tigera secure ee #170
Description
Deploys Tigera Secure EE as a background service and configures CNI for use with Tigera Secure EE on any principal charm that implements the kubernetes-cni interface.
- Tags:
- networking ›
Tigera Secure EE Charm
This charm will deploy Tigera Secure Enterprise Edition (EE) as a background service, and configure CNI for use with Tigera Secure EE, on any principal charm that implements the kubernetes-cni interface.
Usage
The tigera-secure-ee charm is a subordinate. This charm will require a
principal charm that implements the kubernetes-cni
interface in order to
properly deploy.
Documentation for how to use this with the Charmed Distribution of Kubernetes can be found here: Using Tigera Secure EE with CDK
Further information
Configuration
- calico-node-image
- (string) The image id to use for cnx node.
- tigera/cnx-node:v2.3.0
- calicoctl-image
- (string) The image id to use for calicoctl.
- tigera/calicoctl:v2.3.0
- enable-elasticsearch-operator
- (boolean) Enable deployment of elasticsearch-operator into Kubernetes. This provides a monitoring and metrics solution for use with Tigera EE that is suitable for proof-of-concept purposes, but is not recommended for production use.
- True
- ignore-loose-rpf
- (boolean) Enable or disable IgnoreLooseRPF for Calico Felix. This is only used when rp_filter is set to a value of 2.
- ipip
- (string) IPIP mode. Must be one of "Always", "CrossSubnet", or "Never".
- Never
- license-key
- (string) Tigera EE license key, base64-encoded. Example: juju config tigera-secure-ee license-key=$(base64 -w0 license.yaml)
- nat-outgoing
- (boolean) NAT outgoing traffic
- True
- registry
- (string) Registry to use for images. If unspecified, defaults will be used: docker.io, quay.io, docker.elastic.co
- registry-credentials
- (string) Private docker registry credentials, in the form of a base64-encoded docker config.json file. Example: juju config tigera-secure-ee registry-credentials=$(base64 -w0 config.json)