Image Assurance Installation reference

Image Assurance installation reference

The Kubernetes resources below configure Calico Cloud Image Assurance installation when using the operator. Each resource is responsible for installing and configuring a different subsystem of Calico Cloud Image Assurance during installation. Most options can be modified on a running cluster using kubectl.

Packages:

image-assurance.operator.tigera.io/v1

image-assurance.operator.tigera.io/v1

API Schema definitions for configuring the installation of Image Assurance

Resource Types:

ImageAssurance
ImageAssuranceCentral

ImageAssurance

ImageAssurance is the Schema for the imageassurances API

Field Description

apiVersion
string image-assurance.operator.tigera.io/v1

kind
string ImageAssurance

metadata
Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the

metadata field.

spec
ImageAssuranceSpec

`criSocketPath` string	CRISocketPath is the path to the CRI socket on the nodes. Defaults to /run/containerd/containerd.sock.
`containerdVolumeMountPath` string	(Optional) ContainerdVolumeMountPath is the path to the root of containerd file system. Defaults to /var/lib/containerd/.
`clusterScanner` ClusterScannerStatusType	(Optional) This setting enables or disables the cluster scanner. Allowed values are Enabled or Disabled. Defaults to Disabled.
`crawdadDaemonset` CrawdadDaemonSet	(Optional) CrawdadDaemonSet is the specification of the Crawdad Daemonset.

status
ImageAssuranceStatus

ImageAssuranceCentral

ImageAssuranceCentral is the Schema for the imageassurancecentrals API.

Field Description

apiVersion
string image-assurance.operator.tigera.io/v1

kind
string ImageAssuranceCentral

metadata
Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the

metadata field.

spec
ImageAssuranceCentralSpec

`apiProxyURL` string	APIProxyURL is the url the api proxy should proxy to.
`apiProxyDeployment` APIProxyDeployment	APIProxyDeployment configures the api proxy Deployment.
`scannerWorkerDeployment` ScannerWorkerDeployment	(Optional) ScannerWorkerDeployment is the specification of the Scanner Worker Deployment.
`runtimeCleanerDeployment` RuntimeCleanerDeployment	(Optional) RuntimeCleanerDeployment is the specification of the Runtime Cleaner Deployment.

status
ImageAssuranceCentralStatus

APIProxyDeployment

(Appears on:

ImageAssuranceCentralSpec)

Field Description

metadata
github.com/tigera/operator/api/v1.Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment.

spec
APIProxyDeploymentSpec

(Optional)

Spec is the specification of the api-proxy Deployment.

APIProxyDeploymentContainer

(Appears on:

APIProxyDeploymentPodSpec)

APIProxyDeploymentContainer is a api-proxy Deployment container.

Field	Description
`name` string	Name is an enum which identifies the api-proxy Deployment container by name.
`resources` Kubernetes core/v1.ResourceRequirements	(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named api-proxy Deployment container’s resources. If omitted, the api-proxy Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

APIProxyDeploymentPodSpec

(Appears on:

APIProxyDeploymentPodTemplateSpec)

APIProxyDeploymentPodSpec is the api-proxy Deployment’s PodSpec.

Field	Description
`containers` []APIProxyDeploymentContainer	(Optional) Containers is a list of api-proxy containers. If specified, this overrides the specified api-proxy Deployment containers. If omitted, the api-proxy Deployment will use its default values for its containers.
`affinity` Kubernetes core/v1.Affinity	(Optional) Affinity is a group of affinity scheduling rules for the api-proxy pods. If specified, this overrides any affinity that may be set on the api-proxy Deployment. If omitted, the api-proxy Deployment will use its default value for affinity. WARNING: Please note that this field will override the default api-proxy Deployment affinity.
`nodeSelector` map[string]string	NodeSelector is the api-proxy pod’s scheduling constraints. If specified, each of the key/value pairs are added to the api-proxy Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the api-proxy Deployment and each of this field’s key/value pairs are added to the api-proxy Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the api-proxy Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default api-proxy Deployment nodeSelector.
`tolerations` []Kubernetes core/v1.Toleration	(Optional) Tolerations is the api-proxy pod’s tolerations. If specified, this overrides any tolerations that may be set on the api-proxy Deployment. If omitted, the api-proxy Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default api-proxy Deployment tolerations.

APIProxyDeploymentPodTemplateSpec

(Appears on:

APIProxyDeploymentSpec)

APIProxyDeploymentPodTemplateSpec is the api-proxy Deployment’s PodTemplateSpec

Field Description

metadata
github.com/tigera/operator/api/v1.Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec
APIProxyDeploymentPodSpec

(Optional)

Spec is the api-proxy Deployment’s PodSpec.

APIProxyDeploymentSpec

(Appears on:

APIProxyDeployment)

APIProxyDeploymentSpec defines configuration for the api-proxy Deployment.

Field	Description
`minReadySeconds` int32	(Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the api-proxy Deployment. If omitted, the api-proxy Deployment will use its default value for minReadySeconds.
`template` APIProxyDeploymentPodTemplateSpec	(Optional) Template describes the api-proxy Deployment pod that will be created.

ClusterScannerStatusType (`string` alias)

(Appears on:

ImageAssuranceSpec)

CrawdadDaemonSet

(Appears on:

ImageAssuranceSpec)

Field Description

metadata
github.com/tigera/operator/api/v1.Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the DaemonSet.

spec
CrawdadDaemonSetSpec

(Optional)

Spec is the specification of the crawdad DaemonSet.

CrawdadDaemonSetContainer

(Appears on:

CrawdadDaemonSetPodSpec)

CrawdadDaemonSetContainer is a crawdad DaemonSet container.

Field	Description
`name` string	Name is an enum which identifies the crawdad DaemonSet container by name.
`resources` Kubernetes core/v1.ResourceRequirements	(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named crawdad DaemonSet container’s resources. If omitted, the crawdad DaemonSet will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CrawdadDaemonSetPodSpec

(Appears on:

CrawdadDaemonSetPodTemplateSpec)

CrawdadDaemonSetPodSpec is the crawdad DaemonSet’s PodSpec.

Field	Description
`containers` []CrawdadDaemonSetContainer	(Optional) Containers is a list of crawdad containers. If specified, this overrides the specified crawdad DaemonSet cluster-scanner containers. If omitted, the crawdad DaemonSet will use its default values for its containers.
`affinity` Kubernetes core/v1.Affinity	(Optional) Affinity is a group of affinity scheduling rules for the crawdad pods. If specified, this overrides any affinity that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default crawdad DaemonSet affinity.
`nodeSelector` map[string]string	NodeSelector is the crawdad pod’s scheduling constraints. If specified, each of the key/value pairs are added to the crawdad DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the crawdad DaemonSet and each of this field’s key/value pairs are added to the crawdad DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the crawdad DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default crawdad DaemonSet nodeSelector.
`tolerations` []Kubernetes core/v1.Toleration	(Optional) Tolerations is the crawdad pod’s tolerations. If specified, this overrides any tolerations that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default crawdad DaemonSet tolerations.

CrawdadDaemonSetPodTemplateSpec

(Appears on:

CrawdadDaemonSetSpec)

CrawdadDaemonSetPodTemplateSpec is the crawdad DaemonSet’s PodTemplateSpec

Field Description

metadata
github.com/tigera/operator/api/v1.Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec
CrawdadDaemonSetPodSpec

(Optional)

Spec is the crawdad DaemonSet’s PodSpec.

CrawdadDaemonSetSpec

(Appears on:

CrawdadDaemonSet)

CrawdadDaemonSetSpec defines configuration for the crawdad DaemonSet.

Field	Description
`minReadySeconds` int32	(Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for minReadySeconds.
`template` CrawdadDaemonSetPodTemplateSpec	(Optional) Template describes the crawdad DaemonSet pod that will be created.

ImageAssuranceCentralSpec

(Appears on:

ImageAssuranceCentral)

ImageAssuranceCentralSpec defines the desired state of ImageAssuranceCentral.

Field	Description
`apiProxyURL` string	APIProxyURL is the url the api proxy should proxy to.
`apiProxyDeployment` APIProxyDeployment	APIProxyDeployment configures the api proxy Deployment.
`scannerWorkerDeployment` ScannerWorkerDeployment	(Optional) ScannerWorkerDeployment is the specification of the Scanner Worker Deployment.
`runtimeCleanerDeployment` RuntimeCleanerDeployment	(Optional) RuntimeCleanerDeployment is the specification of the Runtime Cleaner Deployment.

ImageAssuranceCentralStatus

(Appears on:

ImageAssuranceCentral)

ImageAssuranceCentralStatus defines the observed state of ImageAssuranceCentral.

Field	Description
`state` string	State provides user-readable status.

ImageAssuranceSpec

(Appears on:

ImageAssurance)

ImageAssuranceSpec configures Image Assurance monitoring and tooling in a kubernetes cluster.

Field	Description
`criSocketPath` string	CRISocketPath is the path to the CRI socket on the nodes. Defaults to /run/containerd/containerd.sock.
`containerdVolumeMountPath` string	(Optional) ContainerdVolumeMountPath is the path to the root of containerd file system. Defaults to /var/lib/containerd/.
`clusterScanner` ClusterScannerStatusType	(Optional) This setting enables or disables the cluster scanner. Allowed values are Enabled or Disabled. Defaults to Disabled.
`crawdadDaemonset` CrawdadDaemonSet	(Optional) CrawdadDaemonSet is the specification of the Crawdad Daemonset.

ImageAssuranceStatus

(Appears on:

ImageAssurance)

ImageAssuranceStatus defines the observed state of ImageAssurance

RuntimeCleanerDeployment

(Appears on:

ImageAssuranceCentralSpec)

Field Description

metadata
github.com/tigera/operator/api/v1.Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment.

spec
RuntimeCleanerDeploymentSpec

(Optional)

Spec is the specification of the runtime-cleaner Deployment.

RuntimeCleanerDeploymentContainer

(Appears on:

RuntimeCleanerDeploymentPodSpec)

RuntimeCleanerDeploymentContainer is a runtime-cleaner Deployment container.

Field Description

Field	Description
`name` string	Name is an enum which identifies the runtime-cleaner Deployment container by name.
`resources` Kubernetes core/v1.ResourceRequirements	(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named runtime-cleaner Deployment container’s resources. If omitted, the runtime-cleaner Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

name
string

Name is an enum which identifies the runtime-cleaner Deployment container by name.

resources
Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named runtime-cleaner Deployment container’s resources. If omitted, the runtime-cleaner Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

RuntimeCleanerDeploymentPodSpec

(Appears on:

RuntimeCleanerDeploymentPodTemplateSpec)

RuntimeCleanerDeploymentPodSpec is the runtime-cleaner Deployment’s PodSpec.

Field	Description
`containers` []RuntimeCleanerDeploymentContainer	(Optional) Containers is a list of runtime-cleaner containers. If specified, this overrides the specified runtime-cleaner Deployment containers. If omitted, the runtime-cleaner Deployment will use its default values for its containers.
`affinity` Kubernetes core/v1.Affinity	(Optional) Affinity is a group of affinity scheduling rules for the runtime-cleaner pods. If specified, this overrides any affinity that may be set on the runtime-cleaner Deployment. If omitted, the runtime-cleaner Deployment will use its default value for affinity. WARNING: Please note that this field will override the default runtime-cleaner Deployment affinity.
`nodeSelector` map[string]string	NodeSelector is the runtime-cleaner pod’s scheduling constraints. If specified, each of the key/value pairs are added to the runtime-cleaner Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the runtime-cleaner Deployment and each of this field’s key/value pairs are added to the runtime-cleaner Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the runtime-cleaner Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default runtime-cleaner Deployment nodeSelector.
`tolerations` []Kubernetes core/v1.Toleration	(Optional) Tolerations is the runtime-cleaner pod’s tolerations. If specified, this overrides any tolerations that may be set on the runtime-cleaner Deployment. If omitted, the runtime-cleaner Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default runtime-cleaner Deployment tolerations.

RuntimeCleanerDeploymentPodTemplateSpec

(Appears on:

RuntimeCleanerDeploymentSpec)

RuntimeCleanerDeploymentPodTemplateSpec is the runtime-cleaner Deployment’s PodTemplateSpec

Field Description

metadata
github.com/tigera/operator/api/v1.Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec
RuntimeCleanerDeploymentPodSpec

(Optional)

Spec is the runtime-cleaner Deployment’s PodSpec.

RuntimeCleanerDeploymentSpec

(Appears on:

RuntimeCleanerDeployment)

RuntimeCleanerDeploymentSpec defines configuration for the runtime-cleaner Deployment.

Field	Description
`minReadySeconds` int32	(Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the runtime-cleaner Deployment. If omitted, the runtime-cleaner Deployment will use its default value for minReadySeconds.
`template` RuntimeCleanerDeploymentPodTemplateSpec	(Optional) Template describes the runtime-cleaner Deployment pod that will be created.

ScannerWorkerDeployment

(Appears on:

ImageAssuranceCentralSpec)

Field Description

metadata
github.com/tigera/operator/api/v1.Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment.

spec
ScannerWorkerDeploymentSpec

(Optional)

Spec is the specification of the scanner worker Deployment.

ScannerWorkerDeploymentContainer

(Appears on:

ScannerWorkerDeploymentPodSpec)

ScannerWorkerDeploymentContainer is a scanner worker Deployment container.

Field Description

Field	Description
`name` string	Name is an enum which identifies the scanner worker Deployment container by name.
`resources` Kubernetes core/v1.ResourceRequirements	(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named scanner worker Deployment container’s resources. If omitted, the scanner worker Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

name
string

Name is an enum which identifies the scanner worker Deployment container by name.

resources
Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named scanner worker Deployment container’s resources. If omitted, the scanner worker Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

ScannerWorkerDeploymentPodSpec

(Appears on:

ScannerWorkerDeploymentPodTemplateSpec)

ScannerWorkerDeploymentPodSpec is the scanner worker Deployment’s PodSpec.

Field	Description
`containers` []ScannerWorkerDeploymentContainer	(Optional) Containers is a list of scanner worker containers. If specified, this overrides the specified scanner worker Deployment containers. If omitted, the scanner worker Deployment will use its default values for its containers.
`affinity` Kubernetes core/v1.Affinity	(Optional) Affinity is a group of affinity scheduling rules for the scanner worker pods. If specified, this overrides any affinity that may be set on the scanner worker Deployment. If omitted, the scanner worker Deployment will use its default value for affinity. WARNING: Please note that this field will override the default scanner worker Deployment affinity.
`nodeSelector` map[string]string	NodeSelector is the scanner worker pod’s scheduling constraints. If specified, each of the key/value pairs are added to the scanner worker Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the scanner worker Deployment and each of this field’s key/value pairs are added to the scanner worker Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the scanner worker Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default scanner worker Deployment nodeSelector.
`tolerations` []Kubernetes core/v1.Toleration	(Optional) Tolerations is the scanner worker pod’s tolerations. If specified, this overrides any tolerations that may be set on the scanner worker Deployment. If omitted, the scanner worker Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default scanner worker Deployment tolerations.

ScannerWorkerDeploymentPodTemplateSpec

(Appears on:

ScannerWorkerDeploymentSpec)

ScannerWorkerDeploymentPodTemplateSpec is the scanner worker Deployment’s PodTemplateSpec

Field Description

metadata
github.com/tigera/operator/api/v1.Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec
ScannerWorkerDeploymentPodSpec

(Optional)

Spec is the scanner worker Deployment’s PodSpec.

ScannerWorkerDeploymentSpec

(Appears on:

ScannerWorkerDeployment)

ScannerWorkerDeploymentSpec defines configuration for the scanner worker Deployment.

Field	Description
`minReadySeconds` int32	(Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the scanner worker Deployment. If omitted, the scanner worker Deployment will use its default value for minReadySeconds.
`template` ScannerWorkerDeploymentPodTemplateSpec	(Optional) Template describes the scanner worker Deployment pod that will be created.

Image Assurance Installation reference