README
¶
About
Calico is a widely adopted, battle-tested open source networking and network security solution for Kubernetes, virtual machines, and bare-metal workloads. Calico provides two major services for Cloud Native applications:
- Network connectivity between workloads.
- Network security policy enforcement between workloads.
Calico’s flexible architecture supports a wide range of deployment options, using modular components and technologies, including:
- Choice of data plane technology, whether it be eBPF, standard Linux, Windows HNS or VPP
- Enforcement of the full set of Kubernetes network policy features, plus for those needing a richer set of policy features, Calico network policies.
- An optimized Kubernetes Service implementation using eBPF.
- Kubernetes apiserver integration, for managing Calico configuration and Calico network policies.
- Both non-overlay and overlay (via IPIP or VXLAN) networking options in either public cloud or on-prem deployments.
- CNI plugins for Kubernetes to provide highly efficient pod networking and IP Address Management (IPAM).
- A Neutron ML2 plugin to provide VM networking for OpenStack.
- A BGP routing stack that can advertise routes for workload and service IP addresses to physical network infrastructure.
Getting Started Running Calico
There are many avenues to get started with Calico depending on your situation.
- Trying out Kubernetes on a single host or on your own hardware? The quick start guide will have you up and running in about fifteen minutes.
- Running a managed public cloud? Use our guides for enabling Calico network policies.
- Want to go deeper? Visit https://projectcalico.docs.tigera.io for full documentation.
Getting Started Developing Calico
Calico is an open source project, and welcomes your contribution, be it through code, a bug report, a feature request, or user feedback.
- The Contribution Guidelines document will get you started on submitting changes to the project.
- The Developer Guide will walk you through how to set up a development environment, build the code, and run tests.
- The Calico Documentation Guide will get you started on making changes to https://projectcalico.docs.tigera.io.
Join the Calico Community!
The Calico community is committed to fostering an open and welcoming environment, with several ways to engage with other users and developers. You can find out more about our monthly meetings, Slack group, and Discourse by visiting our community repository.
License
Calico is open source, with most code and documentation available under the Apache 2.0 license (see the LICENSE), though some elements are necessarily licensed under different open source licenses for compatibility with upstream licensing or code linking. For example, some Calico BPF programs are licensed under GPL v2.0 for compatibility with Linux kernel helper functions.
Directories
¶
| Path | Synopsis |
|---|---|
|
apiserver
|
|
|
app-policy
|
|
|
proto
Package proto is a generated protocol buffer package.
|
Package proto is a generated protocol buffer package. |
|
calicoctl/resourcemgr
Package resourcemgr implements generic resource handling methods.
|
Package resourcemgr implements generic resource handling methods. |
|
cni-plugin
|
|
|
internal/pkg/utils/hcn
Dummy version of the HCN API for compilation on Linux.
|
Dummy version of the HCN API for compilation on Linux. |
|
internal/pkg/utils/winpol
This package contains algorithmic support code for Windows.
|
This package contains algorithmic support code for Windows. |
|
pkg/log
Package log provides support for logging to stdout and stderr.
|
Package log provides support for logging to stdout and stderr. |
|
crypto
|
|
|
felix
|
|
|
bpf
Package bpf provides primitives to manage Calico-specific XDP programs attached to network interfaces, along with the blocklist LPM map and the failsafe map.
|
Package bpf provides primitives to manage Calico-specific XDP programs attached to network interfaces, along with the blocklist LPM map and the failsafe map. |
|
bpf/asm
Package asm contains a basic eBPF bytecode assembler.
|
Package asm contains a basic eBPF bytecode assembler. |
|
calc
The calc package implements a calculation graph for Felix's dynamic state.
|
The calc package implements a calculation graph for Felix's dynamic state. |
|
config
The config package provides config inheritance for Felix.
|
The config package provides config inheritance for Felix. |
|
dataplane/external
extdataplane implements the connection to an external dataplane driver, connected via a pair of pipes.
|
extdataplane implements the connection to an external dataplane driver, connected via a pair of pipes. |
|
dataplane/windows/hcn
Dummy version of the HCN API for compilation on Linux.
|
Dummy version of the HCN API for compilation on Linux. |
|
fv
The fv package contains FV tests that execute Felix for real.
|
The fv package contains FV tests that execute Felix for real. |
|
ip
The ip package contains yet another IP address (and CIDR) type :-).
|
The ip package contains yet another IP address (and CIDR) type :-). |
|
labelindex
The labelindex package provides the InheritIndex type, which emits events as the set of items (currently WorkloadEndpoints/HostEndpoint) it has been told about start (or stop) matching the label selectors (which are extracted from the active policy rules) it has been told about.
|
The labelindex package provides the InheritIndex type, which emits events as the set of items (currently WorkloadEndpoints/HostEndpoint) it has been told about start (or stop) matching the label selectors (which are extracted from the active policy rules) it has been told about. |
|
proto
The proto package defines the protocol between Felix's policy "calculation engine", which calculates the policy that should be active on a given host, and the "dataplane driver", which renders that policy into the dataplane.
|
The proto package defines the protocol between Felix's policy "calculation engine", which calculates the policy that should be active on a given host, and the "dataplane driver", which renders that policy into the dataplane. |
|
hack
|
|
|
test/spider
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
|
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. |
|
kube-controllers
|
|
|
libcalico-go
|
|
|
lib/apis/crd.projectcalico.org/v1
API Schema definitions for configuring the installation of Calico and Calico Enterprise +k8s:deepcopy-gen=package,register +groupName=crd.projectcalico.org
|
API Schema definitions for configuring the installation of Calico and Calico Enterprise +k8s:deepcopy-gen=package,register +groupName=crd.projectcalico.org |
|
lib/backend
Package backend implements the backend data store client and associated backend data type.
|
Package backend implements the backend data store client and associated backend data type. |
|
lib/backend/encap
Package encap implements a field type that represent different encap modes.
|
Package encap implements a field type that represent different encap modes. |
|
lib/backend/k8s/conversion
TODO move the WorkloadEndpoint converters to is own package.
|
TODO move the WorkloadEndpoint converters to is own package. |
|
lib/backend/watchersyncer
watchersyncer package contains a syncer interface that can be used to sync from an arbitrary set of Watchers.
|
watchersyncer package contains a syncer interface that can be used to sync from an arbitrary set of Watchers. |
|
lib/client
Package client implements the northbound client used to manage Calico configuration.
|
Package client implements the northbound client used to manage Calico configuration. |
|
lib/clientv3
Package client implements the northbound client used to manage Calico configuration.
|
Package client implements the northbound client used to manage Calico configuration. |
|
lib/converter
Package converter implements adaptors for for conversion between API and Backend models.
|
Package converter implements adaptors for for conversion between API and Backend models. |
|
lib/errors
Package errors implements various error types that are used both internally, and that may be returned from the client interface.
|
Package errors implements various error types that are used both internally, and that may be returned from the client interface. |
|
lib/hwm
The hwm package contains the HighWatermarkTracker;
|
The hwm package contains the HighWatermarkTracker; |
|
lib/ipam
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
|
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. |
|
lib/net
Package net implements a set of net types that are extensions to the built-in net package.
|
Package net implements a set of net types that are extensions to the built-in net package. |
|
lib/scope
Package scope implements field types that represent different scopes for resource types.
|
Package scope implements field types that represent different scopes for resource types. |
|
lib/seedrng
Package seedrng provides a utility function seedrng.EnsureSeeded() to seed the main math/rand RNG exactly once.
|
Package seedrng provides a utility function seedrng.EnsureSeeded() to seed the main math/rand RNG exactly once. |
|
lib/testutils
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
|
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. |
|
lib/validator/v1
Package validator implements common field and structure validation that is used to validate the API structures supplied on the client interface, and is also used internally to validate the information stored in the backend datastore.
|
Package validator implements common field and structure validation that is used to validate the API structures supplied on the client interface, and is also used internally to validate the information stored in the backend datastore. |
|
lib/validator/v3
Package v3 implements common field and structure validation that is used to validate the API structures supplied on the client interface, and is also used internally to validate the information stored in the backend datastore.
|
Package v3 implements common field and structure validation that is used to validate the API structures supplied on the client interface, and is also used internally to validate the information stored in the backend datastore. |
|
node
|
|
|
pkg/nodeinit
Package nodeinit contains the calico-node -init command, which is intended to be run from an init container to do privileged pre-flight initialisation.
|
Package nodeinit contains the calico-node -init command, which is intended to be run from an init container to do privileged pre-flight initialisation. |
|
pod2daemon
|
|
|
flexvol
Flexvolume driver that is invoked by kubelet when a pod installs a flexvolume drive of type nodeagent/uds This driver communicates to the nodeagent using either
|
Flexvolume driver that is invoked by kubelet when a pod installs a flexvolume drive of type nodeagent/uds This driver communicates to the nodeagent using either |
|
protos/udsver_v1
Package udsver_v1 is a generated protocol buffer package.
|
Package udsver_v1 is a generated protocol buffer package. |
|
typha
|
|
|
fv-tests
fv_tests contains a suite of tests that test multiple packages together.
|
fv_tests contains a suite of tests that test multiple packages together. |
|
pkg/config
The config package provides config inheritance for Typha.
|
The config package provides config inheritance for Typha. |
|
pkg/syncproto
Package syncproto defines the structs used in the Felix/Typha protocol.
|
Package syncproto defines the structs used in the Felix/Typha protocol. |
Click to show internal directories.
Click to hide internal directories.