Reference
APIs, CLI, architecture and design, and FAQ.
API and installation references​
Calico API
Learn about the Calico API and how to use it.
Helm installation reference
Helm installation reference
Installation reference
Installation API reference
calicoctl reference​
calicoctl user reference
The command line interface tool (CLI) to manage Calico network and security policy.
calicoctl create
Command to create a policy.
calicoctl replace
Command to replace an existing policy with a different one.
calicoctl apply
Command to apply a policy.
calicoctl delete
Command to delete a policy.
calicoctl get
Command to list policies in the default output format.
calicoctl patch
Command to update a node with a patch.
calicoctl label
Command to change labels for workload endpoints or nodes.
calicoctl convert
Command to convert contents of policy.yaml to v3 policy.
calicoctl ipam
Commands for calicoctl IP address management (IPAM).
calicoctl ipam check
Command to check IPAM status
calicoctl ipam release
Command to release an IP address from Calico IP management.
calicoctl ipam show
Command to see if IP address is being used.
calicoctl ipam configure
Command to change IPAM configuration.
calicoctl ipam split
Command and options for splitting an existing IP pool
calicoctl node
Commands for calicoctl node.
calicoctl node run
Command and options for running a Calico node.
calicoctl node status
Command to check status of a Calico node instance.
calicoctl node diags
Command to get diagnostics from a Calico node.
calicoctl node checksystem
Command to check compatibility of host to run a Calico node instance.
calicoctl datastore
Commands for calicoctl datastore
calicoctl datastore migrate
Commands for calicoctl datastore migrate.
calicoctl datastore migrate export
Command and options for exporting an etcdv3 datastore.
calicoctl datastore migrate import
Command and options for importing exported data to a kubernetes datastore.
calicoctl datastore migrate lock
Command and options for locking a datastore for migration.
calicoctl datastore migrate unlock
Command and options for unlocking a datastore after migration.
calicoctl version
Command to display the calicoctl CLI version.
Resource definitions​
Resource definitions
Calico resources (APIs) that you can manage using calicoctl.
BGP configuration
API for this Calico resource.
BGP peer
API for this Calico resource.
BGP Filter
API for this Calico resource.
Block affinity
IP address management block affinity
Calico node status
API for this Calico resource.
Felix configuration
API for this Calico resource.
Global network policy
API for this Calico resource.
Global network set
API for this Calico resource.
Host endpoint
API for this Calico resource.
IP pool
API for this Calico resource.
IP reservation
API for this Calico resource.
IPAM configuration
IP address management global configuration
Kubernetes controllers configuration
API for KubeControllersConfiguration resource.
Network policy
API for this Calico resource.
Network set
API for this Calico resource.
Node
API for this Calico resource.
Profile
API for this Calico resource.
Workload endpoint
API for this Calico resource.
Configuring etcd RBAC​
Setting up etcd certificates for RBAC
Protect your etcd datastore by restricting operation permissions.
Generating certificates
Generate Certificates of Authority (CA) to authenticate users with etcd datastore.
Creating users and roles
Provide role-based access control to etcd datastore.
Segmenting etcd on Kubernetes (basic)
Limit user access to Kubernetes and Calico components.
Segmenting etcd on Kubernetes (advanced)
Limit user access to Calico components or calicoctl.
Calico key and path prefixes
Prefixes to configure Calico components to access the etcd datastore.
Felix​
Configuring Felix
Configure Felix, the daemon that runs on every machine that provides endpoints.
Prometheus metrics
Review metrics for the Felix component if you are using Prometheus.
Typha​
Typha overview
Use the Calico Typha daemon to increase scale and reduce impact on the datastore.
Configuring Typha
Configure Typha for scaling Kubernetes API datastore (kdd).
Prometheus metrics
Review metrics for the Typha component if you are using Prometheus.
Configuration on public clouds​
Amazon Web Services
Advantages of using Calico in AWS.
Azure
Support for Calico in Azure.
Google Compute Engine
Methods to ensure that traffic between containers on different hosts is not dropped by GCE fabric.
IBM Cloud
Calico integration with IBM Cloud.
Host endpoints​
Host endpoints
Secure host network interfaces.
Creating policy for basic connectivity
Customize the Calico failsafe policy to protect host endpoints.
Creating host endpoint objects
To protect a host interface, start by creating a host endpoint object in etcd.
Selector-based policies
Apply ordered policies to endpoints that match specific label selectors.
Failsafe rules
Avoid cutting off connectivity to hosts because of incorrect network policies.
Pre-DNAT policy
Apply rules in a host endpoint policy before any DNAT.
Apply on forwarded traffic
Learn the subtleties using the applyOnForward option in host endpoint policies.
Summary of host endpoint policies
How different host endpoint rules affect packet flows.
Connection tracking
Workaround for Linux conntrack if Calico policy is not working as it should.
Architecture​
Component architecture
Learn the basic Calico components.
'The Calico data path: IP routing and iptables'
Learn how packets flow between workloads in a datacenter, or between a workload and the internet.
VPP dataplane​
Primary interface configuration
Configuration parameters for the primary interface in VPP.
VPP dataplane implementation details
Technical details on the VPP dataplane integration.
Host network configuration
Description of the host network configuration performed by VPP.
Other reference topics​
Component versions
A list of component versions for Calico
Frequently asked questions
Common questions that users ask about Calico.
Getting involved
Contribute to Calico open source project.
Configuring calico/node
Customize calico/node using environment variables.
Configure resource requests and limits
Configure Resource requests and limits.
Configure the Calico CNI plugins
Details for configuring the Calico CNI plugins.