Binary install without package manager

Big picture

Install Calico binary on non-cluster hosts without a package manager.

Value

Install Calico directly when a package manager isn’t available, or your provisioning system can easily handle copying binaries to hosts.

Before you begin…

  1. Ensure the Calico datastore is up and accessible from the host
  2. Ensure the host meets the minimum system requirements
  3. If you want to install Calico with networking (so that you can communicate with cluster workloads), you should choose the container install method
  4. Install kubectl (for Kubernetes datastore) or Install and configure calicoctl for etcd3 datastore.

How to

This guide covers installing Felix, the Calico daemon that handles network policy.

Step 1: Download and extract the binary

This step requires Docker, but it can be run from any machine with Docker installed. It doesn’t have to be the host you will run it on (i.e your laptop is fine).

  1. Use the following command to download the calico/node image.

    1. docker pull calico/node:v3.25.0
  2. Confirm that the image has loaded by typing docker images.

    1. REPOSITORY TAG IMAGE ID CREATED SIZE
    2. calico/node v3.25.0 e07d59b0eb8a 2 minutes ago 42MB
  3. Create a temporary calico/node container.

    1. docker create --name container calico/node:v3.25.0
  4. Copy the calico-node binary from the container to the local file system.

    1. docker cp container:/bin/calico-node calico-node
  5. Delete the temporary container.

    1. docker rm container
  6. Set the extracted binary file to be executable.

    1. chmod +x calico-node

Step 2: Copy the calico-node binary

Copy the binary from Step 1 to the target machine, using any means (scp, ftp, USB stick, etc.).

Step 3: Create environment file

Use the following guidelines and sample file to define the environment variables for starting Calico on the host. For more help, see the Felix configuration reference

  • Kubernetes datastore
  • etcd datastore
  • Either datastore

For a Kubernetes datastore (default) set the following:

VariableConfiguration guidance
FELIX_DATASTORETYPESet to kubernetes
KUBECONFIGPath to kubeconfig file to access the Kubernetes API Server

For an etcdv3 datastore set the following:

VariableConfiguration guidance
FELIX_DATASTORETYPESet to etcdv3
FELIX_ETCDENDPOINTSComma separated list of etcdv3 cluster URLs, e.g. https://calico-datastore.example.com:2379
FELIX_ETCDCAFILEPath to CA certificate to validate etcd’s server cert. Required if using TLS and not using a public CA.
FELIX_ETCDCERTFILE
FELIX_ETCDKEYFILE
Paths to certificate and keys used for client authentication to the etcd cluster, if enabled.

For either datastore set the following:

VariableConfiguration guidance
CALICO_NODENAMEIdentifies the node. If a value is not specified, the compute server hostname is used to identify the Calico node.
CALICO_IP or CALICO_IP6If values are not specified for both, Calico uses the currently-configured values for the next hop IP addresses for this node—these can be configured through the Node resource. If no next hop addresses are configured, Calico automatically determines an IPv4 next hop address by querying the host interfaces (and configures this value in the Node resource). You can set CALICO_IP to autodetect for force auto-detection of IP address every time the node starts. If you set IP addresses through these environment variables, it reconfigures any values currently set through the Node resource.
CALICO_ASIf not specified, Calico uses the currently configured value for the AS Number for the node BGP client—this can be configured through the Node resource. If the Node resource value is not set, Calico inherits the AS Number from the global default value. If you set a value through this environment variable, it reconfigures any value currently set through the Node resource.
NO_DEFAULT_POOLSSet to true to prevent Calico from creating a default pool if one does not exist. Pools are used for workload endpoints and not required for non-cluster hosts.
CALICO_NETWORKING_BACKENDThe networking backend to use. In bird mode, Calico will provide BGP networking using the BIRD BGP daemon; VXLAN networking can also be used. In vxlan mode, only VXLAN networking is provided; BIRD and BGP are disabled. If you want to run Calico for policy only, set to none.

Sample EnvironmentFile - save to /etc/calico/calico.env

  1. FELIX_DATASTORETYPE=etcdv3
  2. FELIX_ETCDENDPOINTS=https://calico-datastore.example.com:2379
  3. FELIX_ETCDCAFILE="/pki/ca.pem"
  4. FELIX_ETCDCERTFILE="/pki/client-cert.pem"
  5. FELIX_ETCDKEYFILE="/pki/client-key.pem"

Step 4: Create a start-up script

Felix should be started at boot by your init system and the init system must be configured to restart Felix if it stops. Felix relies on that behavior for certain configuration changes.

If your distribution uses systemd, then you could use the following unit file:

  1. [Unit]
  2. Description=Calico Felix agent
  3. After=syslog.target network.target
  4. [Service]
  5. User=root
  6. EnvironmentFile=/etc/calico/calico.env
  7. ExecStartPre=/usr/bin/mkdir -p /var/run/calico
  8. ExecStart=/usr/local/bin/calico-node -felix
  9. KillMode=process
  10. Restart=on-failure
  11. LimitNOFILE=32000
  12. [Install]
  13. WantedBy=multi-user.target

Once you’ve configured Felix, start it up via your init system.

  1. service calico-felix start

Step 5: Initialize the datastore

You should configure a node resource for each host running Felix. In this case, the database is initialized after creating the first node resource. For a deployment that does not include the Calico/BGP integration, the specification of a node resource just requires the name of the node; for most deployments this will be the same as the hostname.

  1. calicoctl create -f - <<EOF
  2. - apiVersion: projectcalico.org/v3
  3. kind: Node
  4. metadata:
  5. name: <node name or hostname>
  6. EOF

The Felix logs should transition from periodic notifications that Felix is in the state wait-for-ready to a stream of initialization messages.