calicoctl node run

This sections describes the calicoctl node run command.

Read the calicoctl Overview for a full list of calicoctl commands.

Displaying the help text for ‘calicoctl node run’ command

Run calicoctl node run --help to display the following help menu for the command.

  1. Usage:
  2. calicoctl node run [--ip=<IP>] [--ip6=<IP6>] [--as=<AS_NUM>]
  3. [--name=<NAME>]
  4. [--ip-autodetection-method=<IP_AUTODETECTION_METHOD>]
  5. [--ip6-autodetection-method=<IP6_AUTODETECTION_METHOD>]
  6. [--log-dir=<LOG_DIR>]
  7. [--node-image=<DOCKER_IMAGE_NAME>]
  8. [--backend=(bird|none)]
  9. [--config=<CONFIG>]
  10. [--felix-config=<CONFIG>]
  11. [--no-default-ippools]
  12. [--dryrun]
  13. [--init-system]
  14. [--disable-docker-networking]
  15. [--docker-networking-ifprefix=<IFPREFIX>]
  16. [--use-docker-networking-container-labels]
  17. Options:
  18. -h --help Show this screen.
  19. --name=<NAME> The name of the Calico node. If this is not
  20. supplied it defaults to the host name.
  21. --as=<AS_NUM> Set the AS number for this node. If omitted, it
  22. will use the value configured on the node resource.
  23. If there is no configured value and --as option is
  24. omitted, the node will inherit the global AS number
  25. (see 'calicoctl config' for details).
  26. --ip=<IP> Set the local IPv4 routing address for this node.
  27. If omitted, it will use the value configured on the
  28. node resource. If there is no configured value
  29. and the --ip option is omitted, the node will
  30. attempt to autodetect an IP address to use. Use a
  31. value of 'autodetect' to always force autodetection
  32. of the IP each time the node starts.
  33. --ip6=<IP6> Set the local IPv6 routing address for this node.
  34. If omitted, it will use the value configured on the
  35. node resource. If there is no configured value
  36. and the --ip6 option is omitted, the node will not
  37. route IPv6. Use a value of 'autodetect' to force
  38. autodetection of the IP each time the node starts.
  39. --ip-autodetection-method=<IP_AUTODETECTION_METHOD>
  40. Specify the autodetection method for detecting the
  41. local IPv4 routing address for this node. The valid
  42. options are:
  43. > first-found
  44. Use the first valid IP address on the first
  45. enumerated interface (common known exceptions are
  46. filtered out, e.g. the docker bridge). It is not
  47. recommended to use this if you have multiple
  48. external interfaces on your host.
  49. > can-reach=<IP OR DOMAINNAME>
  50. Use the interface determined by your host routing
  51. tables that will be used to reach the supplied
  52. destination IP or domain name.
  53. > interface=<IFACE NAME REGEX LIST>
  54. Use the first valid IP address found on interfaces
  55. named as per the first matching supplied interface
  56. name regex. Regexes are separated by commas
  57. (e.g. eth.*,enp0s.*).
  58. > skip-interface=<IFACE NAME REGEX LIST>
  59. Use the first valid IP address on the first
  60. enumerated interface (same logic as first-found
  61. above) that does NOT match with any of the
  62. specified interface name regexes. Regexes are
  63. separated by commas (e.g. eth.*,enp0s.*).
  64. [default: first-found]
  65. --ip6-autodetection-method=<IP6_AUTODETECTION_METHOD>
  66. Specify the autodetection method for detecting the
  67. local IPv6 routing address for this node. See
  68. ip-autodetection-method flag for valid options.
  69. [default: first-found]
  70. --log-dir=<LOG_DIR> The directory containing Calico logs.
  71. [default: /var/log/calico]
  72. --node-image=<DOCKER_IMAGE_NAME>
  73. Docker image to use for Calico's per-node container.
  74. [default: calico/node:latest]
  75. --backend=(bird|none)
  76. Specify which networking backend to use. When set
  77. to "none", Calico node runs in policy only mode.
  78. [default: bird]
  79. --dryrun Output the appropriate command, without starting the
  80. container.
  81. --init-system Run the appropriate command to use with an init
  82. system.
  83. --no-default-ippools Do not create default pools upon startup.
  84. Default IP pools will be created if this is not set
  85. and there are no pre-existing Calico IP pools.
  86. --disable-docker-networking
  87. Disable Docker networking.
  88. --docker-networking-ifprefix=<IFPREFIX>
  89. Interface prefix to use for the network interface
  90. within the Docker containers that have been networked
  91. by the Calico driver.
  92. [default: cali]
  93. --use-docker-networking-container-labels
  94. Extract the Calico-namespaced Docker container labels
  95. (org.projectcalico.label.*) and apply them to the
  96. container endpoints for use with Calico policy.
  97. This option is only valid when using Calico Docker
  98. networking, and when enabled traffic must be
  99. explicitly allowed by configuring Calico policies.
  100. -c --config=<CONFIG> Path to the file containing connection
  101. configuration in YAML or JSON format.
  102. [default: /etc/calico/calicoctl.cfg]
  103. --felix-config=<CONFIG>
  104. Path to the file containing Felix
  105. configuration in YAML or JSON format.
  106. Description:
  107. This command is used to start a calico/node container instance which provides
  108. Calico networking and network policy on your compute host.

Kubernetes as the datastore

When Calico is configured to use the Kubernetes API as the datastore, BGP routing is currently not supported. Many of the command line options related to BGP routing will have no effect. These include:

  • --ip, --ip6, --ip-autodetection-method, --ip6-autodetection-method
  • --as
  • --backend

Examples

Start the calico/node with a pre-configured IPv4 address for BGP.

  1. sudo calicoctl node run

An example response follows.

  1. Running command to load modules: modprobe -a xt_set ip6_tables
  2. Enabling IPv4 forwarding
  3. Enabling IPv6 forwarding
  4. Increasing conntrack limit
  5. Running the following command:
  6. docker run --net=host --privileged --name=calico-node -d --restart=always -e ETCD_SCHEME=http -e HOSTNAME=calico -e ETCD_AUTHORITY=127.0.0.1:2379 -e AS= -e NO_DEFAULT_POOLS= -e ETCD_ENDPOINTS= -e IP= -e IP6= -e CALICO_NETWORKING_BACKEND=bird -v /var/run/docker.sock:/var/run/docker.sock -v /var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v /var/log/calico:/var/log/calico -v /run/docker/plugins:/run/docker/plugins calico/node:v3.24.5
  7. Waiting for etcd connection...
  8. Using configured IPv4 address: 192.0.2.0
  9. No IPv6 address configured
  10. Using global AS number
  11. WARNING: Could not confirm that the provided IPv4 address is assigned to this host.
  12. Calico node name: calico
  13. Calico node started successfully

IP Autodetection method examples

The node resource includes IPv4 and IPv6 routing IP addresses that should match those on one of the host interfaces. These IP addresses may be configured in advance by configuring the node resource prior to starting the calico/node service, alternatively, the addresses may either be explicitly specified or autodetected through options on the calicoctl run command.

There are different autodetection methods available and you should use the one best suited to your deployment. If you are able to explicitly specify the IP addresses, that is always preferred over autodetection. This section describes the available methods for autodetecting the hosts IP addresses.

An IPv4 address is always required, and so if no address was previously configured in the node resource, and no address was specified on the CLI, then we will attempt to autodetect an IPv4 address. An IPv6 address, however, will only be autodetected when explicitly requested.

To force autodetection of an IPv4 address, use the option --ip=autodetect. To force autodetection of an IPv6 address, use the option --ip6=autodetect.

To set the autodetection method for IPv4, use the --ip-autodetection-method option. To set the autodetection method for IPv6, use the --ip6-autodetection-method option.

calicoctl node run - 图1note

If you are starting the calico/node container directly (and not using the calicoctl run helper command), the options are passed in environment variables. These are described in Configuring calico/node.

first-found

The first-found option enumerates all interface IP addresses and returns the first valid IP address (based on IP version and type of address) on the first valid interface. Certain known “local” interfaces are omitted, such as the docker bridge. The order that both the interfaces and the IP addresses are listed is system dependent.

This is the default detection method. However, since this method only makes a very simplified guess, it is recommended to either configure the node with a specific IP address, or to use one of the other detection methods.

An example with first-found auto detection method explicitly specified follows

  1. sudo calicoctl node run --ip autodetect --ip-autodetection-method first-found

can-reach=DESTINATION

The can-reach method uses your local routing to determine which IP address will be used to reach the supplied destination. Both IP addresses and domain names may be used.

An example with IP detection using a can-reach IP address:

  1. sudo calicoctl node run --ip autodetect --ip-autodetection-method can-reach=8.8.8.8

An example with IP detection using a can-reach domain name:

  1. sudo calicoctl node run --ip autodetect --ip-autodetection-method can-reach=www.google.com

interface=INTERFACE-REGEX,INTERFACE-REGEX,…

The interface method uses the supplied interface regular expressions (golang syntax) to enumerate matching interfaces and to return the first IP address on the first interface that matches any of the interface regexes provided. The order that both the interfaces and the IP addresses are listed is system dependent.

Example with IP detection on interface eth0:

  1. sudo calicoctl node run --ip autodetect --ip-autodetection-method interface=eth0

Example with IP detection on interfaces eth0, eth1, eth2 etc.:

  1. sudo calicoctl node run --ip autodetect --ip-autodetection-method interface=eth.*

An example with IP detection on interfaces eth0, eth1, eth2 etc. and wlp2s0:

  1. sudo calicoctl node run --ip-autodetect --ip-autodetection-method interface=eth.*,wlp2s0

skip-interface=INTERFACE-REGEX,INTERFACE-REGEX,…

The skip-interface method uses the supplied interface regular expressions (golang syntax) to enumerate all interface IP addresses and returns the first valid IP address (based on IP version and type of address) that does not match the listed regular expressions. Like the first-found option, it also skips by default certain known “local” interfaces such as the docker bridge. The order that both the interfaces and the IP addresses are listed is system dependent.

This method has the ability to take in multiple regular expressions separated by ,. Specifying only one regular expression for interfaces to skip will also work and a terminating , character does not need to be specified for those cases.

Options

  1. --name=<NAME> The name of the Calico node. If this is not
  2. supplied it defaults to the host name.
  3. --as=<AS_NUM> Set the AS number for this node. If omitted, it
  4. will use the value configured on the node resource.
  5. If there is no configured value and --as option is
  6. omitted, the node will inherit the global AS number
  7. (see 'calicoctl config' for details).
  8. --ip=<IP> Set the local IPv4 routing address for this node.
  9. If omitted, it will use the value configured on the
  10. node resource. If there is no configured value
  11. and the --ip option is omitted, the node will
  12. attempt to autodetect an IP address to use. Use a
  13. value of 'autodetect' to always force autodetection
  14. of the IP each time the node starts.
  15. --ip6=<IP6> Set the local IPv6 routing address for this node.
  16. If omitted, it will use the value configured on the
  17. node resource. If there is no configured value
  18. and the --ip6 option is omitted, the node will not
  19. route IPv6. Use a value of 'autodetect' to force
  20. autodetection of the IP each time the node starts.
  21. --ip-autodetection-method=<IP_AUTODETECTION_METHOD>
  22. Specify the autodetection method for detecting the
  23. local IPv4 routing address for this node. The valid
  24. options are:
  25. > first-found
  26. Use the first valid IP address on the first
  27. enumerated interface (common known exceptions are
  28. filtered out, e.g. the docker bridge). It is not
  29. recommended to use this if you have multiple
  30. external interfaces on your host.
  31. > can-reach=<IP OR DOMAINNAME>
  32. Use the interface determined by your host routing
  33. tables that will be used to reach the supplied
  34. destination IP or domain name.
  35. > interface=<IFACE NAME REGEX LIST>
  36. Use the first valid IP address found on interfaces
  37. named as per the first matching supplied interface
  38. name regex. Regexes are separated by commas
  39. (e.g. eth.*,enp0s.*).
  40. > skip-interface=<IFACE NAME REGEX LIST>
  41. Use the first valid IP address on the first
  42. enumerated interface (same logic as first-found
  43. above) that does NOT match with any of the
  44. specified interface name regexes. Regexes are
  45. separated by commas (e.g. eth.*,enp0s.*).
  46. [default: first-found]
  47. --ip6-autodetection-method=<IP6_AUTODETECTION_METHOD>
  48. Specify the autodetection method for detecting the
  49. local IPv6 routing address for this node. See
  50. ip-autodetection-method flag for valid options.
  51. [default: first-found]
  52. --log-dir=<LOG_DIR> The directory containing Calico logs.
  53. [default: /var/log/calico]
  54. --node-image=<DOCKER_IMAGE_NAME>
  55. Docker image to use for Calico's per-node container.
  56. [default: calico/node:latest]
  57. --backend=(bird|none)
  58. Specify which networking backend to use. When set
  59. to "none", Calico node runs in policy only mode.
  60. [default: bird]
  61. --dryrun Output the appropriate command, without starting the
  62. container.
  63. --init-system Run the appropriate command to use with an init
  64. system.
  65. --no-default-ippools Do not create default pools upon startup.
  66. Default IP pools will be created if this is not set
  67. and there are no pre-existing Calico IP pools.
  68. --disable-docker-networking
  69. Disable Docker networking.
  70. --docker-networking-ifprefix=<IFPREFIX>
  71. Interface prefix to use for the network interface
  72. within the Docker containers that have been networked
  73. by the Calico driver.
  74. [default: cali]
  75. --use-docker-networking-container-labels
  76. Extract the Calico-namespaced Docker container labels
  77. (org.projectcalico.label.*) and apply them to the
  78. container endpoints for use with Calico policy.
  79. This option is only valid when using Calico Docker
  80. networking, and when enabled traffic must be
  81. explicitly allowed by configuring Calico policies.

General options

  1. -c --config=<CONFIG> Path to the file containing connection
  2. configuration in YAML or JSON format.
  3. [default: /etc/calico/calicoctl.cfg]

See also