Install Calico Cloud as part of an automated workflow
You can connect clusters to Calico Cloud as part of an automated workflow. To do this, you must generate a persistent set of client credentials to use while interacting with the Calico Cloud API. Using these credentials with standard kubectl and Helm installations lets you fully automate the cluster connection process.
Prerequisties​
- You have an active Calico Cloud account. You can sign up for a 14-day free trial at calicocloud.io.
- You are signed in to the Calico Cloud Manager UI as a user with the Owner or Admin, role.
Create client credentials​
You can create client credentials and generate a Kubernetes secret to use for automated installations.
- Select the user icon > Client Credentials, and then click Add Client Credentials.
- Click the
Add Client Credentials
button - In the Add Client Credential dialog, enter a name and click Create. Your new client credentials will appear in the list on the Manage Client Credentials page.
- Locate the newly created client credentials in the list and select Action > Manage keys > Add Key
- Enter a name, choose how long the key will be valid, and click Create key.
- Click Download to download the
<my-key-name>.yaml
secret file and store it in a secure location. You will not be able to retrieve this secret again.
To ensure that you always have a valid key, you should transition to a second key before the first key expires. Create a second key, download the secret, and then replace copies of the secret file for the first key with the secret file for the second key. When all the secrets from the first key have been replaced, you can safely delete the first key from the Client Credentials page. When the key is deleted, all API requests based on that key will be rejected.
Install Calico Cloud as part of an automated workflow​
You can install Calico Cloud using repeatable kubectl or Helm commands together with valid client credentials. These commands can be added to any automated workflow.
Prerequisites
- You have generated a set of client credentials and you know the path to your secret.
- You have at least one cluster that meets our system requirements.
- You have kubectl access to the cluster.
- You have installed Helm 3.0 or later on your workstation.
Apply the Calico Cloud installer manifests to your cluster.
- kubectl
- Helm
kubectl apply -f https://installer.calicocloud.io/manifests/cc-operator/latest/deploy.yaml
helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && \
helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds \
--namespace calico-cloud \
--create-namespaceApply the client credentials secret to your cluster. Note that in this example we are applying the secret directly to the cluster, but we recommend using Secret Management System
kubectl apply -f <my-key-name.yaml>
Configure and apply the Calico Cloud installer CR.
- kubectl
- Helm
kubectl apply -f - <<EOF
apiVersion: operator.calicocloud.io/v1
kind: Installer
metadata:
name: default
namespace: calico-cloud
spec:
# clusterName is the unique name this cluster will have in Calico Cloud
clusterName: my-cluster
# calicoCloudVersion is the version to install
calicoCloudVersion: v19.1.0
EOFhelm upgrade --install calico-cloud calico-cloud/calico-cloud \
--namespace calico-cloud \
# installer.clusterName is the unique name this cluster will have in Calico Cloud
--set installer.clusterName=my-cluster \
# installer.calicoCloudVersion is the version to install
--set installer.calicoCloudVersion=v19.1.0