Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Tigera secure EE charm

This charm will deploy Tigera Secure Enterprise Edition (EE) as a background service, and configure CNI for use with Tigera Secure EE, on any principal charm that implements the kubernetes-cni interface.


The tigera-secure-ee charm is a subordinate. This charm will require a principal charm that implements the kubernetes-cni interface in order to properly deploy.


name type Default Description
calico-node-image string See notes The image id to use for cnx node.
calicoctl-image string See notes The image id to use for calicoctl.
enable-elasticsearch-operator boolean True See notes
ignore-loose-rpf boolean False Enable or disable IgnoreLooseRPF for Calico Felix. This is only used when rp_filter is set to a value of 2.
ipip string Never IPIP mode. Must be one of "Always", "CrossSubnet", or "Never".
license-key string Tigera EE license key, base64-encoded. Example: juju config tigera-secure-ee license-key=$(base64 -w0 license.yaml)
nat-outgoing boolean True NAT outgoing traffic
registry string Registry to use for images. If unspecified, defaults will be used:,,
registry-credentials string Private docker registry credentials, in the form of a base64-encoded docker config.json file. Example: juju config tigera-secure-ee registry-credentials=$(base64 -w0 config.json)




Back to table




Back to table



Enable deployment of elasticsearch-operator into Kubernetes. This provides a monitoring and metrics solution for use with Tigera EE that is suitable for proof-of-concept purposes, but is not recommended for production use.

Back to table

Further information