calicoctl user reference


The command line tool, calicoctl, makes it easy to manage Calico network and security policy, as well as other Calico configurations.

The full list of resources that can be managed, including a description of each, is described in the Resource definitions section.

Note: This section provides full reference information for calicoctl. To learn how to install and configure calicoctl, refer to Installing calicoctl.

The calicoctl command line interface provides a number of resource management commands to allow you to create, modify, delete, and view the different Calico resources. This section is a command line reference for calicoctl, organized based on the command hierarchy.

Top level help

Run calicoctl --help to display the following help menu for the top level calicoctl commands.

  calicoctl [options] <command> [<args>...]

    create    Create a resource by file, directory or stdin.
    replace   Replace a resource by file, directory or stdin.
    apply     Apply a resource by file, directory or stdin.  This creates a resource
              if it does not exist, and replaces a resource if it does exists.
    patch     Patch a pre-exisiting resource in place.
    delete    Delete a resource identified by file, directory, stdin or resource type and
    get       Get a resource identified by file, directory, stdin or resource type and
    label     Add or update labels of resources.
    convert   Convert config files between different API versions.
    ipam      IP address management.
    node      Calico node management.
    version   Display the version of calicoctl.

  -h --help               Show this screen.
  -l --log-level=<level>  Set the log level (one of panic, fatal, error,
                          warn, info, debug) [default: panic]
  --context=<context>	    The name of the kubeconfig context to use.
  --allow-version-mismatch  Allow client and cluster versions mismatch.

  The calicoctl command line tool is used to manage Calico network and security
  policy, to view and manage endpoint configuration, and to manage a Calico
  node instance.

  See 'calicoctl <command> --help' to read about a specific subcommand.

Note: In a multi cluster environment if you have a kubeconfig file with multiple cluster contexts it is possible to directly change the context using calicoctl --context argument.

Note: The versions for Calico and calicoctl should be the same and calls to calicoctl will fail if the versions do not match. If needed, this can be overridden by using the --allow-version-mismatch argument.

Top level command line options

Details on the calicoctl commands are described in the documents linked below organized by top level command.

Modifying low-level component configurations

In order to update low-level Felix or BGP settings (FelixConfiguration and BGPConfiguration resource types):

  1. Get the appropriate resource and store the yaml output in a file using calicoctl get <resource type> <resource name> -o yaml --export > config.yaml.
  2. Modify the saved resource file.
  3. Update the resource using apply or replace command: calicoctl replace -f config.yaml.

See Configuring Felix for more details.

Supported resource definition aliases

The following table lists supported aliases for Calico resources when using calicoctl. Note that all aliases are case insensitive.

Resource definition Supported calicoctl aliases
BGP configuration bgpconfig, bgpconfigurations, bgpconfigs
BGP peer bgppeer, bgppeers, bgpp, bgpps, bp, bps
Felix configuration felixconfiguration, felixconfig, felixconfigurations, felixconfigs
Global network policy globalnetworkpolicy, globalnetworkpolicies, gnp, gnps
Global network set globalnetworkset, globalnetworksets
Host endpoint hostendpoint, hostendpoints, hep, heps
IP pool ippool, ippools, ipp, ipps, pool, pools
IP reservation ipreservation, ipreservations, reservation, reservations
Kubernetes controllers configuration kubecontrollersconfiguration, kubecontrollersconfig
Network policy networkpolicy, networkpolicies, policy, np, policies, pol, pols
Node node, nodes, no, nos
Profiles profile, profiles, pro, pros
Workload endpoint workloadendpoint, workloadendpoints, wep, weps