Skip to main content
Version: 3.27 (latest)

Docker container install

Big picture

Install Calico on non-cluster hosts using a Docker container for both networking and policy.

Value

Installing Calico with a Docker container includes everything you need for both networking and policy. It also automatically adds the appropriate per-node configuration to the datastore.

Before you begin...

  1. Ensure Docker is installed
  2. Ensure the Calico datastore is up and accessible from the host
  3. Ensure the host meets the minimum system requirements

How to

The calico/node container should be started at boot time by your init system and the init system must be configured to restart it if stopped. Calico relies on that behavior for certain configuration changes.

This section describes how to run calico/node as a Docker container.

note

We include examples for systemd, but the commands can be applied to other init daemons such as upstart.

Step 1: Create environment file

Use the following guidelines and sample file to define the environment variables for starting Calico on the host. For more help, see the calico/node configuration reference

For a Kubernetes datastore (default) set the following:

VariableConfiguration guidance
FELIX_DATASTORETYPESet to kubernetes
KUBECONFIGPath to kubeconfig file to access the Kubernetes API Server
note
You will need to volume mount the kubeconfig file into the container at the location specified by the paths mentioned above.

Step 2: Configure the init system

Use an init daemon (like systemd or upstart) to start the calico/node image as a service using the EnvironmentFile values.

Sample systemd service file: calico-node.service

[Unit]
Description=calico-node
After=docker.service
Requires=docker.service

[Service]
EnvironmentFile=/etc/calico/calico.env
ExecStartPre=-/usr/bin/docker rm -f calico-node
ExecStart=/usr/bin/docker run --net=host --privileged \
--name=calico-node \
-e NODENAME=${CALICO_NODENAME} \
-e IP=${CALICO_IP} \
-e IP6=${CALICO_IP6} \
-e CALICO_NETWORKING_BACKEND=${CALICO_NETWORKING_BACKEND} \
-e AS=${CALICO_AS} \
-e NO_DEFAULT_POOLS=${NO_DEFAULT_POOLS} \
-e DATASTORE_TYPE=${DATASTORE_TYPE} \
-e ETCD_ENDPOINTS=${ETCD_ENDPOINTS} \
-e ETCD_CA_CERT_FILE=${ETCD_CA_CERT_FILE} \
-e ETCD_CERT_FILE=${ETCD_CERT_FILE} \
-e ETCD_KEY_FILE=${ETCD_KEY_FILE} \
-e KUBECONFIG=${KUBECONFIG} \
-v /var/log/calico:/var/log/calico \
-v /var/lib/calico:/var/lib/calico \
-v /var/run/calico:/var/run/calico \
-v /run/docker/plugins:/run/docker/plugins \
-v /lib/modules:/lib/modules \
-v /etc/pki:/pki \
calico/node:v3.27.2 /bin/calico-node -felix

ExecStop=-/usr/bin/docker stop calico-node

Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s

[Install]
WantedBy=multi-user.target

Upon start, the systemd service:

  • Confirms Docker is installed under the [Unit] section
  • Gets environment variables from the environment file above
  • Removes existing calico/node container (if it exists)
  • Starts calico/node

The script also stops the calico/node container when the service is stopped.

note

Depending on how you've installed Docker, the name of the Docker service under the [Unit] section may be different (such as docker-engine.service). Be sure to check this before starting the service.