-
Notifications
You must be signed in to change notification settings - Fork 97
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'tigera:main' into observability
- Loading branch information
Showing
65 changed files
with
2,199 additions
and
797 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,116 @@ | ||
| --- | ||
| description: Install Calico Cloud as part of an automated workflow. | ||
| --- | ||
|
|
||
| import Tabs from '@theme/Tabs'; | ||
| import TabItem from '@theme/TabItem'; | ||
| import IconUser from '/img/icons/user-icon.svg'; | ||
|
|
||
| # Install Calico Cloud as part of an automated workflow | ||
|
|
||
| You can connect clusters to Calico Cloud as part of an automated workflow. | ||
| To do this, you must generate a persistent set of client credentials to use while interacting with the Calico Cloud API. | ||
| Using these credentials with standard kubectl and Helm installations lets you fully automate the cluster connection process. | ||
|
|
||
| ## Prerequisties | ||
|
|
||
| * You have an active Calico Cloud account. You can sign up for a 14-day free trial at [calicocloud.io](https://calicocloud.io). | ||
| * You are signed in to the Calico Cloud Manager UI as a user with the **Owner** or **Admin**, role. | ||
|
|
||
| ## Create client credentials | ||
|
|
||
| You can create client credentials and generate a Kubernetes secret to use for automated installations. | ||
|
|
||
| 1. Select the user icon <IconUser width="20"/> > **Client Credentials**, and then click **Add Client Credentials**. | ||
| 1. Click the `Add Client Credentials` button | ||
| 1. In the **Add Client Credential** dialog, enter a name and click **Create**. | ||
| Your new client credentials will appear in the list on the **Manage Client Credentials** page. | ||
| 1. Locate the newly created client credentials in the list and select **Action** > **Manage keys** > **Add Key** | ||
| 1. Enter a name, choose how long the key will be valid, and click **Create key**. | ||
| 1. Click **Download** to download the `<my-key-name>.yaml` secret file and store it in a secure location. | ||
| You will not be able to retrieve this secret again. | ||
|
|
||
| :::important | ||
|
|
||
| To ensure that you always have a valid key, you should transition to a second key before the first key expires. | ||
| Create a second key, download the secret, and then replace copies of the secret file for the first key with the secret file for the second key. | ||
| When all the secrets from the first key have been replaced, you can safely delete the first key from the **Client Credentials** page. | ||
| When the key is deleted, all API requests based on that key will be rejected. | ||
|
|
||
| ::: | ||
|
|
||
| ## Install Calico Cloud as part of an automated workflow | ||
|
|
||
| You can install Calico Cloud using repeatable kubectl or Helm commands together with valid client credentials. | ||
| These commands can be added to any automated workflow. | ||
|
|
||
| ***Prerequisites*** | ||
|
|
||
| * You have generated a set of client credentials and you know the path to your secret. | ||
| * You have at least one cluster that meets our [system requirements](requirements/system-requirements.mdx). | ||
| * You have kubectl access to the cluster. | ||
| * You have installed Helm 3.0 or later on your workstation. | ||
|
|
||
| 1. Apply the Calico Cloud installer manifests to your cluster. | ||
|
|
||
| <Tabs> | ||
| <TabItem value="kubectl" label="kubectl"> | ||
|
|
||
| ```bash | ||
| kubectl apply -f https://installer.calicocloud.io/manifests/cc-operator/latest/deploy.yaml | ||
| ``` | ||
|
|
||
| </TabItem> | ||
| <TabItem value="helm" label="Helm"> | ||
|
|
||
| ```bash | ||
| helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && \ | ||
| helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds \ | ||
| --namespace calico-cloud \ | ||
| --create-namespace | ||
| ``` | ||
|
|
||
| </TabItem> | ||
| </Tabs> | ||
|
|
||
| 1. Apply the client credentials secret to your cluster. | ||
| Note that in this example we are applying the secret directly to the cluster, but we recommend using Secret Management System | ||
|
|
||
| ```bash | ||
| kubectl apply -f <my-key-name.yaml> | ||
| ``` | ||
|
|
||
| 1. Configure and apply the Calico Cloud installer CR. | ||
|
|
||
| <Tabs> | ||
| <TabItem value="kubectl" label="kubectl"> | ||
|
|
||
| ```shell | ||
| kubectl apply -f - <<EOF | ||
| apiVersion: operator.calicocloud.io/v1 | ||
| kind: Installer | ||
| metadata: | ||
| name: default | ||
| namespace: calico-cloud | ||
| spec: | ||
| # clusterName is the unique name this cluster will have in Calico Cloud | ||
| clusterName: my-cluster | ||
| # calicoCloudVersion is the version to install | ||
| calicoCloudVersion: v19.1.0 | ||
| EOF | ||
| ``` | ||
| </TabItem> | ||
| <TabItem value="helm" label="Helm"> | ||
| ```shell | ||
| helm upgrade --install calico-cloud calico-cloud/calico-cloud \ | ||
| --namespace calico-cloud \ | ||
| # installer.clusterName is the unique name this cluster will have in Calico Cloud | ||
| --set installer.clusterName=my-cluster \ | ||
| # installer.calicoCloudVersion is the version to install | ||
| --set installer.calicoCloudVersion=v19.1.0 | ||
| ``` | ||
| </TabItem> | ||
| </Tabs> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,75 +1,37 @@ | ||
| --- | ||
| description: Steps to connect your cluster to Calico Cloud. | ||
| title: Install | ||
| --- | ||
|
|
||
| # Connect a cluster to Calico Cloud | ||
|
|
||
| ## Before you begin | ||
| You can connect a cluster to Calico Cloud by generating a unique kubectl command in the Calico Cloud Manager UI and running it on your cluster. | ||
|
|
||
| Connecting to {{prodname}} is easy, and is done in **Manager UI**, **Managed Clusters** using an installation wizard. | ||
| ## Prerequisites | ||
|
|
||
| Although not required, it may save you troubleshooting if you verify your cluster meets [system requirements](requirements/system-requirements.mdx). | ||
| * You have an active Calico Cloud account. You can sign up for a 14-day free trial at [calicocloud.io](https://calicocloud.io). | ||
| * You are signed in to the Calico Cloud Manager UI as a user with the **Owner**, **Admin**, or **DevOps** role. | ||
| * You have at least one cluster that meets our [system requirements](requirements/system-requirements.mdx). | ||
| * You have kubectl access to the cluster. | ||
|
|
||
| ## Install options | ||
| ## Connect a cluster to Calico Cloud | ||
|
|
||
| {{prodname}} provides the following install options. Note that after initial installation, you cannot reinstall the cluster with a different option. | ||
| 1. From the **Managed Clusters** page, click **Connect Cluster**. | ||
| 1. In the **Connect a Cluster** dialog, enter a **Cluster Name** and select a **Cluster Type**. | ||
| 1. (Optional) If you must install a specific older release, select the Calico Cloud version you want to install. | ||
| We always recommend the latest version, which is installed by default. | ||
| 1. Click **Connect** to generate a unique kubectl command. Copy the command. | ||
|
|
||
| - Default (kubectl) | ||
| - Private image registry using Helm charts | ||
| - Helm charts | ||
| ```bash title="Example of generated kubectl installation command" | ||
| kubectl apply -f https://installer.calicocloud.io/manifests/cc-operator/latest/deploy.yaml && curl -H "Authorization: Bearer mprcnz04t:9dav6eoag:s8w7xjslez1x1xkf6ds0h23miz5b1fw6phh9897d0n76e4pjfdekijowjv5lw9dd" "https://www.calicocloud.io/api/managed-cluster/deploy.yaml?version=v19.1.0" | kubectl apply -f - | ||
| ``` | ||
|
|
||
| Choose your install option and follow the steps. | ||
| 1. From a terminal, paste and run the command. | ||
| 1. On the **Managed Clusters** page, you should immediately see your cluster in the list of managed clusters. | ||
| Monitor the status under **Connection Status**. | ||
| When the status changes to **Connected**, installation is complete and your cluster is connected to Calico CLoud. | ||
|
|
||
| ## Default | ||
| ## Additional resources | ||
|
|
||
| **Required:** `kubectl` access to the cluster | ||
|
|
||
| 1. On the **Managed Clusters** page, click **Connect Cluster**. | ||
| 1. Add the **Cluster Name**, and select the **Cluster Type**. | ||
| 1. (Optional) If you must install a specific older release, select the {{prodname}} version you want to install. We always recommend the latest version, which is installed by default. | ||
| 1. Click **Connect** and follow the wizard. | ||
| 1. Monitor the progress on the Managed Clusters page. | ||
|
|
||
| ## Private registry | ||
|
|
||
| **Required**: | ||
|
|
||
| - Helm v3 | ||
| - Before you start the installation wizard, add {{prodname}} images to a [private registry](setup-private-registry.mdx). You'll need the following values in the installation wizard: | ||
|
|
||
| - **Registry Secret Name** | ||
| :::note | ||
|
|
||
| If your private registry requires credentials, create the **calico-cloud** namespace on your cluster. Then, create an image pull secret and use this name for the **Registry Secret Name**. | ||
|
|
||
| ::: | ||
|
|
||
| - **Image Registry** | ||
| - **Image Path** | ||
|
|
||
| 1. On the **Managed Clusters** page, click **Connect Cluster**. | ||
| 1. Add the **Cluster Name**, and select the **Cluster Type**. | ||
| 1. (Optional) If you must install a specific older release, select the {{prodname}} version you want to install. We always recommend the latest version, which is installed by default. | ||
| 1. Click **Advanced Options**, and select both **Install via helm** and **Install private registry**. (Private registry supports only Helm). | ||
|
|
||
|  | ||
| 1. Complete the fields, ensuring that your inputs match the values used when setting up your private registry. | ||
| 1. Click **Connect** and follow the wizard. | ||
| 1. Monitor the progress on the Managed Clusters page. | ||
|
|
||
| ## Helm | ||
|
|
||
| **Required**: Helm v3 | ||
|
|
||
| 1. On the **Managed Clusters** page, click **Connect Cluster**. | ||
| 1. Add the **Cluster Name**, and select the **Cluster Type**. | ||
| 1. Select the version of {{prodname}} you want to install | ||
| 1. Click **Advanced Options**, and select **Install via helm**. | ||
|
|
||
|  | ||
| 1. Click **Connect** and follow the wizard. | ||
| 1. Monitor the progress on the Managed Clusters page. | ||
|
|
||
| ## Need help? | ||
|
|
||
| See [Troubleshooting checklist](checklist.mdx) and [Tigera operator troubleshooting checklist](operator-checklist.mdx). | ||
| * [Calico Cloud troubleshooting checklist](checklist.mdx) | ||
| * [Tigera operator troubleshooting checklist](operator-checklist.mdx) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| --- | ||
| description: Steps to connect your cluster to Calico Cloud. | ||
| title: Install using Helm | ||
| --- | ||
|
|
||
| # Connect a cluster to Calico Cloud using Helm | ||
|
|
||
| You can connect your cluster to Calico Cloud by generating a unique Helm command in the Calico Cloud Manager UI and running it on your cluster. | ||
| With Helm installations you can also set optional installation parameters to enable certain features. | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| * You have an active Calico Cloud account. You can sign up for a 14-day free trial at [calicocloud.io](https://calicocloud.io). | ||
| * You are signed in to the Calico Cloud Manager UI as a user with the **Owner**, **Admin**, or **DevOps** role. | ||
| * You have at least one cluster that meets our [system requirements](requirements/system-requirements.mdx). | ||
| * You have kubectl access to the cluster. | ||
| * You have installed Helm 3.0 or later on your workstation. | ||
|
|
||
| ## Install Calico Cloud using Helm | ||
|
|
||
| 1. From the **Managed Clusters** page, click **Connect Cluster**. | ||
| 1. In the **Connect a Cluster** dialog, enter a **Cluster Name** and select a **Cluster Type**. | ||
| 1. (Optional) If you must install a specific older release, select the Calico Cloud version you want to install. | ||
| We always recommend the latest version, which is installed by default. | ||
| 1. Click **Advanced Options**, and then select **Install via helm** | ||
| 1. Click **Connect** to generate a unique Helm installation command. Copy the command. | ||
|
|
||
| ```bash title="Example of generated Helm installation command" | ||
| helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds --namespace calico-cloud --create-namespace && helm upgrade --install calico-cloud calico-cloud/calico-cloud --namespace calico-cloud --set apiKey=ryl34elz8:9dav6eoag:ifk1uwruwlgp7vzn7ecijt5zjbf5p9p1il1ag8877ylwjo4muu19wzg2g8x5qa7x --set installer.clusterName=my-cluster --set installer.calicoCloudVersion=v19.1.0 | ||
| ``` | ||
| 1. (Optional) To make changes to what features are enabled during installation, paste the command to a text editor and append the `--set` option any of the following key-value pairs. | ||
| You can change these options only by reinstalling or upgrading Calico Cloud and changing the values. | ||
|
|
||
| | Feature | Key | Values | | ||
| |---------|-----|--------| | ||
| | Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` | | ||
| | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state.| | ||
| | Security Posture Dashboard | `installer.components.securityPosture.state` | `Enabled` (default), `Disabled` | | ||
|
|
||
| ```bash title="Example of generated Helm command with user-added parameters" | ||
| helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds --namespace calico-cloud --create-namespace && helm upgrade --install calico-cloud calico-cloud/calico-cloud --namespace calico-cloud --set apiKey=ryl34elz8:9dav6eoag:ifk1uwruwlgp7vzn7ecijt5zjbf5p9p1il1ag8877ylwjo4muu19wzg2g8x5qa7x --set installer.clusterName=my-cluster --set installer.calicoCloudVersion=v19.1.0 \ | ||
| --set installer.components.imageAssurance.state=Enabled \ | ||
| --set installer.components.runtimeSecurity.state=Enabled \ | ||
| --set installer.components.securityPosture.state=Enabled | ||
| ``` | ||
| In this example, this command connects the cluster to Calico Cloud with Image Assurance, Runtime Security, and Security Posture Dashboard features enabled. | ||
|
|
||
| 1. From a terminal, paste and run the command. | ||
| 1. On the **Managed Clusters** page, you should immediately see your cluster in the list of managed clusters. | ||
| Monitor the status under **Connection Status**. | ||
| When the status changes to **Connected**, installation is complete and your cluster is connected to Calico CLoud. | ||
|
|
||
| ## Additional resources | ||
|
|
||
| * [Calico Cloud troubleshooting checklist](checklist.mdx) | ||
| * [Tigera operator troubleshooting checklist](operator-checklist.mdx) |
59 changes: 59 additions & 0 deletions
59
calico-cloud/get-started/connect/install-private-registry.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| --- | ||
| description: Steps to connect your cluster to Calico Cloud. | ||
| title: Install using a private registry | ||
| --- | ||
|
|
||
| # Connect a cluster to Calico Cloud using a private registry | ||
|
|
||
| You can perform a Helm installation from images stored on a private registry. | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| * You have an active Calico Cloud account. You can sign up for a 14-day free trial at [calicocloud.io](https://calicocloud.io). | ||
| * You are signed in to the Calico Cloud Manager UI as a user with the **Owner**, **Admin**, or **DevOps** role. | ||
| * You have at least one cluster that meets our [system requirements](requirements/system-requirements.mdx). | ||
| * You have kubectl access to the cluster. | ||
| * You have installed Helm 3.0 or later on your workstation. | ||
| * You have [added the Calico Cloud images to a private registry](setup-private-registry.mdx), and you have the following information about the registry: | ||
| * Registry secret name | ||
| :::note | ||
| If your private registry requires credentials, create a `calico-cloud` namespace on your cluster. | ||
| Then, create an image pull secret and use this name for the **Registry Secret Name**. | ||
| ::: | ||
| * Image registry | ||
| * Image path | ||
|
|
||
|
|
||
| ## Install Calico Cloud using a private registry | ||
|
|
||
| 1. From the **Managed Clusters** page, click **Connect Cluster**. | ||
| 1. In the **Connect a Cluster** dialog, enter a **Cluster Name** and select a **Cluster Type**. | ||
| 1. (Optional) If you must install a specific older release, select the Calico Cloud version you want to install. We always recommend the latest version, which is installed by default. | ||
| 1. Click **Advanced Options**, and then select both **Install via helm** and **Private registry**. | ||
| 1. Enter the **Registry Secret Name**, **Image registry**, and **Image path**. | ||
| 1. Click **Connect** to generate a unique Helm installation command. Copy the command. | ||
| 1. (Optional) To make changes to what features are enabled during installation, paste the command to a text editor and append the `--set` option any of the following key-value pairs. | ||
| You can change these options only by reinstalling or upgrading Calico Cloud and changing the values. | ||
|
|
||
| | Feature | Key | Values | | ||
| |---------|-----|--------| | ||
| | Image Assurance | `installer.components.imageAssurance.state` | `Enabled` (default), `Disabled` | | ||
| | Container Threat Detection | `installer.components.runtimeSecurity.state` | `Enabled`, `Disabled` (default*) <br/> * The default for new clusters is `Disabled`. For upgrades for previously connected clusters, the default will retain the previous state.| | ||
| | Security Posture Dashboard | `installer.components.securityPosture.state` | `Enabled` (default), `Disabled` | | ||
|
|
||
| ```bash title="Example of generated Helm command with user-added parameters" | ||
| helm repo add calico-cloud https://installer.calicocloud.io/charts --force-update && helm upgrade --install calico-cloud-crds calico-cloud/calico-cloud-crds --namespace calico-cloud --create-namespace && helm upgrade --install calico-cloud calico-cloud/calico-cloud --namespace calico-cloud --set apiKey=ryl34elz8:5kdv6siag:ifk1uwruwlgp7vzn7ecijt5zjbf5p9p1il1ag8877ylwjo4muu19wzg2g8x5qa7x --set installer.clusterName=my-cluster --set installer.calicoCloudVersion=v19.1.0 \ | ||
| --set installer.components.imageAssurance.state=Enabled \ | ||
| --set installer.components.runtimeSecurity.state=Enabled \ | ||
| --set installer.components.securityPosture.state=Enabled | ||
| ``` | ||
| In this example, this command connects the cluster to Calico Cloud with Image Assurance, Runtime Security, and Security Posture Dashboard features enabled.1. From a terminal, paste and run the command. | ||
|
|
||
| 1. On the **Managed Clusters** page, you should immediately see your cluster in the list of managed clusters. | ||
| Monitor the status under **Connection Status**. | ||
| When the status changes to **Connected**, installation is complete and your cluster is connected to Calico CLoud. | ||
|
|
||
| ## Additional resources | ||
|
|
||
| * [Calico Cloud troubleshooting checklist](checklist.mdx) | ||
| * [Tigera operator troubleshooting checklist](operator-checklist.mdx) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.