Calico Cloud documentation

Install Calico Cloud as part of an automated workflow

You can connect clusters to Calico Cloud as part of an automated workflow, using persistent client credentials and customized Helm charts.

Prerequisites

You have an active Calico Cloud account. You can sign up for a 14-day free trial at calicocloud.io.
You are signed in to the Calico Cloud Manager UI as a user with the Owner or Admin, role.
You have at least one cluster that meets our system requirements.
You have kubectl access to the cluster.
You have installed Helm 3.0 or later on your workstation.

Create client credentials

Create client credentials and generate a Kubernetes secret to use for automated Helm installations.

Select the user icon ** > Settings**.
Under the Client Credentials tab, click Add Client Credential
In the Add Client Credential dialog, enter a name and click Create. Your new client credential will appear in the list on the Manage Client Credentials page.
Locate the newly created client credential in the list and select Action > Manage keys > Add Key
Enter a name, choose how long the key will be valid, and click Create key.
Click Download to download the <key-name>.yaml secret file and store it in a secure location. You will not be able to retrieve this secret again.

important

To ensure that you always have a valid key, you should transition to a second key before the first key expires. Create a second key, download the secret, and then replace copies of the secret file for the first key with the secret file for the second key. When all the secrets from the first key have been replaced, you can safely delete the first key from the Client Credentials page. When the key is deleted, all API requests based on that key will be rejected.

About customizing your Helm installation

You can customize your Calico Cloud installation for the following purposes:

to enable or disable certain features
to modify pod scheduling and resource management

To do this, you can either edit the default values.yaml file or pass individual key-value pairs using the --set flag for the helm upgrade command.

Required parameters

The following paramaters are required for all Calico Cloud installations.

Parameter	Value	Example	Description
`installer.clusterName`	string	`cluster-name`	The name given to your managed cluster in Calico Cloud.
`installer.calicoCloudVersion`	string	`v20.2.0`	The version of Calico Cloud you're installing.

Example from values.yaml with clusterName and calicoCloudVersion
installer:
  clusterName: example-cluster
  calicoCloudVersion: v20.2.0

Optional parameters for private registries

If you're using a private registry, you must set the following parameters.

Parameter	Value	Example	Description
`installer.registry`	string	`registry-name`	The name given to your managed cluster in Calico Cloud.
`installer.imagePath`	string	`image-path`	The version of Calico Cloud you're installing.
`imagePullSecrets.name`	string	`secret-name`	The version of Calico Cloud you're installing.

Optional parameters for features

The following parameters enable certain features in Calico Cloud. These features can be enabled or diabled only by setting them in your values.yaml file at installation.

Feature name	Parameter	Values
Image Assurance	`installer.components.imageAssurance.state`	`Enabled` (default), `Disabled`
Container Threat Detection	`installer.components.runtimeSecurity.state`	`Enabled`, `Disabled` (default)
Security Posture Dashboard	`installer.components.securityPosture.state`	`Enabled` (default), `Disabled`
Packet Capture	`installer.components.packetCaptureAPI.state`	`Enabled`, `Disabled` (default)
Compliance Reports	`installer.components.compliance.enabled`	`true` (default), `false`

note

If you're upgrading from Calico Cloud 19 or earlier, the Container Threat Detection and Packet Capture features will remain enabled unless you explicitly set them to Disabled.

Optional parameters for pod scheduling and resource management

For many Calico Cloud components, you can specify node selectors, tolerations, and resource requests and limits. The full list of Calico Cloud components is available in the default values.yaml file.

note

Helm may overwrite previous customizations of custom resource fields available under the installer.components Helm parameter. For installer.components, you should define all your values.yaml customizations to be sure nothing is lost during Calico Cloud upgrades and reinstalls.

Prepare your values.yaml with customizations

Prerequisites

You reviewed the information about available customizations in About customizing your Helm installation.
If you're installing from a private registry, you added the Calico Cloud images to a private registry, and you have the following information about the registry:
- Registry secret name
  note
  If your private registry requires credentials, create a calico-cloud namespace on your cluster. Then, create an image pull secret and use this name for the Registry Secret Name.
- Image registry
- Image path

Add the Calico Cloud Helm repository to your local client:

helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update

Save the default values definitions to your workstation so you can edit them locally:
```
helm show values calico-cloud/calico-cloud > <custom-values>.yaml
```
All editable values are provided in the default values definitions.
Add values for the required parameters, install.clusterName and install.calicoCloudVersion.
Example from values.yaml file with clusterName and calicoCloudVersion
```
installer:
  clusterName: example-cluster
  calicoCloudVersion: v20.2.0
```
Add values for the optional parameters. For each resource you want to edit, uncomment the object, add a value, and save.
Example from values.yaml file with compliance reports disabled
```
installer:
  components:
    compliance:
      enabled: false
```