Public | Automated Build

Last pushed: 3 years ago
Short Description
Short description is empty for this repo.
Full Description

Calico on Docker

Calico can provide networking in a Docker environment. Each container gets its own IP, there is no encapsulation and it can support massive scale. For more information on Project Calico see

Development is very active at the moment so please Star this project and check back often.

We welcome questions/comment/feedback (and pull requests).

Getting started

To get started follow the instruction here Getting Started. They set up two CoreOS servers using Vagrant, and run Calico components in containers to provide networking between other guest containers.

To build your own binaries, read Building Binaries.

Orchestrator integration

For a lower level integration see Orchestrators.

What it covers

  • The Calico components run in Docker containers.
  • Calico provides network connectivity with security policy enforcement for other Docker containers.
  • IP-networked Docker containers available via docker run or the standard Docker API. We use the excellent Powerstrip project to make this seamless.
  • Alongside the core services, we provide a simple commandline tool calicoctl for managing Calico.

How does it work?

Calico connects datacenter workloads (containers, VMs, or bare metal) via IP no matter which compute host they are on. Read about it on the Project Calico website. Endpoints are network interfaces associated with workloads.

Project Calico uses etcd to distribute information about workloads, endpoints, and policy to each Docker host.

The calico-node service is a worker that configures the network endpoints for containers, handles IP routing, and installs policy rules. It comprises

  • Felix, the Calico worker process
  • BIRD, the routing process
  • a Powerstrip adapter to set up networking when Docker containers are created.

We provide a command line tool, calicoctl, which makes it easy to configure and start the Calico services listed above, and allows you to interact with the etcd datastore to define and apply network and security policy to the containers you create.

Override the host:port of the ETCD server by setting the environment variable

  calicoctl node --ip=<IP> [--node-image=<DOCKER_IMAGE_NAME>] [--ip6=<IP6>]
  calicoctl node stop [--force]
  calicoctl status
  calicoctl shownodes [--detailed]
  calicoctl profile show [--detailed]
  calicoctl profile (add|remove) <PROFILE>
  calicoctl profile <PROFILE> tag show
  calicoctl profile <PROFILE> tag (add|remove) <TAG>
  calicoctl profile <PROFILE> rule show
  calicoctl profile <PROFILE> rule json
  calicoctl profile <PROFILE> rule update
  calicoctl profile <PROFILE> member add <CONTAINER>
  calicoctl pool (add|remove) <CIDR>
  calicoctl pool show [--ipv4 | --ipv6]
  calicoctl bgppeer rr (add|remove) <IP>
  calicoctl bgppeer rr show [--ipv4 | --ipv6]
  calicoctl container <CONTAINER> ip (add|remove) <IP> [--interface=<INTERFACE>]
  calicoctl container add <CONTAINER> <IP> [--interface=<INTERFACE>]
  calicoctl container remove <CONTAINER> [--force]
  calicoctl reset
  calicoctl diags
  calicoctl checksystem [--fix]
  calicoctl restart-docker-with-alternative-unix-socket
  calicoctl restart-docker-without-alternative-unix-socket

 --interface=<INTERFACE>  The name to give to the interface in the container
                          [default: eth1]
 --ip=<IP>                The local management address to use.
 --ip6=<IP6>              The local IPv6 management address to use.
 --node-image=<DOCKER_IMAGE_NAME>    Docker image to use for
                          Calico's per-node container
                          [default: calico/node:latest]
 --ipv4                   Show IPv4 information only.
 --ipv6                   Show IPv6 information only.

Can a guest container have multiple networked IP addresses?

Yes, using the calicoctl container <CONTAINER> ip (add|remove) <IP> command.

Docker Pull Command
Source Repository