Install calicoctl
The calicoctl
command line tool is required in order to use many of Calico’s features. It is used to manage Calico policies and configuration, as well as view detailed cluster status.
All Kubernetes resources belong to an API group. The API group is indicated by the resource’s apiVersion
. For example, Calico uses resources in the projectcalico.org/v3
API group for configuration, and the operator uses resources in the operator.tigera.io/v1
API group.
You can read more about API groups in the Kubernetes documentation.
calicoctl and kubectl
In order to manage Calico APIs in the projectcalico.org/v3
API group, you should use calicoctl
. This is because calicoctl
provides important validation and defaulting for these resources that is not available in kubectl
. However, kubectl
should still be used to manage other Kubernetes resources.
note
If you would like to use kubectl
to manage projectcalico.org/v3
API resources, you can use the Calico API server.
caution
Never modify resources in the crd.projectcalico.org
API group directly. These are internal data representations and modifying them directly may result in unexpected behavior. In addition to resource management, calicoctl
also enables other Calico administrative tasks such as viewing IP pool utilization and BGP status.
Calico objects are stored in one of two datastores, either etcd or Kubernetes. The choice of datastore is determined at the time Calico is installed. Typically for Kubernetes installations the Kubernetes datastore is the default.
You can run calicoctl
on any host with network access to the Calico datastore as either a binary or a container. For step-by-step instructions, refer to the section that corresponds to your desired deployment.
note
Make sure you always install the version of calicoctl
that matches the version of Calico running on your cluster.
Install calicoctl as a binary on a single host
- Linux
- Mac OSX
- Windows
- Linux PPC64le
- Linux arm64
Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.
tip
Consider navigating to a location that’s in your
PATH
. For example,/usr/local/bin/
.Use the following command to download the
calicoctl
binary.Set the file to be executable.
chmod +x ./calicoctl
note
If the location of
calicoctl
is not already in yourPATH
, move the file to one that is or add its location to yourPATH
. This will allow you to invoke it without having to prepend its location.Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.
tip
Consider navigating to a location that’s in your
PATH
. For example,/usr/local/bin/
.Set the file to be executable.
chmod +x calicoctl
note
If you are faced with
cannot be opened because the developer cannot be verified
error when usingcaicoctl
for the first time. go toApplications > System Prefences > Security & Privacy
in theGeneral
tab at the bottom of the window clickAllow anyway
.note
If the location of
calicoctl
is not already in yourPATH
, move the file to one that is or add its location to yourPATH
. This will allow you to invoke it without having to prepend its location.Use the following PowerShell command to download the binary.
tip
Consider running PowerShell as administrator and navigating to a location that’s in your
PATH
. For example,C:\Windows
.
Invoke-WebRequest -Uri "https://github.com/projectcalico/calico/releases/latest/download/calicoctl-windows-amd64.exe -OutFile "calicoctl.exe"
-
tip
Consider navigating to a location that’s in your
PATH
. For example,/usr/local/bin/
. Use the following command to download the
calicoctl
binary.curl -L https://github.com/projectcalico/calico/releases/latest/download/calicoctl-linux-ppc64le -o calicoctl
Set the file to be executable.
chmod +x calicoctl
note
If the location of
calicoctl
is not already in yourPATH
, move the file to one that is or add its location to yourPATH
. This will allow you to invoke it without having to prepend its location.Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.
tip
Consider navigating to a location that’s in your
PATH
. For example,/usr/local/bin/
.Use the following command to download the
calicoctl
binary.curl -L https://github.com/projectcalico/calico/releases/latest/download/calicoctl-linux-arm64 -o calicoctl
Set the file to be executable.
note
If the location of
calicoctl
is not already in yourPATH
, move the file to one that is or add its location to yourPATH
. This will allow you to invoke it without having to prepend its location.
- Linux
- Mac OSX
- Windows
- Linux PPC64le
- Linux arm64
Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.
tip
Consider navigating to a location that’s in your
PATH
. For example,/usr/local/bin/
.Use the following command to download the
calicoctl
binary.curl -L https://github.com/projectcalico/calico/releases/latest/download/calicoctl-linux-amd64 -o kubectl-calico
Set the file to be executable.
chmod +x kubectl-calico
note
If the location of
kubectl-calico
is not already in yourPATH
, move the file to one that is or add its location to yourPATH
. This is required in order for kubectl to detect the plugin and allow you to use it.Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.
tip
Consider navigating to a location that’s in your
PATH
. For example,/usr/local/bin/
.Set the file to be executable.
chmod +x kubectl-calico
note
If you are faced with
cannot be opened because the developer cannot be verified
error when usingcaicoctl
for the first time. go toApplications > System Prefences > Security & Privacy
in theGeneral
tab at the bottom of the window click .Use the following PowerShell command to download the
calicoctl
binary.tip
Consider running PowerShell as administrator and navigating to a location that’s in your
PATH
. For example,C:\Windows
.
Invoke-WebRequest -Uri "https://github.com/projectcalico/calico/releases/latest/download/calicoctl-windows-amd64.exe -OutFile "kubectl-calico.exe"
-
tip
Consider navigating to a location that’s in your
PATH
. For example,/usr/local/bin/
. Use the following command to download the
calicoctl
binary.curl -L https://github.com/projectcalico/calico/releases/latest/download/calicoctl-linux-ppc64le -o kubectl-calico
Set the file to be executable.
chmod +x kubectl-calico
note
If the location of
kubectl-calico
is not already in yourPATH
, move the file to one that is or add its location to yourPATH
. This is required in order for kubectl to detect the plugin and allow you to use it.Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.
tip
Consider navigating to a location that’s in your
PATH
. For example,/usr/local/bin/
.Use the following command to download the
calicoctl
binary.Set the file to be executable.
chmod +x kubectl-calico
note
If the location of
kubectl-calico
is not already in yourPATH
, move the file to one that is or add its location to yourPATH
. This is required in order for kubectl to detect the plugin and allow you to use it.
Verify the plugin works.
kubectl calico -h
You can now run any calicoctl
subcommands through kubectl calico
.
note
If you run these commands from your local machine (instead of a host node), some of the node related subcommands will not work (like node status).
Install calicoctl as a container on a single host
To install calicoctl
as a container on a single host, log into the target host and issue the following command.
docker pull calico/ctl:v3.24.5
Use the YAML that matches your datastore type to deploy the calicoctl
container to your nodes.
etcd
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/calicoctl-etcd.yaml
note
You can also .
Kubernetes API datastore
kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/calicoctl.yaml
note
You can also view the YAML in a new tab.
You can then run commands using kubectl as shown below.
kubectl exec -ti -n kube-system calicoctl -- /calicoctl get profiles -o wide
An example response follows.
NAME TAGS
kns.default kns.default
kns.kube-system kns.kube-system
We recommend setting an alias as follows.
note
In order to use the calicoctl
alias when reading manifests, redirect the file into stdin, for example:
Next step: