Skip to main content
Version: 3.27 (latest)

calicoctl user reference

The command line tool, calicoctl, makes it easy to manage Calico network and security policy, as well as other Calico configurations.

The full list of resources that can be managed, including a description of each, is described in the Resource definitions section.

note

This section provides full reference information for calicoctl. To learn how to install and configure calicoctl, refer to Installing calicoctl.

The calicoctl command line interface provides a number of resource management commands to allow you to create, modify, delete, and view the different Calico resources. This section is a command line reference for calicoctl, organized based on the command hierarchy.

Top level help

Run calicoctl --help to display the following help menu for the top level calicoctl commands.

Usage:
calicoctl [options] <command> [<args>...]

create Create a resource by file, directory or stdin.
replace Replace a resource by file, directory or stdin.
apply Apply a resource by file, directory or stdin. This creates a resource
if it does not exist, and replaces a resource if it does exists.
patch Patch a pre-existing resource in place.
delete Delete a resource identified by file, directory, stdin or resource type and
name.
get Get a resource identified by file, directory, stdin or resource type and
name.
label Add or update labels of resources.
convert Convert config files between different API versions.
ipam IP address management.
node Calico node management.
version Display the version of calicoctl.

Options:
-h --help Show this screen.
-l --log-level=<level> Set the log level (one of panic, fatal, error,
warn, info, debug) [default: panic]
--context=<context> The name of the kubeconfig context to use.
--allow-version-mismatch Allow client and cluster versions mismatch.

Description:
The calicoctl command line tool is used to manage Calico network and security
policy, to view and manage endpoint configuration, and to manage a Calico
node instance.

See 'calicoctl <command> --help' to read about a specific subcommand.
note

In a multi cluster environment if you have a kubeconfig file with multiple cluster contexts it is possible to directly change the context using calicoctl --context argument.

note

The versions for Calico and calicoctl should be the same and calls to calicoctl will fail if the versions do not match. If needed, this can be overridden by using the --allow-version-mismatch argument.

Top level command line options

Details on the calicoctl commands are described in the documents linked below organized by top level command.

Modifying low-level component configurations

To update low-level Felix or BGP settings (FelixConfiguration and BGPConfiguration resource types):

  1. Get the appropriate resource and store the yaml output in a file using calicoctl get <resource type> <resource name> -o yaml --export > config.yaml.
  2. Modify the saved resource file.
  3. Update the resource using apply or replace command: calicoctl replace -f config.yaml.

See Configuring Felix for more details.

Supported resource definition aliases

The following table lists supported aliases for Calico resources when using calicoctl. Note that all aliases are case insensitive.

Resource definitionSupported calicoctl aliases
BGP configurationbgpconfig, bgpconfigurations, bgpconfigs
BGP peerbgppeer, bgppeers, bgpp, bgpps, bp, bps
Felix configurationfelixconfiguration, felixconfig, felixconfigurations, felixconfigs
Global network policyglobalnetworkpolicy, globalnetworkpolicies, gnp, gnps
Global network setglobalnetworkset, globalnetworksets
Host endpointhostendpoint, hostendpoints, hep, heps
IP poolippool, ippools, ipp, ipps, pool, pools
IP reservationipreservation, ipreservations, reservation, reservations
Kubernetes controllers configurationkubecontrollersconfiguration, kubecontrollersconfig
Network policynetworkpolicy, networkpolicies, policy, np, policies, pol, pols
Nodenode, nodes, no, nos
Profilesprofile, profiles, pro, pros
Workload endpointworkloadendpoint, workloadendpoints, wep, weps