Installation reference
The Kubernetes resources below configure Calico installation when using the operator. Each resource is responsible for installing and configuring a different subsystem of Calico during installation. Most options can be modified on a running cluster using kubectl.
Packages
operator.tigera.io/v1
API Schema definitions for configuring the installation of Calico and Calico Enterprise
Package v1 contains API Schema definitions for the operator v1 API group
Resource Types
APIServer
APIServer installs the Tigera API server and related resources. At most one instance of this resource is supported. It must be named "default" or "tigera-secure".
| Field | Description |
|---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | APIServer |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. |
spec APIServerSpec | Specification of the desired state for the Tigera API server. |
status APIServerStatus | Most recently observed status for the Tigera API server. |
APIServerDeployment
APIServerDeployment is the configuration for the API server Deployment.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec APIServerDeploymentSpec | (Optional) Spec is the specification of the API server Deployment. |
APIServerDeploymentContainer
APIServerDeploymentContainer is an API server Deployment container.
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the API server Deployment container by name. Supported values are: calico-apiserver, tigera-queryserver, calico-l7-admission-controller |
ports APIServerDeploymentContainerPort array | (Optional) Ports allows customization of container's ports. If specified, this overrides the named APIServer Deployment container's ports. If omitted, the API server Deployment will use its default value for this container's port. |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named API server Deployment container's resources. If omitted, the API server Deployment will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
APIServerDeploymentContainerPort
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the API server Deployment Container port by name. Supported values are: apiserver, queryserver, l7admctrl |
containerPort integer | Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. |
APIServerDeploymentInitContainer
APIServerDeploymentInitContainer is an API server Deployment init container.
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the API server Deployment init container by name. Supported values are: calico-apiserver-certs-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named API server Deployment init container's resources. If omitted, the API server Deployment will use its default value for this init container's resources. |
APIServerDeploymentPodSpec
APIServerDeploymentDeploymentPodSpec is the API server Deployment's PodSpec.
Appears in:
| Field | Description |
|---|---|
initContainers APIServerDeploymentInitContainer array | (Optional) InitContainers is a list of API server init containers. If specified, this overrides the specified API server Deployment init containers. If omitted, the API server Deployment will use its default values for its init containers. |
containers APIServerDeploymentContainer array | (Optional) Containers is a list of API server containers. If specified, this overrides the specified API server Deployment containers. If omitted, the API server Deployment will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the API server pods. If specified, this overrides any affinity that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for affinity. WARNING: Please note that this field will override the default API server Deployment affinity. |
nodeSelector object (keys:string, values:string) | NodeSelector is the API server pod's scheduling constraints. If specified, each of the key/value pairs are added to the API server Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the API server Deployment and each of this field's key/value pairs are added to the API server Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the API server Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default API server Deployment nodeSelector. |
topologySpreadConstraints TopologySpreadConstraint array | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations Toleration array | (Optional) Tolerations is the API server pod's tolerations. If specified, this overrides any tolerations that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default API server Deployment tolerations. |
priorityClassName string | (Optional) PriorityClassName allows to specify a PriorityClass resource to be used. |
APIServerDeploymentPodTemplateSpec
APIServerDeploymentPodTemplateSpec is the API server Deployment's PodTemplateSpec
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec APIServerDeploymentPodSpec | (Optional) Spec is the API server Deployment's PodSpec. |
APIServerDeploymentSpec
APIServerDeploymentSpec defines configuration for the API server Deployment.
Appears in:
| Field | Description |
|---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for minReadySeconds. |
template APIServerDeploymentPodTemplateSpec | (Optional) Template describes the API server Deployment pod that will be created. |
APIServerLogging
Appears in:
| Field | Description |
|---|---|
logSeverity LogSeverity | (Optional) LogSeverity defines log level for APIServer container. |
APIServerPodLogging
Appears in:
| Field | Description |
|---|---|
apiServer APIServerLogging | (Optional) |
queryServer QueryServerLogging | (Optional) |
APIServerSpec
APIServerSpec defines the desired state of Tigera API server.
Appears in:
| Field | Description |
|---|---|
logging APIServerPodLogging | (Optional) |
apiServerDeployment APIServerDeployment | APIServerDeployment configures the calico-apiserver (or tigera-apiserver in Enterprise) Deployment. If used in conjunction with ControlPlaneNodeSelector or ControlPlaneTolerations, then these overrides take precedence. |
APIServerStatus
APIServerStatus defines the observed state of Tigera API server.
Appears in:
| Field | Description |
|---|---|
state string | State provides user-readable status. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
Azure
Appears in:
| Field | Description |
|---|---|
policyMode PolicyMode | (Optional) PolicyMode determines whether the "control-plane" label is applied to namespaces. It offers two options: Default and Manual. The Default option adds the "control-plane" label to the required namespaces. The Manual option does not apply the "control-plane" label to any namespace. Default: Default |
BGPOption
Underlying type: string
BGPOption describes the mode of BGP to use.
One of: Enabled, Disabled
Appears in:
| Value | Description |
|---|---|
Enabled | |
Disabled |
CNILogging
Appears in:
| Field | Description |
|---|---|
logSeverity LogLevel | (Optional) Default: Info |
logFileMaxSize Quantity | (Optional) Default: 100Mi |
logFileMaxAgeDays integer | (Optional) Default: 30 (days) |
logFileMaxCount integer | (Optional) Default: 10 |
CNIPluginType
Underlying type: string
CNIPluginType describes the type of CNI plugin used.
One of: Calico, GKE, AmazonVPC, AzureVNET
Appears in:
| Value | Description |
|---|---|
Calico | |
GKE | |
AmazonVPC | |
AzureVNET |
CNISpec
CNISpec contains configuration for the CNI plugin.
Appears in:
| Field | Description |
|---|---|
type CNIPluginType | Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation. * For KubernetesProvider GKE, this field defaults to GKE. * For KubernetesProvider AKS, this field defaults to AzureVNET. * For KubernetesProvider EKS, this field defaults to AmazonVPC. * If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC. * For all other cases this field defaults to Calico. For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment, for all other values the CNI plugin binaries and CNI config is a dependency that is expected to be installed separately. Default: Calico |
ipam IPAMSpec | (Optional) IPAM specifies the pod IP address management that will be used in the Calico or Calico Enterprise installation. |
CRDManagement
Underlying type: string
Validation:
- Enum: [Reconcile PreferExisting]
Appears in:
| Value | Description |
|---|---|
Reconcile | |
PreferExisting |
CSINodeDriverDaemonSet
CSINodeDriverDaemonSet is the configuration for the csi-node-driver DaemonSet.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec CSINodeDriverDaemonSetSpec | (Optional) Spec is the specification of the csi-node-driver DaemonSet. |
CSINodeDriverDaemonSetContainer
CSINodeDriverDaemonSetContainer is a csi-node-driver DaemonSet container.
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the csi-node-driver DaemonSet container by name. Supported values are: calico-csi, csi-node-driver-registrar. |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named csi-node-driver DaemonSet container's resources. If omitted, the csi-node-driver DaemonSet will use its default value for this container's resources. |
CSINodeDriverDaemonSetPodSpec
CSINodeDriverDaemonSetPodSpec is the csi-node-driver DaemonSet's PodSpec.
Appears in:
| Field | Description |
|---|---|
containers CSINodeDriverDaemonSetContainer array | (Optional) Containers is a list of csi-node-driver containers. If specified, this overrides the specified csi-node-driver DaemonSet containers. If omitted, the csi-node-driver DaemonSet will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the csi-node-driver pods. If specified, this overrides any affinity that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default csi-node-driver DaemonSet affinity. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector is the csi-node-driver pod's scheduling constraints. If specified, each of the key/value pairs are added to the csi-node-driver DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the csi-node-driver DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default csi-node-driver DaemonSet nodeSelector. |
tolerations Toleration array | (Optional) Tolerations is the csi-node-driver pod's tolerations. If specified, this overrides any tolerations that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default csi-node-driver DaemonSet tolerations. |
CSINodeDriverDaemonSetPodTemplateSpec
CSINodeDriverDaemonSetPodTemplateSpec is the csi-node-driver DaemonSet's PodTemplateSpec
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec CSINodeDriverDaemonSetPodSpec | (Optional) Spec is the csi-node-driver DaemonSet's PodSpec. |
CSINodeDriverDaemonSetSpec
CSINodeDriverDaemonSetSpec defines configuration for the csi-node-driver DaemonSet.
Appears in:
| Field | Description |
|---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for minReadySeconds. |
template CSINodeDriverDaemonSetPodTemplateSpec | (Optional) Template describes the csi-node-driver DaemonSet pod that will be created. |
CalicoKubeControllersDeployment
CalicoKubeControllersDeployment is the configuration for the calico-kube-controllers Deployment.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec CalicoKubeControllersDeploymentSpec | (Optional) Spec is the specification of the calico-kube-controllers Deployment. |
CalicoKubeControllersDeploymentContainer
CalicoKubeControllersDeploymentContainer is a calico-kube-controllers Deployment container.
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the calico-kube-controllers Deployment container by name. Supported values are: calico-kube-controllers, es-calico-kube-controllers |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-kube-controllers Deployment container's resources. If omitted, the calico-kube-controllers Deployment will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoKubeControllersDeploymentPodSpec
CalicoKubeControllersDeploymentPodSpec is the calico-kube-controller Deployment's PodSpec.
Appears in:
| Field | Description |
|---|---|
containers CalicoKubeControllersDeploymentContainer array | (Optional) Containers is a list of calico-kube-controllers containers. If specified, this overrides the specified calico-kube-controllers Deployment containers. If omitted, the calico-kube-controllers Deployment will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-kube-controllers pods. If specified, this overrides any affinity that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for affinity. WARNING: Please note that this field will override the default calico-kube-controllers Deployment affinity. |
nodeSelector object (keys:string, values:string) | NodeSelector is the calico-kube-controllers pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-kube-controllers Deployment and each of this field's key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-kube-controllers Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-kube-controllers Deployment nodeSelector. |
tolerations Toleration array | (Optional) Tolerations is the calico-kube-controllers pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default calico-kube-controllers Deployment tolerations. |
CalicoKubeControllersDeploymentPodTemplateSpec
CalicoKubeControllersDeploymentPodTemplateSpec is the calico-kube-controllers Deployment's PodTemplateSpec
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec CalicoKubeControllersDeploymentPodSpec | (Optional) Spec is the calico-kube-controllers Deployment's PodSpec. |
CalicoKubeControllersDeploymentSpec
CalicoKubeControllersDeploymentSpec defines configuration for the calico-kube-controllers Deployment.
Appears in:
| Field | Description |
|---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for minReadySeconds. |
template CalicoKubeControllersDeploymentPodTemplateSpec | (Optional) Template describes the calico-kube-controllers Deployment pod that will be created. |
CalicoNetworkSpec
CalicoNetworkSpec specifies configuration options for Calico provided pod networking.
Appears in:
| Field | Description |
|---|---|
linuxDataplane LinuxDataplaneOption | (Optional) LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, iptables mode is used. Default: Iptables |
windowsDataplane WindowsDataplaneOption | (Optional) WindowsDataplane is used to select the dataplane used for Windows nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, it is disabled and the operator will not render the Calico Windows nodes daemonset. Default: Disabled |
bgp BGPOption | (Optional) BGP configures whether or not to enable Calico's BGP capabilities. |
ipPools IPPool array | (Optional) IPPools contains a list of IP pools to manage. If nil, a single IPv4 IP pool will be created by the operator. If an empty list is provided, the operator will not create any IP pools and will instead wait for IP pools to be created out-of-band. IP pools in this list will be reconciled by the operator and should not be modified out-of-band. |
mtu integer | (Optional) MTU specifies the maximum transmission unit to use on the pod network. If not specified, Calico will perform MTU auto-detection based on the cluster network. |
nodeAddressAutodetectionV4 NodeAddressAutodetection | (Optional) NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified, will use default auto-detection settings to acquire an IPv4 address for each node. |
nodeAddressAutodetectionV6 NodeAddressAutodetection | (Optional) NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified, IPv6 addresses will not be auto-detected. |
hostPorts HostPortsType | (Optional) HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin. Default: Enabled |
multiInterfaceMode MultiInterfaceMode | (Optional) MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations using the Calico CNI plugin. Default: None |
containerIPForwarding ContainerIPForwardingType | (Optional) ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration. Default: Disabled |
sysctl Sysctl array | (Optional) Sysctl configures sysctl parameters for tuning plugin |
linuxPolicySetupTimeoutSeconds integer | (Optional) LinuxPolicySetupTimeoutSeconds delays new pods from running containers until their policy has been programmed in the dataplane. The specified delay defines the maximum amount of time that the Calico CNI plugin will wait for policy to be programmed. Only applies to pods created on Linux nodes. * A value of 0 disables pod startup delays. Default: 0 |
CalicoNodeDaemonSet
CalicoNodeDaemonSet is the configuration for the calico-node DaemonSet.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec CalicoNodeDaemonSetSpec | (Optional) Spec is the specification of the calico-node DaemonSet. |
CalicoNodeDaemonSetContainer
CalicoNodeDaemonSetContainer is a calico-node DaemonSet container.
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the calico-node DaemonSet container by name. Supported values are: calico-node |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node DaemonSet container's resources. If omitted, the calico-node DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeDaemonSetInitContainer
CalicoNodeDaemonSetInitContainer is a calico-node DaemonSet init container.
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the calico-node DaemonSet init container by name. Supported values are: install-cni, hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-prometheus-server-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node DaemonSet init container's resources. If omitted, the calico-node DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeDaemonSetPodSpec
CalicoNodeDaemonSetPodSpec is the calico-node DaemonSet's PodSpec.
Appears in:
| Field | Description |
|---|---|
initContainers CalicoNodeDaemonSetInitContainer array | (Optional) InitContainers is a list of calico-node init containers. If specified, this overrides the specified calico-node DaemonSet init containers. If omitted, the calico-node DaemonSet will use its default values for its init containers. |
containers CalicoNodeDaemonSetContainer array | (Optional) Containers is a list of calico-node containers. If specified, this overrides the specified calico-node DaemonSet containers. If omitted, the calico-node DaemonSet will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-node pods. If specified, this overrides any affinity that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-node DaemonSet affinity. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector is the calico-node pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-node DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-node DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-node DaemonSet nodeSelector. |
tolerations Toleration array | (Optional) Tolerations is the calico-node pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-node DaemonSet tolerations. |
CalicoNodeDaemonSetPodTemplateSpec
CalicoNodeDaemonSetPodTemplateSpec is the calico-node DaemonSet's PodTemplateSpec
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec CalicoNodeDaemonSetPodSpec | (Optional) Spec is the calico-node DaemonSet's PodSpec. |
CalicoNodeDaemonSetSpec
CalicoNodeDaemonSetSpec defines configuration for the calico-node DaemonSet.
Appears in:
| Field | Description |
|---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for minReadySeconds. |
template CalicoNodeDaemonSetPodTemplateSpec | (Optional) Template describes the calico-node DaemonSet pod that will be created. |
CalicoNodeWindowsDaemonSet
CalicoNodeWindowsDaemonSet is the configuration for the calico-node-windows DaemonSet.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec CalicoNodeWindowsDaemonSetSpec | (Optional) Spec is the specification of the calico-node-windows DaemonSet. |
CalicoNodeWindowsDaemonSetContainer
CalicoNodeWindowsDaemonSetContainer is a calico-node-windows DaemonSet container.
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the calico-node-windows DaemonSet container by name. Supported values are: calico-node-windows |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node-windows DaemonSet container's resources. If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeWindowsDaemonSetInitContainer
CalicoNodeWindowsDaemonSetInitContainer is a calico-node-windows DaemonSet init container.
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the calico-node-windows DaemonSet init container by name. Supported values are: install-cni;hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-windows-prometheus-server-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node-windows DaemonSet init container's resources. If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeWindowsDaemonSetPodSpec
CalicoNodeWindowsDaemonSetPodSpec is the calico-node-windows DaemonSet's PodSpec.
Appears in:
| Field | Description |
|---|---|
initContainers CalicoNodeWindowsDaemonSetInitContainer array | (Optional) InitContainers is a list of calico-node-windows init containers. If specified, this overrides the specified calico-node-windows DaemonSet init containers. If omitted, the calico-node-windows DaemonSet will use its default values for its init containers. |
containers CalicoNodeWindowsDaemonSetContainer array | (Optional) Containers is a list of calico-node-windows containers. If specified, this overrides the specified calico-node-windows DaemonSet containers. If omitted, the calico-node-windows DaemonSet will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-node-windows pods. If specified, this overrides any affinity that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-node-windows DaemonSet affinity. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector is the calico-node-windows pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-node-windows DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-node-windows DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-node-windows DaemonSet nodeSelector. |
tolerations Toleration array | (Optional) Tolerations is the calico-node-windows pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-node-windows DaemonSet tolerations. |
CalicoNodeWindowsDaemonSetPodTemplateSpec
CalicoNodeWindowsDaemonSetPodTemplateSpec is the calico-node-windows DaemonSet's PodTemplateSpec
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec CalicoNodeWindowsDaemonSetPodSpec | (Optional) Spec is the calico-node-windows DaemonSet's PodSpec. |
CalicoNodeWindowsDaemonSetSpec
CalicoNodeWindowsDaemonSetSpec defines configuration for the calico-node-windows DaemonSet.
Appears in:
| Field | Description |
|---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds. |
template CalicoNodeWindowsDaemonSetPodTemplateSpec | (Optional) Template describes the calico-node-windows DaemonSet pod that will be created. |
CalicoWindowsUpgradeDaemonSet
Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet is the configuration for the calico-windows-upgrade DaemonSet.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec CalicoWindowsUpgradeDaemonSetSpec | (Optional) Spec is the specification of the calico-windows-upgrade DaemonSet. |
CalicoWindowsUpgradeDaemonSetContainer
CalicoWindowsUpgradeDaemonSetContainer is a calico-windows-upgrade DaemonSet container.
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the calico-windows-upgrade DaemonSet container by name. |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-windows-upgrade DaemonSet container's resources. If omitted, the calico-windows-upgrade DaemonSet will use its default value for this container's resources. |
CalicoWindowsUpgradeDaemonSetPodSpec
CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet's PodSpec.
Appears in:
| Field | Description |
|---|---|
containers CalicoWindowsUpgradeDaemonSetContainer array | (Optional) Containers is a list of calico-windows-upgrade containers. If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector is the calico-windows-upgrade pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector. |
tolerations Toleration array | (Optional) Tolerations is the calico-windows-upgrade pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations. |
CalicoWindowsUpgradeDaemonSetPodTemplateSpec
CalicoWindowsUpgradeDaemonSetPodTemplateSpec is the calico-windows-upgrade DaemonSet's PodTemplateSpec
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec CalicoWindowsUpgradeDaemonSetPodSpec | (Optional) Spec is the calico-windows-upgrade DaemonSet's PodSpec. |
CalicoWindowsUpgradeDaemonSetSpec
CalicoWindowsUpgradeDaemonSetSpec defines configuration for the calico-windows-upgrade DaemonSet.
Appears in:
| Field | Description |
|---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds. |
template CalicoWindowsUpgradeDaemonSetPodTemplateSpec | (Optional) Template describes the calico-windows-upgrade DaemonSet pod that will be created. |
CertificateManagement
CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization.
Appears in:
| Field | Description |
|---|---|
caCert integer array | Certificate of the authority that signs the CertificateSigningRequests in PEM format. |
signerName string | When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters with multiple signers. Must be formatted as: <my-domain>/<my-signername>. |
keyAlgorithm string | (Optional) Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. Default: RSAWithSize2048 |
signatureAlgorithm string | (Optional) Specify the algorithm used for the signature of the X.509 certificate request. Default: SHA256WithRSA |
ComponentName
Underlying type: string
ComponentName represents a single component.
One of: Node, Typha, KubeControllers
Appears in:
| Value | Description |
|---|---|
Node | |
NodeWindows | |
FelixWindows | |
ConfdWindows | |
Typha | |
KubeControllers |
ComponentResource
Deprecated. Please use component resource config fields in Installation.Spec instead. The ComponentResource struct associates a ResourceRequirements with a component by name
Appears in:
| Field | Description |
|---|---|
componentName ComponentName | ComponentName is an enum which identifies the component |
resourceRequirements ResourceRequirements | ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory. |
ConditionStatus
Underlying type: string
ConditionStatus represents the status of a particular condition. A condition may be one of: True, False, Unknown.
Appears in:
| Value | Description |
|---|---|
True | |
False | |
Unknown |
ContainerIPForwardingType
Underlying type: string
ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled.
Appears in:
| Value | Description |
|---|---|
Enabled | |
Disabled |
EncapsulationType
Underlying type: string
EncapsulationType is the type of encapsulation to use on an IP pool.
One of: IPIP, VXLAN, IPIPCrossSubnet, VXLANCrossSubnet, None
Appears in:
| Value | Description |
|---|---|
IPIPCrossSubnet | |
IPIP | |
VXLAN | |
VXLANCrossSubnet | |
None |
FIPSMode
Underlying type: string
Appears in:
| Value | Description |
|---|---|
Enabled | |
Disabled |
GatewayAPI
| Field | Description |
|---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | GatewayAPI |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. |
spec GatewayAPISpec |
GatewayAPISpec
GatewayAPISpec has fields that can be used to customize our GatewayAPI support.
Appears in:
| Field | Description |
|---|---|
gatewayControllerDeployment GatewayControllerDeployment | Allow optional customization of the gateway controller deployment. |
gatewayCertgenJob GatewayCertgenJob | Allow optional customization of the gateway certgen job. |
gatewayDeployment GatewayDeployment | Allow optional customization of gateway deployments. |
crdManagement CRDManagement | Configure how to manage and update Gateway API CRDs. The default behaviour - which is used when this field is not set, or is set to "PreferExisting" - is that the Tigera operator will create the Gateway API CRDs if they do not already exist, but will not overwrite any existing Gateway API CRDs. This setting may be preferable if the customer is using other implementations of the Gateway API concurrently with the Gateway API support in Calico Enterprise. It is then the customer's responsibility to ensure that CRDs are installed that meet the needs of all the Gateway API implementations in their cluster. Alternatively, if this field is set to "Reconcile", the Tigera operator will keep the cluster's Gateway API CRDs aligned with those that it would install on a cluster that does not yet have any version of those CRDs. |
GatewayCertgenJob
GatewayCertgenJob allows customization of the gateway certgen job.
If GatewayCertgenJob.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the job's top-level metadata.
For customization of the job spec see GatewayCertgenJobSpec.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec GatewayCertgenJobSpec | (Optional) |
GatewayCertgenJobContainer
GatewayCertgenJobContainer allows customization of the gateway certgen job's resource requirements.
If GatewayCertgenJob.Spec.Template.Spec.Containers["envoy-gateway-certgen"].Resources is non-nil, it overrides the ResourceRequirements of the job's "envoy-gateway-certgen" container.
Appears in:
| Field | Description |
|---|---|
name string | |
resources ResourceRequirements | (Optional) |
GatewayCertgenJobPodSpec
GatewayCertgenJobPodSpec allows customization of the gateway certgen job's pod spec.
If GatewayCertgenJob.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of the job's pod template.
If GatewayCertgenJob.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for where job pods may be scheduled.
If GatewayCertgenJob.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of the job's pod template.
For customization of job container resources see GatewayCertgenJobContainer.
Appears in:
| Field | Description |
|---|---|
affinity Affinity | (Optional) |
containers GatewayCertgenJobContainer array | (Optional) |
nodeSelector object (keys:string, values:string) | (Optional) |
tolerations Toleration array | (Optional) |
GatewayCertgenJobPodTemplate
GatewayCertgenJobPodTemplate allows customization of the gateway certgen job's pod template.
If GatewayCertgenJob.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the job's pod template.
For customization of the pod template spec see GatewayCertgenJobPodSpec.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec GatewayCertgenJobPodSpec | (Optional) |
GatewayCertgenJobSpec
GatewayCertgenJobSpec allows customization of the gateway certgen job spec.
For customization of the job template see GatewayCertgenJobPodTemplate.
Appears in:
| Field | Description |
|---|---|
template GatewayCertgenJobPodTemplate | (Optional) |
GatewayControllerDeployment
GatewayControllerDeployment allows customization of the gateway controller deployment.
If GatewayControllerDeployment.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the deployment's top-level metadata.
For customization of the deployment spec see GatewayControllerDeploymentSpec.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec GatewayControllerDeploymentSpec | (Optional) |
GatewayControllerDeploymentContainer
GatewayControllerDeploymentContainer allows customization of the gateway controller's resource requirements.
If GatewayControllerDeployment.Spec.Template.Spec.Containers["envoy-gateway"].Resources is non-nil, it overrides the ResourceRequirements of the controller's "envoy-gateway" container.
Appears in:
| Field | Description |
|---|---|
name string | |
resources ResourceRequirements | (Optional) |
GatewayControllerDeploymentPodSpec
GatewayControllerDeploymentPodSpec allows customization of the gateway controller deployment pod spec.
If GatewayControllerDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of the deployment's pod template.
If GatewayControllerDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for where controller pods may be scheduled.
If GatewayControllerDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of the deployment's pod template.
For customization of container resources see GatewayControllerDeploymentContainer.
Appears in:
| Field | Description |
|---|---|
affinity Affinity | (Optional) |
containers GatewayControllerDeploymentContainer array | (Optional) |
nodeSelector object (keys:string, values:string) | (Optional) |
tolerations Toleration array | (Optional) |
GatewayControllerDeploymentPodTemplate
GatewayControllerDeploymentPodTemplate allows customization of the gateway controller deployment pod template.
If GatewayControllerDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the deployment's pod template.
For customization of the pod template spec see GatewayControllerDeploymentPodSpec.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec GatewayControllerDeploymentPodSpec | (Optional) |
GatewayControllerDeploymentSpec
GatewayControllerDeploymentSpec allows customization of the gateway controller deployment spec.
If GatewayControllerDeployment.Spec.MinReadySeconds is non-nil, it sets the minReadySeconds field for the deployment.
For customization of the pod template see GatewayControllerDeploymentPodTemplate.
Appears in:
| Field | Description |
|---|---|
minReadySeconds integer | (Optional) |
template GatewayControllerDeploymentPodTemplate | (Optional) |
GatewayDeployment
GatewayDeployment allows customization of gateway deployments.
For detail see GatewayDeploymentSpec.
Appears in:
| Field | Description |
|---|---|
spec GatewayDeploymentSpec | (Optional) |
GatewayDeploymentContainer
GatewayDeploymentContainer allows customization of the resource requirements of gateway deployments.
If GatewayDeployment.Spec.Template.Spec.Containers["envoy"].Resources is non-nil, it overrides the ResourceRequirements of the "envoy" container in each gateway deployment.
Appears in:
| Field | Description |
|---|---|
name string | |
resources ResourceRequirements | (Optional) |
GatewayDeploymentPodSpec
GatewayDeploymentPodSpec allows customization of the pod spec of gateway deployments.
If GatewayDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of each deployment's pod template.
If GatewayDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for where gateway pods may be scheduled.
If GatewayDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of each deployment's pod template.
If GatewayDeployment.Spec.Template.Spec.TopologySpreadConstraints is non-nil, it sets the topology spread constraints of each deployment's pod template.
For customization of container resources see GatewayControllerDeploymentContainer.
Appears in:
| Field | Description |
|---|---|
affinity Affinity | (Optional) |
containers GatewayDeploymentContainer array | (Optional) |
nodeSelector object (keys:string, values:string) | (Optional) |
topologySpreadConstraints TopologySpreadConstraint array | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations Toleration array | (Optional) |
GatewayDeploymentPodTemplate
GatewayDeploymentPodTemplate allows customization of the pod template of gateway deployments.
If GatewayDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into each deployment's pod template.
For customization of the pod template spec see GatewayDeploymentPodSpec.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec GatewayDeploymentPodSpec | (Optional) |
GatewayDeploymentSpec
GatewayDeploymentSpec allows customization of the spec of gateway deployments.
For customization of the pod template see GatewayDeploymentPodTemplate.
For customization of the deployment strategy see GatewayDeploymentStrategy.
Appears in:
| Field | Description |
|---|---|
template GatewayDeploymentPodTemplate | (Optional) |
strategy GatewayDeploymentStrategy | (Optional) The deployment strategy to use to replace existing pods with new ones. |
GatewayDeploymentStrategy
GatewayDeploymentStrategy allows customization of the deployment strategy for gateway deployments.
If GatewayDeployment.Spec.Strategy is non-nil, gateway deployments are set to use a rolling update strategy, with the parameters specified in GatewayDeployment.Spec.Strategy.
Only RollingUpdate is supported at this time so the Type field is not exposed.
Appears in:
| Field | Description |
|---|---|
rollingUpdate RollingUpdateDeployment | (Optional) |
Goldmane
| Field | Description |
|---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | Goldmane |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. |
spec GoldmaneSpec | |
status GoldmaneStatus |
GoldmaneDeployment
GoldmaneDeployment is the configuration for the goldmane Deployment.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec GoldmaneDeploymentSpec | (Optional) Spec is the specification of the goldmane Deployment. |
GoldmaneDeploymentContainer
Appears in:
| Field | Description |
|---|---|
name string | |
resources ResourceRequirements | (Optional) |
GoldmaneDeploymentPodSpec
GoldmaneDeploymentPodSpec is the goldmane Deployment's PodSpec.
Appears in:
| Field | Description |
|---|---|
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the goldmane pods. |
containers GoldmaneDeploymentContainer array | (Optional) Containers is a list of goldmane containers. If specified, this overrides the specified EGW Deployment containers. If omitted, the goldmane Deployment will use its default values for its containers. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector gives more control over the nodes where the goldmane pods will run on. |
terminationGracePeriodSeconds integer | (Optional) TerminationGracePeriodSeconds defines the termination grace period of the goldmane pods in seconds. |
topologySpreadConstraints TopologySpreadConstraint array | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations Toleration array | (Optional) Tolerations is the goldmane pod's tolerations. If specified, this overrides any tolerations that may be set on the goldmane Deployment. If omitted, the goldmane Deployment will use its default value for tolerations. |
priorityClassName string | (Optional) PriorityClassName allows to specify a PriorityClass resource to be used. |
GoldmaneDeploymentPodTemplateSpec
GoldmaneDeploymentPodTemplateSpec is the goldmane Deployment's PodTemplateSpec
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec GoldmaneDeploymentPodSpec | (Optional) Spec is the goldmane Deployment's PodSpec. |
GoldmaneDeploymentSpec
GoldmaneDeploymentSpec defines configuration for the goldmane Deployment.
Appears in:
| Field | Description |
|---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the goldmane Deployment. If omitted, the goldmane Deployment will use its default value for minReadySeconds. |
template GoldmaneDeploymentPodTemplateSpec | (Optional) Template describes the goldmane Deployment pod that will be created. |
strategy GoldmaneDeploymentStrategy | (Optional) The deployment strategy to use to replace existing pods with new ones. |
GoldmaneDeploymentStrategy
Appears in:
| Field | Description |
|---|---|
rollingUpdate RollingUpdateDeployment | (Optional) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. to be. |
GoldmaneSpec
Appears in:
| Field | Description |
|---|---|
goldmaneDeployment GoldmaneDeployment |
GoldmaneStatus
GoldmaneStatus defines the observed state of Goldmane
Appears in:
| Field | Description |
|---|---|
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
HostPortsType
Underlying type: string
HostPortsType specifies host port support.
One of: Enabled, Disabled
Appears in:
| Value | Description |
|---|---|
Enabled | |
Disabled |
IPAMPluginType
Underlying type: string
Appears in:
| Value | Description |
|---|---|
Calico | |
HostLocal | |
AmazonVPC | |
AzureVNET |
IPAMSpec
IPAMSpec contains configuration for pod IP address management.
Appears in:
| Field | Description |
|---|---|
type IPAMPluginType | Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation. * For CNI Plugin Calico, this field defaults to Calico. * For CNI Plugin GKE, this field defaults to HostLocal. * For CNI Plugin AzureVNET, this field defaults to AzureVNET. * For CNI Plugin AmazonVPC, this field defaults to AmazonVPC. The IPAM plugin is installed and configured only if the CNI plugin is set to Calico, for all other values of the CNI plugin the plugin binaries and CNI config is a dependency that is expected to be installed separately. Default: Calico |
IPPool
Appears in:
| Field | Description |
|---|---|
name string | Name is the name of the IP pool. If omitted, this will be generated. |
cidr string | CIDR contains the address range for the IP Pool in classless inter-domain routing format. |
encapsulation EncapsulationType | (Optional) Encapsulation specifies the encapsulation type that will be used with the IP Pool. Default: IPIP |
natOutgoing NATOutgoingType | (Optional) NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic. Default: Enabled |
nodeSelector string | (Optional) NodeSelector specifies the node selector that will be set for the IP Pool. Default: 'all()' |
blockSize integer | (Optional) BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6) |
disableBGPExport boolean | (Optional) DisableBGPExport specifies whether routes from this IP pool's CIDR are exported over BGP. Default: false |
disableNewAllocations boolean | DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool. This is useful when you want to prevent new pods from receiving IP addresses from this pool, without impacting any existing pods that have already been assigned addresses from this pool. |
allowedUses IPPoolAllowedUse array | AllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility |
assignmentMode AssignmentMode | AssignmentMode determines if IP addresses from this pool should be assigned automatically or on request only |
IPPoolAllowedUse
Underlying type: string
Appears in:
| Value | Description |
|---|---|
Workload | |
Tunnel | |
LoadBalancer |
Image
Appears in:
| Field | Description |
|---|---|
image string | Image is an image that the operator deploys and instead of using the built in tag the operator will use the Digest for the image identifier. The value should be the original image name without registry or tag or digest. For the image docker.io/calico/node:v3.17.1 it should be represented as calico/node The "Installation" spec allows defining custom image registries, paths or prefixes. Even for custom images such as example.com/custompath/customprefix-calico-node:v3.17.1, this value should still be calico/node. |
digest string | Digest is the image identifier that will be used for the Image. The field should not include a leading @ and must be prefixed with sha256:. |
ImageSet
ImageSet is used to specify image digests for the images that the operator deploys.
The name of the ImageSet is expected to be in the format <variant>-<release>.
The variant used is enterprise if the InstallationSpec Variant is
TigeraSecureEnterprise otherwise it is calico.
The release must match the version of the variant that the operator is built to deploy,
this version can be obtained by passing the --version flag to the operator binary.
| Field | Description |
|---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | ImageSet |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. |
spec ImageSetSpec |
ImageSetSpec
ImageSetSpec defines the desired state of ImageSet.
Appears in:
| Field | Description |
|---|---|
images Image array | Images is the list of images to use digests. All images that the operator will deploy must be specified. |
Installation
Installation configures an installation of Calico or Calico Enterprise. At most one instance of this resource is supported. It must be named "default". The Installation API installs core networking and network policy components, and provides general install-time configuration.
| Field | Description |
|---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | Installation |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. |
spec InstallationSpec | Specification of the desired state for the Calico or Calico Enterprise installation. |
status InstallationStatus | Most recently observed state for the Calico or Calico Enterprise installation. |
InstallationSpec
InstallationSpec defines configuration for a Calico or Calico Enterprise installation.
Appears in:
| Field | Description |
|---|---|
variant ProductVariant | (Optional) Variant is the product to install - one of Calico or TigeraSecureEnterprise Default: Calico |
registry string | (Optional) Registry is the default Docker registry used for component Docker images. If specified then the given value must end with a slash character (/) and all images will be pulled from this registry. If not specified then the default registries will be used. A special case value, UseDefault, is supported to explicitly specify the default registries will be used. Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag> This option allows configuring the <registry> portion of the above format. |
imagePath string | (Optional) ImagePath allows for the path part of an image to be specified. If specified then the specified value will be used as the image path for each image. If not specified or empty, the default for each image will be used. A special case value, UseDefault, is supported to explicitly specify the default image path will be used for each image. Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag> This option allows configuring the <imagePath> portion of the above format. |
imagePrefix string | (Optional) ImagePrefix allows for the prefix part of an image to be specified. If specified then the given value will be used as a prefix on each image. If not specified or empty, no prefix will be used. A special case value, UseDefault, is supported to explicitly specify the default image prefix will be used for each image. Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag> This option allows configuring the <imagePrefix> portion of the above format. |
imagePullSecrets LocalObjectReference array | (Optional) ImagePullSecrets is an array of references to container registry pull secrets to use. These are applied to all images to be pulled. |
kubernetesProvider Provider | (Optional) KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. If the specified value is empty, the Operator will attempt to automatically determine the current provider. If the specified value is not empty, the Operator will still attempt auto-detection, but will additionally compare the auto-detected value to the specified value to confirm they match. |
cni CNISpec | (Optional) CNI specifies the CNI that will be used by this installation. |
calicoNetwork CalicoNetworkSpec | (Optional) CalicoNetwork specifies networking configuration options for Calico. |
typhaAffinity TyphaAffinity | (Optional) Deprecated. Please use Installation.Spec.TyphaDeployment instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods. |
controlPlaneNodeSelector object (keys:string, values:string) | (Optional) ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico components. This is globally applied to all resources created by the operator excluding daemonsets. |
controlPlaneTolerations Toleration array | (Optional) ControlPlaneTolerations specify tolerations which are then globally applied to all resources created by the operator. |
controlPlaneReplicas integer | (Optional) ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. This field applies to all control plane components that support High Availability. Defaults to 2. |
nodeMetricsPort integer | (Optional) NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then prometheus metrics may still be configured through FelixConfiguration. |
typhaMetricsPort integer | (Optional) TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. |
flexVolumePath string | (Optional) FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled by default. If set to 'None', FlexVolume will be disabled. The default is based on the kubernetesProvider. |
kubeletVolumePluginPath string | (Optional) KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, CSI will be enabled by default. If set to 'None', CSI will be disabled. Default: /var/lib/kubelet |
nodeUpdateStrategy DaemonSetUpdateStrategy | (Optional) NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable field. |
componentResources ComponentResource array | (Optional) Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. ComponentResources can be used to customize the resource requirements for each component. Node, Typha, and KubeControllers are supported for installations. |
certificateManagement CertificateManagement | (Optional) CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization. |
nonPrivileged NonPrivilegedType | (Optional) NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible. |
calicoNodeDaemonSet CalicoNodeDaemonSet | CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence. |
csiNodeDriverDaemonSet CSINodeDriverDaemonSet | CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet. |
calicoKubeControllersDeployment CalicoKubeControllersDeployment | CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence. |
typhaDeployment TyphaDeployment | TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated ComponentResources or TyphaAffinity, then these overrides take precedence. |
calicoWindowsUpgradeDaemonSet CalicoWindowsUpgradeDaemonSet | Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet. |
calicoNodeWindowsDaemonSet CalicoNodeWindowsDaemonSet | CalicoNodeWindowsDaemonSet configures the calico-node-windows DaemonSet. |
fipsMode FIPSMode | (Optional) FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. Only supported for Variant=Calico. Default: Disabled |
logging Logging | (Optional) Logging Configuration for Components |
windowsNodes WindowsNodeSpec | (Optional) Windows Configuration |
serviceCIDRs string array | (Optional) Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows. |
azure Azure | (Optional) Azure is used to configure azure provider specific options. |
proxy Proxy | (Optional) Proxy is used to configure the HTTP(S) proxy settings that will be applied to Tigera containers that connect to destinations outside the cluster. It is expected that NO_PROXY is configured such that destinations within the cluster (including the API server) are exempt from proxying. |
InstallationStatus
InstallationStatus defines the observed state of the Calico or Calico Enterprise installation.
Appears in:
| Field | Description |
|---|---|
variant ProductVariant | Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise |
mtu integer | MTU is the most recently observed value for pod network MTU. This may be an explicitly configured value, or based on Calico's native auto-detetion. |
imageSet string | (Optional) ImageSet is the name of the ImageSet being used, if there is an ImageSet that is being used. If an ImageSet is not being used then this will not be set. |
computed InstallationSpec | (Optional) Computed is the final installation including overlaid resources. |
calicoVersion string | CalicoVersion shows the current running version of calico. CalicoVersion along with Variant is needed to know the exact version deployed. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
KubernetesAutodetectionMethod
Underlying type: string
KubernetesAutodetectionMethod is a method of detecting an IP address based on the Kubernetes API.
One of: NodeInternalIP
Appears in:
| Value | Description |
|---|---|
NodeInternalIP | NodeInternalIP detects a node IP using the first status.Addresses entry of the relevant IP family with type NodeInternalIP on the Kubernetes nodes API. |
LinuxDataplaneOption
Underlying type: string
LinuxDataplaneOption controls which dataplane is to be used on Linux nodes.
One of: Iptables, BPF, VPP, Nftables
Validation:
- Enum: [Iptables BPF VPP Nftables]
Appears in:
| Value | Description |
|---|---|
Iptables | |
BPF | |
VPP | |
Nftables |
LogLevel
Underlying type: string
Validation:
- Enum: [Error Warning Info Debug]
Appears in:
| Value | Description |
|---|---|
Error | |
Warn | |
Info | |
Debug |
LogSeverity
Underlying type: string
Validation:
- Enum: [Fatal Error Warn Info Debug Trace]
Appears in:
| Value | Description |
|---|---|
Fatal | |
Error | |
Warn | |
Info | |
Debug | |
Trace |
Logging
Appears in:
| Field | Description |
|---|---|
cni CNILogging | (Optional) Customized logging specification for calico-cni plugin |
Metadata
Metadata contains the standard Kubernetes labels and annotations fields.
Appears in:
- APIServerDeployment
- APIServerDeploymentPodTemplateSpec
- CSINodeDriverDaemonSet
- CSINodeDriverDaemonSetPodTemplateSpec
- CalicoKubeControllersDeployment
- CalicoKubeControllersDeploymentPodTemplateSpec
- CalicoNodeDaemonSet
- CalicoNodeDaemonSetPodTemplateSpec
- CalicoNodeWindowsDaemonSet
- CalicoNodeWindowsDaemonSetPodTemplateSpec
- CalicoWindowsUpgradeDaemonSet
- CalicoWindowsUpgradeDaemonSetPodTemplateSpec
- GatewayCertgenJob
- GatewayCertgenJobPodTemplate
- GatewayControllerDeployment
- GatewayControllerDeploymentPodTemplate
- GatewayDeploymentPodTemplate
- GoldmaneDeployment
- GoldmaneDeploymentPodTemplateSpec
- TyphaDeployment
- TyphaDeploymentPodTemplateSpec
- WhiskerDeployment
- WhiskerDeploymentPodTemplateSpec
| Field | Description |
|---|---|
labels object (keys:string, values:string) | (Optional) Labels is a map of string keys and values that may match replicaset and service selectors. Each of these key/value pairs are added to the object's labels provided the key does not already exist in the object's labels. |
annotations object (keys:string, values:string) | (Optional) Annotations is a map of arbitrary non-identifying metadata. Each of these key/value pairs are added to the object's annotations provided the key does not already exist in the object's annotations. |
MultiInterfaceMode
Underlying type: string
MultiInterfaceMode describes the method of providing multiple pod interfaces.
One of: None, Multus
Appears in:
| Value | Description |
|---|---|
None | |
Multus |
NATOutgoingType
Underlying type: string
NATOutgoingType describe the type of outgoing NAT to use.
One of: Enabled, Disabled
Appears in:
| Value | Description |
|---|---|
Enabled | |
Disabled |
NodeAddressAutodetection
NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs must be specified directly on the Node resource.
Appears in:
| Field | Description |
|---|---|
firstFound boolean | (Optional) FirstFound uses default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names. |
kubernetes KubernetesAutodetectionMethod | (Optional) Kubernetes configures Calico to detect node addresses based on the Kubernetes API. |
interface string | (Optional) Interface enables IP auto-detection based on interfaces that match the given regex. |
skipInterface string | (Optional) SkipInterface enables IP auto-detection based on interfaces that do not match the given regex. |
canReach string | (Optional) CanReach enables IP auto-detection based on which source address on the node is used to reach the specified IP or domain. |
cidrs string array | CIDRS enables IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs. |
NodeAffinity
NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available schedulers.
Appears in:
| Field | Description |
|---|---|
preferredDuringSchedulingIgnoredDuringExecution PreferredSchedulingTerm array | (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. |
requiredDuringSchedulingIgnoredDuringExecution NodeSelector | (Optional) WARNING: Please note that if the affinity requirements specified by this field are not met at scheduling time, the pod will NOT be scheduled onto the node. There is no fallback to another affinity rules with this setting. This may cause networking disruption or even catastrophic failure! PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, to avoid scheduling Typhas on virtual-nodes. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. |
NonPrivilegedType
Underlying type: string
NonPrivilegedType specifies whether Calico runs as permissioned or not
One of: Enabled, Disabled
Appears in:
| Value | Description |
|---|---|
Enabled | |
Disabled |
NotificationMode
Underlying type: string
Appears in:
| Value | Description |
|---|---|
Disabled | |
Enabled |
PolicyMode
Underlying type: string
Appears in:
| Value | Description |
|---|---|
Default | |
Manual |
ProductVariant
Underlying type: string
ProductVariant represents the variant of the product.
One of: Calico, TigeraSecureEnterprise
Appears in:
Provider
Underlying type: string
Provider represents a particular provider or flavor of Kubernetes. Valid options are: EKS, GKE, AKS, RKE2, OpenShift, DockerEnterprise, TKG.
Appears in:
Proxy
Appears in:
| Field | Description |
|---|---|
httpProxy string | (Optional) HTTPProxy defines the value of the HTTP_PROXY environment variable that will be set on Tigera containers that connect to destinations outside the cluster. |
httpsProxy string | (Optional) HTTPSProxy defines the value of the HTTPS_PROXY environment variable that will be set on Tigera containers that connect to destinations outside the cluster. |
noProxy string | (Optional) NoProxy defines the value of the NO_PROXY environment variable that will be set on Tigera containers that connect to destinations outside the cluster. This value must be set such that destinations within the scope of the cluster, including the Kubernetes API server, are exempt from being proxied. |
QueryServerLogging
Appears in:
| Field | Description |
|---|---|
logSeverity LogSeverity | (Optional) LogSeverity defines log level for QueryServer container. |
StatusConditionType
Underlying type: string
StatusConditionType is a type of condition that may apply to a particular component.
Appears in:
| Value | Description |
|---|---|
Available | Available indicates that the component is healthy. |
Progressing | Progressing means that the component is in the process of being installed or upgraded. |
Degraded | Degraded means the component is not operating as desired and user action is required. |
Ready | Ready indicates that the component is healthy and ready.it is identical to Available and used in Status conditions for CRs. |
Sysctl
Appears in:
| Field | Description |
|---|---|
key string | |
value string |
TigeraStatus
TigeraStatus represents the most recently observed status for Calico or a Calico Enterprise functional area.
| Field | Description |
|---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | TigeraStatus |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. |
spec TigeraStatusSpec | |
status TigeraStatusStatus |
TigeraStatusCondition
TigeraStatusCondition represents a condition attached to a particular component.
Appears in:
| Field | Description |
|---|---|
type StatusConditionType | The type of condition. May be Available, Progressing, or Degraded. |
status ConditionStatus | The status of the condition. May be True, False, or Unknown. |
lastTransitionTime Time | The timestamp representing the start time for the current status. |
reason string | A brief reason explaining the condition. |
message string | Optionally, a detailed message providing additional context. |
observedGeneration integer | (Optional) observedGeneration represents the generation that the condition was set based upon. For instance, if generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. |
TigeraStatusSpec
TigeraStatusSpec defines the desired state of TigeraStatus
Appears in:
TigeraStatusStatus
TigeraStatusStatus defines the observed state of TigeraStatus
Appears in:
| Field | Description |
|---|---|
conditions TigeraStatusCondition array | Conditions represents the latest observed set of conditions for this component. A component may be one or more of Available, Progressing, or Degraded. |
TyphaAffinity
Deprecated. Please use TyphaDeployment instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods.
Appears in:
| Field | Description |
|---|---|
nodeAffinity NodeAffinity | (Optional) NodeAffinity describes node affinity scheduling rules for typha. |
TyphaDeployment
TyphaDeployment is the configuration for the typha Deployment.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec TyphaDeploymentSpec | (Optional) Spec is the specification of the typha Deployment. |
TyphaDeploymentContainer
TyphaDeploymentContainer is a typha Deployment container.
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the typha Deployment container by name. Supported values are: calico-typha |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named typha Deployment container's resources. If omitted, the typha Deployment will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
TyphaDeploymentInitContainer
TyphaDeploymentInitContainer is a typha Deployment init container.
Appears in:
| Field | Description |
|---|---|
name string | Name is an enum which identifies the typha Deployment init container by name. Supported values are: typha-certs-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named typha Deployment init container's resources. If omitted, the typha Deployment will use its default value for this init container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
TyphaDeploymentPodSpec
TyphaDeploymentPodSpec is the typha Deployment's PodSpec.
Appears in:
| Field | Description |
|---|---|
initContainers TyphaDeploymentInitContainer array | (Optional) InitContainers is a list of typha init containers. If specified, this overrides the specified typha Deployment init containers. If omitted, the typha Deployment will use its default values for its init containers. |
containers TyphaDeploymentContainer array | (Optional) Containers is a list of typha containers. If specified, this overrides the specified typha Deployment containers. If omitted, the typha Deployment will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the typha pods. If specified, this overrides any affinity that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for affinity. If used in conjunction with the deprecated TyphaAffinity, then this value takes precedence. WARNING: Please note that this field will override the default calico-typha Deployment affinity. |
nodeSelector object (keys:string, values:string) | NodeSelector is the calico-typha pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-typha Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-typha Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-typha Deployment nodeSelector. |
terminationGracePeriodSeconds integer | (Optional) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. |
topologySpreadConstraints TopologySpreadConstraint array | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations Toleration array | (Optional) Tolerations is the typha pod's tolerations. If specified, this overrides any tolerations that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default calico-typha Deployment tolerations. |
TyphaDeploymentPodTemplateSpec
TyphaDeploymentPodTemplateSpec is the typha Deployment's PodTemplateSpec
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec TyphaDeploymentPodSpec | (Optional) Spec is the typha Deployment's PodSpec. |
TyphaDeploymentSpec
TyphaDeploymentSpec defines configuration for the typha Deployment.
Appears in:
| Field | Description |
|---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for minReadySeconds. |
template TyphaDeploymentPodTemplateSpec | (Optional) Template describes the typha Deployment pod that will be created. |
strategy TyphaDeploymentStrategy | (Optional) The deployment strategy to use to replace existing pods with new ones. |
TyphaDeploymentStrategy
TyphaDeploymentStrategy describes how to replace existing pods with new ones. Only RollingUpdate is supported at this time so the Type field is not exposed.
Appears in:
| Field | Description |
|---|---|
rollingUpdate RollingUpdateDeployment | (Optional) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. to be. |
Whisker
| Field | Description |
|---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | Whisker |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. |
spec WhiskerSpec | |
status WhiskerStatus |
WhiskerDeployment
WhiskerDeployment is the configuration for the whisker Deployment.
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec WhiskerDeploymentSpec | (Optional) Spec is the specification of the whisker Deployment. |
WhiskerDeploymentContainer
Appears in:
| Field | Description |
|---|---|
name string | |
resources ResourceRequirements | (Optional) |
WhiskerDeploymentPodSpec
WhiskerDeploymentPodSpec is the whisker Deployment's PodSpec.
Appears in:
| Field | Description |
|---|---|
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the whisker pods. |
containers WhiskerDeploymentContainer array | (Optional) Containers is a list of whisker containers. If specified, this overrides the specified EGW Deployment containers. If omitted, the whisker Deployment will use its default values for its containers. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector gives more control over the nodes where the whisker pods will run on. |
terminationGracePeriodSeconds integer | (Optional) TerminationGracePeriodSeconds defines the termination grace period of the whisker pods in seconds. |
topologySpreadConstraints TopologySpreadConstraint array | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations Toleration array | (Optional) Tolerations is the whisker pod's tolerations. If specified, this overrides any tolerations that may be set on the whisker Deployment. If omitted, the whisker Deployment will use its default value for tolerations. |
priorityClassName string | (Optional) PriorityClassName allows to specify a PriorityClass resource to be used. |
WhiskerDeploymentPodTemplateSpec
WhiskerDeploymentPodTemplateSpec is the whisker Deployment's PodTemplateSpec
Appears in:
| Field | Description |
|---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata. |
spec WhiskerDeploymentPodSpec | (Optional) Spec is the whisker Deployment's PodSpec. |
WhiskerDeploymentSpec
WhiskerDeploymentSpec defines configuration for the whisker Deployment.
Appears in:
| Field | Description |
|---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the whisker Deployment. If omitted, the whisker Deployment will use its default value for minReadySeconds. |
template WhiskerDeploymentPodTemplateSpec | (Optional) Template describes the whisker Deployment pod that will be created. |
strategy WhiskerDeploymentStrategy | (Optional) The deployment strategy to use to replace existing pods with new ones. |
WhiskerDeploymentStrategy
Appears in:
| Field | Description |
|---|---|
rollingUpdate RollingUpdateDeployment | (Optional) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. to be. |
WhiskerSpec
Appears in:
| Field | Description |
|---|---|
whiskerDeployment WhiskerDeployment | |
notifications NotificationMode | (Optional) Default: Enabled This setting enables calls to an external API to retrieve notification banner text in the Whisker UI. Allowed values are Enabled or Disabled. Defaults to Enabled. |
WhiskerStatus
WhiskerStatus defines the observed state of Whisker
Appears in:
| Field | Description |
|---|---|
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
WindowsDataplaneOption
Underlying type: string
Validation:
- Enum: [HNS Disabled]
Appears in:
| Value | Description |
|---|---|
Disabled | |
HNS |
WindowsNodeSpec
Appears in:
| Field | Description |
|---|---|
cniBinDir string | (Optional) CNIBinDir is the path to the CNI binaries directory on Windows, it must match what is used as 'bin_dir' under [plugins] [plugins."io.containerd.grpc.v1.cri"] [plugins."io.containerd.grpc.v1.cri".cni] on the containerd 'config.toml' file on the Windows nodes. |
cniConfigDir string | (Optional) CNIConfigDir is the path to the CNI configuration directory on Windows, it must match what is used as 'conf_dir' under [plugins] [plugins."io.containerd.grpc.v1.cri"] [plugins."io.containerd.grpc.v1.cri".cni] on the containerd 'config.toml' file on the Windows nodes. |
cniLogDir string | (Optional) CNILogDir is the path to the Calico CNI logs directory on Windows. |
vxlanMACPrefix string | (Optional) VXLANMACPrefix is the prefix used when generating MAC addresses for virtual NICs |
vxlanAdapter string | (Optional) VXLANAdapter is the Network Adapter used for VXLAN, leave blank for primary NIC |