Note: To complete this module, you will need a Calico Cloud account. If you are participating in a live workshop, you will receive an invite with the information to login into an active Calico Cloud environment. Once logged in, join your EKS cluster there. If you are running this workshop in a self-paced mode, you can create a Calico Cloud environment following the steps here.
Issues with being unable to navigate menus in the UI are often due to browsers blocking scripts - please ensure that you disable all blocker scripts.
-
During the workshop, you will receive an invitation to connect to a Calico Cloud organization, just like in the picture below:
-
Click on the link ACCEPT INVITATION and create a password to access the Calico Cloud.
-
Once you have access to your Calico Cloud environment, go to step 2:
-
The welcome screen will allow you to choose among four use cases and will provide a guided tour for each use case. After that, you can proceed to connect your first cluster. This option directs you to the Managed Clusters section. Click on the "Connect Cluster" button to start the process.
The Connect Cluster window will allow you to choose a name to identify your cluster in Calico Cloud and select which platform you are running the cluster on. The next window presents a link for you to review the cluster requirements for Calico Cloud. Calico Cloud will generate a kubectl command to run the installation script, and you need to copy and apply this command in your cluster.
⚠️ Attention: During the live workshop, the Calico Cloud cluster will be shared. To avoid confusion, you can create a random prefix for your cluster name. This name can be achieved using the following command on the Cloud9 prompt:echo $RANDOM-tigera-workshop
-
Run the installation script in your cluster. Script should look similar to this:
kubectl apply -f https://installer.calicocloud.io/manifests/cc-operator/lat est/deploy.yaml && curl -H "Authorization: Bearer a7c2oex34:00llxrhcq:1ga2c z69d7ug81yjgakpyclv6o3eu8o97kp7t2483lmwajslu47xed94e4ic8ywn" "https://www.c alicocloud.io/api/managed-cluster/deploy.yaml" | kubectl apply -f -
Output should look similar to:
namespace/calico-cloud created namespace/calico-system created namespace/tigera-access created namespace/tigera-image-assurance created namespace/tigera-license created namespace/tigera-operator created namespace/tigera-operator-cloud created namespace/tigera-prometheus created namespace/tigera-risk-system created customresourcedefinition.apiextensions.k8s.io/installers.operator.calicocloud.io created serviceaccount/calico-cloud-controller-manager created role.rbac.authorization.k8s.io/calico-cloud-installer-ns-role created role.rbac.authorization.k8s.io/calico-cloud-installer-calico-system-role created role.rbac.authorization.k8s.io/calico-cloud-installer-kube-system-role created role.rbac.authorization.k8s.io/calico-cloud-installer-tigera-image-assurance-role created role.rbac.authorization.k8s.io/calico-cloud-installer-tigera-prometheus-role created role.rbac.authorization.k8s.io/calico-cloud-installer-tigera-risk-system-role created clusterrole.rbac.authorization.k8s.io/calico-cloud-installer-role created clusterrole.rbac.authorization.k8s.io/calico-cloud-installer-sa-creator-role created clusterrole.rbac.authorization.k8s.io/calico-cloud-installer-tigera-operator-role created rolebinding.rbac.authorization.k8s.io/calico-cloud-installer-ns-rbac created rolebinding.rbac.authorization.k8s.io/calico-cloud-installer-calico-system-rbac created rolebinding.rbac.authorization.k8s.io/calico-cloud-installer-kube-system-rbac created rolebinding.rbac.authorization.k8s.io/calico-cloud-installer-tigera-access-rbac created rolebinding.rbac.authorization.k8s.io/calico-cloud-installer-tigera-image-assurance-rbac created rolebinding.rbac.authorization.k8s.io/calico-cloud-installer-tigera-license-rbac created rolebinding.rbac.authorization.k8s.io/calico-cloud-installer-tigera-operator-rbac created rolebinding.rbac.authorization.k8s.io/calico-cloud-installer-tigera-operator-rbac created rolebinding.rbac.authorization.k8s.io/calico-cloud-installer-tigera-prometheus-rbac created rolebinding.rbac.authorization.k8s.io/calico-cloud-installer-tigera-risk-system-rbac created clusterrolebinding.rbac.authorization.k8s.io/calico-cloud-installer-crb created deployment.apps/calico-cloud-controller-manager created % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 466 100 466 0 0 1372 0 --:--:-- --:--:-- --:--:-- 1370 secret/api-key created installer.operator.calicocloud.io/default createdJoining the cluster to Calico Cloud can take a few minutes. Meanwhile the Calico resources can be monitored until they are all reporting
AvailableasTrue.kubectl get tigerastatus
Output should look similar to:
NAME AVAILABLE PROGRESSING DEGRADED SINCE apiserver True False False 6m56s calico True False False 4m36s cloud-core True False False 6m23s compliance True False False 5m16s image-assurance True False False 5m50s intrusion-detection True False False 5m1s log-collector True False False 4m41s management-cluster-connection True False False 5m41s monitor True False False 7m26s policy-recommendation True False False 5m41s
You can also monitor your cluster installation on the Calico Cloud UI. Go to the "Managed Clusters" section, select your cluster and expand the timestamp dropdown to see the installation logs. In a few minutes, the status will change from Installing to Done. Congratulations! You successfully connected your cluster to Calico Cloud.
Once the installation is completed, you can to start interacting with your cluster from the Calico Cloud interface. Calico Cloud provides a single pane of glass for managing multiple clusters. If you followed the previous steps, you would have two clusters connected to Calico Cloud at this point: Your cluster and a pre-configured lab cluster that allows you to explore some of the features in Calico Cloud.
You can switch between clusters by following the steps below:
-
Navigate to the Dashboard section - the first icon under the Calico Cat on the top-left of the UI.
-
Click on the Cluster dropdown button on the top-right of the UI.
-
Select your recently added cluster.
The "Cluster" dropdown button will always be visible across the Calico Cloud UI, no matter which section you are viewing. You can change the cluster you want to interact with at any moment. When you change the cluster, the whole Calico Cloud context will change immediately to reflect the information regarding the currently selected cluster.
By default, flow logs are collected every 5 minutes. We will decrease that time to 15 seconds, which will increase the amount of information we must store, and while that is not recommended for production environments, it will help to speed up the time in which events are seen within Calico observability features.
kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"flowLogsFlushInterval":"15s"}}'
kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"dnsLogsFlushInterval":"15s"}}'
kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"flowLogsFileAggregationKindForAllowed":1}}'
kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"flowLogsFileAggregationKindForDenied":0}}'
kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"dnsLogsFileAggregationKind":0}}'Configure Felix to collect TCP stats - this uses eBPF TC program and requires minimum Kernel version of v5.3.0/v4.18.0-193.
kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"flowLogsCollectTcpStats":true}}'