Skip to main content
Calico Cloud documentation

Install Calico Cloud as part of an automated workflow

You can connect clusters to Calico Cloud as part of an automated workflow, using persistent client credentials and customized Helm charts.

Prerequisites

  • You have an active Calico Cloud account. You can sign up for a 14-day free trial at calicocloud.io.
  • You are signed in to the Calico Cloud Manager UI as a user with the Owner or Admin, role.
  • You have at least one cluster that meets our system requirements.
  • You have kubectl access to the cluster.
  • You have installed Helm 3.0 or later on your workstation.

Create client credentials

Create client credentials and generate a Kubernetes secret to use for automated Helm installations.

  1. Select the user icon ** > Settings**.
  2. Under the Client Credentials tab, click Add Client Credential
  3. In the Add Client Credential dialog, enter a name and click Create. Your new client credential will appear in the list on the Manage Client Credentials page.
  4. Locate the newly created client credential in the list and select Action > Manage keys > Add Key
  5. Enter a name, choose how long the key will be valid, and click Create key.
  6. Click Download to download the <key-name>.yaml secret file and store it in a secure location. You will not be able to retrieve this secret again.
important

To ensure that you always have a valid key, you should transition to a second key before the first key expires. Create a second key, download the secret, and then replace copies of the secret file for the first key with the secret file for the second key. When all the secrets from the first key have been replaced, you can safely delete the first key from the Client Credentials page. When the key is deleted, all API requests based on that key will be rejected.

About customizing your Helm installation

You can customize your Calico Cloud installation for the following purposes:

  • to enable or disable certain features
  • to modify pod scheduling and resource management

To do this, you can either edit the default values.yaml file or pass individual key-value pairs using the --set flag for the helm upgrade command.

Required parameters

The following paramaters are required for all Calico Cloud installations.

ParameterValueExampleDescription
installer.clusterNamestringcluster-nameThe name given to your managed cluster in Calico Cloud.
installer.calicoCloudVersionstringv20.3.0The version of Calico Cloud you're installing.
Example from values.yaml with clusterName and calicoCloudVersion
installer:
clusterName: example-cluster
calicoCloudVersion: v20.3.0

Optional parameters for private registries

If you're using a private registry, you must set the following parameters.

ParameterValueExampleDescription
installer.registrystringregistry-nameThe name given to your managed cluster in Calico Cloud.
installer.imagePathstringimage-pathThe version of Calico Cloud you're installing.
imagePullSecrets.namestringsecret-nameThe version of Calico Cloud you're installing.

Optional parameters for features

The following parameters enable certain features in Calico Cloud. These features can be enabled or diabled only by setting them in your values.yaml file at installation.

Feature nameParameterValues
Image Assuranceinstaller.components.imageAssurance.stateEnabled (default), Disabled
Container Threat Detectioninstaller.components.runtimeSecurity.stateEnabled, Disabled (default)
Security Posture Dashboardinstaller.components.securityPosture.stateEnabled (default), Disabled
Packet Captureinstaller.components.packetCaptureAPI.stateEnabled, Disabled (default)
Compliance Reportsinstaller.components.compliance.enabledtrue (default), false
note

If you're upgrading from Calico Cloud 19 or earlier, the Container Threat Detection and Packet Capture features will remain enabled unless you explicitly set them to Disabled.

Optional parameters for pod scheduling and resource management

For many Calico Cloud components, you can specify node selectors, tolerations, and resource requests and limits. The full list of Calico Cloud components is available in the default values.yaml file.

note

Helm may overwrite previous customizations of custom resource fields available under the installer.components Helm parameter. For installer.components, you should define all your values.yaml customizations to be sure nothing is lost during Calico Cloud upgrades and reinstalls.

Prepare your values.yaml with customizations

Prerequisites

  • You reviewed the information about available customizations in About customizing your Helm installation.
  • If you're installing from a private registry, you added the Calico Cloud images to a private registry, and you have the following information about the registry:
    • Registry secret name
      note

      If your private registry requires credentials, create a calico-cloud namespace on your cluster. Then, create an image pull secret and use this name for the Registry Secret Name.

    • Image registry
    • Image path
  1. Add the Calico Cloud Helm repository to your local client:

    helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update
  2. Save the default values definitions to your workstation so you can edit them locally:

    helm show values calico-cloud/calico-cloud > <custom-values>.yaml

    All editable values are provided in the default values definitions.

  3. Add values for the required parameters, install.clusterName and install.calicoCloudVersion.

    Example from values.yaml file with clusterName and calicoCloudVersion
    installer:
    clusterName: example-cluster
    calicoCloudVersion: v20.3.0
  4. Add values for the optional parameters. For each resource you want to edit, uncomment the object, add a value, and save.

    Example from values.yaml file with compliance reports disabled
    installer:
    components:
    compliance:
    enabled: false

Install Calico Cloud as part of an automated workflow

You can install Calico Cloud using repeatable kubectl or Helm commands together with valid client credentials. These commands can be added to any automated workflow.

Prerequisites

  • You have generated a set of client credentials and you know the path to your secret.
  • You have a values.yaml file with your customizations.
  1. Add the Calico Cloud Helm repository to your local client.

    helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update
  2. Add the Calico Cloud custom resource definitions:

    helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds \
    --namespace calico-cloud \
    --create-namespace
  3. Apply the client credentials secret to your cluster.

    kubectl apply -f <key-name.yaml>
    important

    You should keep track of this with a secret management system.

  4. Apply the Calico Cloud installer custom resource with your customizations in the values.yaml file.

    helm upgrade --install calico-cloud calico-cloud/calico-cloud \
    --namespace calico-cloud \
    -f <custom-values>.yaml

Additional resources