Tigera secure EE charm
This charm will deploy Tigera Secure Enterprise Edition (EE) as a background service, and configure CNI for use with Tigera Secure EE, on any principal charm that implements the kubernetes-cni interface.
Usage
The tigera-secure-ee charm is a subordinate. This charm will require a
principal charm that implements the kubernetes-cni
interface in order to
properly deploy.
Configuration
name | type | Default | Description |
---|---|---|---|
calico-node-image | string | See notes | The image id to use for cnx node. |
calicoctl-image | string | See notes | The image id to use for calicoctl. |
enable-elasticsearch-operator | boolean | True | See notes |
ignore-loose-rpf | boolean | False | Enable or disable IgnoreLooseRPF for Calico Felix. This is only used when rp_filter is set to a value of 2. |
ipip | string | Never | IPIP mode. Must be one of “Always”, “CrossSubnet”, or “Never”. |
license-key | string | Tigera EE license key, base64-encoded. Example: juju config tigera-secure-ee license-key=$(base64 -w0 license.yaml) | |
nat-outgoing | boolean | True | NAT outgoing traffic |
registry | string | Registry to use for images. If unspecified, defaults will be used: docker.io, quay.io, docker.elastic.co | |
registry-credentials | string | Private docker registry credentials, in the form of a base64-encoded docker config.json file. Example: juju config tigera-secure-ee registry-credentials=$(base64 -w0 config.json) |
calico-node-image
tigera/cnx-node:v2.3.0
calicoctl-image
tigera/calicoctl:v2.3.0
enable-elasticsearch-operator
Enable deployment of elasticsearch-operator into Kubernetes. This provides a monitoring and metrics solution for use with Tigera EE that is suitable for proof-of-concept purposes, but is not recommended for production use.