Skip to main content
Calico Cloud documentation

Image Assurance Installation reference

Image Assurance installation reference

The Kubernetes resources below configure Calico Cloud Image Assurance installation when using the operator. Each resource is responsible for installing and configuring a different subsystem of Calico Cloud Image Assurance during installation. Most options can be modified on a running cluster using kubectl.

Packages:

image-assurance.operator.tigera.io/v1

API Schema definitions for configuring the installation of Image Assurance

Resource Types:

    ClusterScannerStatusType (string alias)

    (Appears on: ImageAssuranceSpec)

    CrawdadDaemonSet

    (Appears on: ImageAssuranceSpec)

    FieldDescription
    metadata

    github.com/tigera/operator/api/v1.Metadata

    		(Optional)

    Metadata is a subset of a Kubernetes object’s metadata that is added to the DaemonSet.

    spec

    CrawdadDaemonSetSpec

    		(Optional)

    Spec is the specification of the crawdad DaemonSet.



    CrawdadDaemonSetContainer

    (Appears on: CrawdadDaemonSetPodSpec)

    CrawdadDaemonSetContainer is a crawdad DaemonSet container.

    FieldDescription
    name

    string

    Name is an enum which identifies the crawdad DaemonSet container by name.

    resources

    Kubernetes core/v1.ResourceRequirements

    		(Optional)

    Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named crawdad DaemonSet container’s resources. If omitted, the crawdad DaemonSet will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

    CrawdadDaemonSetPodSpec

    (Appears on: CrawdadDaemonSetPodTemplateSpec)

    CrawdadDaemonSetPodSpec is the crawdad DaemonSet’s PodSpec.

    FieldDescription
    containers

    []CrawdadDaemonSetContainer

    		(Optional)

    Containers is a list of crawdad containers. If specified, this overrides the specified crawdad DaemonSet cluster-scanner containers. If omitted, the crawdad DaemonSet will use its default values for its containers.

    affinity

    Kubernetes core/v1.Affinity

    		(Optional)

    Affinity is a group of affinity scheduling rules for the crawdad pods. If specified, this overrides any affinity that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default crawdad DaemonSet affinity.

    nodeSelector

    map[string]string

    NodeSelector is the crawdad pod’s scheduling constraints. If specified, each of the key/value pairs are added to the crawdad DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the crawdad DaemonSet and each of this field’s key/value pairs are added to the crawdad DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the crawdad DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default crawdad DaemonSet nodeSelector.

    tolerations

    []Kubernetes core/v1.Toleration

    		(Optional)

    Tolerations is the crawdad pod’s tolerations. If specified, this overrides any tolerations that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default crawdad DaemonSet tolerations.

    CrawdadDaemonSetPodTemplateSpec

    (Appears on: CrawdadDaemonSetSpec)

    CrawdadDaemonSetPodTemplateSpec is the crawdad DaemonSet’s PodTemplateSpec

    FieldDescription
    metadata

    github.com/tigera/operator/api/v1.Metadata

    		(Optional)

    Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

    spec

    CrawdadDaemonSetPodSpec

    		(Optional)

    Spec is the crawdad DaemonSet’s PodSpec.



    CrawdadDaemonSetSpec

    (Appears on: CrawdadDaemonSet)

    CrawdadDaemonSetSpec defines configuration for the crawdad DaemonSet.

    FieldDescription
    minReadySeconds

    int32

    		(Optional)

    MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for minReadySeconds.

    template

    CrawdadDaemonSetPodTemplateSpec

    		(Optional)

    Template describes the crawdad DaemonSet pod that will be created.

    ExcludedNamespace (string alias)

    (Appears on: Exclusions)

    ExcludedNamespace is a namespace name to be excluded from image scanning.

    Exclusions

    (Appears on: ImageAssuranceSpec)

    Exclusions specifies the criteria for what to exclude from image scanning.

    FieldDescription
    namespaces

    []ExcludedNamespace

    		(Optional)

    Namespaces is an array of namespace names to be excluded from image scanning.

    ImageAssurance

    ImageAssurance is the Schema for the imageassurances API

    FieldDescription
    metadata

    Kubernetes meta/v1.ObjectMeta

    Refer to the Kubernetes API documentation for the fields of the metadata field.

    spec

    ImageAssuranceSpec



    criSocketPath

    string

    CRISocketPath is the path to the CRI socket on the nodes. Defaults to /run/containerd/containerd.sock.

    containerdVolumeMountPath

    string

    		(Optional)

    ContainerdVolumeMountPath is the path to the root of containerd file system. Defaults to /var/lib/containerd/.

    clusterScanner

    ClusterScannerStatusType

    		(Optional)

    This setting enables or disables the cluster scanner. Allowed values are Enabled or Disabled. Defaults to Disabled.

    crawdadDaemonset

    CrawdadDaemonSet

    		(Optional)

    CrawdadDaemonSet is the specification of the Crawdad Daemonset.

    exclusions

    Exclusions

    		(Optional)

    Exclusions define the exclusion criteria for image scanning. Note: Exclusions are applied to future scans and do not affect past scan results.

    status

    ImageAssuranceStatus

    ImageAssuranceSpec

    (Appears on: ImageAssurance)

    ImageAssuranceSpec configures Image Assurance monitoring and tooling in a kubernetes cluster.

    FieldDescription
    criSocketPath

    string

    CRISocketPath is the path to the CRI socket on the nodes. Defaults to /run/containerd/containerd.sock.

    containerdVolumeMountPath

    string

    		(Optional)

    ContainerdVolumeMountPath is the path to the root of containerd file system. Defaults to /var/lib/containerd/.

    clusterScanner

    ClusterScannerStatusType

    		(Optional)

    This setting enables or disables the cluster scanner. Allowed values are Enabled or Disabled. Defaults to Disabled.

    crawdadDaemonset

    CrawdadDaemonSet

    		(Optional)

    CrawdadDaemonSet is the specification of the Crawdad Daemonset.

    exclusions

    Exclusions

    		(Optional)

    Exclusions define the exclusion criteria for image scanning. Note: Exclusions are applied to future scans and do not affect past scan results.

    ImageAssuranceStatus

    (Appears on: ImageAssurance)

    ImageAssuranceStatus defines the observed state of ImageAssurance