Binary install with package manager

2 MINUTE READ

Big picture

Install Calico on non-cluster hosts using a package manager.

Value

Packaged binaries of Calico are easy to consume and upgrade. This method automatically configures the init system to keep Felix running.

Before you begin…

  1. Ensure the Calico datastore is up and accessible from the host
  2. Ensure the host meets the minimum system requirements
  3. If your system is not an Ubuntu- or RedHat-derived system, you will need to choose a different install method.
  4. If you want to install Calico with networking (so that you can communicate with cluster workloads), you should choose the container install method
  5. Install and configure calicoctl

How to

This guide covers installing Felix, the Calico daemon that handles network policy.

Step 1: Install binaries

PPA requires: Ubuntu 14.04 or 16.04

sudo add-apt-repository ppa:project-calico/calico-3.17
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install calico-felix

RPM requires: RedHat 7-derived distribution

cat > /etc/yum.repos.d/calico.repo <<EOF
[calico]
name=Calico Repository
baseurl=http://binaries.projectcalico.org/rpm/calico-3.17/
enabled=1
skip_if_unavailable=0
gpgcheck=1
gpgkey=http://binaries.projectcalico.org/rpm/calico-3.17/key
priority=97
EOF

yum install calico-felix

Until you initialize the database, Felix will make a regular log that it is in state “wait-for-ready”. The default location for the log file is /var/log/calico/felix.log.

Step 2: Configure the datastore connection

Use the following guidelines and sample file to define the environment variables for starting Calico on the host. For more help, see the Felix configuration reference.

For an etcdv3 datastore set the following

Variable Configuration guidance
FELIX_DATASTORETYPE Set to etcdv3
FELIX_ETCDENDPOINTS Comma separated list of etcdv3 cluster URLs, e.g. https://calico-datastore.example.com:2379
FELIX_ETCDCAFILE Path to CA certificate to validate etcd’s server cert. Required if using TLS and not using a public CA.
FELIX_ETCDCERTFILE
FELIX_ETCDKEYFILE
Paths to certificate and keys used for client authentication to the etcd cluster, if enabled.

For a Kubernetes datastore set the following

Variable Configuration guidance
FELIX_DATASTORETYPE Set to kubernetes
KUBECONFIG Path to kubeconfig file to access the Kubernetes API Server

Sample EnvironmentFile - save to /etc/calico/calico.env

FELIX_DATASTORETYPE=etcdv3
FELIX_ETCDENDPOINTS=https://calico-datastore.example.com:2379
FELIX_ETCDCAFILE="/pki/ca.pem"
FELIX_ETCDCERTFILE="/pki/client-cert.pem"
FELIX_ETCDKEYFILE="/pki/client-key.pem"

Modify the included init system unit to include the EnvironmentFile. For example, on systemd, add the following line to the [Service] section of the calico-felix unit.

EnvironmentFile=/etc/calico/calico.env

Step 3: Initialize the datastore

You should configure a node resource for each host running Felix. In this case, the database is initialized after creating the first node resource. For a deployment that does not include the Calico/BGP integration, the specification of a node resource just requires the name of the node; for most deployments this will be the same as the hostname.

calicoctl create -f - <<EOF
- apiVersion: projectcalico.org/v3
  kind: Node
  metadata:
    name: <node name or hostname>
EOF

The Felix logs should transition from periodic notifications that Felix is in the state wait-for-ready to a stream of initialization messages.