Installing the Calico CLI (calicoctl)

You can use the Calico command line interface (CLI), calicoctl, to manage Calico networks and security policies.

As you install the Calico CLI, make sure it is installed on on a master, worker, or proxy node. of your cluster.

You can also set up calicoctl from a remote workstation that is outside of the environment.

To set up the Calico command line, complete the following steps:

  1. From the console, select the user icon user icon, then click Configure client.

  2. Click Install CLI tools.

    Note: To download the installation file by using curl commands, see Downloading the installation file by using curl commands. After you download the file, you can continue from step 3 to install calicoctl.

  3. Expand Install Calico CLI. Read the text, then download the installer by using the curl command.

    Choose the curl command for the applicable operating system. For example, you can run the following command for macOS, where <cluster_address> is defined in Foundational service endpoint:

curl -kLo <install_file> https://<cluster_address>/api/cli/calicoctl-darwin-amd64

Remember that the curl command for your cluster is located in the console.

  1. After you run the curl command for your operating system, you can install the Calico CLI. To set up the Calico CLI, run the following commands that match your node architecture, where <path_to_installer> is the path to the directory where you downloaded the CLI file, and <install_file> is the downloaded file name.

    • For example, for Linux® and macOS, run the following commands to change and move the file.

        chmod 755 <path_to_installer>/<install_file>
        sudo mv <path_to_installer>/<install_file> /usr/local/bin/calicoctl
    • For Windows, rename the downloaded file to calicoctl and add the file to your PATH environment variable.

  2. Confirm that the Calico CLI is installed.

     calicoctl --help
  3. If you are setting up calicoctl from a remote workstation, copy the following files from the master node to your workstation:

    • /etc/cfc/conf/etcd/ca.pem
    • /etc/cfc/conf/etcd/client-key.pem
    • /etc/cfc/conf/etcd/client.pem
  4. Configure calicoctl to use the etcdv3 datastore. Use the same cluster_name that is in the config.yaml file on the boot node.

    • Export the certificate file with the following command:

      export ETCD_CERT_FILE=/etc/cfc/conf/etcd/client.pem
    • Export the CA certificate file:

      export ETCD_CA_CERT_FILE=/etc/cfc/conf/etcd/ca.pem
    • Export the key file:

      export ETCD_KEY_FILE=/etc/cfc/conf/etcd/client-key.pem
    • Export the CA domain with the following command, where <Cluster Master Host> is defined in Master endpoint:

      export ETCD_ENDPOINTS=https://<Cluster Master Host>:4001

      Note: To retain the environment variable values between sessions, you can add them to a script, such as .bashrc. See the following example. You must copy the script to all the nodes on which you want to run the Calico CLI commands:

      export ETCD_CERT_FILE=/etc/cfc/conf/etcd/client.pem
      export ETCD_CA_CERT_FILE=/etc/cfc/conf/etcd/ca.pem
      export ETCD_KEY_FILE=/etc/cfc/conf/etcd/client-key.pem
      export ETCD_ENDPOINTS=https://<Cluster Master Host>:4001

    For more information about configuring calicoctl with etcdv3 datastore, see Configuring calicoctl to connect to an etcd datastore Opens in a new tab.

  5. Use the Calico command line. To get started with the Calico command line, see Command reference Opens in a new tab.

Downloading the installation file by using curl commands

You can complete the following steps to download the installation file:

  1. Get the service hostnames. Use the management-ingress service hostname in the command to download the installation file.

     oc get route -n kube-system

    Following is a sample output:

     NAME          HOST/PORT                             PATH      SERVICES             PORT    TERMINATION            WILDCARD
     cp-console          management-ingress   <all>   passthrough/Redirect   None
     cp-proxy            nginx-ingress        https   passthrough/Redirect   None
  2. Download the installation file.

    • For macOS, run the following command:

      curl -kLo calicoctl-darwin-amd64-v3.5.2
    • For Linux® x86_64, run the following command:

      curl -kLo calicoctl-linux-amd64-v3.5.2
    • For Linux on Power (ppc64le), run the following command:

      curl -kLo calicoctl-linux-ppc64le-v3.5.2
    • For Windows (64-bit), run the following command:

      curl -kLo calicoctl-win-amd64-v3.5.2.exe
    • For Linux on IBM Z and LinuxONE, run the following command:

      curl -kLo calicoctl-linux-s390x-v3.5.2