Calico for containers
Calico provides a highly scalable networking solution for connecting data
center workloads (containers, VMs, or bare metal). It is based on the same
scalable IP networking principles as the internet: providing connectivity using
a pure Layer 3 approach. Calico can be deployed without encapsulation or
overlays to provide high performance at massive scales.
Read more about it on the Project Calico website.
When using Calico networking in containerized environments, each container
gets its own IP and fine grain security policy. A
calico-node service runs
on each node which handles all of the necessary IP routing, installation of
policy rules, and distribution of routes across the cluster of nodes.
This repository contains:
calico-nodecontainer Dockerfile and build environment. It contains
the configuration and "glue" that pull together four separate processes to
provide Calico networking:
- Felix, the Calico worker process
- BIRD, the route distribution process
(there are separate processes for IPv4 and IPv6)
- Confd, a templating process to auto-generate configuration for BIRD
- A command line tool,
calicoctl, which makes it easy to configure
and start the Calico service listed above, and allows you to interact with
the datastore (etcd) to define and apply rich security policy to the
containers you create.
- Documentation and getting started tutorials for various different deployment
- Build, test and release frameworks.
Development is very active at the moment so please Star this project and check
We welcome questions/comments/feedback (and pull requests).
- Announcement Mailing List
- Technical Mailing List
- Slack Calico Users Channel
- IRC - #calico
- For issues related to Calico in a containerized environment, please
raise issues on
To get started using Calico, we recommend running through one or more of the
available tutorials linked below.
These tutorials will help you understand the different environment options when
using Calico. In most cases we provide worked examples using manual setup on
your own servers, a quick set-up in a virtualized environment using Vagrant and
a number of cloud services.
- Calico as a Docker network plugin
- Calico without Docker networking
- Calico with rkt
- Calico with Kubernetes
- Calico with Mesos
- Calico with Docker Swarm
You can read more about Calico networking in a containerized environment in
the material listed below.
- Learn how to configure Calico features in a deployment
calicoctlReference Guide explains how the
calicoctlcommand line tool can be used to manage your Calico cluster
- Logging describes how to set logging
levels and choose where Calico logs should be stored
- Advanced Network Policy describes how
to configure security policy between Calico endpoints and other networks
- BGP Configuration explains how to manage the BGP peering
for integration of a Calico cluster in your network
- External Connectivity describes how to
configure external connectivity for hosts on their own Layer 2 segment
- Running Calico Node Containers as Services
describes how to run the
as system processes or services. This guide includes example config for
- Learn how Calico works under the covers
- Learn how to get involved with Calico builds and lower level integrations
- FAQ and Troubleshooting
If you are interested in contributing, please review our contributing guidelines.