Operations
Post-installation tasks for managing Calico Enterprise.
Configuring the web console​
Configure access to the web console
Configure access to the web console.
Authentication quickstart
Use default token authentication to log in to the web console and Kibana.
Configure an external identity provider
Configure an external identity provider for user access to Calico Enterprise Manager and Kibana.
Configure user roles and permissions
Configure roles and permissions for Calico Enterprise features and functions.
calicoctl and calicoq​
Install calicoctl
Install the CLI for Calico.
Configure calicoctl
Configure calicoctl for datastore access.
Configure calicoctl to connect to the datastore
Sample configuration files for the Kubernetes API datastore.
Install calicoq
Install the CLI for Calico Enterprise.
Configure calicoq
Configure the CLI to connect to the Kubernetes API datastore.
Configure calicoq to connect to the datastore
Configure CLI to connect to the Kubernetes API datastore.
Securing component communications​
Configure encryption and authentication to secure Calico Enterprise components
Enable TLS authentication and encryption for various Calico Enterprise components.
Secure Calico Enterprise Prometheus endpoints
Limit access to Calico Enterprise metric endpoints using network policy.
Secure BGP sessions
Configure BGP passwords to prevent attackers from injecting false routing information.
Provide TLS certificates for Calico Enterprise Manager
Add TLS certificates to secure access to Calico Enterprise Manager user interface.
Provide TLS certificates for log storage
Add TLS certificate to secure access to log storage.
Provide TLS certificates for Linseed APIs
Add TLS certificate to secure access to Linseed APIs.
Provide TLS certificates for the API server
Add TLS certificates to secure access to the Calico Enterprise API server.
Provide TLS certificates for Typha and Node
Add TLS certificates to secure communications between if you are using Typha to scale your deployment.
Provide TLS certificates for compliance
Add TLS certificate to secure access to compliance.
Provide TLS certificates for PacketCapture APIs
Add TLS certificate to secure access to PacketCapture APIs.
Manage TLS certificates used by Calico Enterprise
Control the issuer of certificates used by Calico Enterprise.
Storage​
Log storage recommendations
Guidelines for setting up your log storage.
Configure storage for logs and reports
Configure persistent storage for flow logs, DNS logs, audit logs, and compliance reports.
Adjust log storage size
Adjust the log storage size during or after installation.
Advanced Node Scheduling
Control where Elasticsearch pods and replicas are scheduled.
Monitoring​
Prometheus support
Prometheus support in Calico Enterprise.
Bring your own Prometheus
Steps to get Calico Enterprise metrics using your own Prometheus.
Configure Prometheus
Configure rules for alerts and denied packets, for persistent storage.
Configure Alertmanager
Configure Alertmanager, a Prometheus feature that routes alerts.
Recommended Prometheus metrics
Recommended Prometheus metrics for monitoring Calico Enterprise components.
BGP metrics
Monitor BGP peering and route exchange in your cluster and get alerts by defining rules and thresholds.
License metrics
Monitor Calico Enterprise license metrics such as nodes used, nodes available, and days until license expires.
Policy metrics
Monitor the effects of policy in your cluster and received alerts by defining rules and thresholds.
Elasticsearch and Fluentd metrics
Monitor Elasticsearch and Fluentd metrics, and get alerts on log storage or collection issues.
eBPF​
eBPF use cases
Learn when to use eBPF, and when not to.
Enable eBPF on an existing cluster
Steps to enable the eBPF data plane on an existing cluster.
Install in eBPF mode
Install Calico Enterprise in eBPF mode.
Troubleshoot eBPF mode
How to troubleshoot when running in eBPF mode.
Troubleshooting​
Troubleshooting and diagnostics
View logs and diagnostics, common issues, and where to report issues in github.
Troubleshooting commands
Learn basic commands to verify cluster and components are working.
Component logs
Where to find component logs.