Docker container install

    Installing Calico with a Docker container includes everything you need for both networking and policy. It also automatically adds the appropriate per-node configuration to the datastore.

    1. Ensure Docker is installed
    2. Ensure the Calico datastore is up and accessible from the host
    3. Ensure the host meets the minimum

    The container should be started at boot time by your init system and the init system must be configured to restart it if stopped. Calico relies on that behavior for certain configuration changes.

    This section describes how to run calico/node as a Docker container.

    note

    We include examples for systemd, but the commands can be applied to other init daemons such as upstart.

    Use the following guidelines and sample file to define the environment variables for starting Calico on the host. For more help, see the calico/node configuration reference

    • Kubernetes datastore
    • etcd datastore
    • Either datastore

    Docker container install - 图2note

    You will need to volume mount the kubeconfig file into the container at the location specified by the paths mentioned above.

    For an etcdv3 datastore set the following:

    note

    If using certificates and keys, you will need to volume mount them into the container at the location specified by the paths mentioned above.

    For either datastore set the following:

    Step 2: Configure the init system

    Use an init daemon (like systemd or upstart) to start the the calico/node image as a service using the EnvironmentFile values.

    Sample systemd service file: calico-node.service

    1. [Unit]
    2. Description=calico-node
    3. After=docker.service
    4. Requires=docker.service
    6. EnvironmentFile=/etc/calico/calico.env
    8. ExecStart=/usr/bin/docker run --net=host --privileged \
    9.  --name=calico-node \
    10.  -e NODENAME=${CALICO_NODENAME} \
    11.  -e IP=${CALICO_IP} \
    12.  -e IP6=${CALICO_IP6} \
    13.  -e CALICO_NETWORKING_BACKEND=${CALICO_NETWORKING_BACKEND} \
    14.  -e AS=${CALICO_AS} \
    15.  -e NO_DEFAULT_POOLS=${NO_DEFAULT_POOLS} \
    16.  -e DATASTORE_TYPE=${DATASTORE_TYPE} \
    17.  -e ETCD_ENDPOINTS=${ETCD_ENDPOINTS} \
    18.  -e ETCD_CA_CERT_FILE=${ETCD_CA_CERT_FILE} \
    19.  -e ETCD_CERT_FILE=${ETCD_CERT_FILE} \
    20.  -e ETCD_KEY_FILE=${ETCD_KEY_FILE} \
    21.  -e KUBECONFIG=${KUBECONFIG} \
    22.  -v /var/log/calico:/var/log/calico \
    23.  -v /var/run/calico:/var/run/calico \
    25.  -v /lib/modules:/lib/modules \
    26.  -v /etc/pki:/pki \
    27.  calico/node:v3.24.5 /bin/calico-node -felix
    29. ExecStop=-/usr/bin/docker stop calico-node
    31. Restart=on-failure
    32. StartLimitBurst=3
    33. StartLimitInterval=60s
    35. [Install]
    36. WantedBy=multi-user.target

    Upon start, the systemd service:

    • Confirms Docker is installed under the [Unit] section
    • Gets environment variables from the environment file above
    • Removes existing calico/node container (if it exists)

    The script also stops the calico/node container when the service is stopped.

    Docker container install - 图4note

    Depending on how you’ve installed Docker, the name of the Docker service under the [Unit] section may be different (such as ). Be sure to check this before starting the service.