Helm

Big picture

Install Calico Enterprise on a Kubernetes cluster using Helm 3.

Value

Helm charts are a way to package up an application for Kubernetes (similar to apt or yum for operating systems). Helm is also used by tools like ArgoCD to manage applications in a cluster, taking care of install, upgrade (and rollback if needed), etc.

Before you begin

Required

• Install Helm 3
• kubeconfig is configured to work with your cluster (check by running kubectl get nodes)
• Credentials for the Tigera private registry and a license key

Concepts

Operator based installation

In this guide, you install the Tigera Calico operator and custom resource definitions using the Helm 3 chart. The Tigera operator provides lifecycle management for Calico Enterprise exposed via the Kubernetes API defined as a custom resource definition.

How to

Download the Helm chart

curl -O -L https://downloads.tigera.io/ee/charts/tigera-operator-v3.19.4-0.tgz

Prepare the Installation Configuration

You must provide the desired configuration for your cluster via the values.yaml, otherwise installation will use the default settings based on the auto-detected provider. The configurations you need to provide depends on your cluster's settings and your desired state.

Some important configurations you might need to provide to the installer (via values.yaml) includes (but not limited to): kubernetesProvider, cni type, or if you need to customize TLS certificates.

Here are some examples for updating values.yaml with your configurations:

Example 1. Providing kubernetesProvider: if you are installing on a cluster installed by EKS, set the kubernetesProvider as described in the Installation reference

echo '{ installation: {kubernetesProvider: EKS }}' > values.yaml

Example 2. Providing custom settings in values.yaml for Azure AKS cluster with no Kubernetes CNI pre-installed:

cat > values.yaml <<EOF
installation:
  kubernetesProvider: AKS
  cni:
    type: Calico
  calicoNetwork:
    bgp: Disabled
    ipPools:
    - cidr: 10.244.0.0/16
      encapsulation: VXLAN
EOF

For more information about configurable options via values.yaml please see Helm installation reference.

Install Calico Enterprise

Standalone is a standard Kubernetes cluster.

To install a standard Calico Enterprise cluster with Helm:

1. Configure a storage class for Calico Enterprise.

2. Install the Tigera Calico Enterprise operator and custom resource definitions using the Helm 3 chart:

helm install calico-enterprise tigera-operator-v3.19.4-0.tgz \
--set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
--set-file licenseKeyContent=<path/to/license/file/yaml> \
--namespace tigera-operator --create-namespace

or if you created a values.yaml above:

helm install calico-enterprise tigera-operator-v3.19.4-0.tgz -f values.yaml \
--set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
--set-file licenseKeyContent=<path/to/license/file/yaml> \
--namespace tigera-operator --create-namespace

1. You can now monitor progress with the following command:

watch kubectl get tigerastatus

Congratulations! You have now installed Calico Enterprise using the Helm 3 chart.

Next steps

Multicluster Management

• Create a Calico Enterprise management cluster
• Create a Calico Enterprise managed cluster

Recommended

• Configure access to Calico Enterprise Manager UI
• Authentication quickstart
• Configure your own identity provider

Recommended - Networking

• The default networking is IP in IP encapsulation using BGP routing. For all networking options, see Determine best networking option.

Recommended - Security

• Get started with Calico Enterprise tiered network policy