Helm installation reference
You can customize the following resources and settings during Calico Enterprise Helm-based installation using the file, values.yaml
.
- Installation
- Api server
- Compliance
- Intrusion detection
- Log collector
- Log storage
- Manager
- Monitor
- Policy recommendation
- Authentication
- Application layer
- Amazon cloud integration
- Default felix configuration
If you customize felix configuration when you install Calico Enterprise, the v1 apiVersion
is used. However, when you apply
felix configuration customization after installation (when the tigera-apiserver is running), use the v3 apiVersion
.
Sample values.yaml
Here is a sample values.yaml
file with settings for custom resources. You must enable the custom resource using
enabled: true
to provide custom configurations; custom resources set to false are ignored.
installation:
enabled: true
<installation resource spec fields to configure>
apiServer:
enabled: true
<apiServer resource spec fields to configure>
intrusionDetection:
enabled: true
<intrusionDetection resource spec to configure>
logCollector:
enabled: true
<logCollector resource spec fields to configure>
logStorage:
enabled: true
nodes:
count: 1
<logStorage resource spec fields to configure>
manager:
enabled: true
<manager resource spec fields to configure>
monitor:
enabled: true
<monitor resource spec fields to configure>
compliance:
enabled: true
<compliance resource spec fields to configure>
policyRecommendation:
enabled: true
<policyRecommendation resource spec fields to configure>
authentication:
enabled: false
<if enabled is true: authentication resource spec fields to configure>
applicationLayer:
enabled: false
<if enabled is true: applicationLayer resource spec fields to configure>
amazonCloudIntegration:
enabled: false
<if enabled is true: amazonCloudIntegration resource spec fields to configure>
defaultFelixConfiguration:
enabled: false
<if enabled is true: felixConfiguration resource spec fields to configure>
Common customizations
Common customizations that you might want to configure are number of replicas, pod affinity, and encryption using WireGuard.
Number of replicas
This setting defines the number of replicas for Calico Enterprise components that can run simultaneously in multiple instances. To configure this setting, see controlPlaneReplicas. The components for the replicas are:
- tigera-manager
- tigera-apiserver
- tigera-dex
- tigera-kibana
- es-gateway
To set a specific replica for these components, you must provide the setting in your custom values.yaml file:
installation:
enable: true
controlPlaneReplicas: 3 # desired number of replicas for the components listed above.
Pod affinity
You can define pod affinity for the following Tigera components. Update the appropriate custom resource in your custom values.yaml
.
- tigera-apiserver: through ApiServer resource
- calico-nodes: through CalicoNodeDaemonSet property in the Installation resource
- calico-kube-controllers: through CalicoKubeControllersDeployment property in the Installation resource
- compliance deployment pods (compliance-snapshotter, compliance-server, compliance-controller, compliance-benchmarker, compliance-scaleloader, compliance-reporter): through Compliance resource
- elasticsearch pods: through LogStorage resource - for more info on this option please checkout Advanced Node Scheduling
Encryption using WireGuard
WireGuard encryption
is configured in the FelixConfiguration. To set encryption for your cluster, update the values.yaml
file.
defaultFelixConfiguration:
enabled: true
wireguardEnabled: true
wireguardEnabledV6: true