Connect a cluster to Calico Cloud using a private registry
You can perform a Helm installation from images stored on a private registry.
Prerequisites
- You have an active Calico Cloud account. You can sign up for a 14-day free trial at calicocloud.io.
- You are signed in to the Calico Cloud Manager UI as a user with the Owner, Admin, or DevOps role.
- You have at least one cluster that meets our system requirements.
- You have kubectl access to the cluster.
- You have installed Helm 3.0 or later on your workstation.
- You have added the Calico Cloud images to a private registry, and you have the following information about the registry:
- Registry secret name
note
If your private registry requires credentials, create a
calico-cloudnamespace on your cluster. Then, create an image pull secret and use this name for the Registry Secret Name. - Image registry
- Image path
- Registry secret name
Install Calico Cloud using a private registry
-
From the Managed Clusters page, click Connect Cluster.
-
In the Connect a Cluster dialog, enter a Cluster Name and select a Cluster Type.
-
Optional: If you must install a specific older release, select the Calico Cloud version you want to install. We always recommend the latest version, which is installed by default.
-
Click Advanced Options, and then select both Install via helm and Private registry.
-
Enter the Registry Secret Name, Image registry, and Image path.
-
Click Connect to generate a unique Helm installation command. Copy the command.
-
Optional: To make changes to what features are enabled during installation, paste the command to a text editor and append the
--setoption any of the following key-value pairs. You can change these options only by reinstalling or upgrading Calico Cloud and changing the values.Feature Key Values Image Assurance installer.components.imageAssurance.stateEnabled(default),DisabledContainer Threat Detection installer.components.runtimeSecurity.stateEnabled,Disabled(default*)
* The default for new clusters isDisabled. For upgrades for previously connected clusters, the default will retain the previous state.Security Posture Dashboard installer.components.securityPosture.stateEnabled(default),DisabledPacket Capture installer.components.packetCaptureAPI.stateEnabled,Disabled(default*)
* The default for new clusters isDisabled. For upgrades for previously connected clusters, the default will retain the previous state.Compliance Reports installer.components.compliance.enabledtrue(default),falseExample of generated Helm command with user-added parametershelm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds --namespace calico-cloud --create-namespace && helm upgrade --install calico-cloud calico-cloud/calico-cloud --namespace calico-cloud --set apiKey=ryl34elz8:5kdv6siag:ifk1uwruwlgp7vzn7ecijt5zjbf5p9p1il1ag8877ylwjo4muu19wzg2g8x5qa7x --set installer.clusterName=my-cluster --set installer.calicoCloudVersion=v19.1.0 \
--set installer.components.imageAssurance.state=Enabled \
--set installer.components.runtimeSecurity.state=Enabled \
--set installer.components.securityPosture.state=EnabledIn this example, this command connects the cluster to Calico Cloud with Image Assurance, Runtime Security, and Security Posture Dashboard features enabled.1. From a terminal, paste and run the command.
-
On the Managed Clusters page, you should immediately see your cluster in the list of managed clusters. Monitor the status under Connection Status. When the status changes to Connected, installation is complete and your cluster is connected to Calico Cloud.