diff --git a/Kubernetes/KubernetesCluster/package/Classes/KubernetesCluster.yaml b/Kubernetes/KubernetesCluster/package/Classes/KubernetesCluster.yaml
index 6324c33..5548573 100644
--- a/Kubernetes/KubernetesCluster/package/Classes/KubernetesCluster.yaml
+++ b/Kubernetes/KubernetesCluster/package/Classes/KubernetesCluster.yaml
@@ -95,18 +95,6 @@ Methods:
                 FromPort: 7001
                 IpProtocol: tcp
                 External: false
-              - ToPort: 2379
-                FromPort: 2379
-                IpProtocol: tcp
-                External: false
-              - ToPort: 179
-                FromPort: 179
-                IpProtocol: tcp
-                External: false
-              - ToPort: 179
-                FromPort: 179
-                IpProtocol: udp
-                External: false
               - ToPort: 10250
                 FromPort: 10250
                 IpProtocol: tcp
diff --git a/Kubernetes/KubernetesCluster/package/Classes/KubernetesGatewayNode.yaml b/Kubernetes/KubernetesCluster/package/Classes/KubernetesGatewayNode.yaml
index bee2706..cbf987a 100644
--- a/Kubernetes/KubernetesCluster/package/Classes/KubernetesGatewayNode.yaml
+++ b/Kubernetes/KubernetesCluster/package/Classes/KubernetesGatewayNode.yaml
@@ -61,6 +61,7 @@ Methods:
       - $resources: new(sys:Resources)
       - $template: $resources.yaml('SetupCalicoNode.template').bind(dict(ip => $.getIp()))
       - $.instance.agent.call($template, $resources)
+      - $._enableCalicoTraffic()
 
 
   setupFlannel:
@@ -85,6 +86,7 @@ Methods:
                 $this, 'Gateway {0} is now available at {1}'.format($.instance.name, $.getIp(true)))
           - $.setAttr(nodeConfigured, true)
 
+
   removeFromCluster:
     Body:
       - If: $.getAttr(nodeConfigured, false)
diff --git a/Kubernetes/KubernetesCluster/package/Classes/KubernetesMasterNode.yaml b/Kubernetes/KubernetesCluster/package/Classes/KubernetesMasterNode.yaml
index 5240b6d..c4e3cf6 100644
--- a/Kubernetes/KubernetesCluster/package/Classes/KubernetesMasterNode.yaml
+++ b/Kubernetes/KubernetesCluster/package/Classes/KubernetesMasterNode.yaml
@@ -55,6 +55,7 @@ Methods:
       - $resources: new(sys:Resources)
       - $template: $resources.yaml('SetupCalicoMaster.template').bind(dict(ip => $.getIp()))
       - $.instance.agent.call($template, $resources)
+      - $._enableCalicoTraffic()
 
 
   setupFlannel:
@@ -82,6 +83,7 @@ Methods:
           - $ip: coalesce($.instance.floatingIpAddress, $.getIp())
           - $._environment.reporter.report($this, $msg.format($ip))
 
+
   isAvailable:
     Body:
       Return: $.instance.isDeployed()
diff --git a/Kubernetes/KubernetesCluster/package/Classes/KubernetesMinionNode.yaml b/Kubernetes/KubernetesCluster/package/Classes/KubernetesMinionNode.yaml
index e086708..361b27b 100644
--- a/Kubernetes/KubernetesCluster/package/Classes/KubernetesMinionNode.yaml
+++ b/Kubernetes/KubernetesCluster/package/Classes/KubernetesMinionNode.yaml
@@ -69,6 +69,7 @@ Methods:
       - $resources: new(sys:Resources)
       - $template: $resources.yaml('SetupCalicoNode.template').bind(dict(ip => $.getIp()))
       - $.instance.agent.call($template, $resources)
+      - $._enableCalicoTraffic()
 
 
   setupFlannel:
diff --git a/Kubernetes/KubernetesCluster/package/Classes/KubernetesNode.yaml b/Kubernetes/KubernetesCluster/package/Classes/KubernetesNode.yaml
index f815cf0..51a1cc6 100644
--- a/Kubernetes/KubernetesCluster/package/Classes/KubernetesNode.yaml
+++ b/Kubernetes/KubernetesCluster/package/Classes/KubernetesNode.yaml
@@ -49,3 +49,48 @@ Methods:
   setupEtcd:
   setupNode:
   removeFromCluster:
+
+
+  # TODO(ddovbii): To enable traffic for Calico the SharedIp class
+  # from murano.io probably can be used. In future we need to
+  # investigate functionallity of this class and apply it instead
+  # of this workaround if it is possible
+  _enableCalicoTraffic:
+    Arguments:
+      - address:
+          Contract: $.string().notNull()
+          Default: '192.168.0.0/16'
+    Body:
+      - $environment: $.find(std:Environment)
+      - $securityGroupIngress:
+          - ToPort: 2379
+            FromPort: 2379
+            IpProtocol: tcp
+            External: false
+          - ToPort: 179
+            FromPort: 179
+            IpProtocol: tcp
+            External: false
+          - ToPort: 179
+            FromPort: 179
+            IpProtocol: udp
+            External: false
+      - $environment.securityGroupManager.addGroupIngress($securityGroupIngress)
+      - $stack: $environment.stack.current()
+
+      - $portName: $stack.resources.get($this.instance.name).properties.networks[0].port.get_resource
+
+      - $template:
+          resources:
+            $portName:
+              properties:
+                allowed_address_pairs:
+                  - ip_address: $address
+
+      - $stack: $stack.mergeWith($template)
+
+      - $fiRecord:
+          ip_address: $this.instance.ipAddresses[0]
+
+      - $stack.resources[$portName].properties.fixed_ips[0]: $stack.resources[$portName].properties.fixed_ips[0] + $fiRecord
+      - $environment.stack.setTemplate($stack)