Reference | Calico Documentation

Learn about the Calico API and how to use it.

Helm installation reference

Installation API reference

The command line interface tool (CLI) to manage Calico network and security policy.

Command to create a policy.

Command to replace an existing policy with a different one.

Command to apply a policy.

Command to delete a policy.

Command to list policies in the default output format.

Command to update a node with a patch.

Command to change labels for workload endpoints or nodes.

Command to convert contents of policy.yaml to v3 policy.

Commands for calicoctl IP address management (IPAM).

Command to check IPAM status

Command to release an IP address from Calico IP management.

Command to see if IP address is being used.

Command to change IPAM configuration.

Command and options for splitting an existing IP pool

Commands for calicoctl node.

Command and options for running a Calico node.

Command to check status of a Calico node instance.

Command to get diagnostics from a Calico node.

Command to check compatibility of host to run a Calico node instance.

Commands for calicoctl datastore

Commands for calicoctl datastore migrate.

Command and options for exporting an etcdv3 datastore.

Command and options for importing exported data to a kubernetes datastore.

Command and options for locking a datastore for migration.

Command and options for unlocking a datastore after migration.

Command to display the calicoctl CLI version.

Calico resources (APIs) that you can manage using calicoctl.

API for this Calico resource.

IP address management block affinity

API for this Calico resource.

IP address management global configuration

API for KubeControllersConfiguration resource.

API for this Calico resource.

Protect your etcd datastore by restricting operation permissions.

Generate Certificates of Authority (CA) to authenticate users with etcd datastore.

Provide role-based access control to etcd datastore.

Limit user access to Kubernetes and Calico components.

Limit user access to Calico components or calicoctl.

Prefixes to configure Calico components to access the etcd datastore.

Configure Felix, the daemon that runs on every machine that provides endpoints.

Review metrics for the Felix component if you are using Prometheus.

Use the Calico Typha daemon to increase scale and reduce impact on the datastore.

Configure Typha for scaling Kubernetes API datastore (kdd).

Review metrics for the Typha component if you are using Prometheus.

Advantages of using Calico in AWS.

Support for Calico in Azure.

Methods to ensure that traffic between containers on different hosts is not dropped by GCE fabric.

Calico integration with IBM Cloud.

Secure host network interfaces.

Customize the Calico failsafe policy to protect host endpoints.

To protect a host interface, start by creating a host endpoint object in etcd.

Apply ordered policies to endpoints that match specific label selectors.

Avoid cutting off connectivity to hosts because of incorrect network policies.

Apply rules in a host endpoint policy before any DNAT.

Learn the subtleties using the applyOnForward option in host endpoint policies.

How different host endpoint rules affect packet flows.

Workaround for Linux conntrack if Calico policy is not working as it should.

Learn the basic Calico components.

Learn how packets flow between workloads in a datacenter, or between a workload and the internet.

Configuration parameters for the primary interface in VPP.

Technical details on the VPP dataplane integration.

Description of the host network configuration performed by VPP.

A list of component versions for Calico

Common questions that users ask about Calico.

Contribute to Calico open source project.

Customize calico/node using environment variables.

Configure Resource requests and limits.

Details for configuring the Calico CNI plugins.

API and installation references​

Calico API

Helm installation reference

Installation reference

calicoctl reference​

calicoctl user reference

calicoctl create

calicoctl replace

calicoctl apply

calicoctl delete

calicoctl get

calicoctl patch

calicoctl label

calicoctl convert

calicoctl ipam

calicoctl ipam check

calicoctl ipam release

calicoctl ipam show

calicoctl ipam configure

calicoctl ipam split

calicoctl node

calicoctl node run

calicoctl node status

calicoctl node diags

calicoctl node checksystem

calicoctl datastore

calicoctl datastore migrate

calicoctl datastore migrate export

calicoctl datastore migrate import

calicoctl datastore migrate lock

calicoctl datastore migrate unlock

calicoctl version

Resource definitions​

Resource definitions

BGP configuration

BGP peer

BGP Filter

Block affinity

Calico node status

Felix configuration

Global network policy

Global network set

Host endpoint

IP pool

IP reservation

IPAM configuration

Kubernetes controllers configuration

Network policy

Network set

Node

Profile

Workload endpoint

Configuring etcd RBAC​

Setting up etcd certificates for RBAC

Generating certificates

Creating users and roles

Segmenting etcd on Kubernetes (basic)

Segmenting etcd on Kubernetes (advanced)

Calico key and path prefixes

Felix​

Configuring Felix

Prometheus metrics

Typha​

Typha overview

Configuring Typha

Prometheus metrics

Configuration on public clouds​

Amazon Web Services

Azure

Google Compute Engine

IBM Cloud

Host endpoints​

Host endpoints

Creating policy for basic connectivity

Creating host endpoint objects

Selector-based policies

Failsafe rules

Pre-DNAT policy

Apply on forwarded traffic

Summary of host endpoint policies

API and installation references

calicoctl reference

Resource definitions

Configuring etcd RBAC

Felix

Typha

Configuration on public clouds

Host endpoints

Architecture

VPP dataplane

Other reference topics