Skip to main content
Calico Open Source 3.28 (latest) documentation

Reference

APIs, CLI, architecture and design, and FAQ.

API and installation references​

Calico API

Learn about the Calico API and how to use it.

Helm installation reference

Helm installation reference

Installation reference

Installation API reference

calicoctl reference​

calicoctl user reference

The command line interface tool (CLI) to manage Calico network and security policy.

calicoctl create

Command to create a policy.

calicoctl replace

Command to replace an existing policy with a different one.

calicoctl apply

Command to apply a policy.

calicoctl delete

Command to delete a policy.

calicoctl get

Command to list policies in the default output format.

calicoctl patch

Command to update a node with a patch.

calicoctl label

Command to change labels for workload endpoints or nodes.

calicoctl convert

Command to convert contents of policy.yaml to v3 policy.

calicoctl ipam

Commands for calicoctl IP address management (IPAM).

calicoctl ipam check

Command to check IPAM status

calicoctl ipam release

Command to release an IP address from Calico IP management.

calicoctl ipam show

Command to see if IP address is being used.

calicoctl ipam configure

Command to change IPAM configuration.

calicoctl ipam split

Command and options for splitting an existing IP pool

calicoctl node

Commands for calicoctl node.

calicoctl node run

Command and options for running a Calico node.

calicoctl node status

Command to check status of a Calico node instance.

calicoctl node diags

Command to get diagnostics from a Calico node.

calicoctl node checksystem

Command to check compatibility of host to run a Calico node instance.

calicoctl datastore

Commands for calicoctl datastore

calicoctl datastore migrate

Commands for calicoctl datastore migrate.

calicoctl datastore migrate export

Command and options for exporting an etcdv3 datastore.

calicoctl datastore migrate import

Command and options for importing exported data to a kubernetes datastore.

calicoctl datastore migrate lock

Command and options for locking a datastore for migration.

calicoctl datastore migrate unlock

Command and options for unlocking a datastore after migration.

calicoctl version

Command to display the calicoctl CLI version.

Resource definitions​

Resource definitions

Calico resources (APIs) that you can manage using calicoctl.

BGP configuration

API for this Calico resource.

BGP peer

API for this Calico resource.

BGP Filter

API for this Calico resource.

Block affinity

IP address management block affinity

Calico node status

API for this Calico resource.

Felix configuration

API for this Calico resource.

Global network policy

API for this Calico resource.

Global network set

API for this Calico resource.

Host endpoint

API for this Calico resource.

IP pool

API for this Calico resource.

IP reservation

API for this Calico resource.

IPAM configuration

IP address management global configuration

Kubernetes controllers configuration

API for KubeControllersConfiguration resource.

Network policy

API for this Calico resource.

Network set

API for this Calico resource.

Node

API for this Calico resource.

Profile

API for this Calico resource.

Workload endpoint

API for this Calico resource.

Configuring etcd RBAC​

Setting up etcd certificates for RBAC

Protect your etcd datastore by restricting operation permissions.

Generating certificates

Generate Certificates of Authority (CA) to authenticate users with etcd datastore.

Creating users and roles

Provide role-based access control to etcd datastore.

Segmenting etcd on Kubernetes (basic)

Limit user access to Kubernetes and Calico components.

Segmenting etcd on Kubernetes (advanced)

Limit user access to Calico components or calicoctl.

Calico key and path prefixes

Prefixes to configure Calico components to access the etcd datastore.

Felix​

Configuring Felix

Configure Felix, the daemon that runs on every machine that provides endpoints.

Prometheus metrics

Review metrics for the Felix component if you are using Prometheus.

Typha​

Typha overview

Use the Calico Typha daemon to increase scale and reduce impact on the datastore.

Configuring Typha

Configure Typha for scaling Kubernetes API datastore (kdd).

Prometheus metrics

Review metrics for the Typha component if you are using Prometheus.

Configuration on public clouds​

Amazon Web Services

Advantages of using Calico in AWS.

Azure

Support for Calico in Azure.

Google Compute Engine

Methods to ensure that traffic between containers on different hosts is not dropped by GCE fabric.

IBM Cloud

Calico integration with IBM Cloud.

Host endpoints​

Host endpoints

Secure host network interfaces.

Creating policy for basic connectivity

Customize the Calico failsafe policy to protect host endpoints.

Creating host endpoint objects

To protect a host interface, start by creating a host endpoint object in etcd.

Selector-based policies

Apply ordered policies to endpoints that match specific label selectors.

Failsafe rules

Avoid cutting off connectivity to hosts because of incorrect network policies.

Pre-DNAT policy

Apply rules in a host endpoint policy before any DNAT.

Apply on forwarded traffic

Learn the subtleties using the applyOnForward option in host endpoint policies.

Summary of host endpoint policies

How different host endpoint rules affect packet flows.

Connection tracking

Workaround for Linux conntrack if Calico policy is not working as it should.

Architecture​

Component architecture

Learn the basic Calico components.

'The Calico data path: IP routing and iptables'

Learn how packets flow between workloads in a datacenter, or between a workload and the internet.

VPP dataplane​

Primary interface configuration

Configuration parameters for the primary interface in VPP.

VPP dataplane implementation details

Technical details on the VPP dataplane integration.

Host network configuration

Description of the host network configuration performed by VPP.

Other reference topics​

Component versions

A list of component versions for Calico

Frequently asked questions

Common questions that users ask about Calico.

Getting involved

Contribute to Calico open source project.

Configuring calico/node

Customize calico/node using environment variables.

Configure resource requests and limits

Configure Resource requests and limits.

Configure the Calico CNI plugins

Details for configuring the Calico CNI plugins.