Helm

Big picture

Install Calico Enterprise on a Kubernetes cluster using Helm 3.

Value

Helm charts are a way to package up an application for Kubernetes (similar to apt or yum for operating systems). Helm is also used by tools like ArgoCD to manage applications in a cluster, taking care of install, upgrade (and rollback if needed), etc.

Before you begin

Required

• Install Helm 3
• kubeconfig is configured to work with your cluster (check by running kubectl get nodes)
• Credentials for the Tigera private registry and a license key

Optional

• If you bring your own Prometheus operator and omit the Tigera Prometheus operator from our Helm chart during installation, make sure that it is running before you install Calico Enterprise.

Not Supported

• Multi-cluster management (mcm)

Concepts

Operator based installation

In this guide, you install the Tigera Calico operator and custom resource definitions using the Helm 3 chart. The Tigera operator provides lifecycle management for Calico Enterprise exposed via the Kubernetes API defined as a custom resource definition.

How to

Download the Helm chart

1. Get the Helm chart:

   curl -O -L https://downloads.tigera.io/ee/charts/tigera-operator-v3.17.3-0.tgz

Customize the Helm chart

If you are installing on a cluster installed by EKS, GKE, AKS or Mirantis Kubernetes Engine (MKE), or you need to customize TLS certificates, you must customize this Helm chart by creating a values.yaml file. Otherwise, you can skip this step.

1. If you are installing on a cluster installed by EKS, GKE, AKS or Mirantis Kubernetes Engine (MKE), set the kubernetesProvider as described in the Installation reference. For example:

echo '{ installation: {kubernetesProvider: EKS }}' > values.yaml

For Azure AKS cluster with no Kubernetes CNI pre-installed, create values.yaml with the following command:

cat > values.yaml <<EOF
installation:
  kubernetesProvider: AKS
  cni:
    type: Calico
  calicoNetwork:
    bgp: Disabled
    ipPools:
    - cidr: 10.244.0.0/16
      encapsulation: VXLAN
EOF

2. Add any other customizations you require to values.yaml. You might like to refer to the helm docs or run:

helm show values ./tigera-operator-v3.17.3-0.tgz

Install Calico Enterprise

1. Configure a storage class for Calico Enterprise

2. Create the tigera-operator namespace:

   kubectl create namespace tigera-operator

3. Install the Tigera Calico Enterprise operator and custom resource definitions using the Helm chart, and passing in your image pull secrets

   helm install calico-enterprise tigera-operator-v3.17.3-0.tgz \
   --set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
   --namespace tigera-operator

   or if you created a values.yaml above:

   helm install calico-enterprise tigera-operator-v3.17.3-0.tgz -f values.yaml \
   --set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
   --namespace tigera-operator

4. Monitor progress, wait until apiserver shows a status of Available, then proceed to the next step.

   watch kubectl get tigerastatus/apiserver

5. Install your Calico Enterprise license:

   kubectl apply -f </path/to/license.yaml>

6. You can now monitor progress with the following command:

   watch kubectl get tigerastatus

Congratulations! You have now installed Calico Enterprise using the Helm 3 chart.

Next steps

Multicluster Management

• Create a Calico Enterprise management cluster
• Create a Calico Enterprise managed cluster

Recommended

• Configure access to Calico Enterprise Manager UI
• Authentication quickstart
• Configure your own identity provider

Recommended - Networking

• The default networking is IP in IP encapsulation using BGP routing. For all networking options, see Determine best networking option.

Recommended - Security

• Get started with Calico Enterprise tiered network policy