Learn how to configure the calicoctl CLI tool for your cluster.
calicoctl CLI tool provides helpful administrative commands for interacting with a Calico cluster.
calicoctl vs kubectl
In previous releases, calicoctl has been required to manage Calico API resources in the
projectcalico.org/v3 API group. The calicoctl CLI tool provides important validation and defaulting on these APIs.
In newer releases, the Calico API server performs that defaulting and validation server-side, exposing the same API semantics without a dependency on calicoctl. For this reason, we recommend
installing the Calico API server and using
kubectl instead of
calicoctl for most operations.
calicoctl is still required for the following subcommands:
calicoctl is also required for non-Kubernetes platforms such as OpenStack.
Default calicoctl behavior
calicoctl commands require access to the Calico datastore. By default, calicoctl
will attempt to read from the Kubernetes API based on the default kubeconfig.
Configure access using a Configuration file
calicoctl will look for a configuration file at
/etc/calico/calicoctl.cfg. You can override this using the
--config option with commands that require datastore access.
The file can be in either YAML or JSON format. It must be valid and readable by
calicoctl. For example:
Configure access using environment variables
calicoctl cannot locate, read, or access a configuration file, it will check a specific set of environment variables.
Refer to the section that corresponds to your datastore type for a full set of options and examples.
calicoctl inside a container, any environment variables and
configuration files must be passed to the container so they are available to
the process inside. It can be useful to keep a running container (that sleeps) configured
for your datastore, then it is possible to
exec into the container and have an
already configured environment.