Binary install with package manager
Big picture
Install Calico on non-cluster hosts using a package manager.
Value
Packaged binaries of Calico are easy to consume and upgrade. This method automatically configures the init system to keep Felix running.
Before you begin…
- Ensure the Calico datastore is up and accessible from the host
- Ensure the host meets the minimum system requirements
- If your system is not an Ubuntu- or RedHat-derived system, you will need to choose a different install method.
- If you want to install Calico with networking (so that you can communicate with cluster workloads), you should choose the container install method
- Install
kubectl
(for Kubernetes datastore) or Install and configure calicoctl for etcd3 datastore.
How to
This guide covers installing Felix, the Calico daemon that handles network policy.
Step 1: Install binaries
PPA requires: Ubuntu 14.04 or 16.04
sudo add-apt-repository ppa:project-calico/calico-3.25
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install calico-felix
RPM requires: RedHat 7-derived distribution
cat > /etc/yum.repos.d/calico.repo <<EOF
[calico]
name=Calico Repository
baseurl=http://binaries.projectcalico.org/rpm/calico-3.25/
enabled=1
skip_if_unavailable=0
gpgcheck=1
gpgkey=http://binaries.projectcalico.org/rpm/calico-3.25/key
priority=97
EOF
yum install calico-felix
Until you initialize the database, Felix will make a regular log that it is in state “wait-for-ready”. The default location for the log file is /var/log/calico/felix.log
.
Step 2: Configure the datastore connection
Use the following guidelines and sample file to define the environment variables for starting Calico on the host. For more help, see the Felix configuration reference
- Kubernetes datastore
- etcd datastore
- Either datastore
For a Kubernetes datastore (default) set the following:
Variable | Configuration guidance |
---|---|
FELIX_DATASTORETYPE | Set to kubernetes |
KUBECONFIG | Path to kubeconfig file to access the Kubernetes API Server |
For an etcdv3 datastore set the following:
Variable | Configuration guidance |
---|---|
FELIX_DATASTORETYPE | Set to etcdv3 |
FELIX_ETCDENDPOINTS | Comma separated list of etcdv3 cluster URLs, e.g. https://calico-datastore.example.com:2379 |
FELIX_ETCDCAFILE | Path to CA certificate to validate etcd’s server cert. Required if using TLS and not using a public CA. |
FELIX_ETCDCERTFILE FELIX_ETCDKEYFILE | Paths to certificate and keys used for client authentication to the etcd cluster, if enabled. |
For either datastore set the following:
Variable | Configuration guidance |
---|---|
CALICO_NODENAME | Identifies the node. If a value is not specified, the compute server hostname is used to identify the Calico node. |
CALICO_IP or CALICO_IP6 | If values are not specified for both, Calico uses the currently-configured values for the next hop IP addresses for this node—these can be configured through the Node resource. If no next hop addresses are configured, Calico automatically determines an IPv4 next hop address by querying the host interfaces (and configures this value in the Node resource). You can set CALICO_IP to autodetect for force auto-detection of IP address every time the node starts. If you set IP addresses through these environment variables, it reconfigures any values currently set through the Node resource. |
CALICO_AS | If not specified, Calico uses the currently configured value for the AS Number for the node BGP client—this can be configured through the Node resource. If the Node resource value is not set, Calico inherits the AS Number from the global default value. If you set a value through this environment variable, it reconfigures any value currently set through the Node resource. |
NO_DEFAULT_POOLS | Set to true to prevent Calico from creating a default pool if one does not exist. Pools are used for workload endpoints and not required for non-cluster hosts. |
CALICO_NETWORKING_BACKEND | The networking backend to use. In bird mode, Calico will provide BGP networking using the BIRD BGP daemon; VXLAN networking can also be used. In vxlan mode, only VXLAN networking is provided; BIRD and BGP are disabled. If you want to run Calico for policy only, set to none . |
Sample EnvironmentFile
- save to /etc/calico/calico.env
FELIX_DATASTORETYPE=etcdv3
FELIX_ETCDENDPOINTS=https://calico-datastore.example.com:2379
FELIX_ETCDCAFILE="/pki/ca.pem"
FELIX_ETCDCERTFILE="/pki/client-cert.pem"
FELIX_ETCDKEYFILE="/pki/client-key.pem"
Modify the included init system unit to include the EnvironmentFile
. For example, on systemd, add the following line to the [Service]
section of the calico-felix
unit.
EnvironmentFile=/etc/calico/calico.env
Step 3: Initialize the datastore
You should configure a node
resource for each host running Felix. In this case, the database is initialized after creating the first node
resource. For a deployment that does not include the Calico/BGP integration, the specification of a node resource just requires the name of the node; for most deployments this will be the same as the hostname.
calicoctl create -f - <<EOF
- apiVersion: projectcalico.org/v3
kind: Node
metadata:
name: <node name or hostname>
EOF
The Felix logs should transition from periodic notifications that Felix is in the state wait-for-ready
to a stream of initialization messages.