/calicoctl

Docker version of Project Calico

Primary LanguagePythonApache License 2.0Apache-2.0

Build Status Circle CI Coverage Status Slack Status

Calico on Docker

As well as providing networking for OpenStack VMs, Calico can provide networking for containers in a Docker environment. Each container gets its own IP and fine grain security policy. In addition, Calico can be deployed without encapsulation or overlays to provide high performance at massive scales. For more information on Project Calico see http://www.projectcalico.org/learn/.

Development is very active at the moment so please Star this project and check back often.

We welcome questions/comments/feedback (and pull requests).

How does it work?

Calico provides a highly scalable networking solution for connecting data center workloads (containers, VMs, or bare metal). It is based on the same scalable IP networking principles as the internet, providing connectivity using standard IP routing and isolation between workloads (or other fine grained policy) using iptables programmed at the source and destination workloads.

Read more about it on the Project Calico website.

Project Calico uses etcd to distribute information about workloads, endpoints (a specific networking interface associated with a workload), and policy to each Docker host.

The calico-node service is a worker that configures the network endpoints for containers, handles IP routing, and installs policy rules. It runs in its own Docker container, and comprises

  • Felix, the Calico worker process
  • BIRD, the route distribution process

We provide a command line tool, calicoctl, which makes it easy to configure and start the Calico services listed above, and allows you to interact with the etcd datastore to define and apply network and security policy to the containers you create. Using calicoctl, you can provision Calico nodes, endpoints, and define and manage a rich set of security policy.

Getting Started

To get started using, we recommend running through one or more of the available demonstrations described below.

If you would like to get involved writing code for calico-docker, or if you need to build binaries specific to your OS, checkout out the Building and testing guide.

Demonstrations

Worked examples are available for demonstrating Calico networking with the following different networking options:

See the Networking options below for more details on each of these different networking options.

With each of these tutorials we provide details for running the demonstration using manual setup on your own servers, or with a quick set-up in a virtualized environment using Vagrant, or a number of cloud services.

We also provide the following additional demonstrations:

Networking options

Docker default networking

This uses Dockers standard networking infrastructure, requiring you to explicitly add a created container into a Calico network.

This is compatible with all Docker versions from 1.6 onwards.

Docker with libnetwork

Docker's native libnetwork network driver is available in the Docker 1.9 release currently underoing development.

Setup of the libnetwork environment is a little more involved since it requires the current master (1.9.dev) builds of Docker, and the use of etcd as a datastore for Docker clustering.

Docker with Powerstrip

Powerstrip is a pluggable HTTP proxy for the Docker API. Development of the Powerstrip version of Calico is lagging behind the master branch, so an older version of calicoctl and the calico-node docker image are required.

FAQ

For more information on what you can do with Calico, please visit the frequently asked questions page.