Skip to main content

Image Assurance Installation reference

Image Assurance installation reference​

The Kubernetes resources below configure Calico Cloud Image Assurance installation when using the operator. Each resource is responsible for installing and configuring a different subsystem of Calico Cloud Image Assurance during installation. Most options can be modified on a running cluster using kubectl.

Packages:

image-assurance.operator.tigera.io/v1​

API Schema definitions for configuring the installation of Image Assurance

Resource Types:

    ClusterScannerStatusType (string alias)​

    (Appears on:

    ImageAssuranceSpec)

    CrawdadDaemonSet​

    (Appears on:

    ImageAssuranceSpec)

    FieldDescription
    metadata
    github.com/tigera/operator/api/v1.Metadata    		(Optional)

    Metadata is a subset of a Kubernetes object’s metadata that is added to the DaemonSet.

    spec
    CrawdadDaemonSetSpec    		(Optional)

    Spec is the specification of the crawdad DaemonSet.



    CrawdadDaemonSetContainer​

    (Appears on:

    CrawdadDaemonSetPodSpec)

    CrawdadDaemonSetContainer is a crawdad DaemonSet container.

    FieldDescription
    name
    string

    Name is an enum which identifies the crawdad DaemonSet container by name.

    resources
    Kubernetes core/v1.ResourceRequirements    		(Optional)

    Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named crawdad DaemonSet container’s resources. If omitted, the crawdad DaemonSet will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

    CrawdadDaemonSetPodSpec​

    (Appears on:

    CrawdadDaemonSetPodTemplateSpec)

    CrawdadDaemonSetPodSpec is the crawdad DaemonSet’s PodSpec.

    FieldDescription
    containers
    []CrawdadDaemonSetContainer    		(Optional)

    Containers is a list of crawdad containers. If specified, this overrides the specified crawdad DaemonSet cluster-scanner containers. If omitted, the crawdad DaemonSet will use its default values for its containers.

    affinity
    Kubernetes core/v1.Affinity    		(Optional)

    Affinity is a group of affinity scheduling rules for the crawdad pods. If specified, this overrides any affinity that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default crawdad DaemonSet affinity.

    nodeSelector
    map[string]string

    NodeSelector is the crawdad pod’s scheduling constraints. If specified, each of the key/value pairs are added to the crawdad DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the crawdad DaemonSet and each of this field’s key/value pairs are added to the crawdad DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the crawdad DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default crawdad DaemonSet nodeSelector.

    tolerations
    []Kubernetes core/v1.Toleration    		(Optional)

    Tolerations is the crawdad pod’s tolerations. If specified, this overrides any tolerations that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default crawdad DaemonSet tolerations.

    CrawdadDaemonSetPodTemplateSpec​

    (Appears on:

    CrawdadDaemonSetSpec)

    CrawdadDaemonSetPodTemplateSpec is the crawdad DaemonSet’s PodTemplateSpec

    FieldDescription
    metadata
    github.com/tigera/operator/api/v1.Metadata    		(Optional)

    Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

    spec
    CrawdadDaemonSetPodSpec    		(Optional)

    Spec is the crawdad DaemonSet’s PodSpec.



    CrawdadDaemonSetSpec​

    (Appears on:

    CrawdadDaemonSet)

    CrawdadDaemonSetSpec defines configuration for the crawdad DaemonSet.

    FieldDescription
    minReadySeconds
    int32    		(Optional)

    MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for minReadySeconds.

    template
    CrawdadDaemonSetPodTemplateSpec    		(Optional)

    Template describes the crawdad DaemonSet pod that will be created.

    ExcludedNamespace (string alias)​

    (Appears on:

    Exclusions)

    ExcludedNamespace is a namespace name to be excluded from image scanning.

    Exclusions​

    (Appears on:

    ImageAssuranceSpec)

    Exclusions specifies the criteria for what to exclude from image scanning.

    FieldDescription
    namespaces
    []ExcludedNamespace    		(Optional)

    Namespaces is an array of namespace names to be excluded from image scanning.

    ImageAssurance​

    ImageAssurance is the Schema for the imageassurances API

    FieldDescription
    metadata
    Kubernetes meta/v1.ObjectMeta

    Refer to the Kubernetes API documentation for the fields of the

    metadata field.
    spec
    ImageAssuranceSpec

    criSocketPath
    string

    CRISocketPath is the path to the CRI socket on the nodes. Defaults to /run/containerd/containerd.sock.

    containerdVolumeMountPath
    string    		(Optional)

    ContainerdVolumeMountPath is the path to the root of containerd file system. Defaults to /var/lib/containerd/.

    clusterScanner
    ClusterScannerStatusType    		(Optional)

    This setting enables or disables the cluster scanner. Allowed values are Enabled or Disabled. Defaults to Disabled.

    crawdadDaemonset
    CrawdadDaemonSet    		(Optional)

    CrawdadDaemonSet is the specification of the Crawdad Daemonset.

    exclusions
    Exclusions    		(Optional)

    Exclusions define the exclusion criteria for image scanning. Note: Exclusions are applied to future scans and do not affect past scan results.

    status
    ImageAssuranceStatus

    ImageAssuranceSpec​

    (Appears on:

    ImageAssurance)

    ImageAssuranceSpec configures Image Assurance monitoring and tooling in a kubernetes cluster.

    FieldDescription
    criSocketPath
    string

    CRISocketPath is the path to the CRI socket on the nodes. Defaults to /run/containerd/containerd.sock.

    containerdVolumeMountPath
    string    		(Optional)

    ContainerdVolumeMountPath is the path to the root of containerd file system. Defaults to /var/lib/containerd/.

    clusterScanner
    ClusterScannerStatusType    		(Optional)

    This setting enables or disables the cluster scanner. Allowed values are Enabled or Disabled. Defaults to Disabled.

    crawdadDaemonset
    CrawdadDaemonSet    		(Optional)

    CrawdadDaemonSet is the specification of the Crawdad Daemonset.

    exclusions
    Exclusions    		(Optional)

    Exclusions define the exclusion criteria for image scanning. Note: Exclusions are applied to future scans and do not affect past scan results.

    ImageAssuranceStatus​

    (Appears on:

    ImageAssurance)

    ImageAssuranceStatus defines the observed state of ImageAssurance