Tigera-secure-ee charm

This charm will deploy Tigera Secure Enterprise Edition (EE) as a background service, and configure CNI for use with Tigera Secure EE, on any principal charm that implements the kubernetes-cni interface.

Usage

The tigera-secure-ee charm is a subordinate. This charm will require a principal charm that implements the kubernetes-cni interface in order to properly deploy.

Configuration

name type Default Description
calico-node-image string See notes The image id to use for cnx node.
calicoctl-image string See notes The image id to use for calicoctl.
enable-elasticsearch-operator boolean True See notes
ignore-loose-rpf boolean False Enable or disable IgnoreLooseRPF for Calico Felix. This is only used when rp_filter is set to a value of 2.
ipip string Never IPIP mode. Must be one of “Always”, “CrossSubnet”, or “Never”.
license-key string   Tigera EE license key, base64-encoded. Example: juju config tigera-secure-ee license-key=$(base64 -w0 license.yaml)
nat-outgoing boolean True NAT outgoing traffic
registry string   Registry to use for images. If unspecified, defaults will be used: docker.io, quay.io, docker.elastic.co
registry-credentials string   Private docker registry credentials, in the form of a base64-encoded docker config.json file. Example: juju config tigera-secure-ee registry-credentials=$(base64 -w0 config.json)

calico-node-image

Default:

tigera/cnx-node:v2.3.0

Back to table

calicoctl-image

Default:

tigera/calicoctl:v2.3.0

Back to table

enable-elasticsearch-operator

Description:

Enable deployment of elasticsearch-operator into Kubernetes. This provides a monitoring and metrics solution for use with Tigera EE that is suitable for proof-of-concept purposes, but is not recommended for production use.

Back to table

Further information