Helm
Big picture
Install Calico Enterprise on a Kubernetes cluster using Helm 3.
Value
Helm charts are a way to package up an application for Kubernetes (similar to apt
or yum
for operating systems). Helm is also used by tools like ArgoCD to manage applications in a cluster, taking care of install, upgrade (and rollback if needed), etc.
Before you begin
Required
- Install Helm 3
kubeconfig
is configured to work with your cluster (check by runningkubectl get nodes
)- Credentials for the Tigera private registry and a license key
Optional
- If you bring your own Prometheus operator and omit the Tigera Prometheus operator from our Helm chart during installation, make sure that it is running before you install Calico Enterprise.
Not Supported
- Multi-cluster management (mcm)
Concepts
Operator based installation
In this guide, you install the Tigera Calico operator and custom resource definitions using the Helm 3 chart. The Tigera operator provides lifecycle management for Calico Enterprise exposed via the Kubernetes API defined as a custom resource definition.
How to
Download the Helm chart
Get the Helm chart:
curl -O -L https://downloads.tigera.io/ee/charts/tigera-operator-v3.17.3-0.tgz
Customize the Helm chart
If you are installing on a cluster installed by EKS, GKE, AKS or Mirantis Kubernetes Engine (MKE), or you need to customize TLS certificates, you must customize this Helm chart by creating a values.yaml
file. Otherwise, you can skip this step.
If you are installing on a cluster installed by EKS, GKE, AKS or Mirantis Kubernetes Engine (MKE), set the
kubernetesProvider
as described in the Installation reference. For example:Add any other customizations you require to
values.yaml
. You might like to refer to the helm docs or run:
echo '{ installation: {kubernetesProvider: EKS }}' > values.yaml
For Azure AKS cluster with no Kubernetes CNI pre-installed, create values.yaml
with the following command:
cat > values.yaml <<EOF
installation:
kubernetesProvider: AKS
cni:
type: Calico
calicoNetwork:
bgp: Disabled
ipPools:
- cidr: 10.244.0.0/16
encapsulation: VXLAN
EOF
helm show values ./tigera-operator-v3.17.3-0.tgz
Install Calico Enterprise
Create the
tigera-operator
namespace:kubectl create namespace tigera-operator
Install the Tigera Calico Enterprise operator and custom resource definitions using the Helm chart, and passing in your image pull secrets
helm install calico-enterprise tigera-operator-v3.17.3-0.tgz \
--set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
--namespace tigera-operatoror if you created a
values.yaml
above:helm install calico-enterprise tigera-operator-v3.17.3-0.tgz -f values.yaml \
--set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
--namespace tigera-operatorMonitor progress, wait until
apiserver
shows a status ofAvailable
, then proceed to the next step.watch kubectl get tigerastatus/apiserver
Install your Calico Enterprise license:
kubectl apply -f </path/to/license.yaml>
You can now monitor progress with the following command:
watch kubectl get tigerastatus
Congratulations! You have now installed Calico Enterprise using the Helm 3 chart.
Next steps
Multicluster Management
Recommended
- Configure access to Calico Enterprise Manager UI
- Authentication quickstart
- Configure your own identity provider
Recommended - Networking
- The default networking is IP in IP encapsulation using BGP routing. For all networking options, see Determine best networking option.
Recommended - Security