Install calicoctl

8 MINUTE READ

Big picture

This guide helps you install the calicoctl command line tool to manage Calico resources and perform administrative functions.

Value

The calicoctl command line tool is required in order to use many of Calico’s features. It is used to manage Calico policies and configuration, as well as view detailed cluster status.

Concepts

API groups

All Kubernetes resources belong to an API group. The API group is indicated by the resource’s apiVersion. For example, Calico uses resources in the projectcalico.org/v3 API group for configuration, and the operator uses resources in the operator.tigera.io/v1 API group.

You can read more about API groups in the Kubernetes documentation.

calicoctl and kubectl

In order to manage Calico APIs in the projectcalico.org/v3 API group, you should use calicoctl. This is because calicoctl provides important validation and defaulting for these resources that is not available in kubectl. However, kubectl should still be used to manage other Kubernetes resources.

Note: If you would like to use kubectl to manage projectcalico.org/v3 API resources, you can use the Calico API server.

Warning: Never modify resources in the crd.projectcalico.org API group directly. These are internal data representations and modifying them directly may result in unexpected behavior.

In addition to resource management, calicoctl also enables other Calico administrative tasks such as viewing IP pool utilization and BGP status.

Datastore

Calico objects are stored in one of two datastores, either etcd or Kubernetes. The choice of datastore is determined at the time Calico is installed. Typically for Kubernetes installations the Kubernetes datastore is the default.

You can run calicoctl on any host with network access to the Calico datastore as either a binary or a container. For step-by-step instructions, refer to the section that corresponds to your desired deployment.

How to

Note: Make sure you always install the version of calicoctl that matches the version of Calico running on your cluster.

Install calicoctl as a binary on a single host

  1. Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.

    Tip: Consider navigating to a location that’s in your PATH. For example, /usr/local/bin/.

  2. Use the following command to download the calicoctl binary.

    curl -o calicoctl -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.1/calicoctl" 
    
  3. Set the file to be executable.

    chmod +x calicoctl
    

    Note: If the location of calicoctl is not already in your PATH, move the file to one that is or add its location to your PATH. This will allow you to invoke it without having to prepend its location.

  1. Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.

    Tip: Consider navigating to a location that’s in your PATH. For example, /usr/local/bin/.

  2. Use the following command to download the calicoctl binary.

    curl -o calicoctl -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.1/calicoctl-darwin-amd64" 
    
  3. Set the file to be executable.

    chmod +x calicoctl
    

    Note: If you are faced with cannot be opened because the developer cannot be verified error when using caicoctl for the first time. go to Applicaitons > System Prefences > Security & Privacy in the General tab at the bottom of the window click Allow anyway.

    Note: If the location of calicoctl is not already in your PATH, move the file to one that is or add its location to your PATH. This will allow you to invoke it without having to prepend its location.

  1. Use the following PowerShell command to download the calicoctl binary.

    Tip: Consider runing PowerShell as administrator and navigating to a location that’s in your PATH. For example, C:\Windows.

Invoke-WebRequest -Uri "https://github.com/projectcalico/calicoctl/releases/download/v3.20.1/calicoctl-windows-amd64.exe" -OutFile "calicocttl.exe" 
  1. Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.

    Tip: Consider navigating to a location that’s in your PATH. For example, /usr/local/bin/.

  2. Use the following command to download the calicoctl binary.

    curl -o calicoctl -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.1/calicoctl-linux-ppc64le" 
    
  3. Set the file to be executable.

    chmod +x calicoctl
    

    Note: If the location of calicoctl is not already in your PATH, move the file to one that is or add its location to your PATH. This will allow you to invoke it without having to prepend its location.

  1. Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.

    Tip: Consider navigating to a location that’s in your PATH. For example, /usr/local/bin/.

  2. Use the following command to download the calicoctl binary.

    curl -o calicoctl -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.1/calicoctl-linux-arm64" 
    
  3. Set the file to be executable.

    chmod +x calicoctl
    

    Note: If the location of calicoctl is not already in your PATH, move the file to one that is or add its location to your PATH. This will allow you to invoke it without having to prepend its location.

Install calicoctl as a kubectl plugin on a single host

  1. Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.

    Tip: Consider navigating to a location that’s in your PATH. For example, /usr/local/bin/.

  2. Use the following command to download the calicoctl binary.

    curl -o kubectl-calico -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.1/calicoctl" 
    
  3. Set the file to be executable.

    chmod +x kubectl-calico
    

    Note: If the location of kubectl-calico is not already in your PATH, move the file to one that is or add its location to your PATH. This is required in order for kubectl to detect the plugin and allow you to use it.

  1. Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.

    Tip: Consider navigating to a location that’s in your PATH. For example, /usr/local/bin/.

  2. Use the following command to download the calicoctl binary.

    curl -o kubectl-calico -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.1/calicoctl-darwin-amd64" 
    
  3. Set the file to be executable.

    chmod +x kubectl-calico
    

    Note: If you are faced with cannot be opened because the developer cannot be verified error when using caicoctl for the first time. go to Applicaitons > System Prefences > Security & Privacy in the General tab at the bottom of the window click Allow anyway.

    Note: If the location of kubectl-calico is not already in your PATH, move the file to one that is or add its location to your PATH. This is required in order for kubectl to detect the plugin and allow you to use it.

  1. Use the following PowerShell command to download the calicoctl binary.

    Tip: Consider runing PowerShell as administrator and navigating to a location that’s in your PATH. For example, C:\Windows.

Invoke-WebRequest -Uri "https://github.com/projectcalico/calicoctl/releases/download/v3.20.1/calicoctl-windows-amd64.exe" -OutFile "kubectl-calico.exe" 
  1. Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.

    Tip: Consider navigating to a location that’s in your PATH. For example, /usr/local/bin/.

  2. Use the following command to download the calicoctl binary.

    curl -o kubectl-calico -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.1/calicoctl-linux-ppc64le" 
    
  3. Set the file to be executable.

    chmod +x kubectl-calico
    

    Note: If the location of kubectl-calico is not already in your PATH, move the file to one that is or add its location to your PATH. This is required in order for kubectl to detect the plugin and allow you to use it.

  1. Log into the host, open a terminal prompt, and navigate to the location where you want to install the binary.

    Tip: Consider navigating to a location that’s in your PATH. For example, /usr/local/bin/.

  2. Use the following command to download the calicoctl binary.

    curl -o kubectl-calico -O -L  "https://github.com/projectcalico/calicoctl/releases/download/v3.20.1/calicoctl-linux-arm64" 
    
  3. Set the file to be executable.

    chmod +x kubectl-calico
    

    Note: If the location of kubectl-calico is not already in your PATH, move the file to one that is or add its location to your PATH. This is required in order for kubectl to detect the plugin and allow you to use it.

Verify the plugin works.

   kubectl calico -h

You can now run any calicoctl subcommands through kubectl calico.

Note: If you run these commands from your local machine (instead of a host node), some of the node related subcommands will not work (like node status).

Install calicoctl as a container on a single host

To install calicoctl as a container on a single host, log into the target host and issue the following command.

docker pull calico/ctl:v3.20.1

Install calicoctl as a Kubernetes pod

Use the YAML that matches your datastore type to deploy the calicoctl container to your nodes.

  • etcd

    kubectl apply -f https://docs.projectcalico.org/manifests/calicoctl-etcd.yaml
    

    Note: You can also view the YAML in a new tab.

  • Kubernetes API datastore

    kubectl apply -f https://docs.projectcalico.org/manifests/calicoctl.yaml
    

    Note: You can also view the YAML in a new tab.

You can then run commands using kubectl as shown below.

kubectl exec -ti -n kube-system calicoctl -- /calicoctl get profiles -o wide

An example response follows.

NAME                 TAGS
kns.default          kns.default
kns.kube-system      kns.kube-system

We recommend setting an alias as follows.

alias calicoctl="kubectl exec -i -n kube-system calicoctl -- /calicoctl"

Note: In order to use the calicoctl alias when reading manifests, redirect the file into stdin, for example:

calicoctl create -f - < my_manifest.yaml

Next step:

Configure calicoctl to connect to your datastore.