Setting up the Calico CLI

The Calico command line tool, calicoctl, is used to manage Calico networks and security policies.

These steps must be run inside your IBM® Cloud Private cluster on a master, worker, or proxy node.

You can also follow these steps if you are setting up calicoctl from a remote workstation that is outside the IBM Cloud Private environment.

To set up the Calico command line, complete the following steps:

Open https://<cluster_lb_address>/console/tools/cli.
Expand Install Calico CLI.
Select your architecture type from the Install via curl drop-down.
Copy the curl command and run it on the node where you want to install calicoctl. The command downloads the executable binary file.
Rename the downloaded file before you run the executable binary file.
- For macOS, rename calicoctl-darwin-amd64.tar.gz to calicoctl.
- For Linux® x86_64, rename calicoctl-linux-amd64-v3.1.3.tar.gz to calicoctl.
- For Windows®, rename calicoctl-win-amd64.tar.gz to calicoctl.exe.
Add the calicoctl executable binary file to your $PATH. To add the executable binary file to your $PATH, you can copy the executable binary file to the /usr/local/bin/ directory.
If you are setting up calicoctl from a remote workstation, copy the following files from the master node to your workstation:
- /etc/cfc/conf/etcd/ca.pem
- /etc/cfc/conf/etcd/client-key.pem
- /etc/cfc/conf/etcd/client.pem
Configure calicoctl to use the etcdv3 datastore. Use the same cluster_name that is in the config.yaml file on the boot node.
- Export the certificate file:
```
export ETCD_CERT_FILE=/etc/cfc/conf/etcd/client.pem
```
- Export the CA certificate file:
```
export ETCD_CA_CERT_FILE=/etc/cfc/conf/etcd/ca.pem
```
- Export the key file:
```
export ETCD_KEY_FILE=/etc/cfc/conf/etcd/client-key.pem
```
- Export the CA domain:
```
export ETCD_ENDPOINTS=https://<cluster_CA_domain>:4001
```
  Where <cluster_CA_domain> is the certificate authority (CA) domain that was set in the config.yaml file during installation.
  
  Note: To retain the environment variable values between sessions, you can add them to a script, such as .bashrc. See the following example. You must copy the script to all the nodes on which you want to run the Calico CLI commands.
```
 #!/bin/sh
 export ETCD_CERT_FILE=/etc/cfc/conf/etcd/client.pem
 export ETCD_CA_CERT_FILE=/etc/cfc/conf/etcd/ca.pem
 export ETCD_KEY_FILE=/etc/cfc/conf/etcd/client-key.pem
 export ETCD_ENDPOINTS=https://<cluster_CA_domain>:4001
```
  For more information about configuring calicoctl with etcdv3 datastore, see Configuring calicoctl to connect to an etcd datastore .
Use the Calico command line. To get started with the Calico command line, see Command reference .