Standard
Big picture
Install Calico Enterprise on a deployed Kubernetes/kubeadm cluster for on-premises deployments.
Before you begin
CNI support
Calico CNI for networking with Calico Enterprise network policy:
The geeky details of what you get:
| Policy | IPAM | CNI | Overlay | Routing | Datastore |
|---|---|---|---|---|---|
Required
- A compatible Kubernetes cluster
- Cluster meets system requirements
- A Tigera license key and credentials
How to
Install Calico Enterprise
Install the Tigera operator and custom resource definitions.
kubectl create -f https://downloads.tigera.io/ee/v3.19.4/manifests/tigera-operator.yamlInstall the Prometheus operator and related custom resource definitions. The Prometheus operator will be used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics.
noteIf you have an existing Prometheus operator in your cluster that you want to use, skip this step. To work with Calico Enterprise, your Prometheus operator must be v0.40.0 or higher.kubectl create -f https://downloads.tigera.io/ee/v3.19.4/manifests/tigera-prometheus-operator.yaml- Install your pull secret.
If pulling images directly from
quay.io/tigera, you will likely want to use the credentials provided to you by your Tigera support representative. If using a private registry, use your private registry credentials.kubectl create secret generic tigera-pull-secret \
--type=kubernetes.io/dockerconfigjson -n tigera-operator \
--from-file=.dockerconfigjson=<path/to/pull/secret> - (Optional) If your cluster architecture requires any custom Calico Enterprise resources to function at startup, install them now using calicoctl.
Install the Tigera custom resources. For more information on configuration options available, see the installation reference.
kubectl create -f https://downloads.tigera.io/ee/v3.19.4/manifests/custom-resources.yaml
You can now monitor progress with the following command:
watch kubectl get tigerastatus
Wait until the apiserver shows a status of Available, then proceed to the next section.
Install Calico Enterprise license
Install the Calico Enterprise license provided to you by Tigera.
kubectl create -f </path/to/license.yaml>
You can now monitor progress with the following command:
watch kubectl get tigerastatus
Next steps
Recommended
- Configure access to Calico Enterprise Manager UI
- Authentication quickstart
- Configure your own identity provider
Recommended - Networking
- The default networking uses IP in IP encapsulation with BGP routing. For all networking options, see Determine best networking option.
Recommended - Security