# calicoctl --help
Usage:
calicoctl [options] <command> [<args>...]
create Create a resource by filename or stdin.
// 从标准输入或者文件创建资源
replace Replace a resource by filename or stdin.
// 从标准输入或者文件更新资源
apply Apply a resource by filename or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
// 从标准输入或者文件应用资源,如果资源存在则更新「Replace」,不在则创建 「Create」
delete Delete a resource identified by file, stdin or resource type and
name.
// 从文件、标准输出或者资源类型和名字删除资源
get Get a resource identified by file, stdin or resource type and
name.
// 通过文件、标准输入或者资源类型和名字获取定义的资源
config Manage system-wide and low-level node configuration options.
// 管理系统层和较低级别的节点配置选项
ipam IP address management.
// IP 地址管理
node Calico node management.
// Calico 节点管理
version Display the version of calicoctl.
// 显示 calicoctl 版本
Options:
-h --help Show this screen.
-l --log-level=<level> Set the log level (one of panic, fatal, error,
warn, info, debug) [default: panic]
// 设置日志级别
create
# calicoctl create --help
Set the Calico datastore access information in the environment variables or
or supply details in a config file.
Usage:
calicoctl create --filename=<FILENAME> [--skip-exists] [--config=<CONFIG>]
Examples:
# Create a policy using the data in policy.yaml.
# 通过 yaml 文件创建对应资源
calicoctl create -f ./policy.yaml
# Create a policy based on the JSON passed into stdin.
# 通过传递 json 内容到标准输出创建对应资源
cat policy.json | calicoctl create -f -
Options:
-h --help Show this screen.
-f --filename=<FILENAME> Filename to use to create the resource. If set to
"-" loads from stdin.
--skip-exists Skip over and treat as successful any attempts to
create an entry that already exists.
-c --config=<CONFIG> Path to the file containing connection
configuration in YAML or JSON format.
[default: /etc/calico/calicoctl.cfg]
... ...
Valid resource types are:
* node
* bgpPeer
* hostEndpoint
* workloadEndpoint
* ipPool
* policy
* profile
... ...
v3.0 中新增了 -n --namespace=<NS> 选项
replace
使用选项同 create,replace 用于更新,如果资源对象不存在则抛错。
apply
使用选项同 create,apply 执行时如果资源不存在则创建该资源对象,如果存在则更新。
delete
# calicoctl delete --help
Set the Calico datastore access information in the environment variables or
or supply details in a config file.
Usage:
calicoctl delete ([--scope=<SCOPE>] [--node=<NODE>] [--orchestrator=<ORCH>]
[--workload=<WORKLOAD>] (<KIND> [<NAME>]) |
--filename=<FILE>)
[--skip-not-exists] [--config=<CONFIG>]
Examples:
# Delete a policy using the type and name specified in policy.yaml.
calicoctl delete -f ./policy.yaml
# Delete a policy based on the type and name in the YAML passed into stdin.
cat policy.yaml | calicoctl delete -f -
# Delete policy with name "foo"
calicoctl delete policy foo
Options:
-h --help Show this screen.
-s --skip-not-exists Skip over and treat as successful, resources that
don't exist.
-f --filename=<FILENAME> Filename to use to delete the resource. If set to
"-" loads from stdin.
-n --node=<NODE> The node (this may be the hostname of the compute
server if your installation does not explicitly set
the names of each Calico node).
--orchestrator=<ORCH> The orchestrator (valid for workload endpoints).
--workload=<WORKLOAD> The workload (valid for workload endpoints).
--scope=<SCOPE> The scope of the resource type. One of global,
node. This is only valid for BGP peers and is used
to indicate whether the peer is a global peer or
node-specific.
-c --config=<CONFIG> Path to the file containing connection
configuration in YAML or JSON format.
[default: /etc/calico/calicoctl.cfg]
... ...
Valid resource types are:
* node
* bgpPeer
* hostEndpoint
* workloadEndpoint
* ipPool
* policy
* profile
... ...
get
# List all policy in default output format.
calicoctl get policy
# List a specific policy in YAML format
calicoctl get -o yaml policy my-policy-1
ETCD_ENDPOINTS=http://172.16.0.10:2379 calicoctl get bgppeers
config
# calicoctl config --help
Set the Calico datastore access information in the environment variables or
or supply details in a config file.
Usage:
calicoctl config set <NAME> <VALUE> [--node=<NODE>]
[--raw=(bgp|felix)]
[--config=<CONFIG>]
calicoctl config unset <NAME> [--node=<NODE>]
[--raw=(bgp|felix)]
[--config=<CONFIG>]
calicoctl config get <NAME> [--node=<NODE>]
[--raw=(bgp|felix)]
[--config=<CONFIG>]
Examples:
# Turn off the full BGP node-to-node mesh
calicoctl config set nodeToNodeMesh off
# Set global log level to warning
calicoctl config set logLevel warning
# Set log level to info for node "node1"
calicoctl config set logLevel info --node=node1
# Display the current setting for the nodeToNodeMesh
calicoctl config get nodeToNodeMesh
Options:
-n --node=<NODE> The node name.
--raw=(bgp|felix) Apply raw configuration for the specified component.
This option should be used with care; the data is not
validated and it is possible to configure or remove
data that may prevent the component from working as
expected.
-c --config=<CONFIG> Path to the file containing connection configuration in
YAML or JSON format.
[default: /etc/calico/calicoctl.cfg]
... ...
Name | Scope | Value |
-----------------+-------------+----------------------------------------+
logLevel | global,node | none,debug,info,warning,error,critical |
nodeToNodeMesh | global | on,off |
asNumber | global | 0-4294967295 |
ipip | global | on,off |
# calicoctl config get nodeToNodeMesh // 获取当前 nodeToNodeMesh 值,显示为 on
on
# calicoctl config set nodeToNodeMesh off // 关闭 nodeToNodeMesh
ipam
Usage:
calicoctl ipam <command> [<args>...]
release Release a Calico assigned IP address.
show Show details of a Calico assigned IP address.
Options:
-h --help Show this screen.
Description:
IP Address Management specific commands for calicoctl.
See 'calicoctl ipam <command> --help' to read about a specific subcommand.
目前 calicoctl ipam 的地址管理相对 v2.0 以下的版本,功能还是比较弱的,有 release 和 show 两个命令。
calico ipam release 用于从 Calico 清除未被正常回收的地址
$ calicoctl ipam release --ip=192.168.1.2
calico ipam show 用于获取指定 ip 地址使用情况
# IP is not assigned to an endpoint
$ calicoctl ipam show --ip=192.168.1.2
IP 192.168.1.2 is not currently assigned
# Basic Docker container has the assigned IP
# 表明该 IP 地址已绑定 Docker 容器
$ calicoctl ipam show --ip=192.168.1.1
No attributes defined for 192.168.1.1
node
Usage:
calicoctl node <command> [<args>...]
status View the current status of a Calico node.
// 获取 Calico 节点当前状态
diags Gather a diagnostics bundle for a Calico node.
// 收集节点诊断信息
checksystem Verify the compute host is able to run a Calico node instance.
// 验证系统环境是否可以运行 Calico 节点实例
Options:
-h --help Show this screen.
Description:
Node specific commands for calicoctl. These commands must be run directly on
the compute host running the Calico node instance.
See 'calicoctl node <command> --help' to read about a specific subcommand.
# calicoctl node --help
Set the Calico datastore access information in the environment variables or
or supply details in a config file.
Usage:
calicoctl node <command> [<args>...]
run Run the Calico node container image.
// 运行节点容器镜像
status View the current status of a Calico node.
// 获取 Calico 节点当前状态
diags Gather a diagnostics bundle for a Calico node.
// 收集节点诊断信息
checksystem Verify the compute host is able to run a Calico node instance.
// 验证系统环境是否可以运行 Calico 节点实例
Options:
-h --help Show this screen.
Description:
Node specific commands for calicoctl. These commands must be run directly on
the compute host running the Calico node instance.
See 'calicoctl node <command> --help' to read about a specific subcommand.
获取 Calico 节点状态信息:
$ sudo calicoctl node status
Calico process is running.
IPv4 BGP status
+--------------+-------------------+-------+----------+-------------+
| PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO |
+--------------+-------------------+-------+----------+-------------+
| 172.17.8.102 | node-to-node mesh | up | 23:30:04 | Established |
+--------------+-------------------+-------+----------+-------------+
IPv6 BGP status
No IPv6 peers found.
calicoctl node run calico 节点启动参数选项:
Usage:
calicoctl node run [--ip=<IP>] [--ip6=<IP6>] [--as=<AS_NUM>]
[--name=<NAME>]
[--ip-autodetection-method=<IP_AUTODETECTION_METHOD>]
[--ip6-autodetection-method=<IP6_AUTODETECTION_METHOD>]
[--log-dir=<LOG_DIR>]
[--node-image=<DOCKER_IMAGE_NAME>]
[--backend=(bird|gobgp|none)]
[--config=<CONFIG>]
[--no-default-ippools]
[--dryrun]
[--init-system]
[--disable-docker-networking]
[--docker-networking-ifprefix=<IFPREFIX>]
[--use-docker-networking-container-labels]
Options:
-h --help Show this screen.
--name=<NAME> The name of the Calico node. If this is not
supplied it defaults to the host name.
// 指定 Calico 节点名,如果没有指定则默认主机名
--as=<AS_NUM> Set the AS number for this node. If omitted, it
will use the value configured on the node resource.
If there is no configured value and --as option is
omitted, the node will inherit the global AS number
(see 'calicoctl config' for details).
// 设置当前节点的 AS number,如果未指定,默认使用全局 As number
--ip=<IP> Set the local IPv4 routing address for this node.
If omitted, it will use the value configured on the
node resource. If there is no configured value
and the --ip option is omitted, the node will
attempt to autodetect an IP address to use. Use a
value of 'autodetect' to always force autodetection
of the IP each time the node starts.
// 设置当前节点本地 IPv4 路由地址,如果未指定,
// 则使用节点资源配置的值,如果也未配置,则自动探测使用地址
--ip6=<IP6> Set the local IPv6 routing address for this node.
If omitted, it will use the value configured on the
node resource. If there is no configured value
and the --ip6 option is omitted, the node will not
route IPv6.
// 设置当前节点本地 IPv6 路由地址,如果未指定,
// 则使用节点资源配置的值,如果也未配置,则不会路由 IPv6
... ...
--log-dir=<LOG_DIR> The directory containing Calico logs.
[default: /var/log/calico]
// 指定 Calico 日志存储目录,默认为 /var/log/calico
--node-image=<DOCKER_IMAGE_NAME>
Docker image to use for Calico's per-node container.
[default: calico/node:%s]
// 指定节点镜像
--backend=(bird|gobgp|none)
Specify which networking backend to use. When set
to "none", Calico node runs in policy only mode.
The option to run with gobgp is currently
experimental.
[default: bird]
// 指定网络存储类型,gobgp 当前处于实验性阶段,默认使用 bird
--dryrun Output the appropriate command, without starting the
container.
// 只输出执行命令信息,而不启动容器
--init-system Run the appropriate command to use with an init
system.
// 使用 init system 运行命令
--no-default-ippools Do not create default pools upon startup.
Default IP pools will be created if this is not set
and there are no pre-existing Calico IP pools.
// 启动不创建默认的 IP 池
--disable-docker-networking
Disable Docker networking.
// 停用容器网络
--docker-networking-ifprefix=<IFPREFIX>
Interface prefix to use for the network interface
within the Docker containers that have been networked
by the Calico driver.
[default: cali]
// docker 容器接口前缀,默认 cali
... ...
-c --config=<CONFIG> Path to the file containing connection
configuration in YAML or JSON format.
[default: /etc/calico/calicoctl.cfg]
// 配置文件路径,默认 /etc/calico/calicoctl.cfg
ipip:ipip tunneling configuration for this pool. If not specified, ipip tunneling is disabled for this pool. 在公有云平台跨主机通信需要添加这一选项
nat-outgoing:When enabled, packets sent from calico networked containers in this pool to destinations outside of this pool will be masqueraded。简单说,使得容器可以访问外网