Helm installation reference
You can customize the following resources and settings during Calico Enterprise Helm-based installation using the file, values.yaml.
- Installation
- Api server
- Compliance
- Intrusion detection
- Log collector
- Log storage
- Manager
- Monitor
- Policy recommendation
- Authentication
- Application layer
- Amazon cloud integration
- Default felix configuration
If you customize felix configuration when you install Calico Enterprise, the v1 apiVersion is used. However, when you apply
felix configuration customization after installation (when the tigera-apiserver is running), use the v3 apiVersion.
Sample values.yaml​
Here is a sample values.yaml file with settings for custom resources. You must enable the custom resource using
enabled: true to provide custom configurations; custom resources set to false are ignored.
installation:
enabled: true
<installation resource spec fields to configure>
apiServer:
enabled: true
<apiServer resource spec fields to configure>
intrusionDetection:
enabled: true
<intrusionDetection resource spec to configure>
logCollector:
enabled: true
<logCollector resource spec fields to configure>
logStorage:
enabled: true
nodes:
count: 1
<logStorage resource spec fields to configure>
manager:
enabled: true
<manager resource spec fields to configure>
monitor:
enabled: true
<monitor resource spec fields to configure>
compliance:
enabled: true
<compliance resource spec fields to configure>
policyRecommendation:
enabled: true
<policyRecommendation resource spec fields to configure>
authentication:
enabled: false
<if enabled is true: authentication resource spec fields to configure>
applicationLayer:
enabled: false
<if enabled is true: applicationLayer resource spec fields to configure>
amazonCloudIntegration:
enabled: false
<if enabled is true: amazonCloudIntegration resource spec fields to configure>
defaultFelixConfiguration:
enabled: false
<if enabled is true: felixConfiguration resource spec fields to configure>
Common customizations​
Common customizations that you might want to configure are number of replicas, pod affinity, and encryption using WireGuard.
Number of replicas​
This setting defines the number of replicas for Calico Enterprise components that can run simultaneously in multiple instances. To configure this setting, see controlPlaneReplicas. The components for the replicas are:
- tigera-manager
- tigera-apiserver
- tigera-dex
- tigera-kibana
- es-gateway
To set a specific replica for these components, you must provide the setting in your custom values.yaml file:
installation:
enable: true
controlPlaneReplicas: 3 # desired number of replicas for the components listed above.
Pod affinity​
You can define pod affinity for the following Tigera components. Update the appropriate custom resource in your custom values.yaml.
- tigera-apiserver: through ApiServer resource
- calico-nodes: through CalicoNodeDaemonSet property in the Installation resource
- calico-kube-controllers: through CalicoKubeControllersDeployment property in the Installation resource
- compliance deployment pods (compliance-snapshotter, compliance-server, compliance-controller, compliance-benchmarker, compliance-scaleloader, compliance-reporter): through Compliance resource
- elasticsearch pods: through LogStorage resource - for more info on this option please checkout Advanced Node Scheduling
Encryption using WireGuard​
WireGuard encryption
is configured in the FelixConfiguration. To set encryption for your cluster, update the values.yaml file.
defaultFelixConfiguration:
enabled: true
wireguardEnabled: true
wireguardEnabledV6: true