Skip to main content
Version: 3.18 (latest)


Big picture

Install Calico Enterprise on a Kubernetes cluster using Helm 3.


Helm charts are a way to package up an application for Kubernetes (similar to apt or yum for operating systems). Helm is also used by tools like ArgoCD to manage applications in a cluster, taking care of install, upgrade (and rollback if needed), etc.

Before you begin



Operator based installation

In this guide, you install the Tigera Calico operator and custom resource definitions using the Helm 3 chart. The Tigera operator provides lifecycle management for Calico Enterprise exposed via the Kubernetes API defined as a custom resource definition.

How to

Download the Helm chart

curl -O -L

Customize the Helm chart

If you are installing on a cluster installed by EKS, GKE, AKS or Mirantis Kubernetes Engine (MKE), or you need to customize TLS certificates, you must customize this Helm chart by creating a values.yaml file. Otherwise, you can skip this step.

  1. If you are installing on a cluster installed by EKS, GKE, AKS or Mirantis Kubernetes Engine (MKE), set the kubernetesProvider as described in the Installation reference. For example:

    echo '{ installation: {kubernetesProvider: EKS }}' > values.yaml

    For Azure AKS cluster with no Kubernetes CNI pre-installed, create values.yaml with the following command:

    cat > values.yaml <<EOF
    kubernetesProvider: AKS
    type: Calico
    bgp: Disabled
    - cidr:
    encapsulation: VXLAN
  2. Add any other customizations you require to values.yaml. To see values that can be customized in the chart, see the helm docs or run the following command:

    helm show values ./tigera-operator-v3.18.3-0.tgz

Install Calico Enterprise

Standalone is a standard Kubernetes cluster.

To install a standard Calico Enterprise cluster with Helm:

  1. Configure a storage class for Calico Enterprise.

  2. Install the Tigera Calico Enterprise operator and custom resource definitions using the Helm 3 chart:

    helm install calico-enterprise tigera-operator-v3.18.3-0.tgz \
    --set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
    --set-file licenseKeyContent=<path/to/license/file/yaml> \
    --namespace tigera-operator --create-namespace

    or if you created a values.yaml above:

    helm install calico-enterprise tigera-operator-v3.18.3-0.tgz -f values.yaml \
    --set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
    --set-file licenseKeyContent=<path/to/license/file/yaml> \
    --namespace tigera-operator --create-namespace
  3. You can now monitor progress with the following command:

    watch kubectl get tigerastatus

    Congratulations! You have now installed Calico Enterprise using the Helm 3 chart.

Next steps

Multicluster Management


Recommended - Networking

Recommended - Security