Helm
Big picture​
Install Calico Enterprise on a Kubernetes cluster using Helm 3.
Value​
Helm charts are a way to package up an application for Kubernetes (similar to apt or yum for operating systems). Helm is also used by tools like ArgoCD to manage applications in a cluster, taking care of install, upgrade (and rollback if needed), etc.
Before you begin​
Required
- Install Helm 3
kubeconfigis configured to work with your cluster (check by runningkubectl get nodes)- Credentials for the Tigera private registry and a license key
Concepts​
Operator based installation​
In this guide, you install the Tigera Calico operator and custom resource definitions using the Helm 3 chart. The Tigera Operator provides lifecycle management for Calico Enterprise exposed via the Kubernetes API defined as a custom resource definition.
How to​
Download the Helm chart​
curl -O -L https://downloads.tigera.io/ee/charts/tigera-operator-v3.21.2-0.tgz
Prepare the Installation Configuration​
You must provide the desired configuration for your cluster via the values.yaml, otherwise installation will use the default settings based on the auto-detected provider.
The configurations you need to provide depends on your cluster's settings and your desired state.
Some important configurations you might need to provide to the installer (via values.yaml) includes (but not limited to): kubernetesProvider, cni type, or if you need to customize TLS certificates.
Here are some examples for updating values.yaml with your configurations:
Example 1. Providing kubernetesProvider: if you are installing on a cluster installed by EKS, set the kubernetesProvider as described in the Installation reference
echo '{ installation: {kubernetesProvider: EKS }}' > values.yaml
Example 2. Providing custom settings in values.yaml for Azure AKS cluster with no Kubernetes CNI pre-installed:
cat > values.yaml <<EOF
installation:
kubernetesProvider: AKS
cni:
type: Calico
calicoNetwork:
bgp: Disabled
ipPools:
- cidr: 10.244.0.0/16
encapsulation: VXLAN
EOF
For more information about configurable options via values.yaml please see Helm installation reference.
Install Calico Enterprise​
Standalone is a standard Kubernetes cluster.
To install a standard Calico Enterprise cluster with Helm:
-
Optional: Compliance and packetcapture features are optional. To enable these features, review the
values.yamlfile and set the flag toenabled: true. In the next step, use this modifiedvalues.yamlfor the helm install.helm show values ./tigera-operator-v3.21.2-0.tgz >values.yaml -
Install the Tigera Operator and custom resource definitions using the Helm 3 chart:
helm install calico-enterprise tigera-operator-v3.21.2-0.tgz \
--set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
--set-file licenseKeyContent=<path/to/license/file/yaml> \
--namespace tigera-operator --create-namespace
or if you created a values.yaml above:
helm install calico-enterprise tigera-operator-v3.21.2-0.tgz -f values.yaml \
--set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
--set-file licenseKeyContent=<path/to/license/file/yaml> \
--namespace tigera-operator --create-namespace
- You can now monitor progress with the following command:
watch kubectl get tigerastatus
Congratulations! You have now installed Calico Enterprise using the Helm 3 chart.
Next steps​
Multicluster Management
Recommended
- Configure access to the Calico Enterprise web console
- Authentication quickstart
- Configure your own identity provider
Recommended - Networking
- The default networking is IP in IP encapsulation using BGP routing. For all networking options, see Determine best networking option.
Recommended - Security