. This can be done by applying a patch file during cluster creation. ```bash theme={null} cat < patch.yaml cluster: network: cni: name: none EOF ``` After generating the patch file add the `--config-patch` argument to your `talosctl gen config`. ```bash theme={null} talosctl gen config \ my-cluster https://calico-talos.local:6443 \ --config-patch @patch.yaml ``` ### Installation using Omni If you are using [Omni](https://www.siderolabs.com/platform/saas-for-kubernetes/), you can deploy Calico using the [manifest sync](../../omni/cluster-management/sync-kubernetes-manifests) feature in a cluster template. **Step 1.** Download the Tigera operator manifest: ```bash theme={null} curl -Lo tigera-operator.yaml https://raw.githubusercontent.com/projectcalico/calico/v3.31.4/manifests/tigera-operator.yaml ``` **Step 2.** Create an `installation.yaml` file with your desired Calico configuration. Choose the dataplane that fits your use case: ```bash theme={null} cat < installation.yaml apiVersion: operator.tigera.io/v1 kind: Installation metadata: name: default spec: calicoNetwork: bgp: Disabled linuxDataplane: Nftables ipPools: - name: default-ipv4-ippool blockSize: 26 cidr: 10.244.0.0/16 encapsulation: VXLAN natOutgoing: Enabled nodeSelector: all() kubeletVolumePluginPath: None --- apiVersion: operator.tigera.io/v1 kind: APIServer metadata: name: default EOF ``` ```bash theme={null} cat < installation.yaml apiVersion: crd.projectcalico.org/v1 kind: FelixConfiguration metadata: name: default spec: cgroupV2Path: "/sys/fs/cgroup" --- apiVersion: operator.tigera.io/v1 kind: Installation metadata: name: default spec: calicoNetwork: bgp: Disabled linuxDataplane: BPF bpfNetworkBootstrap: Enabled kubeProxyManagement: Enabled ipPools: - name: default-ipv4-ippool blockSize: 26 cidr: 10.244.0.0/16 encapsulation: VXLAN natOutgoing: Enabled nodeSelector: all() kubeletVolumePluginPath: None --- apiVersion: operator.tigera.io/v1 kind: APIServer metadata: name: default EOF ``` **Step 3.** Reference both manifests in your Omni cluster template: {`kind: Cluster\nname: my-cluster\nkubernetes:\n version: ${k8s_release}\n manifests:\n - name: tigera-operator\n file: tigera-operator.yaml\n mode: one-time\n - name: calico-installation\n file: installation.yaml\n mode: one-time\npatches:\n - name: disable-default-cni\n inline:\n cluster:\n network:\n cni:\n name: none\n...\n# Include machines for template`} **Step 4.** Apply the cluster template: ```bash theme={null} omnictl cluster template sync --file cluster-template.yaml ``` Omni will wait until the Kubernetes API is available and the cluster is healthy before applying the manifests. See [Sync Kubernetes Manifests](../../omni/cluster-management/sync-kubernetes-manifests) for more details on manifest sync modes and status monitoring. ## Installing Tigera operator Recommended way to install Calico is via `Tigera-operator` manifest. The operator will make sure that all Calico components are always up and running. > **Note:** If you’d like to install Calico using Helm, check out the [Install using Helm documentation](https://docs.tigera.io/calico/latest/getting-started/kubernetes/helm). **Step 1.** Install the latest Tigera operator. ```bash theme={null} kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.31.4/manifests/tigera-operator.yaml ``` ### Step 2. Configure Calico networking Calico has a pluggable dataplane architecture that lets you choose the networking technology based on your use case. You can configure the dataplane by setting the `linuxDataplane` key in the installation manifest. > **Note**: To learn more about the available Calico configurations, check out the [Installation reference documentation](https://docs.tigera.io/calico/latest/reference/installation/api). Use the following command to run Calico with NFTables backend. ```bash theme={null} kubectl create -f -< By default, Calico uses the `/var` directory to mount cgroups. However, since this path is not writable in Talos Linux, you need to change it to `/sys/fs/cgroup`. Use the following command to update the cgroup mount path: ```bash theme={null} kubectl create -f -< ## Deploy Calico Whisker network observability stack Use the following command to enable Calico observability stack: ```bash theme={null} kubectl create -f -<