Rancher Kubernetes Engine (RKE)
Big picture
Install Calico Enterprise on RKE.
Before you begin
CNI support
Calico CNI for networking with Calico Enterprise network policy:
The geeky details of what you get:
Policy | IPAM | CNI | Overlay | Routing | Datastore |
---|---|---|---|---|---|
Required
-
For help, see Rancher Kubernetes Engine cluster. Note that RKE2 is a different Kubernetes distribution and documented separately.
-
Configure your cluster for Calico Enterprise CNI
- Create a Cluster Config File. In the config file under
network
, set the network plugin toplugin: none
.
noteYou cannot use the Rancher UI to set the RKE CNI set to "none".
- Create a Cluster Config File. In the config file under
-
Cluster meets system requirements
-
A
kubectl
environment with access to your cluster- Use Rancher kubectl Shell for access
- Ensure you have the Kubeconfig file that was generated when you created the cluster.
-
If using a Kubeconfig file locally, install and set up the Kubectl CLI tool.
How to
Install Calico Enterprise
-
Install the Tigera operator and custom resource definitions.
kubectl create -f https://downloads.tigera.io/ee/v3.19.4/manifests/tigera-operator.yaml
-
Install the Prometheus operator and related custom resource definitions. The Prometheus operator is used to deploy Prometheus server and Alertmanager to monitor Calico Enterprise metrics.
noteIf you have an existing Prometheus operator in your cluster that you want to use, skip this step. To work with Calico Enterprise, your Prometheus operator must be v0.40.0 or higher.
kubectl create -f https://downloads.tigera.io/ee/v3.19.4/manifests/tigera-prometheus-operator.yaml
-
Install your pull secret.
If pulling images directly from
quay.io/tigera
, you will likely want to use the credentials provided to you by your Tigera support representative. If using a private registry, use your private registry credentials instead.kubectl create secret generic tigera-pull-secret \
--type=kubernetes.io/dockerconfigjson -n tigera-operator \
--from-file=.dockerconfigjson=<path/to/pull/secret> -
Install any extra Calico Enterprise resources needed at cluster start using calicoctl.
-
Install the Tigera custom resources. For more information on configuration options available in this manifest, see the installation reference.
kubectl create -f https://downloads.tigera.io/ee/v3.19.4/manifests/custom-resources.yaml
Monitor progress with the following command:
watch kubectl get tigerastatus
Wait until the
apiserver
shows a status ofAvailable
, then proceed to the next section.
Install the Calico Enterprise license
kubectl create -f </path/to/license.yaml>
Monitor progress with the following command:
watch kubectl get tigerastatus
Next steps
Recommended
- Configure access to Calico Enterprise Manager UI
- Authentication quickstart
- Configure your own identity provider
Recommended - Networking
- The default networking uses IP in IP encapsulation with BGP routing. For all networking options, see Determine best networking option.
Recommended - Security