Reference
APIs, CLI, architecture and design, and FAQ.
API and installation references
Tigera API
Learn about the Tigera API and how to use it.
Installation reference
Installation API reference
Helm installation reference
Helm installation reference
REST API Reference
REST API reference
TigeraStatus
Descriptions of Tigera Status fields
calicoctl reference
calicoctl user reference
The command line interface tool (CLI) to manage Calico Enterprise network and security policy.
calicoctl apply
Command to apply a policy.
calicoctl captured-packets
Command to access capture files generated by a PacketCapture.
calicoctl cluster
Commands for calicoctl cluster.
calicoctl cluster diags
Command to get diagnostics from a Calico cluster.
calicoctl convert
Command to convert contents of policy.yaml to v3 policy.
calicoctl create
Command to create a policy.
calicoctl delete
Command to delete a policy.
calicoctl get
Command to list policies in the default output format.
calicoctl ipam
Commands for calicoctl IP address management (IPAM).
calicoctl ipam check
Command to check IPAM status
calicoctl ipam release
Command to release an IP address from Calico Enterprise IP management.
calicoctl ipam show
Command to see if IP address is being used.
calicoctl ipam configure
Command to change IPAM configuration.
calicoctl ipam split
Command and options for splitting an existing IP pool
calicoctl datastore
Commands for calicoctl datastore
calicoctl datastore migrate
Commands for calicoctl datastore migrate.
calicoctl datastore migrate lock
Command and options for locking a datastore for migration.
calicoctl datastore migrate unlock
Command and options for unlocking a datastore after migration.
calicoctl label
Command to change labels for workload endpoints or nodes.
calicoctl node
Commands for calicoctl node.
calicoctl node run
Command and options for running a Calico node.
calicoctl node status
Command to check status of a Calico node instance.
calicoctl node diags
Command to get diagnostics from a Calico node.
calicoctl node checksystem
Command to check compatibility of host to run a Calico node instance.
calicoctl patch
Command to update a node with a patch.
calicoctl replace
Command to replace an existing policy with a different one.
calicoctl version
Command to display the calicoctl CLI version.
calicoq reference
calicoq
CLI to verify that your security policies are configured as intended.
calicoq and selectors
Use selectors to match criteria in endpoints, policies, or profiles .
calicoq endpoint
Command to list policies and profiles for selected endpoints.
calicoq eval
Command to list endpoints matched by a selector.
calicoq host
Command to list endpoints, policies, and profiles on the selected host.
calicoq policy
Command to list endpoints for a policy.
calicoq version
Command to list version of the calicoq CLI.
Resource definitions
Resource definitions
Calico Enterprise resources (APIs) that you can manage using calicoctl.
BGP configuration
API for this Calico Enterprise resource.
BGP peer
API for this Calico Enterprise resource.
BGP Filter
API for this Calico Enterprise resource.
Block affinity
IP address management block affinity
Calico node status
API for this Calico resource.
Compliance reports
Schedule reports and configure report scope.
Inventory report
API for this resource.
Network Access report
API for this resource.
Policy audit report
API for this resource.
CIS benchmark report
API for this resource.
Deep packet inspection
API for this Calico Enterprise resource.
Egress gateway policy
API for this Calico Enterprise resource.
External network
API for this Calico Enterprise resource.
Felix configuration
API for this Calico Enterprise resource.
Global Alert
API for this Calico Enterprise resource.
Global network policy
API for this Calico Enterprise resource.
Global network set
API for this Calico Enterprise resource.
Global report
API for this Calico Enterprise resource.
Global threat feed
API for this Calico Enterprise resource.
Host endpoint
API for this Calico Enterprise resource.
IP pool
API for this Calico Enterprise resource.
IP reservation
API for this Calico resource.
IPAM configuration
IP address management global configuration
License key
API for this Calico Enterprise resource.
Kubernetes controllers configuration
API for KubeControllersConfiguration resource.
Managed Cluster
API for this Calico Enterprise resource.
Network policy
API for this Calico Enterprise resource.
Network set
API for this Calico Enterprise resource.
Node
API for this Calico Enterprise resource.
Packet capture
API for this Calico Enterprise resource.
Policy recommendation scope
API for this Calico Enterprise resource.
Profile
API for this Calico Enterprise resource.
Remote cluster configuration
API for this Calico Enterprise resource.
Security event webhook
API for this Calico Enterprise resource.
Staged Global Network Policy
API for this resource.
Staged Kubernetes Network policy
API for this Calico Enterprise resource.
Staged network policy
API for this Calico Enterprise resource.
Tier
API for this Calico Enterprise resource.
Workload endpoint
API for this Calico Enterprise resource.
Host endpoints
Host endpoints
Secure host network interfaces.
Creating policy for basic connectivity
Customize the Calico failsafe policy to protect host endpoints.
Creating host endpoint objects
To protect a host interface, start by creating a host endpoint object in etcd.
Selector-based policies
Apply ordered policies to endpoints that match specific label selectors.
Failsafe rules
Avoid cutting off connectivity to hosts because of incorrect network policies.
Pre-DNAT policy
Apply rules in a host endpoint policy before any DNAT.
Apply on forwarded traffic
Learn the subtleties using the applyOnForward option in host endpoint policies.
Summary of host endpoint policies
How different host endpoint rules affect packet flows.
Connection tracking
Workaround for Linux conntrack if Calico policy is not working as it should.
Architecture
Component architecture
Understand the Calico Enterprise components and the basics of BGP networking.
'The Calico Enterprise data path: IP routing and iptables'
Learn how packets flow between workloads in a datacenter, or between a workload and the internet.