Tigera secure EE charm

This charm will deploy Tigera Secure Enterprise Edition (EE) as a background service, and configure CNI for use with Tigera Secure EE, on any principal charm that implements the kubernetes-cni interface.


The tigera-secure-ee charm is a subordinate. This charm will require a principal charm that implements the kubernetes-cni interface in order to properly deploy.


name type Default Description

| calico-node-image | string | See notes | The image id to use for cnx node. |

| calicoctl-image | string | See notes | The image id to use for calicoctl. |

| enable-elasticsearch-operator | boolean | True | See notes |

| ignore-loose-rpf | boolean | False | Enable or disable IgnoreLooseRPF for Calico Felix. This is only used when rp_filter is set to a value of 2. |

| ipip | string | Never | IPIP mode. Must be one of "Always", "CrossSubnet", or "Never". |

| license-key | string | | Tigera EE license key, base64-encoded. Example: juju config tigera-secure-ee license-key=$(base64 -w0 license.yaml) |

| nat-outgoing | boolean | True | NAT outgoing traffic |

| registry | string | | Registry to use for images. If unspecified, defaults will be used: docker.io, quay.io, docker.elastic.co |

| registry-credentials | string | | Private docker registry credentials, in the form of a base64-encoded docker config.json file. Example: juju config tigera-secure-ee registry-credentials=$(base64 -w0 config.json) |




Back to table




Back to table



Enable deployment of elasticsearch-operator into Kubernetes. This provides a monitoring and metrics solution for use with Tigera EE that is suitable for proof-of-concept purposes, but is not recommended for production use.

Back to table

Further information