Helm

Big picture

Install Calico Enterprise on a Kubernetes cluster using Helm 3.

Value

Helm charts are a way to package up an application for Kubernetes (similar to apt or yum for operating systems). Helm is also used by tools like ArgoCD to manage applications in a cluster, taking care of install, upgrade (and rollback if needed), etc.

Before you begin

Required

• Install Helm 3
• kubeconfig is configured to work with your cluster (check by running kubectl get nodes)
• Credentials for the Tigera private registry and a license key

Concepts

Operator based installation

In this guide, you install the Tigera Calico operator and custom resource definitions using the Helm 3 chart. The Tigera operator provides lifecycle management for Calico Enterprise exposed via the Kubernetes API defined as a custom resource definition.

How to

Download the Helm chart

curl -O -L https://downloads.tigera.io/ee/charts/tigera-operator-v3.18.2-0.tgz

Customize the Helm chart

If you are installing on a cluster installed by EKS, GKE, AKS or Mirantis Kubernetes Engine (MKE), or you need to customize TLS certificates, you must customize this Helm chart by creating a values.yaml file. Otherwise, you can skip this step.

1. If you are installing on a cluster installed by EKS, GKE, AKS or Mirantis Kubernetes Engine (MKE), set the kubernetesProvider as described in the Installation reference. For example:

   echo '{ installation: {kubernetesProvider: EKS }}' > values.yaml

   For Azure AKS cluster with no Kubernetes CNI pre-installed, create values.yaml with the following command:

   cat > values.yaml <<EOF
   installation:
     kubernetesProvider: AKS
     cni:
       type: Calico
     calicoNetwork:
       bgp: Disabled
       ipPools:
       - cidr: 10.244.0.0/16
         encapsulation: VXLAN
   EOF

2. Add any other customizations you require to values.yaml. To see values that can be customized in the chart, see the helm docs or run the following command:

   helm show values ./tigera-operator-v3.18.2-0.tgz

Install Calico Enterprise

Standalone is a standard Kubernetes cluster.

To install a standard Calico Enterprise cluster with Helm:

1. Configure a storage class for Calico Enterprise.

2. Install the Tigera Calico Enterprise operator and custom resource definitions using the Helm 3 chart:

   helm install calico-enterprise tigera/tigera-operator --version tigera-operator-v3.18.2-0.tgz \
   --set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
   --set-file licenseKeyContent=<path/to/license/file/yaml> \
   --namespace tigera-operator --create-namespace

   or if you created a values.yaml above:

   helm install calico-enterprise tigera/tigera-operator --version tigera-operator-v3.18.2-0 -f values.yaml \
   --set-file imagePullSecrets.tigera-pull-secret=<path/to/pull/secret>,tigera-prometheus-operator.imagePullSecrets.tigera-pull-secret=<path/to/pull/secret> \
   --set-file licenseKeyContent=<path/to/license/file/yaml> \
   --namespace tigera-operator --create-namespace

3. You can now monitor progress with the following command:

   watch kubectl get tigerastatus

   Congratulations! You have now installed Calico Enterprise using the Helm 3 chart.

Next steps

Multicluster Management

• Create a Calico Enterprise management cluster
• Create a Calico Enterprise managed cluster

Recommended

• Configure access to Calico Enterprise Manager UI
• Authentication quickstart
• Configure your own identity provider

Recommended - Networking

• The default networking is IP in IP encapsulation using BGP routing. For all networking options, see Determine best networking option.

Recommended - Security

• Get started with Calico Enterprise tiered network policy