Configure calicoctl
Big picture
Learn how to configure the calicoctl CLI tool for your cluster.
Value
The calicoctl
CLI tool provides helpful administrative commands for interacting with a Calico cluster.
Concepts
calicoctl vs kubectl
In previous releases, calicoctl has been required to manage Calico API resources in the projectcalico.org/v3
API group. The calicoctl CLI tool provides important validation and defaulting on these APIs.
In newer releases, the Calico API server performs that defaulting and validation server-side, exposing the same API semantics without a dependency on calicoctl. For this reason, we recommend
installing the Calico API server and using kubectl
instead of calicoctl
for most operations.
calicoctl is still required for the following subcommands:
calicoctl is also required for non-Kubernetes platforms such as OpenStack.
Default calicoctl behavior
Most calicoctl
commands require access to the Calico datastore. By default, calicoctl
will attempt to read from the Kubernetes API based on the default kubeconfig.
How to
Configure access using a Configuration file
By default, calicoctl
will look for a configuration file at /etc/calico/calicoctl.cfg
. You can override this using the --config
option with commands that require datastore access.
The file can be in either YAML or JSON format. It must be valid and readable by calicoctl
. For example:
apiVersion: projectcalico.org/v3
kind: CalicoAPIConfig
metadata:
spec:
datastoreType: "etcdv3"
etcdEndpoints: "http://etcd1:2379,http://etcd2:2379"
...
Configure access using environment variables
If calicoctl
cannot locate, read, or access a configuration file, it will check a specific set of environment variables.
Refer to the section that corresponds to your datastore type for a full set of options and examples.
When running calicoctl
inside a container, any environment variables and
configuration files must be passed to the container so they are available to
the process inside. It can be useful to keep a running container (that sleeps) configured
for your datastore, then it is possible to exec
into the container and have an
already configured environment.