Setting up the Calico CLI
The Calico command line tool, calicoctl, is used to manage Calico networks and security policies.
These steps must be run inside your IBM® Cloud Private cluster on a master, worker, or proxy node.
You can also follow these steps if you are setting up calicoctl
from a remote workstation that is outside the IBM Cloud Private environment.
To set up the Calico command line, complete the following steps:
-
Extract the calicoctl executable binary.
-
For Linux® x86_64, run the following command:
docker run -t --rm -e LICENSE=accept -v $(pwd):/data ibmcom/icp-inception-amd64:3.1.0-ee cp /usr/local/bin/calicoctl /data
-
For Linux® on Power® (ppc64le), run the following command:
docker run -t --rm -e LICENSE=accept -v $(pwd):/data ibmcom/icp-inception-ppc64le:3.1.0-ee cp /usr/local/bin/calicoctl /data
-
-
Add the calicoctl executable binary file to your
$PATH
. To add the executable binary file to your$PATH
, you can copy the executable binary file to the/usr/local/bin/
directory. -
If you are setting up
calicoctl
from a remote workstation, copy the following files from the master node to your workstation:/etc/cfc/conf/etcd/ca.pem
/etc/cfc/conf/etcd/client-key.pem
/etc/cfc/conf/etcd/client.pem
-
Configure calicoctl to use the etcdv3 datastore. Use the same
cluster_name
that is in theconfig.yaml
file on the boot node.-
Export the certificate file:
export ETCD_CERT_FILE=/etc/cfc/conf/etcd/client.pem
-
Export the CA certificate file:
export ETCD_CA_CERT_FILE=/etc/cfc/conf/etcd/ca.pem
-
Export the key file:
export ETCD_KEY_FILE=/etc/cfc/conf/etcd/client-key.pem
-
Export the CA domain:
export ETCD_ENDPOINTS=https://<cluster_CA_domain>:4001
Where
<cluster_CA_domain>
is the certificate authority (CA) domain that was set in theconfig.yaml
file during installation.Note: To retain the environment variable values between sessions, you can add them to a script, such as
.bashrc
. See the following example. You must copy the script to all the nodes on which you want to run the Calico CLI commands.#!/bin/sh export ETCD_CERT_FILE=/etc/cfc/conf/etcd/client.pem export ETCD_CA_CERT_FILE=/etc/cfc/conf/etcd/ca.pem export ETCD_KEY_FILE=/etc/cfc/conf/etcd/client-key.pem export ETCD_ENDPOINTS=https://<cluster_CA_domain>:4001
For more information about configuring calicoctl with etcdv3 datastore, see https://docs.projectcalico.org/v3.1/usage/calicoctl/configure/etcd .
-
-
Use the Calico command line. To get started with the Calico command line, see https://docs.projectcalico.org/v3.1/reference/calicoctl/commands/ .