Install Calico Cloud as part of an automated workflow

You can connect clusters to Calico Cloud as part of an automated workflow. To do this, you must generate a persistent set of client credentials to use while interacting with the Calico Cloud API. Using these credentials with standard kubectl and Helm installations lets you fully automate the cluster connection process.

Prerequisties

• You have an active Calico Cloud account. You can sign up for a 14-day free trial at calicocloud.io.
• You are signed in to the Calico Cloud Manager UI as a user with the Owner or Admin, role.

Create client credentials

You can create client credentials and generate a Kubernetes secret to use for automated installations.

1. Select the user icon > Client Credentials, and then click Add Client Credentials.
2. Click the Add Client Credentials button
3. In the Add Client Credential dialog, enter a name and click Create. Your new client credentials will appear in the list on the Manage Client Credentials page.
4. Locate the newly created client credentials in the list and select Action > Manage keys > Add Key
5. Enter a name, choose how long the key will be valid, and click Create key.
6. Click Download to download the <my-key-name>.yaml secret file and store it in a secure location. You will not be able to retrieve this secret again.

info

To ensure that you always have a valid key, you should transition to a second key before the first key expires. Create a second key, download the secret, and then replace copies of the secret file for the first key with the secret file for the second key. When all the secrets from the first key have been replaced, you can safely delete the first key from the Client Credentials page. When the key is deleted, all API requests based on that key will be rejected.

Install Calico Cloud as part of an automated workflow

You can install Calico Cloud using repeatable kubectl or Helm commands together with valid client credentials. These commands can be added to any automated workflow.

Prerequisites

• You have generated a set of client credentials and you know the path to your secret.
• You have at least one cluster that meets our system requirements.
• You have kubectl access to the cluster.
• You have installed Helm 3.0 or later on your workstation.

1. Apply the Calico Cloud installer manifests to your cluster.

   kubectl

   kubectl apply -f https://installer.calicocloud.io/manifests/cc-operator/latest/deploy.yaml

   Helm

   helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && \
   helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds \
   --namespace calico-cloud \
   --create-namespace

2. Apply the client credentials secret to your cluster. Note that in this example we are applying the secret directly to the cluster, but we recommend using Secret Management System

   kubectl apply -f <my-key-name.yaml>

3. Configure and apply the Calico Cloud installer CR.

   kubectl

   kubectl apply -f - <<EOF
   apiVersion: operator.calicocloud.io/v1
   kind: Installer
   metadata:
   name: default
   namespace: calico-cloud
   spec:
     # clusterName is the unique name this cluster will have in Calico Cloud
     clusterName: my-cluster
     # calicoCloudVersion is the version to install
     calicoCloudVersion: v19.1.0
   EOF

   Helm

   helm upgrade --install calico-cloud calico-cloud/calico-cloud \
   --namespace calico-cloud \
   # installer.clusterName is the unique name this cluster will have in Calico Cloud
   --set installer.clusterName=my-cluster \
   # installer.calicoCloudVersion is the version to install
   --set installer.calicoCloudVersion=v19.1.0