Skip to main content
Calico Open Source 3.30 (latest) documentation

Installation reference

The Kubernetes resources below configure Calico installation when using the operator. Each resource is responsible for installing and configuring a different subsystem of Calico during installation. Most options can be modified on a running cluster using kubectl.

Packages

operator.tigera.io/v1

API Schema definitions for configuring the installation of Calico and Calico Enterprise

Package v1 contains API Schema definitions for the operator v1 API group

Resource Types

APIServer

APIServer installs the Tigera API server and related resources. At most one instance of this resource is supported. It must be named "default" or "tigera-secure".

FieldDescription
apiVersion stringoperator.tigera.io/v1
kind stringAPIServer
metadata ObjectMetaRefer to Kubernetes API documentation for fields of metadata.
spec APIServerSpecSpecification of the desired state for the Tigera API server.
status APIServerStatusMost recently observed status for the Tigera API server.

APIServerDeployment

APIServerDeployment is the configuration for the API server Deployment.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec APIServerDeploymentSpec(Optional) Spec is the specification of the API server Deployment.

APIServerDeploymentContainer

APIServerDeploymentContainer is an API server Deployment container.

Appears in:

FieldDescription
name stringName is an enum which identifies the API server Deployment container by name.
Supported values are: calico-apiserver, tigera-queryserver, calico-l7-admission-controller
ports APIServerDeploymentContainerPort array(Optional) Ports allows customization of container's ports. If specified, this overrides the named APIServer Deployment container's ports. If omitted, the API server Deployment will use its default value for this container's port.
resources ResourceRequirements(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named API server Deployment container's resources. If omitted, the API server Deployment will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

APIServerDeploymentContainerPort

Appears in:

FieldDescription
name stringName is an enum which identifies the API server Deployment Container port by name.
Supported values are: apiserver, queryserver, l7admctrl
containerPort integerNumber of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.

APIServerDeploymentInitContainer

APIServerDeploymentInitContainer is an API server Deployment init container.

Appears in:

FieldDescription
name stringName is an enum which identifies the API server Deployment init container by name.
Supported values are: calico-apiserver-certs-key-cert-provisioner
resources ResourceRequirements(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named API server Deployment init container's resources. If omitted, the API server Deployment will use its default value for this init container's resources.

APIServerDeploymentPodSpec

APIServerDeploymentDeploymentPodSpec is the API server Deployment's PodSpec.

Appears in:

FieldDescription
initContainers APIServerDeploymentInitContainer array(Optional) InitContainers is a list of API server init containers. If specified, this overrides the specified API server Deployment init containers. If omitted, the API server Deployment will use its default values for its init containers.
containers APIServerDeploymentContainer array(Optional) Containers is a list of API server containers. If specified, this overrides the specified API server Deployment containers. If omitted, the API server Deployment will use its default values for its containers.
affinity Affinity(Optional) Affinity is a group of affinity scheduling rules for the API server pods. If specified, this overrides any affinity that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for affinity.
WARNING: Please note that this field will override the default API server Deployment affinity.
nodeSelector object (keys:string, values:string)NodeSelector is the API server pod's scheduling constraints. If specified, each of the key/value pairs are added to the API server Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the API server Deployment and each of this field's key/value pairs are added to the API server Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the API server Deployment will use its default value for nodeSelector.
WARNING: Please note that this field will modify the default API server Deployment nodeSelector.
topologySpreadConstraints TopologySpreadConstraint array(Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
tolerations Toleration array(Optional) Tolerations is the API server pod's tolerations. If specified, this overrides any tolerations that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for tolerations.
WARNING: Please note that this field will override the default API server Deployment tolerations.
priorityClassName string(Optional) PriorityClassName allows to specify a PriorityClass resource to be used.

APIServerDeploymentPodTemplateSpec

APIServerDeploymentPodTemplateSpec is the API server Deployment's PodTemplateSpec

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec APIServerDeploymentPodSpec(Optional) Spec is the API server Deployment's PodSpec.

APIServerDeploymentSpec

APIServerDeploymentSpec defines configuration for the API server Deployment.

Appears in:

FieldDescription
minReadySeconds integer(Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for minReadySeconds.
template APIServerDeploymentPodTemplateSpec(Optional) Template describes the API server Deployment pod that will be created.

APIServerLogging

Appears in:

FieldDescription
logSeverity LogSeverity(Optional) LogSeverity defines log level for APIServer container.

APIServerPodLogging

Appears in:

FieldDescription
apiServer APIServerLogging(Optional)
queryServer QueryServerLogging(Optional)

APIServerSpec

APIServerSpec defines the desired state of Tigera API server.

Appears in:

FieldDescription
logging APIServerPodLogging(Optional)
apiServerDeployment APIServerDeploymentAPIServerDeployment configures the calico-apiserver (or tigera-apiserver in Enterprise) Deployment. If used in conjunction with ControlPlaneNodeSelector or ControlPlaneTolerations, then these overrides take precedence.

APIServerStatus

APIServerStatus defines the observed state of Tigera API server.

Appears in:

FieldDescription
state stringState provides user-readable status.
conditions Condition array(Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types.

Azure

Appears in:

FieldDescription
policyMode PolicyMode(Optional) PolicyMode determines whether the "control-plane" label is applied to namespaces. It offers two options: Default and Manual. The Default option adds the "control-plane" label to the required namespaces. The Manual option does not apply the "control-plane" label to any namespace.
Default: Default

BGPOption

Underlying type: string

BGPOption describes the mode of BGP to use.

One of: Enabled, Disabled

Appears in:

ValueDescription
Enabled
Disabled

CNILogging

Appears in:

FieldDescription
logSeverity LogLevel(Optional)
Default: Info
logFileMaxSize Quantity(Optional)
Default: 100Mi
logFileMaxAgeDays integer(Optional)
Default: 30 (days)
logFileMaxCount integer(Optional)
Default: 10

CNIPluginType

Underlying type: string

CNIPluginType describes the type of CNI plugin used.

One of: Calico, GKE, AmazonVPC, AzureVNET

Appears in:

ValueDescription
Calico
GKE
AmazonVPC
AzureVNET

CNISpec

CNISpec contains configuration for the CNI plugin.

Appears in:

FieldDescription
type CNIPluginTypeSpecifies the CNI plugin that will be used in the Calico or Calico Enterprise installation. * For KubernetesProvider GKE, this field defaults to GKE. * For KubernetesProvider AKS, this field defaults to AzureVNET. * For KubernetesProvider EKS, this field defaults to AmazonVPC. * If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC. * For all other cases this field defaults to Calico. For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment, for all other values the CNI plugin binaries and CNI config is a dependency that is expected to be installed separately.
Default: Calico
ipam IPAMSpec(Optional) IPAM specifies the pod IP address management that will be used in the Calico or Calico Enterprise installation.

CRDManagement

Underlying type: string

Validation:

  • Enum: [Reconcile PreferExisting]

Appears in:

ValueDescription
Reconcile
PreferExisting

CSINodeDriverDaemonSet

CSINodeDriverDaemonSet is the configuration for the csi-node-driver DaemonSet.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec CSINodeDriverDaemonSetSpec(Optional) Spec is the specification of the csi-node-driver DaemonSet.

CSINodeDriverDaemonSetContainer

CSINodeDriverDaemonSetContainer is a csi-node-driver DaemonSet container.

Appears in:

FieldDescription
name stringName is an enum which identifies the csi-node-driver DaemonSet container by name.
Supported values are: calico-csi, csi-node-driver-registrar.
resources ResourceRequirements(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named csi-node-driver DaemonSet container's resources. If omitted, the csi-node-driver DaemonSet will use its default value for this container's resources.

CSINodeDriverDaemonSetPodSpec

CSINodeDriverDaemonSetPodSpec is the csi-node-driver DaemonSet's PodSpec.

Appears in:

FieldDescription
containers CSINodeDriverDaemonSetContainer array(Optional) Containers is a list of csi-node-driver containers. If specified, this overrides the specified csi-node-driver DaemonSet containers. If omitted, the csi-node-driver DaemonSet will use its default values for its containers.
affinity Affinity(Optional) Affinity is a group of affinity scheduling rules for the csi-node-driver pods. If specified, this overrides any affinity that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for affinity.
WARNING: Please note that this field will override the default csi-node-driver DaemonSet affinity.
nodeSelector object (keys:string, values:string)(Optional) NodeSelector is the csi-node-driver pod's scheduling constraints. If specified, each of the key/value pairs are added to the csi-node-driver DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the csi-node-driver DaemonSet will use its default value for nodeSelector.
WARNING: Please note that this field will modify the default csi-node-driver DaemonSet nodeSelector.
tolerations Toleration array(Optional) Tolerations is the csi-node-driver pod's tolerations. If specified, this overrides any tolerations that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for tolerations.
WARNING: Please note that this field will override the default csi-node-driver DaemonSet tolerations.

CSINodeDriverDaemonSetPodTemplateSpec

CSINodeDriverDaemonSetPodTemplateSpec is the csi-node-driver DaemonSet's PodTemplateSpec

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec CSINodeDriverDaemonSetPodSpec(Optional) Spec is the csi-node-driver DaemonSet's PodSpec.

CSINodeDriverDaemonSetSpec

CSINodeDriverDaemonSetSpec defines configuration for the csi-node-driver DaemonSet.

Appears in:

FieldDescription
minReadySeconds integer(Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for minReadySeconds.
template CSINodeDriverDaemonSetPodTemplateSpec(Optional) Template describes the csi-node-driver DaemonSet pod that will be created.

CalicoKubeControllersDeployment

CalicoKubeControllersDeployment is the configuration for the calico-kube-controllers Deployment.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec CalicoKubeControllersDeploymentSpec(Optional) Spec is the specification of the calico-kube-controllers Deployment.

CalicoKubeControllersDeploymentContainer

CalicoKubeControllersDeploymentContainer is a calico-kube-controllers Deployment container.

Appears in:

FieldDescription
name stringName is an enum which identifies the calico-kube-controllers Deployment container by name.
Supported values are: calico-kube-controllers, es-calico-kube-controllers
resources ResourceRequirements(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-kube-controllers Deployment container's resources. If omitted, the calico-kube-controllers Deployment will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CalicoKubeControllersDeploymentPodSpec

CalicoKubeControllersDeploymentPodSpec is the calico-kube-controller Deployment's PodSpec.

Appears in:

FieldDescription
containers CalicoKubeControllersDeploymentContainer array(Optional) Containers is a list of calico-kube-controllers containers. If specified, this overrides the specified calico-kube-controllers Deployment containers. If omitted, the calico-kube-controllers Deployment will use its default values for its containers.
affinity Affinity(Optional) Affinity is a group of affinity scheduling rules for the calico-kube-controllers pods. If specified, this overrides any affinity that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for affinity.
WARNING: Please note that this field will override the default calico-kube-controllers Deployment affinity.
nodeSelector object (keys:string, values:string)NodeSelector is the calico-kube-controllers pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-kube-controllers Deployment and each of this field's key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-kube-controllers Deployment will use its default value for nodeSelector.
WARNING: Please note that this field will modify the default calico-kube-controllers Deployment nodeSelector.
tolerations Toleration array(Optional) Tolerations is the calico-kube-controllers pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for tolerations.
WARNING: Please note that this field will override the default calico-kube-controllers Deployment tolerations.

CalicoKubeControllersDeploymentPodTemplateSpec

CalicoKubeControllersDeploymentPodTemplateSpec is the calico-kube-controllers Deployment's PodTemplateSpec

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec CalicoKubeControllersDeploymentPodSpec(Optional) Spec is the calico-kube-controllers Deployment's PodSpec.

CalicoKubeControllersDeploymentSpec

CalicoKubeControllersDeploymentSpec defines configuration for the calico-kube-controllers Deployment.

Appears in:

FieldDescription
minReadySeconds integer(Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for minReadySeconds.
template CalicoKubeControllersDeploymentPodTemplateSpec(Optional) Template describes the calico-kube-controllers Deployment pod that will be created.

CalicoNetworkSpec

CalicoNetworkSpec specifies configuration options for Calico provided pod networking.

Appears in:

FieldDescription
linuxDataplane LinuxDataplaneOption(Optional) LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, iptables mode is used.
Default: Iptables
windowsDataplane WindowsDataplaneOption(Optional) WindowsDataplane is used to select the dataplane used for Windows nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, it is disabled and the operator will not render the Calico Windows nodes daemonset.
Default: Disabled
bgp BGPOption(Optional) BGP configures whether or not to enable Calico's BGP capabilities.
ipPools IPPool array(Optional) IPPools contains a list of IP pools to manage. If nil, a single IPv4 IP pool will be created by the operator. If an empty list is provided, the operator will not create any IP pools and will instead wait for IP pools to be created out-of-band. IP pools in this list will be reconciled by the operator and should not be modified out-of-band.
mtu integer(Optional) MTU specifies the maximum transmission unit to use on the pod network. If not specified, Calico will perform MTU auto-detection based on the cluster network.
nodeAddressAutodetectionV4 NodeAddressAutodetection(Optional) NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified, will use default auto-detection settings to acquire an IPv4 address for each node.
nodeAddressAutodetectionV6 NodeAddressAutodetection(Optional) NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified, IPv6 addresses will not be auto-detected.
hostPorts HostPortsType(Optional) HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin.
Default: Enabled
multiInterfaceMode MultiInterfaceMode(Optional) MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations using the Calico CNI plugin.
Default: None
containerIPForwarding ContainerIPForwardingType(Optional) ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration.
Default: Disabled
sysctl Sysctl array(Optional) Sysctl configures sysctl parameters for tuning plugin
linuxPolicySetupTimeoutSeconds integer(Optional) LinuxPolicySetupTimeoutSeconds delays new pods from running containers until their policy has been programmed in the dataplane. The specified delay defines the maximum amount of time that the Calico CNI plugin will wait for policy to be programmed. Only applies to pods created on Linux nodes. * A value of 0 disables pod startup delays.
Default: 0

CalicoNodeDaemonSet

CalicoNodeDaemonSet is the configuration for the calico-node DaemonSet.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec CalicoNodeDaemonSetSpec(Optional) Spec is the specification of the calico-node DaemonSet.

CalicoNodeDaemonSetContainer

CalicoNodeDaemonSetContainer is a calico-node DaemonSet container.

Appears in:

FieldDescription
name stringName is an enum which identifies the calico-node DaemonSet container by name.
Supported values are: calico-node
resources ResourceRequirements(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node DaemonSet container's resources. If omitted, the calico-node DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CalicoNodeDaemonSetInitContainer

CalicoNodeDaemonSetInitContainer is a calico-node DaemonSet init container.

Appears in:

FieldDescription
name stringName is an enum which identifies the calico-node DaemonSet init container by name.
Supported values are: install-cni, hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-prometheus-server-tls-key-cert-provisioner
resources ResourceRequirements(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node DaemonSet init container's resources. If omitted, the calico-node DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CalicoNodeDaemonSetPodSpec

CalicoNodeDaemonSetPodSpec is the calico-node DaemonSet's PodSpec.

Appears in:

FieldDescription
initContainers CalicoNodeDaemonSetInitContainer array(Optional) InitContainers is a list of calico-node init containers. If specified, this overrides the specified calico-node DaemonSet init containers. If omitted, the calico-node DaemonSet will use its default values for its init containers.
containers CalicoNodeDaemonSetContainer array(Optional) Containers is a list of calico-node containers. If specified, this overrides the specified calico-node DaemonSet containers. If omitted, the calico-node DaemonSet will use its default values for its containers.
affinity Affinity(Optional) Affinity is a group of affinity scheduling rules for the calico-node pods. If specified, this overrides any affinity that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for affinity.
WARNING: Please note that this field will override the default calico-node DaemonSet affinity.
nodeSelector object (keys:string, values:string)(Optional) NodeSelector is the calico-node pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-node DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-node DaemonSet will use its default value for nodeSelector.
WARNING: Please note that this field will modify the default calico-node DaemonSet nodeSelector.
tolerations Toleration array(Optional) Tolerations is the calico-node pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for tolerations.
WARNING: Please note that this field will override the default calico-node DaemonSet tolerations.

CalicoNodeDaemonSetPodTemplateSpec

CalicoNodeDaemonSetPodTemplateSpec is the calico-node DaemonSet's PodTemplateSpec

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec CalicoNodeDaemonSetPodSpec(Optional) Spec is the calico-node DaemonSet's PodSpec.

CalicoNodeDaemonSetSpec

CalicoNodeDaemonSetSpec defines configuration for the calico-node DaemonSet.

Appears in:

FieldDescription
minReadySeconds integer(Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for minReadySeconds.
template CalicoNodeDaemonSetPodTemplateSpec(Optional) Template describes the calico-node DaemonSet pod that will be created.

CalicoNodeWindowsDaemonSet

CalicoNodeWindowsDaemonSet is the configuration for the calico-node-windows DaemonSet.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec CalicoNodeWindowsDaemonSetSpec(Optional) Spec is the specification of the calico-node-windows DaemonSet.

CalicoNodeWindowsDaemonSetContainer

CalicoNodeWindowsDaemonSetContainer is a calico-node-windows DaemonSet container.

Appears in:

FieldDescription
name stringName is an enum which identifies the calico-node-windows DaemonSet container by name.
Supported values are: calico-node-windows
resources ResourceRequirements(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node-windows DaemonSet container's resources. If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CalicoNodeWindowsDaemonSetInitContainer

CalicoNodeWindowsDaemonSetInitContainer is a calico-node-windows DaemonSet init container.

Appears in:

FieldDescription
name stringName is an enum which identifies the calico-node-windows DaemonSet init container by name.
Supported values are: install-cni;hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-windows-prometheus-server-tls-key-cert-provisioner
resources ResourceRequirements(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node-windows DaemonSet init container's resources. If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CalicoNodeWindowsDaemonSetPodSpec

CalicoNodeWindowsDaemonSetPodSpec is the calico-node-windows DaemonSet's PodSpec.

Appears in:

FieldDescription
initContainers CalicoNodeWindowsDaemonSetInitContainer array(Optional) InitContainers is a list of calico-node-windows init containers. If specified, this overrides the specified calico-node-windows DaemonSet init containers. If omitted, the calico-node-windows DaemonSet will use its default values for its init containers.
containers CalicoNodeWindowsDaemonSetContainer array(Optional) Containers is a list of calico-node-windows containers. If specified, this overrides the specified calico-node-windows DaemonSet containers. If omitted, the calico-node-windows DaemonSet will use its default values for its containers.
affinity Affinity(Optional) Affinity is a group of affinity scheduling rules for the calico-node-windows pods. If specified, this overrides any affinity that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for affinity.
WARNING: Please note that this field will override the default calico-node-windows DaemonSet affinity.
nodeSelector object (keys:string, values:string)(Optional) NodeSelector is the calico-node-windows pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-node-windows DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-node-windows DaemonSet will use its default value for nodeSelector.
WARNING: Please note that this field will modify the default calico-node-windows DaemonSet nodeSelector.
tolerations Toleration array(Optional) Tolerations is the calico-node-windows pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for tolerations.
WARNING: Please note that this field will override the default calico-node-windows DaemonSet tolerations.

CalicoNodeWindowsDaemonSetPodTemplateSpec

CalicoNodeWindowsDaemonSetPodTemplateSpec is the calico-node-windows DaemonSet's PodTemplateSpec

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec CalicoNodeWindowsDaemonSetPodSpec(Optional) Spec is the calico-node-windows DaemonSet's PodSpec.

CalicoNodeWindowsDaemonSetSpec

CalicoNodeWindowsDaemonSetSpec defines configuration for the calico-node-windows DaemonSet.

Appears in:

FieldDescription
minReadySeconds integer(Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds.
template CalicoNodeWindowsDaemonSetPodTemplateSpec(Optional) Template describes the calico-node-windows DaemonSet pod that will be created.

CalicoWindowsUpgradeDaemonSet

Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet is the configuration for the calico-windows-upgrade DaemonSet.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec CalicoWindowsUpgradeDaemonSetSpec(Optional) Spec is the specification of the calico-windows-upgrade DaemonSet.

CalicoWindowsUpgradeDaemonSetContainer

CalicoWindowsUpgradeDaemonSetContainer is a calico-windows-upgrade DaemonSet container.

Appears in:

FieldDescription
name stringName is an enum which identifies the calico-windows-upgrade DaemonSet container by name.
resources ResourceRequirements(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-windows-upgrade DaemonSet container's resources. If omitted, the calico-windows-upgrade DaemonSet will use its default value for this container's resources.

CalicoWindowsUpgradeDaemonSetPodSpec

CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet's PodSpec.

Appears in:

FieldDescription
containers CalicoWindowsUpgradeDaemonSetContainer array(Optional) Containers is a list of calico-windows-upgrade containers. If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers.
affinity Affinity(Optional) Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity.
WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity.
nodeSelector object (keys:string, values:string)(Optional) NodeSelector is the calico-windows-upgrade pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector.
WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector.
tolerations Toleration array(Optional) Tolerations is the calico-windows-upgrade pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations.
WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations.

CalicoWindowsUpgradeDaemonSetPodTemplateSpec

CalicoWindowsUpgradeDaemonSetPodTemplateSpec is the calico-windows-upgrade DaemonSet's PodTemplateSpec

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec CalicoWindowsUpgradeDaemonSetPodSpec(Optional) Spec is the calico-windows-upgrade DaemonSet's PodSpec.

CalicoWindowsUpgradeDaemonSetSpec

CalicoWindowsUpgradeDaemonSetSpec defines configuration for the calico-windows-upgrade DaemonSet.

Appears in:

FieldDescription
minReadySeconds integer(Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds.
template CalicoWindowsUpgradeDaemonSetPodTemplateSpec(Optional) Template describes the calico-windows-upgrade DaemonSet pod that will be created.

CertificateManagement

CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization.

Appears in:

FieldDescription
caCert integer arrayCertificate of the authority that signs the CertificateSigningRequests in PEM format.
signerName stringWhen a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters with multiple signers. Must be formatted as: <my-domain>/<my-signername>.
keyAlgorithm string(Optional) Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request.
Default: RSAWithSize2048
signatureAlgorithm string(Optional) Specify the algorithm used for the signature of the X.509 certificate request.
Default: SHA256WithRSA

ComponentName

Underlying type: string

ComponentName represents a single component.

One of: Node, Typha, KubeControllers

Appears in:

ValueDescription
Node
NodeWindows
FelixWindows
ConfdWindows
Typha
KubeControllers

ComponentResource

Deprecated. Please use component resource config fields in Installation.Spec instead. The ComponentResource struct associates a ResourceRequirements with a component by name

Appears in:

FieldDescription
componentName ComponentNameComponentName is an enum which identifies the component
resourceRequirements ResourceRequirementsResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory.

ConditionStatus

Underlying type: string

ConditionStatus represents the status of a particular condition. A condition may be one of: True, False, Unknown.

Appears in:

ValueDescription
True
False
Unknown

ContainerIPForwardingType

Underlying type: string

ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled.

Appears in:

ValueDescription
Enabled
Disabled

EncapsulationType

Underlying type: string

EncapsulationType is the type of encapsulation to use on an IP pool.

One of: IPIP, VXLAN, IPIPCrossSubnet, VXLANCrossSubnet, None

Appears in:

ValueDescription
IPIPCrossSubnet
IPIP
VXLAN
VXLANCrossSubnet
None

FIPSMode

Underlying type: string

Appears in:

ValueDescription
Enabled
Disabled

GatewayAPI

FieldDescription
apiVersion stringoperator.tigera.io/v1
kind stringGatewayAPI
metadata ObjectMetaRefer to Kubernetes API documentation for fields of metadata.
spec GatewayAPISpec

GatewayAPISpec

GatewayAPISpec has fields that can be used to customize our GatewayAPI support.

Appears in:

FieldDescription
gatewayControllerDeployment GatewayControllerDeploymentAllow optional customization of the gateway controller deployment.
gatewayCertgenJob GatewayCertgenJobAllow optional customization of the gateway certgen job.
gatewayDeployment GatewayDeploymentAllow optional customization of gateway deployments.
crdManagement CRDManagementConfigure how to manage and update Gateway API CRDs. The default behaviour - which is used when this field is not set, or is set to "PreferExisting" - is that the Tigera operator will create the Gateway API CRDs if they do not already exist, but will not overwrite any existing Gateway API CRDs. This setting may be preferable if the customer is using other implementations of the Gateway API concurrently with the Gateway API support in Calico Enterprise. It is then the customer's responsibility to ensure that CRDs are installed that meet the needs of all the Gateway API implementations in their cluster. Alternatively, if this field is set to "Reconcile", the Tigera operator will keep the cluster's Gateway API CRDs aligned with those that it would install on a cluster that does not yet have any version of those CRDs.

GatewayCertgenJob

GatewayCertgenJob allows customization of the gateway certgen job.

If GatewayCertgenJob.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the job's top-level metadata.

For customization of the job spec see GatewayCertgenJobSpec.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec GatewayCertgenJobSpec(Optional)

GatewayCertgenJobContainer

GatewayCertgenJobContainer allows customization of the gateway certgen job's resource requirements.

If GatewayCertgenJob.Spec.Template.Spec.Containers["envoy-gateway-certgen"].Resources is non-nil, it overrides the ResourceRequirements of the job's "envoy-gateway-certgen" container.

Appears in:

FieldDescription
name string
resources ResourceRequirements(Optional)

GatewayCertgenJobPodSpec

GatewayCertgenJobPodSpec allows customization of the gateway certgen job's pod spec.

If GatewayCertgenJob.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of the job's pod template.

If GatewayCertgenJob.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for where job pods may be scheduled.

If GatewayCertgenJob.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of the job's pod template.

For customization of job container resources see GatewayCertgenJobContainer.

Appears in:

FieldDescription
affinity Affinity(Optional)
containers GatewayCertgenJobContainer array(Optional)
nodeSelector object (keys:string, values:string)(Optional)
tolerations Toleration array(Optional)

GatewayCertgenJobPodTemplate

GatewayCertgenJobPodTemplate allows customization of the gateway certgen job's pod template.

If GatewayCertgenJob.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the job's pod template.

For customization of the pod template spec see GatewayCertgenJobPodSpec.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec GatewayCertgenJobPodSpec(Optional)

GatewayCertgenJobSpec

GatewayCertgenJobSpec allows customization of the gateway certgen job spec.

For customization of the job template see GatewayCertgenJobPodTemplate.

Appears in:

FieldDescription
template GatewayCertgenJobPodTemplate(Optional)

GatewayControllerDeployment

GatewayControllerDeployment allows customization of the gateway controller deployment.

If GatewayControllerDeployment.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the deployment's top-level metadata.

For customization of the deployment spec see GatewayControllerDeploymentSpec.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec GatewayControllerDeploymentSpec(Optional)

GatewayControllerDeploymentContainer

GatewayControllerDeploymentContainer allows customization of the gateway controller's resource requirements.

If GatewayControllerDeployment.Spec.Template.Spec.Containers["envoy-gateway"].Resources is non-nil, it overrides the ResourceRequirements of the controller's "envoy-gateway" container.

Appears in:

FieldDescription
name string
resources ResourceRequirements(Optional)

GatewayControllerDeploymentPodSpec

GatewayControllerDeploymentPodSpec allows customization of the gateway controller deployment pod spec.

If GatewayControllerDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of the deployment's pod template.

If GatewayControllerDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for where controller pods may be scheduled.

If GatewayControllerDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of the deployment's pod template.

For customization of container resources see GatewayControllerDeploymentContainer.

Appears in:

FieldDescription
affinity Affinity(Optional)
containers GatewayControllerDeploymentContainer array(Optional)
nodeSelector object (keys:string, values:string)(Optional)
tolerations Toleration array(Optional)

GatewayControllerDeploymentPodTemplate

GatewayControllerDeploymentPodTemplate allows customization of the gateway controller deployment pod template.

If GatewayControllerDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the deployment's pod template.

For customization of the pod template spec see GatewayControllerDeploymentPodSpec.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec GatewayControllerDeploymentPodSpec(Optional)

GatewayControllerDeploymentSpec

GatewayControllerDeploymentSpec allows customization of the gateway controller deployment spec.

If GatewayControllerDeployment.Spec.MinReadySeconds is non-nil, it sets the minReadySeconds field for the deployment.

For customization of the pod template see GatewayControllerDeploymentPodTemplate.

Appears in:

FieldDescription
minReadySeconds integer(Optional)
template GatewayControllerDeploymentPodTemplate(Optional)

GatewayDeployment

GatewayDeployment allows customization of gateway deployments.

For detail see GatewayDeploymentSpec.

Appears in:

FieldDescription
spec GatewayDeploymentSpec(Optional)

GatewayDeploymentContainer

GatewayDeploymentContainer allows customization of the resource requirements of gateway deployments.

If GatewayDeployment.Spec.Template.Spec.Containers["envoy"].Resources is non-nil, it overrides the ResourceRequirements of the "envoy" container in each gateway deployment.

Appears in:

FieldDescription
name string
resources ResourceRequirements(Optional)

GatewayDeploymentPodSpec

GatewayDeploymentPodSpec allows customization of the pod spec of gateway deployments.

If GatewayDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of each deployment's pod template.

If GatewayDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for where gateway pods may be scheduled.

If GatewayDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of each deployment's pod template.

If GatewayDeployment.Spec.Template.Spec.TopologySpreadConstraints is non-nil, it sets the topology spread constraints of each deployment's pod template.

For customization of container resources see GatewayControllerDeploymentContainer.

Appears in:

FieldDescription
affinity Affinity(Optional)
containers GatewayDeploymentContainer array(Optional)
nodeSelector object (keys:string, values:string)(Optional)
topologySpreadConstraints TopologySpreadConstraint array(Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
tolerations Toleration array(Optional)

GatewayDeploymentPodTemplate

GatewayDeploymentPodTemplate allows customization of the pod template of gateway deployments.

If GatewayDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into each deployment's pod template.

For customization of the pod template spec see GatewayDeploymentPodSpec.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec GatewayDeploymentPodSpec(Optional)

GatewayDeploymentSpec

GatewayDeploymentSpec allows customization of the spec of gateway deployments.

For customization of the pod template see GatewayDeploymentPodTemplate.

For customization of the deployment strategy see GatewayDeploymentStrategy.

Appears in:

FieldDescription
template GatewayDeploymentPodTemplate(Optional)
strategy GatewayDeploymentStrategy(Optional) The deployment strategy to use to replace existing pods with new ones.

GatewayDeploymentStrategy

GatewayDeploymentStrategy allows customization of the deployment strategy for gateway deployments.

If GatewayDeployment.Spec.Strategy is non-nil, gateway deployments are set to use a rolling update strategy, with the parameters specified in GatewayDeployment.Spec.Strategy.

Only RollingUpdate is supported at this time so the Type field is not exposed.

Appears in:

FieldDescription
rollingUpdate RollingUpdateDeployment(Optional)

Goldmane

FieldDescription
apiVersion stringoperator.tigera.io/v1
kind stringGoldmane
metadata ObjectMetaRefer to Kubernetes API documentation for fields of metadata.
spec GoldmaneSpec
status GoldmaneStatus

GoldmaneDeployment

GoldmaneDeployment is the configuration for the goldmane Deployment.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec GoldmaneDeploymentSpec(Optional) Spec is the specification of the goldmane Deployment.

GoldmaneDeploymentContainer

Appears in:

FieldDescription
name string
resources ResourceRequirements(Optional)

GoldmaneDeploymentPodSpec

GoldmaneDeploymentPodSpec is the goldmane Deployment's PodSpec.

Appears in:

FieldDescription
affinity Affinity(Optional) Affinity is a group of affinity scheduling rules for the goldmane pods.
containers GoldmaneDeploymentContainer array(Optional) Containers is a list of goldmane containers. If specified, this overrides the specified EGW Deployment containers. If omitted, the goldmane Deployment will use its default values for its containers.
nodeSelector object (keys:string, values:string)(Optional) NodeSelector gives more control over the nodes where the goldmane pods will run on.
terminationGracePeriodSeconds integer(Optional) TerminationGracePeriodSeconds defines the termination grace period of the goldmane pods in seconds.
topologySpreadConstraints TopologySpreadConstraint array(Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
tolerations Toleration array(Optional) Tolerations is the goldmane pod's tolerations. If specified, this overrides any tolerations that may be set on the goldmane Deployment. If omitted, the goldmane Deployment will use its default value for tolerations.
priorityClassName string(Optional) PriorityClassName allows to specify a PriorityClass resource to be used.

GoldmaneDeploymentPodTemplateSpec

GoldmaneDeploymentPodTemplateSpec is the goldmane Deployment's PodTemplateSpec

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec GoldmaneDeploymentPodSpec(Optional) Spec is the goldmane Deployment's PodSpec.

GoldmaneDeploymentSpec

GoldmaneDeploymentSpec defines configuration for the goldmane Deployment.

Appears in:

FieldDescription
minReadySeconds integer(Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the goldmane Deployment. If omitted, the goldmane Deployment will use its default value for minReadySeconds.
template GoldmaneDeploymentPodTemplateSpec(Optional) Template describes the goldmane Deployment pod that will be created.
strategy GoldmaneDeploymentStrategy(Optional) The deployment strategy to use to replace existing pods with new ones.

GoldmaneDeploymentStrategy

Appears in:

FieldDescription
rollingUpdate RollingUpdateDeployment(Optional) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. to be.

GoldmaneSpec

Appears in:

FieldDescription
goldmaneDeployment GoldmaneDeployment

GoldmaneStatus

GoldmaneStatus defines the observed state of Goldmane

Appears in:

FieldDescription
conditions Condition array(Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types.

HostPortsType

Underlying type: string

HostPortsType specifies host port support.

One of: Enabled, Disabled

Appears in:

ValueDescription
Enabled
Disabled

IPAMPluginType

Underlying type: string

Appears in:

ValueDescription
Calico
HostLocal
AmazonVPC
AzureVNET

IPAMSpec

IPAMSpec contains configuration for pod IP address management.

Appears in:

FieldDescription
type IPAMPluginTypeSpecifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation. * For CNI Plugin Calico, this field defaults to Calico. * For CNI Plugin GKE, this field defaults to HostLocal. * For CNI Plugin AzureVNET, this field defaults to AzureVNET. * For CNI Plugin AmazonVPC, this field defaults to AmazonVPC. The IPAM plugin is installed and configured only if the CNI plugin is set to Calico, for all other values of the CNI plugin the plugin binaries and CNI config is a dependency that is expected to be installed separately.
Default: Calico

IPPool

Appears in:

FieldDescription
name stringName is the name of the IP pool. If omitted, this will be generated.
cidr stringCIDR contains the address range for the IP Pool in classless inter-domain routing format.
encapsulation EncapsulationType(Optional) Encapsulation specifies the encapsulation type that will be used with the IP Pool.
Default: IPIP
natOutgoing NATOutgoingType(Optional) NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic.
Default: Enabled
nodeSelector string(Optional) NodeSelector specifies the node selector that will be set for the IP Pool.
Default: 'all()'
blockSize integer(Optional) BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR.
Default: 26 (IPv4), 122 (IPv6)
disableBGPExport boolean(Optional) DisableBGPExport specifies whether routes from this IP pool's CIDR are exported over BGP.
Default: false
disableNewAllocations booleanDisableNewAllocations specifies whether or not new IP allocations are allowed from this pool. This is useful when you want to prevent new pods from receiving IP addresses from this pool, without impacting any existing pods that have already been assigned addresses from this pool.
allowedUses IPPoolAllowedUse arrayAllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility
assignmentMode AssignmentModeAssignmentMode determines if IP addresses from this pool should be assigned automatically or on request only

IPPoolAllowedUse

Underlying type: string

Appears in:

ValueDescription
Workload
Tunnel
LoadBalancer

Image

Appears in:

FieldDescription
image stringImage is an image that the operator deploys and instead of using the built in tag the operator will use the Digest for the image identifier. The value should be the original image name without registry or tag or digest. For the image docker.io/calico/node:v3.17.1 it should be represented as calico/node The "Installation" spec allows defining custom image registries, paths or prefixes. Even for custom images such as example.com/custompath/customprefix-calico-node:v3.17.1, this value should still be calico/node.
digest stringDigest is the image identifier that will be used for the Image. The field should not include a leading @ and must be prefixed with sha256:.

ImageSet

ImageSet is used to specify image digests for the images that the operator deploys. The name of the ImageSet is expected to be in the format <variant>-<release>. The variant used is enterprise if the InstallationSpec Variant is TigeraSecureEnterprise otherwise it is calico. The release must match the version of the variant that the operator is built to deploy, this version can be obtained by passing the --version flag to the operator binary.

FieldDescription
apiVersion stringoperator.tigera.io/v1
kind stringImageSet
metadata ObjectMetaRefer to Kubernetes API documentation for fields of metadata.
spec ImageSetSpec

ImageSetSpec

ImageSetSpec defines the desired state of ImageSet.

Appears in:

FieldDescription
images Image arrayImages is the list of images to use digests. All images that the operator will deploy must be specified.

Installation

Installation configures an installation of Calico or Calico Enterprise. At most one instance of this resource is supported. It must be named "default". The Installation API installs core networking and network policy components, and provides general install-time configuration.

FieldDescription
apiVersion stringoperator.tigera.io/v1
kind stringInstallation
metadata ObjectMetaRefer to Kubernetes API documentation for fields of metadata.
spec InstallationSpecSpecification of the desired state for the Calico or Calico Enterprise installation.
status InstallationStatusMost recently observed state for the Calico or Calico Enterprise installation.

InstallationSpec

InstallationSpec defines configuration for a Calico or Calico Enterprise installation.

Appears in:

FieldDescription
variant ProductVariant(Optional) Variant is the product to install - one of Calico or TigeraSecureEnterprise
Default: Calico
registry string(Optional) Registry is the default Docker registry used for component Docker images. If specified then the given value must end with a slash character (/) and all images will be pulled from this registry. If not specified then the default registries will be used. A special case value, UseDefault, is supported to explicitly specify the default registries will be used. Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag> This option allows configuring the <registry> portion of the above format.
imagePath string(Optional) ImagePath allows for the path part of an image to be specified. If specified then the specified value will be used as the image path for each image. If not specified or empty, the default for each image will be used. A special case value, UseDefault, is supported to explicitly specify the default image path will be used for each image. Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag> This option allows configuring the <imagePath> portion of the above format.
imagePrefix string(Optional) ImagePrefix allows for the prefix part of an image to be specified. If specified then the given value will be used as a prefix on each image. If not specified or empty, no prefix will be used. A special case value, UseDefault, is supported to explicitly specify the default image prefix will be used for each image. Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag> This option allows configuring the <imagePrefix> portion of the above format.
imagePullSecrets LocalObjectReference array(Optional) ImagePullSecrets is an array of references to container registry pull secrets to use. These are applied to all images to be pulled.
kubernetesProvider Provider(Optional) KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. If the specified value is empty, the Operator will attempt to automatically determine the current provider. If the specified value is not empty, the Operator will still attempt auto-detection, but will additionally compare the auto-detected value to the specified value to confirm they match.
cni CNISpec(Optional) CNI specifies the CNI that will be used by this installation.
calicoNetwork CalicoNetworkSpec(Optional) CalicoNetwork specifies networking configuration options for Calico.
typhaAffinity TyphaAffinity(Optional) Deprecated. Please use Installation.Spec.TyphaDeployment instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods.
controlPlaneNodeSelector object (keys:string, values:string)(Optional) ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico components. This is globally applied to all resources created by the operator excluding daemonsets.
controlPlaneTolerations Toleration array(Optional) ControlPlaneTolerations specify tolerations which are then globally applied to all resources created by the operator.
controlPlaneReplicas integer(Optional) ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. This field applies to all control plane components that support High Availability. Defaults to 2.
nodeMetricsPort integer(Optional) NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then prometheus metrics may still be configured through FelixConfiguration.
typhaMetricsPort integer(Optional) TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled.
flexVolumePath string(Optional) FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled by default. If set to 'None', FlexVolume will be disabled. The default is based on the kubernetesProvider.
kubeletVolumePluginPath string(Optional) KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, CSI will be enabled by default. If set to 'None', CSI will be disabled.
Default: /var/lib/kubelet
nodeUpdateStrategy DaemonSetUpdateStrategy(Optional) NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable field.
componentResources ComponentResource array(Optional) Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. ComponentResources can be used to customize the resource requirements for each component. Node, Typha, and KubeControllers are supported for installations.
certificateManagement CertificateManagement(Optional) CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization.
nonPrivileged NonPrivilegedType(Optional) NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible.
calicoNodeDaemonSet CalicoNodeDaemonSetCalicoNodeDaemonSet configures the calico-node DaemonSet. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence.
csiNodeDriverDaemonSet CSINodeDriverDaemonSetCSINodeDriverDaemonSet configures the csi-node-driver DaemonSet.
calicoKubeControllersDeployment CalicoKubeControllersDeploymentCalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence.
typhaDeployment TyphaDeploymentTyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated ComponentResources or TyphaAffinity, then these overrides take precedence.
calicoWindowsUpgradeDaemonSet CalicoWindowsUpgradeDaemonSetDeprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet.
calicoNodeWindowsDaemonSet CalicoNodeWindowsDaemonSetCalicoNodeWindowsDaemonSet configures the calico-node-windows DaemonSet.
fipsMode FIPSMode(Optional) FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. Only supported for Variant=Calico.
Default: Disabled
logging Logging(Optional) Logging Configuration for Components
windowsNodes WindowsNodeSpec(Optional) Windows Configuration
serviceCIDRs string array(Optional) Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows.
azure Azure(Optional) Azure is used to configure azure provider specific options.
proxy Proxy(Optional) Proxy is used to configure the HTTP(S) proxy settings that will be applied to Tigera containers that connect to destinations outside the cluster. It is expected that NO_PROXY is configured such that destinations within the cluster (including the API server) are exempt from proxying.

InstallationStatus

InstallationStatus defines the observed state of the Calico or Calico Enterprise installation.

Appears in:

FieldDescription
variant ProductVariantVariant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise
mtu integerMTU is the most recently observed value for pod network MTU. This may be an explicitly configured value, or based on Calico's native auto-detetion.
imageSet string(Optional) ImageSet is the name of the ImageSet being used, if there is an ImageSet that is being used. If an ImageSet is not being used then this will not be set.
computed InstallationSpec(Optional) Computed is the final installation including overlaid resources.
calicoVersion stringCalicoVersion shows the current running version of calico. CalicoVersion along with Variant is needed to know the exact version deployed.
conditions Condition array(Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types.

KubernetesAutodetectionMethod

Underlying type: string

KubernetesAutodetectionMethod is a method of detecting an IP address based on the Kubernetes API.

One of: NodeInternalIP

Appears in:

ValueDescription
NodeInternalIPNodeInternalIP detects a node IP using the first status.Addresses entry of the relevant IP family with type NodeInternalIP on the Kubernetes nodes API.

LinuxDataplaneOption

Underlying type: string

LinuxDataplaneOption controls which dataplane is to be used on Linux nodes.

One of: Iptables, BPF, VPP, Nftables

Validation:

  • Enum: [Iptables BPF VPP Nftables]

Appears in:

ValueDescription
Iptables
BPF
VPP
Nftables

LogLevel

Underlying type: string

Validation:

  • Enum: [Error Warning Info Debug]

Appears in:

ValueDescription
Error
Warn
Info
Debug

LogSeverity

Underlying type: string

Validation:

  • Enum: [Fatal Error Warn Info Debug Trace]

Appears in:

ValueDescription
Fatal
Error
Warn
Info
Debug
Trace

Logging

Appears in:

FieldDescription
cni CNILogging(Optional) Customized logging specification for calico-cni plugin

Metadata

Metadata contains the standard Kubernetes labels and annotations fields.

Appears in:

FieldDescription
labels object (keys:string, values:string)(Optional) Labels is a map of string keys and values that may match replicaset and service selectors. Each of these key/value pairs are added to the object's labels provided the key does not already exist in the object's labels.
annotations object (keys:string, values:string)(Optional) Annotations is a map of arbitrary non-identifying metadata. Each of these key/value pairs are added to the object's annotations provided the key does not already exist in the object's annotations.

MultiInterfaceMode

Underlying type: string

MultiInterfaceMode describes the method of providing multiple pod interfaces.

One of: None, Multus

Appears in:

ValueDescription
None
Multus

NATOutgoingType

Underlying type: string

NATOutgoingType describe the type of outgoing NAT to use.

One of: Enabled, Disabled

Appears in:

ValueDescription
Enabled
Disabled

NodeAddressAutodetection

NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs must be specified directly on the Node resource.

Appears in:

FieldDescription
firstFound boolean(Optional) FirstFound uses default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names.
kubernetes KubernetesAutodetectionMethod(Optional) Kubernetes configures Calico to detect node addresses based on the Kubernetes API.
interface string(Optional) Interface enables IP auto-detection based on interfaces that match the given regex.
skipInterface string(Optional) SkipInterface enables IP auto-detection based on interfaces that do not match the given regex.
canReach string(Optional) CanReach enables IP auto-detection based on which source address on the node is used to reach the specified IP or domain.
cidrs string arrayCIDRS enables IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs.

NodeAffinity

NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available schedulers.

Appears in:

FieldDescription
preferredDuringSchedulingIgnoredDuringExecution PreferredSchedulingTerm array(Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.
requiredDuringSchedulingIgnoredDuringExecution NodeSelector(Optional)
WARNING: Please note that if the affinity requirements specified by this field are not met at scheduling time, the pod will NOT be scheduled onto the node. There is no fallback to another affinity rules with this setting. This may cause networking disruption or even catastrophic failure! PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, to avoid scheduling Typhas on virtual-nodes. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NonPrivilegedType

Underlying type: string

NonPrivilegedType specifies whether Calico runs as permissioned or not

One of: Enabled, Disabled

Appears in:

ValueDescription
Enabled
Disabled

NotificationMode

Underlying type: string

Appears in:

ValueDescription
Disabled
Enabled

PolicyMode

Underlying type: string

Appears in:

ValueDescription
Default
Manual

ProductVariant

Underlying type: string

ProductVariant represents the variant of the product.

One of: Calico, TigeraSecureEnterprise

Appears in:

Provider

Underlying type: string

Provider represents a particular provider or flavor of Kubernetes. Valid options are: EKS, GKE, AKS, RKE2, OpenShift, DockerEnterprise, TKG.

Appears in:

Proxy

Appears in:

FieldDescription
httpProxy string(Optional) HTTPProxy defines the value of the HTTP_PROXY environment variable that will be set on Tigera containers that connect to destinations outside the cluster.
httpsProxy string(Optional) HTTPSProxy defines the value of the HTTPS_PROXY environment variable that will be set on Tigera containers that connect to destinations outside the cluster.
noProxy string(Optional) NoProxy defines the value of the NO_PROXY environment variable that will be set on Tigera containers that connect to destinations outside the cluster. This value must be set such that destinations within the scope of the cluster, including the Kubernetes API server, are exempt from being proxied.

QueryServerLogging

Appears in:

FieldDescription
logSeverity LogSeverity(Optional) LogSeverity defines log level for QueryServer container.

StatusConditionType

Underlying type: string

StatusConditionType is a type of condition that may apply to a particular component.

Appears in:

ValueDescription
AvailableAvailable indicates that the component is healthy.
ProgressingProgressing means that the component is in the process of being installed or upgraded.
DegradedDegraded means the component is not operating as desired and user action is required.
ReadyReady indicates that the component is healthy and ready.it is identical to Available and used in Status conditions for CRs.

Sysctl

Appears in:

FieldDescription
key string
value string

TigeraStatus

TigeraStatus represents the most recently observed status for Calico or a Calico Enterprise functional area.

FieldDescription
apiVersion stringoperator.tigera.io/v1
kind stringTigeraStatus
metadata ObjectMetaRefer to Kubernetes API documentation for fields of metadata.
spec TigeraStatusSpec
status TigeraStatusStatus

TigeraStatusCondition

TigeraStatusCondition represents a condition attached to a particular component.

Appears in:

FieldDescription
type StatusConditionTypeThe type of condition. May be Available, Progressing, or Degraded.
status ConditionStatusThe status of the condition. May be True, False, or Unknown.
lastTransitionTime TimeThe timestamp representing the start time for the current status.
reason stringA brief reason explaining the condition.
message stringOptionally, a detailed message providing additional context.
observedGeneration integer(Optional) observedGeneration represents the generation that the condition was set based upon. For instance, if generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

TigeraStatusSpec

TigeraStatusSpec defines the desired state of TigeraStatus

Appears in:

TigeraStatusStatus

TigeraStatusStatus defines the observed state of TigeraStatus

Appears in:

FieldDescription
conditions TigeraStatusCondition arrayConditions represents the latest observed set of conditions for this component. A component may be one or more of Available, Progressing, or Degraded.

TyphaAffinity

Deprecated. Please use TyphaDeployment instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods.

Appears in:

FieldDescription
nodeAffinity NodeAffinity(Optional) NodeAffinity describes node affinity scheduling rules for typha.

TyphaDeployment

TyphaDeployment is the configuration for the typha Deployment.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec TyphaDeploymentSpec(Optional) Spec is the specification of the typha Deployment.

TyphaDeploymentContainer

TyphaDeploymentContainer is a typha Deployment container.

Appears in:

FieldDescription
name stringName is an enum which identifies the typha Deployment container by name.
Supported values are: calico-typha
resources ResourceRequirements(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named typha Deployment container's resources. If omitted, the typha Deployment will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

TyphaDeploymentInitContainer

TyphaDeploymentInitContainer is a typha Deployment init container.

Appears in:

FieldDescription
name stringName is an enum which identifies the typha Deployment init container by name.
Supported values are: typha-certs-key-cert-provisioner
resources ResourceRequirements(Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named typha Deployment init container's resources. If omitted, the typha Deployment will use its default value for this init container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

TyphaDeploymentPodSpec

TyphaDeploymentPodSpec is the typha Deployment's PodSpec.

Appears in:

FieldDescription
initContainers TyphaDeploymentInitContainer array(Optional) InitContainers is a list of typha init containers. If specified, this overrides the specified typha Deployment init containers. If omitted, the typha Deployment will use its default values for its init containers.
containers TyphaDeploymentContainer array(Optional) Containers is a list of typha containers. If specified, this overrides the specified typha Deployment containers. If omitted, the typha Deployment will use its default values for its containers.
affinity Affinity(Optional) Affinity is a group of affinity scheduling rules for the typha pods. If specified, this overrides any affinity that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for affinity. If used in conjunction with the deprecated TyphaAffinity, then this value takes precedence.
WARNING: Please note that this field will override the default calico-typha Deployment affinity.
nodeSelector object (keys:string, values:string)NodeSelector is the calico-typha pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-typha Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-typha Deployment will use its default value for nodeSelector.
WARNING: Please note that this field will modify the default calico-typha Deployment nodeSelector.
terminationGracePeriodSeconds integer(Optional) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.
topologySpreadConstraints TopologySpreadConstraint array(Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
tolerations Toleration array(Optional) Tolerations is the typha pod's tolerations. If specified, this overrides any tolerations that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for tolerations.
WARNING: Please note that this field will override the default calico-typha Deployment tolerations.

TyphaDeploymentPodTemplateSpec

TyphaDeploymentPodTemplateSpec is the typha Deployment's PodTemplateSpec

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec TyphaDeploymentPodSpec(Optional) Spec is the typha Deployment's PodSpec.

TyphaDeploymentSpec

TyphaDeploymentSpec defines configuration for the typha Deployment.

Appears in:

FieldDescription
minReadySeconds integer(Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for minReadySeconds.
template TyphaDeploymentPodTemplateSpec(Optional) Template describes the typha Deployment pod that will be created.
strategy TyphaDeploymentStrategy(Optional) The deployment strategy to use to replace existing pods with new ones.

TyphaDeploymentStrategy

TyphaDeploymentStrategy describes how to replace existing pods with new ones. Only RollingUpdate is supported at this time so the Type field is not exposed.

Appears in:

FieldDescription
rollingUpdate RollingUpdateDeployment(Optional) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. to be.

Whisker

FieldDescription
apiVersion stringoperator.tigera.io/v1
kind stringWhisker
metadata ObjectMetaRefer to Kubernetes API documentation for fields of metadata.
spec WhiskerSpec
status WhiskerStatus

WhiskerDeployment

WhiskerDeployment is the configuration for the whisker Deployment.

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec WhiskerDeploymentSpec(Optional) Spec is the specification of the whisker Deployment.

WhiskerDeploymentContainer

Appears in:

FieldDescription
name string
resources ResourceRequirements(Optional)

WhiskerDeploymentPodSpec

WhiskerDeploymentPodSpec is the whisker Deployment's PodSpec.

Appears in:

FieldDescription
affinity Affinity(Optional) Affinity is a group of affinity scheduling rules for the whisker pods.
containers WhiskerDeploymentContainer array(Optional) Containers is a list of whisker containers. If specified, this overrides the specified EGW Deployment containers. If omitted, the whisker Deployment will use its default values for its containers.
nodeSelector object (keys:string, values:string)(Optional) NodeSelector gives more control over the nodes where the whisker pods will run on.
terminationGracePeriodSeconds integer(Optional) TerminationGracePeriodSeconds defines the termination grace period of the whisker pods in seconds.
topologySpreadConstraints TopologySpreadConstraint array(Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.
tolerations Toleration array(Optional) Tolerations is the whisker pod's tolerations. If specified, this overrides any tolerations that may be set on the whisker Deployment. If omitted, the whisker Deployment will use its default value for tolerations.
priorityClassName string(Optional) PriorityClassName allows to specify a PriorityClass resource to be used.

WhiskerDeploymentPodTemplateSpec

WhiskerDeploymentPodTemplateSpec is the whisker Deployment's PodTemplateSpec

Appears in:

FieldDescription
metadata Metadata(Optional) Refer to Kubernetes API documentation for fields of metadata.
spec WhiskerDeploymentPodSpec(Optional) Spec is the whisker Deployment's PodSpec.

WhiskerDeploymentSpec

WhiskerDeploymentSpec defines configuration for the whisker Deployment.

Appears in:

FieldDescription
minReadySeconds integer(Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the whisker Deployment. If omitted, the whisker Deployment will use its default value for minReadySeconds.
template WhiskerDeploymentPodTemplateSpec(Optional) Template describes the whisker Deployment pod that will be created.
strategy WhiskerDeploymentStrategy(Optional) The deployment strategy to use to replace existing pods with new ones.

WhiskerDeploymentStrategy

Appears in:

FieldDescription
rollingUpdate RollingUpdateDeployment(Optional) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. to be.

WhiskerSpec

Appears in:

FieldDescription
whiskerDeployment WhiskerDeployment
notifications NotificationMode(Optional)
Default: Enabled This setting enables calls to an external API to retrieve notification banner text in the Whisker UI. Allowed values are Enabled or Disabled. Defaults to Enabled.

WhiskerStatus

WhiskerStatus defines the observed state of Whisker

Appears in:

FieldDescription
conditions Condition array(Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types.

WindowsDataplaneOption

Underlying type: string

Validation:

  • Enum: [HNS Disabled]

Appears in:

ValueDescription
Disabled
HNS

WindowsNodeSpec

Appears in:

FieldDescription
cniBinDir string(Optional) CNIBinDir is the path to the CNI binaries directory on Windows, it must match what is used as 'bin_dir' under [plugins] [plugins."io.containerd.grpc.v1.cri"] [plugins."io.containerd.grpc.v1.cri".cni] on the containerd 'config.toml' file on the Windows nodes.
cniConfigDir string(Optional) CNIConfigDir is the path to the CNI configuration directory on Windows, it must match what is used as 'conf_dir' under [plugins] [plugins."io.containerd.grpc.v1.cri"] [plugins."io.containerd.grpc.v1.cri".cni] on the containerd 'config.toml' file on the Windows nodes.
cniLogDir string(Optional) CNILogDir is the path to the Calico CNI logs directory on Windows.
vxlanMACPrefix string(Optional) VXLANMACPrefix is the prefix used when generating MAC addresses for virtual NICs
vxlanAdapter string(Optional) VXLANAdapter is the Network Adapter used for VXLAN, leave blank for primary NIC