Helm

Big picture

Install Calico Enterprise on a Kubernetes cluster using Helm 3.

Value

Helm charts are a way to package up an application for Kubernetes (similar to apt or yum for operating systems). Helm is also used by tools like ArgoCD to manage applications in a cluster, taking care of install, upgrade (and rollback if needed), etc.

Before you begin

Required

• Install Helm 3
• kubeconfig is configured to work with your cluster (check by running kubectl get nodes)
• Credentials for the Tigera private registry and a license key

Not Supported

• Multi-cluster management (mcm)

Concepts

Operator based installation

In this guide, you install the Tigera Calico operator and custom resource definitions using the Helm 3 chart. The Tigera operator provides lifecycle management for Calico Enterprise exposed via the Kubernetes API defined as a custom resource definition.

How to

Download the Helm chart

1. Get the Helm chart:

   curl -O -L https://downloads.tigera.io/ee/charts/tigera-operator-v3.16.1-0.tgz

Customize the Helm chart

If you are installing on a cluster installed by EKS, GKE, AKS or Mirantis Kubernetes Engine (MKE), or you need to customize TLS certificates, you must customize this Helm chart by creating a values.yaml file. Otherwise, you can skip this step.

1. If you are installing on a cluster installed by EKS, GKE, AKS or Mirantis Kubernetes Engine (MKE), set the kubernetesProvider as described in the Installation reference. For example:

echo '{ installation: {kubernetesProvider: EKS }}' > values.yaml

For Azure AKS cluster with no Kubernetes CNI pre-installed, create values.yaml with the following command:

cat > values.yaml <<EOF
installation:
  kubernetesProvider: AKS
  cni:
    type: Calico
  calicoNetwork:
    bgp: Disabled
    ipPools:
    - cidr: 10.244.0.0/16
      encapsulation: VXLAN
EOF

2. Add any other customizations you require to values.yaml. You might like to refer to the helm docs or run:

helm show values ./tigera-operator-v3.16.1-0.tgz

Install Calico Enterprise

1. Configure a storage class for Calico Enterprise

2. Create the tigera-operator namespace:

   kubectl create namespace tigera-operator

3. Install the Tigera Calico Enterprise operator and custom resource definitions using the Helm chart, and passing in your image pull secrets

   helm install calico-enterprise tigera-operator-v3.16.1-0.tgz \
   --set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
   --namespace tigera-operator

   or if you created a values.yaml above:

   helm install calico-enterprise tigera-operator-v3.16.1-0.tgz -f values.yaml \
   --set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
   --namespace tigera-operator

4. Monitor progress, wait until apiserver shows a status of Available, then proceed to the next step.

   watch kubectl get tigerastatus/apiserver

5. Install your Calico Enterprise license:

   kubectl apply -f </path/to/license.yaml>

6. You can now monitor progress with the following command:

   watch kubectl get tigerastatus

Congratulations! You have now installed Calico Enterprise using the Helm 3 chart.

Next steps

Multicluster Management

• Create a Calico Enterprise management cluster
• Create a Calico Enterprise managed cluster

Recommended

• Configure access to Calico Enterprise Manager UI
• Authentication quickstart
• Configure your own identity provider

Recommended - Networking

• The default networking is IP in IP encapsulation using BPG routing. For all networking options, see Determine best networking option.

Recommended - Security

• Get started with Calico Enterprise tiered network policy