Reference | Calico Documentation

Calico Enterprise Go client library reference for working with enterprise resources such as tiers, global alerts, and managed clusters programmatically.

Installation API reference for Calico Enterprise listing the operator-managed custom resources used to configure cluster installation.

Helm chart values reference for installing Calico Enterprise covering supported overrides and operator configuration knobs.

REST API reference index for Calico Enterprise covering the management plane APIs used by the Calico Enterprise UI.

Reference for the tigerastatus resource in Calico Enterprise that reports per-component installation and reconciliation health.

Reference overview of the calicoctl command-line tool for managing Calico Enterprise tiered policy, BGP, IP address management, and node operations.

Reference for the calicoctl apply command in Calico Enterprise, used to create or update resources from a manifest file.

Reference for the calicoctl captured-packets command in Calico Enterprise, used to copy or clean pcap files produced by a PacketCapture.

Reference overview of the calicoctl cluster subcommands in Calico Enterprise for cluster-wide diagnostics.

Reference for the calicoctl cluster diags command in Calico Enterprise, used to collect diagnostics from all nodes in a cluster.

Reference for the calicoctl convert command in Calico Enterprise, used to convert v1 resource manifests into v3 format.

Reference for the calicoctl create command in Calico Enterprise, used to create resources from a manifest file.

Reference for the calicoctl delete command in Calico Enterprise, used to remove resources by name or from a manifest file.

Reference for the calicoctl get command in Calico Enterprise, used to list resources in plain, YAML, JSON, or wide output formats.

Reference overview of the calicoctl IPAM subcommands in Calico Enterprise for IP address management operations.

Reference for the calicoctl IPAM check command in Calico Enterprise, used to audit IP address allocation consistency across the cluster.

Reference for the calicoctl IPAM release command in Calico Enterprise, used to release a leaked or stale IP address back to the pool.

Reference for the calicoctl IPAM show command in Calico Enterprise, used to display the owner and details of an allocated IP address.

Reference for the calicoctl IPAM configure command in Calico Enterprise, used to set IP address management options such as strict affinity.

Reference for the calicoctl IPAM split command in Calico Enterprise, used to split an existing IP pool into smaller pools.

Reference overview of the calicoctl datastore subcommands in Calico Enterprise for migrating between etcdv3 and Kubernetes datastores.

Reference overview of the calicoctl datastore migrate subcommands in Calico Enterprise for performing safe datastore migrations.

Reference for the calicoctl datastore migrate lock command in Calico Enterprise, used to lock a datastore during migration.

Reference for the calicoctl datastore migrate unlock command in Calico Enterprise, used to unlock a datastore after migration completes.

Reference for the calicoctl label command in Calico Enterprise, used to add, change, or remove labels on workload endpoints and nodes.

Reference overview of the calicoctl node subcommands in Calico Enterprise for managing the cnx-node container.

Reference for the calicoctl node run command in Calico Enterprise, used to start a cnx-node instance with the supplied options.

Reference for the calicoctl node status command in Calico Enterprise, used to display BGP peer state and node liveness.

Reference for the calicoctl node diags command in Calico Enterprise, used to collect diagnostics from a single Calico node.

Reference for the calicoctl node check-system command in Calico Enterprise, used to verify host kernel support for required features.

Reference for the calicoctl patch command in Calico Enterprise, used to apply a partial update to a resource.

Reference for the calicoctl replace command in Calico Enterprise, used to replace an existing resource with one defined in a manifest.

Reference for the calicoctl version command in Calico Enterprise, used to display client and cluster version information.

Reference overview of the calicoq command-line tool in Calico Enterprise for verifying that security policies are configured as intended.

Reference for selector syntax accepted by calicoq in Calico Enterprise when matching endpoints, policies, or profiles.

Reference for the calicoq endpoint command in Calico Enterprise, used to list policies and profiles applied to selected endpoints.

Reference for the calicoq evaluate command in Calico Enterprise, used to list endpoints matched by a policy selector expression.

Reference for the calicoq host command in Calico Enterprise, used to list endpoints, policies, and profiles on a selected host.

Reference for the calicoq policy command in Calico Enterprise, used to list endpoints selected by a given policy.

Reference for the calicoq version command in Calico Enterprise, used to display the calicoq client version.

Reference overview of the Calico Enterprise API resources, including the manifest format and how calicoctl and kubectl manage them.

Reference for the BFD configuration resource in Calico Enterprise that tunes Bidirectional Forwarding Detection on BGP-peered nodes.

Reference for the BGPConfiguration resource in Calico Enterprise that sets cluster-wide BGP options including route reflectors and AS number.

Reference for the BGPPeer resource in Calico Enterprise that defines a BGP neighbor relationship with external routers or other Calico nodes.

Reference for the BGPFilter resource in Calico Enterprise that filters routes imported from or exported to BGP peers.

Reference for the BlockAffinity resource in Calico Enterprise that records which node owns each IP address management block.

Reference for the CalicoNodeStatus resource in Calico Enterprise that exposes per-node agent, BGP, and routing state.

Reference overview of compliance reporting in Calico Enterprise covering schedules, report scope, and the GlobalReport resource.

Reference for the inventory compliance report in Calico Enterprise that catalogs endpoints, namespaces, and policies in scope at report time.

Reference for the network access compliance report in Calico Enterprise that summarizes which endpoints could communicate based on policy.

Reference for the policy audit compliance report in Calico Enterprise that records changes to network policies during the report period.

Reference for the CIS benchmark compliance report in Calico Enterprise that audits Kubernetes nodes against CIS recommendations.

Reference for the DeepPacketInspection resource in Calico Enterprise that defines workloads to scan with the Snort-based IDS engine.

Reference for the EarlyNetworkConfiguration resource in Calico Enterprise that brings up BGP networking before the kubelet starts.

Reference for the EgressGatewayPolicy resource in Calico Enterprise that selects which pods route through which egress gateways for outbound traffic.

Reference for the ExternalNetwork resource in Calico Enterprise that models networks outside the cluster for use with egress gateways.

Reference for the FelixConfiguration resource in Calico Enterprise that controls Felix data plane behavior cluster-wide.

Reference for the GlobalAlert resource in Calico Enterprise that defines an alerting query against flow, audit, or DNS logs.

Reference for the GlobalNetworkPolicy resource in Calico Enterprise, a cluster-scoped tiered policy that selects endpoints across all namespaces.

Reference for the GlobalNetworkSet resource in Calico Enterprise that defines a cluster-scoped set of CIDRs referenced by tiered network policy.

Reference for the GlobalReport resource in Calico Enterprise that schedules compliance reports against cluster network and policy state.

Reference for the GlobalThreatFeed resource in Calico Enterprise that pulls IP and domain indicators of compromise into Calico-managed network sets.

Reference for the HostEndpoint resource in Calico Enterprise that represents a host network interface for tiered policy enforcement.

Reference for the IPPool resource in Calico Enterprise that defines CIDRs available for pod IP address allocation.

Reference for the IPReservation resource in Calico Enterprise that excludes specific addresses or ranges from automatic allocation.

Reference for the IP address management configuration resource in Calico Enterprise that sets cluster-wide options such as strict affinity.

Reference for the LicenseKey resource in Calico Enterprise that activates entitled enterprise features in the cluster.

Reference for the KubeControllersConfiguration resource in Calico Enterprise that controls behavior of the kube-controllers component.

Reference for the ManagedCluster resource in Calico Enterprise that registers a workload cluster with a management cluster for centralized observability.

Reference for the NetworkPolicy resource in Calico Enterprise, a namespaced tiered policy that selects pods within a single namespace.

Reference for the NetworkSet resource in Calico Enterprise that defines a namespaced set of CIDRs referenced by tiered network policy.

Reference for the Node resource in Calico Enterprise that represents a host running the cnx-node agent.

Reference for the PacketCapture resource in Calico Enterprise that captures pcap files from selected workloads for offline analysis.

Reference for the PolicyRecommendation resource in Calico Enterprise that drives policy recommendations generated from observed namespace flows.

Reference for the Profile resource in Calico Enterprise that groups labels and rules applied to endpoints.

Reference for the RemoteClusterConfiguration resource in Calico Enterprise that federates resources between clusters for shared identity.

Reference for the SecurityEventWebhook resource in Calico Enterprise that forwards security events to external systems such as Slack or Jira.

Reference for the StagedGlobalNetworkPolicy resource in Calico Enterprise that previews cluster-scoped tiered policy without enforcing it.

Reference for the StagedKubernetesNetworkPolicy resource in Calico Enterprise that previews Kubernetes network policy without enforcing it.

Reference for the StagedNetworkPolicy resource in Calico Enterprise that previews namespaced tiered policy without enforcing it.

Reference for the Tier resource in Calico Enterprise that groups tiered policies into ordered evaluation buckets.

Reference for the WorkloadEndpoint resource in Calico Enterprise that represents a pod or VM interface for policy and IPAM.

Reference overview of host endpoint protection in Calico Enterprise covering the model for securing host network interfaces with policy.

Reference for the Calico Enterprise failsafe policy that protects host endpoints from being cut off when host network policy is misconfigured.

Reference for the HostEndpoint object in Calico Enterprise describing how to model a host network interface so policy can select it.

Reference for ordered host endpoint policies in Calico Enterprise that match interfaces using label selectors.

Reference for the Calico Enterprise failsafe inbound and outbound port lists that prevent host network policy from cutting off control-plane connectivity.

Reference for pre-DNAT host endpoint policy in Calico Enterprise that applies rules to ingress traffic before destination NAT rewrites the address.

Reference for the applyOnForward field on Calico Enterprise host endpoint policy that controls how rules apply to forwarded traffic.

Reference summary describing how the different Calico Enterprise host endpoint policy types interact and affect packet flows.

Reference covering Linux conntrack workarounds for Calico Enterprise host endpoint policy when stateful tracking interferes with packet flow.

Architectural overview reference of Calico Enterprise components covering the management plane, observability stack, and BGP networking foundations.

Reference covering the Calico Enterprise data path explaining how packets flow between workloads and to external destinations across networking modes.

Third-party license attribution report listing open-source components shipped with Calico Enterprise.

Component version reference listing the container images and binaries shipped with each Calico Enterprise release.

Frequently asked questions about Calico Enterprise covering the management UI, tiers, observability, multi-cluster management, and platform support.

Calico Enterprise platform support policy reference covering supported Kubernetes versions, operating systems, and lifecycle commitments.

API and installation references​

Tigera Client library

Installation reference

Helm installation reference

REST API Reference

TigeraStatus

calicoctl reference​

calicoctl user reference

calicoctl apply

calicoctl captured-packets

calicoctl cluster

calicoctl cluster diags

calicoctl convert

calicoctl create

calicoctl delete

calicoctl get

calicoctl ipam

calicoctl ipam check

calicoctl ipam release

calicoctl ipam show

calicoctl ipam configure

calicoctl ipam split

calicoctl datastore

calicoctl datastore migrate

calicoctl datastore migrate lock

calicoctl datastore migrate unlock

calicoctl label

calicoctl node

calicoctl node run

calicoctl node status

calicoctl node diags

calicoctl node checksystem

calicoctl patch

calicoctl replace

calicoctl version

calicoq reference​

calicoq

calicoq and selectors

calicoq endpoint

calicoq eval

calicoq host

calicoq policy

calicoq version

Resource definitions​

Resource definitions

BFD configuration

BGP configuration

BGP peer

BGP Filter

Block affinity

Calico node status

Compliance reports (deprecated)

Inventory report

Network Access report

Policy audit report

CIS benchmark report

Deep packet inspection

Early Network Configuration

Egress gateway policy

External network

Felix configuration

Global Alert

Global network policy

Global network set

Global report

Global threat feed

Host endpoint

IP pool

IP reservation

IPAM configuration

License key

Kubernetes controllers configuration

Managed Cluster

Network policy

Network set

Node

Packet capture

Policy recommendation scope

Profile

Remote cluster configuration

API and installation references

calicoctl reference

calicoq reference

Resource definitions

Host endpoints

Architecture

Other reference topics