Will you be at KubeCon this year? Join us for CalicoCon 2019!

Calico key and path prefixes in etcd v2

The Paths listed here are the key or path prefixes that a particular calico component needs access to in etcd to function successfully.

Note: The paths listed here may change in the future and at that point anything referencing them (like etcd roles) would need to be updated appropriately.

calico/node

Path Access
/calico/* R
/calico RW
/calico/v1* RW
/calico/felix/v1* RW
/calico/ipam/v2* RW
/calico/bgp/v1* RW

felix as a stand alone process

Path Access
/calico/v1* R
/calico/felix/v1* RW

CNI-plugin

Path Access
/calico/v1/host* RW
/calico/v1/policy* RW
/calico/v1/ipam* R
/calico/ipam/v2* RW

calico/kube-policy-controller

Path Access
/calico/v1/host* RW
/calico/v1/policy* RW

OpenStack Calico driver for Neutron

Path Access
/calico/v1/host* RW
/calico/v1/policy* RW
/calico/v1/ipam* R
/calico/ipam/v2* RW
/calico/dhcp/v1/subnet* RW
/calico/v1/config* RW
/calico/v1/Ready RW

OpenStack Calico DHCP agent

Path Access
/calico/v1/host* R
/calico/dhcp/v1/subnet* R

calicoctl (read only access)

Path Access
/calico/v1* R
/calico/v1/ipam* R
/calico/ipam/v2* R
/calico/bgp/v1* R

calicoctl (policy editor access)

Path Access
/calico/v1* R
/calico/v1/policy* RW
/calico/v1/ipam* R
/calico/ipam/v2* R
/calico/bgp/v1* R

calicoctl (full read/write access)

Path Access
/calico/v1* RW
/calico/v1/ipam* RW
/calico/ipam/v2* RW
/calico/bgp/v1* RW