Installation reference
The Kubernetes resources below configure Calico installation when using the operator. Each resource is responsible for installing and configuring a different subsystem of Calico during installation. Most options can be modified on a running cluster using kubectl.
Packages:
operator.tigera.io/v1
API Schema definitions for configuring the installation of Calico and Calico Enterprise
Resource Types:
- APIServer
- ApplicationLayer
- EgressGateway
- ImageSet
- Installation
- Monitor
- NonClusterHost
- PacketCaptureAPI
- PolicyRecommendation
- TLSPassThroughRoute
- TLSTerminatedRoute
- Tenant
- TigeraStatus
APIServer
APIServer installs the Tigera API server and related resources. At most one instance of this resource is supported. It must be named âdefaultâ or âtigera-secureâ.
| Field | Description | ||
|---|---|---|---|
| | ||
| APIServer | ||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||
specAPIServerSpec | Specification of the desired state for the Tigera API server.
| ||
statusAPIServerStatus | Most recently observed status for the Tigera API server. |
ApplicationLayer
ApplicationLayer is the Schema for the applicationlayers API
| Field | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| | ||||||||||||
| ApplicationLayer | ||||||||||||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||||||||||||
specApplicationLayerSpec |
| ||||||||||||
statusApplicationLayerStatus |
EgressGateway
EgressGateway is the Schema for the egressgateways API
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| | ||||||||||||||
| EgressGateway | ||||||||||||||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||||||||||||||
specEgressGatewaySpec |
| ||||||||||||||
statusEgressGatewayStatus |
ImageSet
ImageSet is used to specify image digests for the images that the operator deploys.
The name of the ImageSet is expected to be in the format <variant>-<release>.
The variant used is enterprise if the InstallationSpec Variant is
TigeraSecureEnterprise otherwise it is calico.
The release must match the version of the variant that the operator is built to deploy,
this version can be obtained by passing the --version flag to the operator binary.
| Field | Description | ||
|---|---|---|---|
| | ||
| ImageSet | ||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||
specImageSetSpec |
|
Installation
Installation configures an installation of Calico or Calico Enterprise. At most one instance of this resource is supported. It must be named âdefaultâ. The Installation API installs core networking and network policy components, and provides general install-time configuration.
| Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Installation | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
specInstallationSpec | Specification of the desired state for the Calico or Calico Enterprise installation.
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
statusInstallationStatus | Most recently observed state for the Calico or Calico Enterprise installation. |
Monitor
Monitor is the Schema for the monitor API. At most one instance of this resource is supported. It must be named âtigera-secureâ.
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| | ||||||
| Monitor | ||||||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||||||
specMonitorSpec |
| ||||||
statusMonitorStatus |
NonClusterHost
NonClusterHost installs the components required for non-cluster host log collection. At most one instance of this resource is supported. It must be named âtigera-secureâ.
| Field | Description | ||
|---|---|---|---|
| | ||
| NonClusterHost | ||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||
specNonClusterHostSpec | Specification of the desired state for non-cluster host log collection.
|
PacketCaptureAPI
PacketCaptureAPI is used to configure the resource requirement for PacketCaptureAPI deployment. It must be named âtigera-secureâ.
| Field | Description | ||
|---|---|---|---|
| | ||
| PacketCaptureAPI | ||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||
specPacketCaptureAPISpec | Specification of the desired state for the PacketCaptureAPI.
| ||
statusPacketCaptureAPIStatus | Most recently observed state for the PacketCaptureAPI. |
PolicyRecommendation
PolicyRecommendation is the Schema for the policy recommendation API. At most one instance of this resource is supported. It must be named âtigera-secureâ.
| Field | Description | ||
|---|---|---|---|
| | ||
| PolicyRecommendation | ||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||
specPolicyRecommendationSpec |
| ||
statusPolicyRecommendationStatus |
TLSPassThroughRoute
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| | ||||||
| TLSPassThroughRoute | ||||||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||||||
specTLSPassThroughRouteSpec | Dest is the destination URL
|
TLSTerminatedRoute
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| | ||||||||||||||
| TLSTerminatedRoute | ||||||||||||||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||||||||||||||
specTLSTerminatedRouteSpec |
|
Tenant
Tenant is the Schema for the tenants API
| Field | Description | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| | ||||||||||||||||
| Tenant | ||||||||||||||||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
| ||||||||||||||||
specTenantSpec |
| ||||||||||||||||
statusTenantStatus |
TigeraStatus
TigeraStatus represents the most recently observed status for Calico or a Calico Enterprise functional area.
| Field | Description |
|---|---|
| |
| TigeraStatus |
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
|
specTigeraStatusSpec | |
statusTigeraStatusStatus |
APIServerDeployment
(Appears on:APIServerSpec)
APIServerDeployment is the configuration for the API server Deployment.
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the Deployment. |
specAPIServerDeploymentSpec | (Optional) Spec is the specification of the API server Deployment. |
APIServerDeploymentContainer
(Appears on:APIServerDeploymentPodSpec)
APIServerDeploymentContainer is an API server Deployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the API server Deployment container by name. Supported values are: calico-apiserver, tigera-queryserver |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named API server Deployment containerâs resources. If omitted, the API server Deployment will use its default value for this containerâs resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
APIServerDeploymentInitContainer
(Appears on:APIServerDeploymentPodSpec)
APIServerDeploymentInitContainer is an API server Deployment init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the API server Deployment init container by name. Supported values are: calico-apiserver-certs-key-cert-provisioner |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named API server Deployment init containerâs resources. If omitted, the API server Deployment will use its default value for this init containerâs resources. |
APIServerDeploymentPodSpec
(Appears on:APIServerDeploymentPodTemplateSpec)
APIServerDeploymentDeploymentPodSpec is the API server Deploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]APIServerDeploymentInitContainer | (Optional) InitContainers is a list of API server init containers. If specified, this overrides the specified API server Deployment init containers. If omitted, the API server Deployment will use its default values for its init containers. |
containers[]APIServerDeploymentContainer | (Optional) Containers is a list of API server containers. If specified, this overrides the specified API server Deployment containers. If omitted, the API server Deployment will use its default values for its containers. |
affinityKubernetes core/v1.Affinity | (Optional) Affinity is a group of affinity scheduling rules for the API server pods. If specified, this overrides any affinity that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for affinity. WARNING: Please note that this field will override the default API server Deployment affinity. |
nodeSelectormap[string]string | NodeSelector is the API server podâs scheduling constraints. If specified, each of the key/value pairs are added to the API server Deployment nodeSelector provided the key does not already exist in the objectâs nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the API server Deployment and each of this fieldâs key/value pairs are added to the API server Deployment nodeSelector provided the key does not already exist in the objectâs nodeSelector. If omitted, the API server Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default API server Deployment nodeSelector. |
topologySpreadConstraints[]Kubernetes core/v1.TopologySpreadConstraint | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations[]Kubernetes core/v1.Toleration | (Optional) Tolerations is the API server podâs tolerations. If specified, this overrides any tolerations that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default API server Deployment tolerations. |
priorityClassNamestring | (Optional) PriorityClassName allows to specify a PriorityClass resource to be used. |
APIServerDeploymentPodTemplateSpec
(Appears on:APIServerDeploymentSpec)
APIServerDeploymentPodTemplateSpec is the API server Deploymentâs PodTemplateSpec
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the podâs metadata. |
specAPIServerDeploymentPodSpec | (Optional) Spec is the API server Deploymentâs PodSpec. |
APIServerDeploymentSpec
(Appears on:APIServerDeployment)
APIServerDeploymentSpec defines configuration for the API server Deployment.
| Field | Description |
|---|---|
minReadySecondsint32 | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for minReadySeconds. |
templateAPIServerDeploymentPodTemplateSpec | (Optional) Template describes the API server Deployment pod that will be created. |
APIServerSpec
(Appears on:APIServer)
APIServerSpec defines the desired state of Tigera API server.
| Field | Description |
|---|---|
apiServerDeploymentAPIServerDeployment | APIServerDeployment configures the calico-apiserver (or tigera-apiserver in Enterprise) Deployment. If used in conjunction with ControlPlaneNodeSelector or ControlPlaneTolerations, then these overrides take precedence. |
APIServerStatus
(Appears on:APIServer)
APIServerStatus defines the observed state of Tigera API server.
| Field | Description |
|---|---|
statestring | State provides user-readable status. |
conditions[]Kubernetes meta/v1.Condition | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
AWSEgressGateway
(Appears on:EgressGatewaySpec)
AWSEgressGateway defines the configurations for deploying EgressGateway in AWS
| Field | Description |
|---|---|
nativeIPNativeIP | (Optional) NativeIP defines if EgressGateway is to use an AWS backed IPPool. Default: Disabled |
elasticIPs[]string | (Optional) ElasticIPs defines the set of elastic IPs that can be used for Egress Gateway pods. NativeIP must be Enabled if elastic IPs are set. |
AnomalyDetectionSpec
| Field | Description |
|---|---|
storageClassNamestring | (Optional) StorageClassName is now deprecated, and configuring it has no effect. |
ApplicationLayerPolicyStatusType(string alias)
(Appears on:ApplicationLayerSpec)
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
ApplicationLayerSpec
(Appears on:ApplicationLayer)
ApplicationLayerSpec defines the desired state of ApplicationLayer
| Field | Description |
|---|---|
webApplicationFirewallWAFStatusType | WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. When enabled, Services may opt-in to having ingress traffic examed by ModSecurity. |
logCollectionLogCollectionSpec | Specification for application layer (L7) log collection. |
applicationLayerPolicyApplicationLayerPolicyStatusType | Application Layer Policy controls whether or not ALP enforcement is enabled for the cluster. When enabled, NetworkPolicies with HTTP Match rules may be defined to opt-in workloads for traffic enforcement on the application layer. |
envoyEnvoySettings | User-configurable settings for the Envoy proxy. |
l7LogCollectorDaemonSetL7LogCollectorDaemonSet | (Optional) L7LogCollectorDaemonSet configures the L7LogCollector DaemonSet. |
sidecarInjectionSidecarStatusType | (Optional) SidecarInjection controls whether or not sidecar injection is enabled for the cluster. When enabled, pods with the label âapplicationlayer.projectcalico.org/sidecarâ=âtrueâ will have their L7 functionality such as WAF and ALP implemented using an injected sidecar instead of a per-host proxy. The per-host proxy will continue to be used for pods without this label. |
ApplicationLayerStatus
(Appears on:ApplicationLayer)
ApplicationLayerStatus defines the observed state of ApplicationLayer
| Field | Description |
|---|---|
statestring | State provides user-readable status. |
sidecarWebhookSidecarWebhookStateType | SidecarWebhook provides the state of sidecar injection mutatinwebhookconfiguration |
conditions[]Kubernetes meta/v1.Condition | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
Azure
(Appears on:InstallationSpec)
| Field | Description |
|---|---|
policyModePolicyMode | (Optional) PolicyMode determines whether the âcontrol-planeâ label is applied to namespaces. It offers two options: Default and Manual. The Default option adds the âcontrol-planeâ label to the required namespaces. The Manual option does not apply the âcontrol-planeâ label to any namespace. Default: Default |
BGPOption(string alias)
(Appears on:CalicoNetworkSpec)
BGPOption describes the mode of BGP to use.
One of: Enabled, Disabled
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
CAType(string alias)
CAType specifies which verification method the tunnel client should use to verify the tunnel serverâs identity.
One of: Tigera, Public
| Value | Description |
|---|---|
"Public" | |
"Tigera" |
CNILogging
(Appears on:Logging)
| Field | Description |
|---|---|
logSeverityLogLevel | (Optional) Default: Info |
logFileMaxSizek8s.io/apimachinery/pkg/api/resource.Quantity | (Optional) Default: 100Mi |
logFileMaxAgeDaysuint32 | (Optional) Default: 30 (days) |
logFileMaxCountuint32 | (Optional) Default: 10 |
CNIPluginType(string alias)
(Appears on:CNISpec)
CNIPluginType describes the type of CNI plugin used.
One of: Calico, GKE, AmazonVPC, AzureVNET
| Value | Description |
|---|---|
"AmazonVPC" | |
"AzureVNET" | |
"Calico" | |
"GKE" |
CNISpec
(Appears on:InstallationSpec)
CNISpec contains configuration for the CNI plugin.
| Field | Description |
|---|---|
typeCNIPluginType | Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation.
For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment, for all other values the CNI plugin binaries and CNI config is a dependency that is expected to be installed separately. Default: Calico |
ipamIPAMSpec | (Optional) IPAM specifies the pod IP address management that will be used in the Calico or Calico Enterprise installation. |
CSINodeDriverDaemonSet
(Appears on:InstallationSpec)
CSINodeDriverDaemonSet is the configuration for the csi-node-driver DaemonSet.
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the DaemonSet. |
specCSINodeDriverDaemonSetSpec | (Optional) Spec is the specification of the csi-node-driver DaemonSet. |
CSINodeDriverDaemonSetContainer
(Appears on:CSINodeDriverDaemonSetPodSpec)
CSINodeDriverDaemonSetContainer is a csi-node-driver DaemonSet container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the csi-node-driver DaemonSet container by name. Supported values are: calico-csi, csi-node-driver-registrar. |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named csi-node-driver DaemonSet containerâs resources. If omitted, the csi-node-driver DaemonSet will use its default value for this containerâs resources. |
CSINodeDriverDaemonSetPodSpec
(Appears on:CSINodeDriverDaemonSetPodTemplateSpec)
CSINodeDriverDaemonSetPodSpec is the csi-node-driver DaemonSetâs PodSpec.
| Field | Description |
|---|---|
containers[]CSINodeDriverDaemonSetContainer | (Optional) Containers is a list of csi-node-driver containers. If specified, this overrides the specified csi-node-driver DaemonSet containers. If omitted, the csi-node-driver DaemonSet will use its default values for its containers. |
affinityKubernetes core/v1.Affinity | (Optional) Affinity is a group of affinity scheduling rules for the csi-node-driver pods. If specified, this overrides any affinity that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default csi-node-driver DaemonSet affinity. |
nodeSelectormap[string]string | (Optional) NodeSelector is the csi-node-driver podâs scheduling constraints. If specified, each of the key/value pairs are added to the csi-node-driver DaemonSet nodeSelector provided the key does not already exist in the objectâs nodeSelector. If omitted, the csi-node-driver DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default csi-node-driver DaemonSet nodeSelector. |
tolerations[]Kubernetes core/v1.Toleration | (Optional) Tolerations is the csi-node-driver podâs tolerations. If specified, this overrides any tolerations that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default csi-node-driver DaemonSet tolerations. |
CSINodeDriverDaemonSetPodTemplateSpec
(Appears on:CSINodeDriverDaemonSetSpec)
CSINodeDriverDaemonSetPodTemplateSpec is the csi-node-driver DaemonSetâs PodTemplateSpec
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the podâs metadata. |
specCSINodeDriverDaemonSetPodSpec | (Optional) Spec is the csi-node-driver DaemonSetâs PodSpec. |
CSINodeDriverDaemonSetSpec
(Appears on:CSINodeDriverDaemonSet)
CSINodeDriverDaemonSetSpec defines configuration for the csi-node-driver DaemonSet.
| Field | Description |
|---|---|
minReadySecondsint32 | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for minReadySeconds. |
templateCSINodeDriverDaemonSetPodTemplateSpec | (Optional) Template describes the csi-node-driver DaemonSet pod that will be created. |
CalicoKubeControllersDeployment
(Appears on:InstallationSpec, TenantSpec)
CalicoKubeControllersDeployment is the configuration for the calico-kube-controllers Deployment.
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the Deployment. |
specCalicoKubeControllersDeploymentSpec | (Optional) Spec is the specification of the calico-kube-controllers Deployment. |
CalicoKubeControllersDeploymentContainer
(Appears on:CalicoKubeControllersDeploymentPodSpec)
CalicoKubeControllersDeploymentContainer is a calico-kube-controllers Deployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the calico-kube-controllers Deployment container by name. Supported values are: calico-kube-controllers, es-calico-kube-controllers |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-kube-controllers Deployment containerâs resources. If omitted, the calico-kube-controllers Deployment will use its default value for this containerâs resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoKubeControllersDeploymentPodSpec
(Appears on:CalicoKubeControllersDeploymentPodTemplateSpec)
CalicoKubeControllersDeploymentPodSpec is the calico-kube-controller Deploymentâs PodSpec.
| Field | Description |
|---|---|
containers[]CalicoKubeControllersDeploymentContainer | (Optional) Containers is a list of calico-kube-controllers containers. If specified, this overrides the specified calico-kube-controllers Deployment containers. If omitted, the calico-kube-controllers Deployment will use its default values for its containers. |
affinityKubernetes core/v1.Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-kube-controllers pods. If specified, this overrides any affinity that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for affinity. WARNING: Please note that this field will override the default calico-kube-controllers Deployment affinity. |
nodeSelectormap[string]string | NodeSelector is the calico-kube-controllers podâs scheduling constraints. If specified, each of the key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided the key does not already exist in the objectâs nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-kube-controllers Deployment and each of this fieldâs key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided the key does not already exist in the objectâs nodeSelector. If omitted, the calico-kube-controllers Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-kube-controllers Deployment nodeSelector. |
tolerations[]Kubernetes core/v1.Toleration | (Optional) Tolerations is the calico-kube-controllers podâs tolerations. If specified, this overrides any tolerations that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default calico-kube-controllers Deployment tolerations. |
CalicoKubeControllersDeploymentPodTemplateSpec
(Appears on:CalicoKubeControllersDeploymentSpec)
CalicoKubeControllersDeploymentPodTemplateSpec is the calico-kube-controllers Deploymentâs PodTemplateSpec
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the podâs metadata. |
specCalicoKubeControllersDeploymentPodSpec | (Optional) Spec is the calico-kube-controllers Deploymentâs PodSpec. |
CalicoKubeControllersDeploymentSpec
(Appears on:CalicoKubeControllersDeployment)
CalicoKubeControllersDeploymentSpec defines configuration for the calico-kube-controllers Deployment.
| Field | Description |
|---|---|
minReadySecondsint32 | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for minReadySeconds. |
templateCalicoKubeControllersDeploymentPodTemplateSpec | (Optional) Template describes the calico-kube-controllers Deployment pod that will be created. |
CalicoNetworkSpec
(Appears on:InstallationSpec)
CalicoNetworkSpec specifies configuration options for Calico provided pod networking.
| Field | Description |
|---|---|
linuxDataplaneLinuxDataplaneOption | (Optional) LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, iptables mode is used. Default: Iptables |
windowsDataplaneWindowsDataplaneOption | (Optional) WindowsDataplane is used to select the dataplane used for Windows nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, it is disabled and the operator will not render the Calico Windows nodes daemonset. Default: Disabled |
bgpBGPOption | (Optional) BGP configures whether or not to enable Calicoâs BGP capabilities. |
ipPools[]IPPool | (Optional) IPPools contains a list of IP pools to manage. If nil, a single IP pool will be defaulted. If an empty list is provided, the operator will not create any IP pools and will instead wait for IP pools to be created out-of-band. IP pools in this list will be reconciled by the operator and should not be modified out-of-band. |
mtuint32 | (Optional) MTU specifies the maximum transmission unit to use on the pod network. If not specified, Calico will perform MTU auto-detection based on the cluster network. |
nodeAddressAutodetectionV4NodeAddressAutodetection | (Optional) NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified, will use default auto-detection settings to acquire an IPv4 address for each node. |
nodeAddressAutodetectionV6NodeAddressAutodetection | (Optional) NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified, IPv6 addresses will not be auto-detected. |
hostPortsHostPortsType | (Optional) HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin. Default: Enabled |
multiInterfaceModeMultiInterfaceMode | (Optional) MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations using the Calico CNI plugin. Default: None |
containerIPForwardingContainerIPForwardingType | (Optional) ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration. Default: Disabled |
sysctl[]Sysctl | (Optional) Sysctl configures sysctl parameters for tuning plugin |
linuxPolicySetupTimeoutSecondsint32 | (Optional) LinuxPolicySetupTimeoutSeconds delays new pods from running containers until their policy has been programmed in the dataplane. The specified delay defines the maximum amount of time that the Calico CNI plugin will wait for policy to be programmed. Only applies to pods created on Linux nodes.
Default: 0 |
CalicoNodeDaemonSet
(Appears on:InstallationSpec)
CalicoNodeDaemonSet is the configuration for the calico-node DaemonSet.
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the DaemonSet. |
specCalicoNodeDaemonSetSpec | (Optional) Spec is the specification of the calico-node DaemonSet. |
CalicoNodeDaemonSetContainer
(Appears on:CalicoNodeDaemonSetPodSpec)
CalicoNodeDaemonSetContainer is a calico-node DaemonSet container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the calico-node DaemonSet container by name. Supported values are: calico-node |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node DaemonSet containerâs resources. If omitted, the calico-node DaemonSet will use its default value for this containerâs resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeDaemonSetInitContainer
(Appears on:CalicoNodeDaemonSetPodSpec)
CalicoNodeDaemonSetInitContainer is a calico-node DaemonSet init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the calico-node DaemonSet init container by name. Supported values are: install-cni, hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-prometheus-server-tls-key-cert-provisioner |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node DaemonSet init containerâs resources. If omitted, the calico-node DaemonSet will use its default value for this containerâs resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeDaemonSetPodSpec
(Appears on:CalicoNodeDaemonSetPodTemplateSpec)
CalicoNodeDaemonSetPodSpec is the calico-node DaemonSetâs PodSpec.
| Field | Description |
|---|---|
initContainers[]CalicoNodeDaemonSetInitContainer | (Optional) InitContainers is a list of calico-node init containers. If specified, this overrides the specified calico-node DaemonSet init containers. If omitted, the calico-node DaemonSet will use its default values for its init containers. |
containers[]CalicoNodeDaemonSetContainer | (Optional) Containers is a list of calico-node containers. If specified, this overrides the specified calico-node DaemonSet containers. If omitted, the calico-node DaemonSet will use its default values for its containers. |
affinityKubernetes core/v1.Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-node pods. If specified, this overrides any affinity that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-node DaemonSet affinity. |
nodeSelectormap[string]string | (Optional) NodeSelector is the calico-node podâs scheduling constraints. If specified, each of the key/value pairs are added to the calico-node DaemonSet nodeSelector provided the key does not already exist in the objectâs nodeSelector. If omitted, the calico-node DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-node DaemonSet nodeSelector. |
tolerations[]Kubernetes core/v1.Toleration | (Optional) Tolerations is the calico-node podâs tolerations. If specified, this overrides any tolerations that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-node DaemonSet tolerations. |
CalicoNodeDaemonSetPodTemplateSpec
(Appears on:CalicoNodeDaemonSetSpec)
CalicoNodeDaemonSetPodTemplateSpec is the calico-node DaemonSetâs PodTemplateSpec
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the podâs metadata. |
specCalicoNodeDaemonSetPodSpec | (Optional) Spec is the calico-node DaemonSetâs PodSpec. |
CalicoNodeDaemonSetSpec
(Appears on:CalicoNodeDaemonSet)
CalicoNodeDaemonSetSpec defines configuration for the calico-node DaemonSet.
| Field | Description |
|---|---|
minReadySecondsint32 | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for minReadySeconds. |
templateCalicoNodeDaemonSetPodTemplateSpec | (Optional) Template describes the calico-node DaemonSet pod that will be created. |
CalicoNodeWindowsDaemonSet
(Appears on:InstallationSpec)
CalicoNodeWindowsDaemonSet is the configuration for the calico-node-windows DaemonSet.
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the DaemonSet. |
specCalicoNodeWindowsDaemonSetSpec | (Optional) Spec is the specification of the calico-node-windows DaemonSet. |
CalicoNodeWindowsDaemonSetContainer
(Appears on:CalicoNodeWindowsDaemonSetPodSpec)
CalicoNodeWindowsDaemonSetContainer is a calico-node-windows DaemonSet container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the calico-node-windows DaemonSet container by name. Supported values are: calico-node-windows |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node-windows DaemonSet containerâs resources. If omitted, the calico-node-windows DaemonSet will use its default value for this containerâs resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeWindowsDaemonSetInitContainer
(Appears on:CalicoNodeWindowsDaemonSetPodSpec)
CalicoNodeWindowsDaemonSetInitContainer is a calico-node-windows DaemonSet init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the calico-node-windows DaemonSet init container by name. Supported values are: install-cni;hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-windows-prometheus-server-tls-key-cert-provisioner |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node-windows DaemonSet init containerâs resources. If omitted, the calico-node-windows DaemonSet will use its default value for this containerâs resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeWindowsDaemonSetPodSpec
(Appears on:CalicoNodeWindowsDaemonSetPodTemplateSpec)
CalicoNodeWindowsDaemonSetPodSpec is the calico-node-windows DaemonSetâs PodSpec.
| Field | Description |
|---|---|
initContainers[]CalicoNodeWindowsDaemonSetInitContainer | (Optional) InitContainers is a list of calico-node-windows init containers. If specified, this overrides the specified calico-node-windows DaemonSet init containers. If omitted, the calico-node-windows DaemonSet will use its default values for its init containers. |
containers[]CalicoNodeWindowsDaemonSetContainer | (Optional) Containers is a list of calico-node-windows containers. If specified, this overrides the specified calico-node-windows DaemonSet containers. If omitted, the calico-node-windows DaemonSet will use its default values for its containers. |
affinityKubernetes core/v1.Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-node-windows pods. If specified, this overrides any affinity that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-node-windows DaemonSet affinity. |
nodeSelectormap[string]string | (Optional) NodeSelector is the calico-node-windows podâs scheduling constraints. If specified, each of the key/value pairs are added to the calico-node-windows DaemonSet nodeSelector provided the key does not already exist in the objectâs nodeSelector. If omitted, the calico-node-windows DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-node-windows DaemonSet nodeSelector. |
tolerations[]Kubernetes core/v1.Toleration | (Optional) Tolerations is the calico-node-windows podâs tolerations. If specified, this overrides any tolerations that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-node-windows DaemonSet tolerations. |
CalicoNodeWindowsDaemonSetPodTemplateSpec
(Appears on:CalicoNodeWindowsDaemonSetSpec)
CalicoNodeWindowsDaemonSetPodTemplateSpec is the calico-node-windows DaemonSetâs PodTemplateSpec
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the podâs metadata. |
specCalicoNodeWindowsDaemonSetPodSpec | (Optional) Spec is the calico-node-windows DaemonSetâs PodSpec. |
CalicoNodeWindowsDaemonSetSpec
(Appears on:CalicoNodeWindowsDaemonSet)
CalicoNodeWindowsDaemonSetSpec defines configuration for the calico-node-windows DaemonSet.
| Field | Description |
|---|---|
minReadySecondsint32 | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds. |
templateCalicoNodeWindowsDaemonSetPodTemplateSpec | (Optional) Template describes the calico-node-windows DaemonSet pod that will be created. |
CalicoWindowsUpgradeDaemonSet
(Appears on:InstallationSpec)
Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet is the configuration for the calico-windows-upgrade DaemonSet.
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the Deployment. |
specCalicoWindowsUpgradeDaemonSetSpec | (Optional) Spec is the specification of the calico-windows-upgrade DaemonSet. |
CalicoWindowsUpgradeDaemonSetContainer
(Appears on:CalicoWindowsUpgradeDaemonSetPodSpec)
CalicoWindowsUpgradeDaemonSetContainer is a calico-windows-upgrade DaemonSet container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the calico-windows-upgrade DaemonSet container by name. |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-windows-upgrade DaemonSet containerâs resources. If omitted, the calico-windows-upgrade DaemonSet will use its default value for this containerâs resources. |
CalicoWindowsUpgradeDaemonSetPodSpec
(Appears on:CalicoWindowsUpgradeDaemonSetPodTemplateSpec)
CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSetâs PodSpec.
| Field | Description |
|---|---|
containers[]CalicoWindowsUpgradeDaemonSetContainer | (Optional) Containers is a list of calico-windows-upgrade containers. If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers. |
affinityKubernetes core/v1.Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity. |
nodeSelectormap[string]string | (Optional) NodeSelector is the calico-windows-upgrade podâs scheduling constraints. If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided the key does not already exist in the objectâs nodeSelector. If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector. |
tolerations[]Kubernetes core/v1.Toleration | (Optional) Tolerations is the calico-windows-upgrade podâs tolerations. If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations. |
CalicoWindowsUpgradeDaemonSetPodTemplateSpec
(Appears on:CalicoWindowsUpgradeDaemonSetSpec)
CalicoWindowsUpgradeDaemonSetPodTemplateSpec is the calico-windows-upgrade DaemonSetâs PodTemplateSpec
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the podâs metadata. |
specCalicoWindowsUpgradeDaemonSetPodSpec | (Optional) Spec is the calico-windows-upgrade DaemonSetâs PodSpec. |
CalicoWindowsUpgradeDaemonSetSpec
(Appears on:CalicoWindowsUpgradeDaemonSet)
CalicoWindowsUpgradeDaemonSetSpec defines configuration for the calico-windows-upgrade DaemonSet.
| Field | Description |
|---|---|
minReadySecondsint32 | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds. |
templateCalicoWindowsUpgradeDaemonSetPodTemplateSpec | (Optional) Template describes the calico-windows-upgrade DaemonSet pod that will be created. |
CertificateManagement
(Appears on:InstallationSpec)
CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization.
| Field | Description |
|---|---|
caCert[]byte | Certificate of the authority that signs the CertificateSigningRequests in PEM format. |
signerNamestring | When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters
with multiple signers.
Must be formatted as: |
keyAlgorithmstring | (Optional) Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. Default: RSAWithSize2048 |
signatureAlgorithmstring | (Optional) Specify the algorithm used for the signature of the X.509 certificate request. Default: SHA256WithRSA |
CollectProcessPathOption(string alias)
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
CommonPrometheusFields
(Appears on:PrometheusSpec)
| Field | Description |
|---|---|
containers[]PrometheusContainer | (Optional) Containers is a list of Prometheus containers. If specified, this overrides the specified Prometheus Deployment containers. If omitted, the Prometheus Deployment will use its default values for its containers. |
resourcesKubernetes core/v1.ResourceRequirements | Define resources requests and limits for single Pods. |
ComponentName(string alias)
(Appears on:ComponentResource)
ComponentName represents a single component.
One of: Node, Typha, KubeControllers
| Value | Description |
|---|---|
"ConfdWindows" | |
"FelixWindows" | |
"KubeControllers" | |
"Node" | |
"NodeWindows" | |
"Typha" |
ComponentResource
(Appears on:InstallationSpec)
Deprecated. Please use component resource config fields in Installation.Spec instead. The ComponentResource struct associates a ResourceRequirements with a component by name
| Field | Description |
|---|---|
componentNameComponentName | ComponentName is an enum which identifies the component |
resourceRequirementsKubernetes core/v1.ResourceRequirements | ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory. |
ConditionStatus(string alias)
(Appears on:TigeraStatusCondition)
ConditionStatus represents the status of a particular condition. A condition may be one of: True, False, Unknown.
| Value | Description |
|---|---|
"False" | |
"True" | |
"Unknown" |
ContainerIPForwardingType(string alias)
(Appears on:CalicoNetworkSpec)
ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled.
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
DPIDaemonsetInitContainer
(Appears on:DPIDaemonsetTemplateSpec)
| Field | Description |
|---|---|
namestring | Name is an enum that identifies the init container by its name. |
imagestring | Image name for the init container |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the init containerâs resources. If omitted, the default values will be used for the init containerâs resources. |
DPIDaemonsetSpec
(Appears on:DeepPacketInspectionDaemonset)
| Field | Description |
|---|---|
templateDPIDaemonsetTemplate | (Optional) Template specifies DPI Daemonset Template |
DPIDaemonsetTemplate
(Appears on:DPIDaemonsetSpec)
| Field | Description |
|---|---|
specDPIDaemonsetTemplateSpec | (Optional) Spec specifies DPI Daemonset Template Spec |
DPIDaemonsetTemplateSpec
(Appears on:DPIDaemonsetTemplate)
| Field | Description |
|---|---|
initContainers[]DPIDaemonsetInitContainer | List of DPI Daemonset Init containers definitions |
DashboardsJob
(Appears on:TenantSpec)
DashboardsJob is the configuration for the Dashboards job.
| Field | Description |
|---|---|
specDashboardsJobSpec | (Optional) Spec is the specification of the dashboards job. |
DashboardsJobContainer
(Appears on:DashboardsJobPodSpec)
DashboardsJobContainer is the Dashboards job container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the Dashboard Job container by name. Supported values are: dashboards-installer |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Dashboard Job containerâs resources. If omitted, the Dashboard Job will use its default value for this containerâs resources. |
DashboardsJobPodSpec
(Appears on:DashboardsJobPodTemplateSpec)
DashboardsJobPodSpec is the Dashboards jobâs PodSpec.
| Field | Description |
|---|---|
containers[]DashboardsJobContainer | (Optional) Containers is a list of dashboards job containers. If specified, this overrides the specified Dashboard job containers. If omitted, the Dashboard job will use its default values for its containers. |
DashboardsJobPodTemplateSpec
(Appears on:DashboardsJobSpec)
DashboardsJobPodTemplateSpec is the Dashboards jobâs PodTemplateSpec
| Field | Description |
|---|---|
specDashboardsJobPodSpec | (Optional) Spec is the Dashboard jobâs PodSpec. |
DashboardsJobSpec
(Appears on:DashboardsJob)
DashboardsJobSpec defines configuration for the Dashboards job.
| Field | Description |
|---|---|
templateDashboardsJobPodTemplateSpec | (Optional) Template describes the Dashboards job pod that will be created. |
DataType(string alias)
(Appears on:Index)
DataType represent the type of data stored
| Value | Description |
|---|---|
"Alerts" | |
"AuditLogs" | |
"BGPLogs" | |
"ComplianceBenchmarks" | |
"ComplianceReports" | |
"ComplianceSnapshots" | |
"DNSLogs" | |
"FlowLogs" | |
"L7Logs" | |
"RuntimeReports" | |
"ThreatFeedsDomainSet" | |
"ThreatFeedsIPSet" | |
"WAFLogs" |
DeepPacketInspectionDaemonset
| Field | Description |
|---|---|
specDPIDaemonsetSpec | (Optional) DPIDaemonsetSpec configures the DPI Daemonset |
DexDeployment
DexDeployment is the configuration for the Dex Deployment.
| Field | Description |
|---|---|
specDexDeploymentSpec | (Optional) Spec is the specification of the Dex Deployment. |
DexDeploymentContainer
(Appears on:DexDeploymentPodSpec)
DexDeploymentContainer is a Dex Deployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the Dex Deployment container by name. Supported values are: tigera-dex |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Dex Deployment containerâs resources. If omitted, the Dex Deployment will use its default value for this containerâs resources. |
DexDeploymentInitContainer
(Appears on:DexDeploymentPodSpec)
DexDeploymentInitContainer is a Dex Deployment init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the Dex Deployment init container by name. Supported values are: tigera-dex-tls-key-cert-provisioner |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Dex Deployment init containerâs resources. If omitted, the Dex Deployment will use its default value for this init containerâs resources. |
DexDeploymentPodSpec
(Appears on:DexDeploymentPodTemplateSpec)
DexDeploymentPodSpec is the Dex Deploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]DexDeploymentInitContainer | (Optional) InitContainers is a list of Dex init containers. If specified, this overrides the specified Dex Deployment init containers. If omitted, the Dex Deployment will use its default values for its init containers. |
containers[]DexDeploymentContainer | (Optional) Containers is a list of Dex containers. If specified, this overrides the specified Dex Deployment containers. If omitted, the Dex Deployment will use its default values for its containers. |
DexDeploymentPodTemplateSpec
(Appears on:DexDeploymentSpec)
DexDeploymentPodTemplateSpec is the Dex Deploymentâs PodTemplateSpec
| Field | Description |
|---|---|
specDexDeploymentPodSpec | (Optional) Spec is the Dex Deploymentâs PodSpec. |
DexDeploymentSpec
(Appears on:DexDeployment)
DexDeploymentSpec defines configuration for the Dex Deployment.
| Field | Description |
|---|---|
templateDexDeploymentPodTemplateSpec | (Optional) Template describes the Dex Deployment pod that will be created. |
ECKOperatorStatefulSet
ECKOperatorStatefulSet is the configuration for the ECKOperator StatefulSet.
| Field | Description |
|---|---|
specECKOperatorStatefulSetSpec | (Optional) Spec is the specification of the ECKOperator StatefulSet. |
ECKOperatorStatefulSetContainer
(Appears on:ECKOperatorStatefulSetPodSpec)
ECKOperatorStatefulSetContainer is a ECKOperator StatefulSet container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the ECKOperator StatefulSet container by name. Supported values are: manager |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ECKOperator StatefulSet containerâs resources. If omitted, the ECKOperator StatefulSet will use its default value for this containerâs resources. |
ECKOperatorStatefulSetInitContainer
(Appears on:ECKOperatorStatefulSetPodSpec)
ECKOperatorStatefulSetInitContainer is a ECKOperator StatefulSet init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the ECKOperator StatefulSet init container by name. |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ECKOperator StatefulSet init containerâs resources. If omitted, the ECKOperator StatefulSet will use its default value for this init containerâs resources. |
ECKOperatorStatefulSetPodSpec
(Appears on:ECKOperatorStatefulSetPodTemplateSpec)
ECKOperatorStatefulSetPodSpec is the ECKOperator StatefulSetâs PodSpec.
| Field | Description |
|---|---|
initContainers[]ECKOperatorStatefulSetInitContainer | (Optional) InitContainers is a list of ECKOperator StatefulSet init containers. If specified, this overrides the specified ECKOperator StatefulSet init containers. If omitted, the ECKOperator StatefulSet will use its default values for its init containers. |
containers[]ECKOperatorStatefulSetContainer | (Optional) Containers is a list of ECKOperator StatefulSet containers. If specified, this overrides the specified ECKOperator StatefulSet containers. If omitted, the ECKOperator StatefulSet will use its default values for its containers. |
ECKOperatorStatefulSetPodTemplateSpec
(Appears on:ECKOperatorStatefulSetSpec)
ECKOperatorStatefulSetPodTemplateSpec is the ECKOperator StatefulSetâs PodTemplateSpec
| Field | Description |
|---|---|
specECKOperatorStatefulSetPodSpec | (Optional) Spec is the ECKOperator StatefulSetâs PodSpec. |
ECKOperatorStatefulSetSpec
(Appears on:ECKOperatorStatefulSet)
ECKOperatorStatefulSetSpec defines configuration for the ECKOperator StatefulSet.
| Field | Description |
|---|---|
templateECKOperatorStatefulSetPodTemplateSpec | (Optional) Template describes the ECKOperator StatefulSet pod that will be created. |
EGWDeploymentContainer
(Appears on:EgressGatewayDeploymentPodSpec)
EGWDeploymentContainer is a Egress Gateway Deployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the EGW Deployment container by name. Supported values are: calico-egw |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named EGW Deployment containerâs resources. If omitted, the EGW Deployment will use its default value for this containerâs resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
EGWDeploymentInitContainer
(Appears on:EgressGatewayDeploymentPodSpec)
EGWDeploymentInitContainer is a Egress Gateway Deployment init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the EGW Deployment init container by name. Supported values are: egress-gateway-init |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named EGW Deployment init containerâs resources. If omitted, the EGW Deployment will use its default value for this init containerâs resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
EKSLogForwarderDeployment
EKSLogForwarderDeployment is the configuration for the EKSLogForwarder Deployment.
| Field | Description |
|---|---|
specEKSLogForwarderDeploymentSpec | (Optional) Spec is the specification of the EKSLogForwarder Deployment. |
EKSLogForwarderDeploymentContainer
(Appears on:EKSLogForwarderDeploymentPodSpec)
EKSLogForwarderDeploymentContainer is a EKSLogForwarder Deployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the EKSLogForwarder Deployment container by name. Supported values are: eks-log-forwarder |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named EKSLogForwarder Deployment containerâs resources. If omitted, the EKSLogForwarder Deployment will use its default value for this containerâs resources. |
EKSLogForwarderDeploymentInitContainer
(Appears on:EKSLogForwarderDeploymentPodSpec)
EKSLogForwarderDeploymentInitContainer is a EKSLogForwarder Deployment init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the EKSLogForwarder Deployment init container by name. Supported values are: eks-log-forwarder-startup |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named EKSLogForwarder Deployment init containerâs resources. If omitted, the EKSLogForwarder Deployment will use its default value for this init containerâs resources. |
EKSLogForwarderDeploymentPodSpec
(Appears on:EKSLogForwarderDeploymentPodTemplateSpec)
EKSLogForwarderDeploymentPodSpec is the EKSLogForwarder Deploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]EKSLogForwarderDeploymentInitContainer | (Optional) InitContainers is a list of EKSLogForwarder init containers. If specified, this overrides the specified EKSLogForwarder Deployment init containers. If omitted, the EKSLogForwarder Deployment will use its default values for its init containers. |
containers[]EKSLogForwarderDeploymentContainer | (Optional) Containers is a list of EKSLogForwarder containers. If specified, this overrides the specified EKSLogForwarder Deployment containers. If omitted, the EKSLogForwarder Deployment will use its default values for its containers. |
EKSLogForwarderDeploymentPodTemplateSpec
(Appears on:EKSLogForwarderDeploymentSpec)
EKSLogForwarderDeploymentPodTemplateSpec is the EKSLogForwarder Deploymentâs PodTemplateSpec
| Field | Description |
|---|---|
specEKSLogForwarderDeploymentPodSpec | (Optional) Spec is the EKSLogForwarder Deploymentâs PodSpec. |
EKSLogForwarderDeploymentSpec
(Appears on:EKSLogForwarderDeployment)
EKSLogForwarderDeploymentSpec defines configuration for the EKSLogForwarder Deployment.
| Field | Description |
|---|---|
templateEKSLogForwarderDeploymentPodTemplateSpec | (Optional) Template describes the EKSLogForwarder Deployment pod that will be created. |
ESGatewayDeployment
ESGatewayDeployment is the configuration for the es-gateway Deployment.
| Field | Description |
|---|---|
specESGatewayDeploymentSpec | (Optional) Spec is the specification of the es-gateway Deployment. |
ESGatewayDeploymentContainer
(Appears on:ESGatewayDeploymentPodSpec)
ESGatewayDeploymentContainer is a es-gateway Deployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the es-gateway Deployment container by name. Supported values are: tigera-secure-es-gateway |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named es-gateway Deployment containerâs resources. If omitted, the es-gateway Deployment will use its default value for this containerâs resources. |
ESGatewayDeploymentInitContainer
(Appears on:ESGatewayDeploymentPodSpec)
ESGatewayDeploymentInitContainer is a es-gateway Deployment init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the es-gateway Deployment init container by name. Supported values are: tigera-secure-elasticsearch-cert-key-cert-provisioner |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named es-gateway Deployment init containerâs resources. If omitted, the es-gateway Deployment will use its default value for this init containerâs resources. |
ESGatewayDeploymentPodSpec
(Appears on:ESGatewayDeploymentPodTemplateSpec)
ESGatewayDeploymentPodSpec is the es-gateway Deploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]ESGatewayDeploymentInitContainer | (Optional) InitContainers is a list of es-gateway init containers. If specified, this overrides the specified es-gateway Deployment init containers. If omitted, the es-gateway Deployment will use its default values for its init containers. |
containers[]ESGatewayDeploymentContainer | (Optional) Containers is a list of es-gateway containers. If specified, this overrides the specified es-gateway Deployment containers. If omitted, the es-gateway Deployment will use its default values for its containers. |
ESGatewayDeploymentPodTemplateSpec
(Appears on:ESGatewayDeploymentSpec)
ESGatewayDeploymentPodTemplateSpec is the es-gateway Deploymentâs PodTemplateSpec
| Field | Description |
|---|---|
specESGatewayDeploymentPodSpec | (Optional) Spec is the es-gateway Deploymentâs PodSpec. |
ESGatewayDeploymentSpec
(Appears on:ESGatewayDeployment)
ESGatewayDeploymentSpec defines configuration for the es-gateway Deployment.
| Field | Description |
|---|---|
templateESGatewayDeploymentPodTemplateSpec | (Optional) Template describes the es-gateway Deployment pod that will be created. |
EgressGatewayDeploymentPodSpec
(Appears on:EgressGatewayDeploymentPodTemplateSpec)
EgressGatewayDeploymentPodSpec is the Egress Gateway Deploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]EGWDeploymentInitContainer | (Optional) InitContainers is a list of EGW init containers. If specified, this overrides the specified EGW Deployment init containers. If omitted, the EGW Deployment will use its default values for its init containers. |
containers[]EGWDeploymentContainer | (Optional) Containers is a list of EGW containers. If specified, this overrides the specified EGW Deployment containers. If omitted, the EGW Deployment will use its default values for its containers. |
affinityKubernetes core/v1.Affinity | (Optional) Affinity is a group of affinity scheduling rules for the EGW pods. |
nodeSelectormap[string]string | (Optional) NodeSelector gives more control over the nodes where the Egress Gateway pods will run on. |
terminationGracePeriodSecondsint64 | (Optional) TerminationGracePeriodSeconds defines the termination grace period of the Egress Gateway pods in seconds. |
topologySpreadConstraints[]Kubernetes core/v1.TopologySpreadConstraint | (Optional) TopologySpreadConstraints defines how the Egress Gateway pods should be spread across different AZs. |
tolerations[]Kubernetes core/v1.Toleration | (Optional) Tolerations is the egress gateway podâs tolerations. If specified, this overrides any tolerations that may be set on the EGW Deployment. If omitted, the EGW Deployment will use its default value for tolerations. |
priorityClassNamestring | (Optional) PriorityClassName allows to specify a PriorityClass resource to be used. |
EgressGatewayDeploymentPodTemplateSpec
(Appears on:EgressGatewaySpec)
EgressGatewayDeploymentPodTemplateSpec is the EGW Deploymentâs PodTemplateSpec
| Field | Description |
|---|---|
metadataEgressGatewayMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the podâs metadata. |
specEgressGatewayDeploymentPodSpec | (Optional) Spec is the EGW Deploymentâs PodSpec. |
EgressGatewayFailureDetection
(Appears on:EgressGatewaySpec)
EgressGatewayFailureDetection defines the fields the needed for determining Egress Gateway readiness.
| Field | Description |
|---|---|
healthTimeoutDataStoreSecondsint32 | (Optional) HealthTimeoutDataStoreSeconds defines how long Egress Gateway can fail to connect to the datastore before reporting not ready. This value must be greater than 0. Default: 90 |
icmpProbeICMPProbe | (Optional) ICMPProbe define outgoing ICMP probes that Egress Gateway will use to verify its upstream connection. Egress Gateway will report not ready if all fail. Timeout must be greater than interval. |
httpProbeHTTPProbe | (Optional) HTTPProbe define outgoing HTTP probes that Egress Gateway will use to verify its upsteam connection. Egress Gateway will report not ready if all fail. Timeout must be greater than interval. |
EgressGatewayIPPool
(Appears on:EgressGatewaySpec)
| Field | Description |
|---|---|
namestring | (Optional) Name is the name of the IPPool that the Egress Gateways can use. |
cidrstring | (Optional) CIDR is the IPPool CIDR that the Egress Gateways can use. |
EgressGatewayMetadata
(Appears on:EgressGatewayDeploymentPodTemplateSpec)
EgressGatewayMetadata contains the standard Kubernetes labels and annotations fields.
| Field | Description |
|---|---|
labelsmap[string]string | (Optional) Labels is a map of string keys and values that may match replica set and service selectors. Each of these key/value pairs are added to the objectâs labels provided the key does not already exist in the objectâs labels. If not specified will default to projectcalico.org/egw:[name], where [name] is the name of the Egress Gateway resource. |
annotationsmap[string]string | (Optional) Annotations is a map of arbitrary non-identifying metadata. Each of these key/value pairs are added to the objectâs annotations provided the key does not already exist in the objectâs annotations. |
EgressGatewaySpec
(Appears on:EgressGateway)
EgressGatewaySpec defines the desired state of EgressGateway
| Field | Description |
|---|---|
replicasint32 | (Optional) Replicas defines how many instances of the Egress Gateway pod will run. |
ipPools[]EgressGatewayIPPool | IPPools defines the IP Pools that the Egress Gateway pods should be using. Either name or CIDR must be specified. IPPools must match existing IPPools. |
externalNetworks[]string | (Optional) ExternalNetworks defines the external network names this Egress Gateway is associated with. ExternalNetworks must match existing external networks. |
logSeverityLogLevel | (Optional) LogSeverity defines the logging level of the Egress Gateway. Default: Info |
templateEgressGatewayDeploymentPodTemplateSpec | (Optional) Template describes the EGW Deployment pod that will be created. |
egressGatewayFailureDetectionEgressGatewayFailureDetection | (Optional) EgressGatewayFailureDetection is used to configure how Egress Gateway determines readiness. If both ICMP, HTTP probes are defined, one ICMP probe and one HTTP probe should succeed for Egress Gateways to become ready. Otherwise one of ICMP or HTTP probe should succeed for Egress gateways to become ready if configured. |
awsAWSEgressGateway | (Optional) AWS defines the additional configuration options for Egress Gateways on AWS. |
EgressGatewayStatus
(Appears on:EgressGateway)
EgressGatewayStatus defines the observed state of EgressGateway
| Field | Description |
|---|---|
statestring | State provides user-readable status. |
conditions[]Kubernetes meta/v1.Condition | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
ElasticsearchMetricsDeployment
ElasticsearchMetricsDeployment is the configuration for the tigera-elasticsearch-metric Deployment.
| Field | Description |
|---|---|
specElasticsearchMetricsDeploymentSpec | (Optional) Spec is the specification of the ElasticsearchMetrics Deployment. |
ElasticsearchMetricsDeploymentContainer
(Appears on:ElasticsearchMetricsDeploymentPodSpec)
ElasticsearchMetricsDeploymentContainer is a ElasticsearchMetricsDeployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the ElasticsearchMetricsDeployment container by name. Supported values are: tigera-elasticsearch-metrics |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ElasticsearchMetricsDeployment containerâs resources. If omitted, the ElasticsearchMetrics Deployment will use its default value for this containerâs resources. |
ElasticsearchMetricsDeploymentInitContainer
(Appears on:ElasticsearchMetricsDeploymentPodSpec)
ElasticsearchMetricsDeploymentInitContainer is a ElasticsearchMetricsDeployment init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the ElasticsearchMetricsDeployment init container by name. Supported values are: tigera-ee-elasticsearch-metrics-tls-key-cert-provisioner |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ElasticsearchMetricsDeployment init containerâs resources. If omitted, the ElasticsearchMetrics Deployment will use its default value for this init containerâs resources. |
ElasticsearchMetricsDeploymentPodSpec
(Appears on:ElasticsearchMetricsDeploymentPodTemplateSpec)
ElasticsearchMetricsDeploymentPodSpec is the tElasticsearchMetricsDeploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]ElasticsearchMetricsDeploymentInitContainer | (Optional) InitContainers is a list of ElasticsearchMetricsDeployment init containers. If specified, this overrides the specified ElasticsearchMetricsDeployment init containers. If omitted, the ElasticsearchMetrics Deployment will use its default values for its init containers. |
containers[]ElasticsearchMetricsDeploymentContainer | (Optional) Containers is a list of ElasticsearchMetricsDeployment containers. If specified, this overrides the specified ElasticsearchMetricsDeployment containers. If omitted, the ElasticsearchMetrics Deployment will use its default values for its containers. |
ElasticsearchMetricsDeploymentPodTemplateSpec
(Appears on:ElasticsearchMetricsDeploymentSpec)
ElasticsearchMetricsDeploymentPodTemplateSpec is the ElasticsearchMetricsDeploymentâs PodTemplateSpec
| Field | Description |
|---|---|
specElasticsearchMetricsDeploymentPodSpec | (Optional) Spec is the ElasticsearchMetrics Deploymentâs PodSpec. |
ElasticsearchMetricsDeploymentSpec
(Appears on:ElasticsearchMetricsDeployment)
ElasticsearchMetricsDeploymentSpec defines configuration for the ElasticsearchMetricsDeployment Deployment.
| Field | Description |
|---|---|
templateElasticsearchMetricsDeploymentPodTemplateSpec | (Optional) Template describes the ElasticsearchMetrics Deployment pod that will be created. |
EncapsulationType(string alias)
(Appears on:IPPool)
EncapsulationType is the type of encapsulation to use on an IP pool.
One of: IPIP, VXLAN, IPIPCrossSubnet, VXLANCrossSubnet, None
| Value | Description |
|---|---|
"IPIP" | |
"IPIPCrossSubnet" | |
"None" | |
"VXLAN" | |
"VXLANCrossSubnet" |
EncryptionOption(string alias)
EncryptionOption specifies the traffic encryption mode when connecting to a Syslog server.
One of: None, TLS
| Value | Description |
|---|---|
"None" | |
"TLS" |
Endpoint
(Appears on:ServiceMonitor)
Endpoint contains a subset of relevant fields from the Prometheus Endpoint struct.
| Field | Description |
|---|---|
paramsmap[string][]string | Optional HTTP URL parameters Default: scrape all metrics. |
bearerTokenSecretKubernetes core/v1.SecretKeySelector | Secret to mount to read bearer token for scraping targets. Recommended: when unset, the operator will create a Secret, a ClusterRole and a ClusterRoleBinding. |
intervalgithub.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.Duration | Interval at which metrics should be scraped. If not specified Prometheusâ global scrape interval is used. |
scrapeTimeoutgithub.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.Duration | Timeout after which the scrape is ended.
If not specified, the Prometheus global scrape timeout is used unless it is less than |
honorLabelsbool | HonorLabels chooses the metricâs labels on collisions with target labels. |
honorTimestampsbool | HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. |
metricRelabelings[]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig | MetricRelabelConfigs to apply to samples before ingestion. |
relabelings[]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig | RelabelConfigs to apply to samples before scraping.
Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
The original scrape jobâs name is available via the |
EnvoySettings
(Appears on:ApplicationLayerSpec)
| Field | Description |
|---|---|
xffNumTrustedHopsint32 | (Optional) The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust when determining the origin clientâs IP address. 0 is permitted, but >=1 is the typical setting. |
useRemoteAddressbool | (Optional) If set to true, the Envoy connection manager will use the real remote address of the client connection when determining internal versus external origin and manipulating various headers. |
ExternalPrometheus
(Appears on:MonitorSpec)
| Field | Description |
|---|---|
serviceMonitorServiceMonitor | (Optional) ServiceMonitor when specified, the operator will create a ServiceMonitor object in the namespace. It is recommended that you configure labels if you want your prometheus instance to pick up the configuration automatically. The operator will configure 1 endpoint by default:
|
namespacestring | Namespace is the namespace where the operator will create resources for your Prometheus instance. The namespace must be created before the operator will create Prometheus resources. |
FIPSMode(string alias)
(Appears on:InstallationSpec)
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
FluentdDaemonSet
FluentdDaemonSet is the configuration for the Fluentd DaemonSet.
| Field | Description |
|---|---|
specFluentdDaemonSetSpec | (Optional) Spec is the specification of the Fluentd DaemonSet. |
FluentdDaemonSetContainer
(Appears on:FluentdDaemonSetPodSpec)
FluentdDaemonSetContainer is a Fluentd DaemonSet container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the Fluentd DaemonSet container by name. Supported values are: fluentd |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Fluentd DaemonSet containerâs resources. If omitted, the Fluentd DaemonSet will use its default value for this containerâs resources. |
FluentdDaemonSetInitContainer
(Appears on:FluentdDaemonSetPodSpec)
FluentdDaemonSetInitContainer is a Fluentd DaemonSet init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the Fluentd DaemonSet init container by name. Supported values are: tigera-fluentd-prometheus-tls-key-cert-provisioner |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Fluentd DaemonSet init containerâs resources. If omitted, the Fluentd DaemonSet will use its default value for this init containerâs resources. |
FluentdDaemonSetPodSpec
(Appears on:FluentdDaemonSetPodTemplateSpec)
FluentdDaemonSetPodSpec is the Fluentd DaemonSetâs PodSpec.
| Field | Description |
|---|---|
initContainers[]FluentdDaemonSetInitContainer | (Optional) InitContainers is a list of Fluentd DaemonSet init containers. If specified, this overrides the specified Fluentd DaemonSet init containers. If omitted, the Fluentd DaemonSet will use its default values for its init containers. |
containers[]FluentdDaemonSetContainer | (Optional) Containers is a list of Fluentd DaemonSet containers. If specified, this overrides the specified Fluentd DaemonSet containers. If omitted, the Fluentd DaemonSet will use its default values for its containers. |
FluentdDaemonSetPodTemplateSpec
(Appears on:FluentdDaemonSetSpec)
FluentdDaemonSetPodTemplateSpec is the Fluentd DaemonSetâs PodTemplateSpec
| Field | Description |
|---|---|
specFluentdDaemonSetPodSpec | (Optional) Spec is the Fluentd DaemonSetâs PodSpec. |
FluentdDaemonSetSpec
(Appears on:FluentdDaemonSet)
FluentdDaemonSetSpec defines configuration for the Fluentd DaemonSet.
| Field | Description |
|---|---|
templateFluentdDaemonSetPodTemplateSpec | (Optional) Template describes the Fluentd DaemonSet pod that will be created. |
GuardianDeployment
GuardianDeployment is the configuration for the guardian Deployment.
| Field | Description |
|---|---|
specGuardianDeploymentSpec | (Optional) Spec is the specification of the guardian Deployment. |
GuardianDeploymentContainer
(Appears on:GuardianDeploymentPodSpec)
GuardianDeploymentContainer is a guardian Deployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the guardian Deployment container by name. Supported values are: tigera-guardian |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named guardian Deployment containerâs resources. If omitted, the guardian Deployment will use its default value for this containerâs resources. |
GuardianDeploymentInitContainer
(Appears on:GuardianDeploymentPodSpec)
GuardianDeploymentInitContainer is a guardian Deployment init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the guardian Deployment init container by name. |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named guardian Deployment init containerâs resources. If omitted, the guardian Deployment will use its default value for this init containerâs resources. |
GuardianDeploymentPodSpec
(Appears on:GuardianDeploymentPodTemplateSpec)
GuardianDeploymentPodSpec is the guardian Deploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]GuardianDeploymentInitContainer | (Optional) InitContainers is a list of guardian init containers. If specified, this overrides the specified guardian Deployment init containers. If omitted, the guardian Deployment will use its default values for its init containers. |
containers[]GuardianDeploymentContainer | (Optional) Containers is a list of guardian containers. If specified, this overrides the specified guardian Deployment containers. If omitted, the guardian Deployment will use its default values for its containers. |
GuardianDeploymentPodTemplateSpec
(Appears on:GuardianDeploymentSpec)
GuardianDeploymentPodTemplateSpec is the guardian Deploymentâs PodTemplateSpec
| Field | Description |
|---|---|
specGuardianDeploymentPodSpec | (Optional) Spec is the guardian Deploymentâs PodSpec. |
GuardianDeploymentSpec
(Appears on:GuardianDeployment)
GuardianDeploymentSpec defines configuration for the guardian Deployment.
| Field | Description |
|---|---|
templateGuardianDeploymentPodTemplateSpec | (Optional) Template describes the guardian Deployment pod that will be created. |
HTTPProbe
(Appears on:EgressGatewayFailureDetection)
HTTPProbe defines the HTTP probe configuration for Egress Gateway.
| Field | Description |
|---|---|
urls[]string | URLs define the list of HTTP probe URLs. Egress Gateway will probe each URL periodically.If all probes fail, Egress Gateway will report non-ready. |
intervalSecondsint32 | (Optional) IntervalSeconds defines the interval of HTTP probes. Used when URLs is non-empty. Default: 10 |
timeoutSecondsint32 | (Optional) TimeoutSeconds defines the timeout value of HTTP probes. Used when URLs is non-empty. Default: 30 |
HostPortsType(string alias)
(Appears on:CalicoNetworkSpec)
HostPortsType specifies host port support.
One of: Enabled, Disabled
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
ICMPProbe
(Appears on:EgressGatewayFailureDetection)
ICMPProbe defines the ICMP probe configuration for Egress Gateway.
| Field | Description |
|---|---|
ips[]string | IPs define the list of ICMP probe IPs. Egress Gateway will probe each IP periodically. If all probes fail, Egress Gateway will report non-ready. |
intervalSecondsint32 | (Optional) IntervalSeconds defines the interval of ICMP probes. Used when IPs is non-empty. Default: 5 |
timeoutSecondsint32 | (Optional) TimeoutSeconds defines the timeout value of ICMP probes. Used when IPs is non-empty. Default: 15 |
IPAMPluginType(string alias)
(Appears on:IPAMSpec)
| Value | Description |
|---|---|
"AmazonVPC" | |
"AzureVNET" | |
"Calico" | |
"HostLocal" |
IPAMSpec
(Appears on:CNISpec)
IPAMSpec contains configuration for pod IP address management.
| Field | Description |
|---|---|
typeIPAMPluginType | Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation.
The IPAM plugin is installed and configured only if the CNI plugin is set to Calico, for all other values of the CNI plugin the plugin binaries and CNI config is a dependency that is expected to be installed separately. Default: Calico |
IPPool
(Appears on:CalicoNetworkSpec)
| Field | Description |
|---|---|
namestring | Name is the name of the IP pool. If omitted, this will be generated. |
cidrstring | CIDR contains the address range for the IP Pool in classless inter-domain routing format. |
encapsulationEncapsulationType | (Optional) Encapsulation specifies the encapsulation type that will be used with the IP Pool. Default: IPIP |
natOutgoingNATOutgoingType | (Optional) NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic. Default: Enabled |
nodeSelectorstring | (Optional) NodeSelector specifies the node selector that will be set for the IP Pool. Default: âall()â |
blockSizeint32 | (Optional) BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6) |
disableBGPExportbool | (Optional) DisableBGPExport specifies whether routes from this IP poolâs CIDR are exported over BGP. Default: false |
disableNewAllocationsbool | DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool. This is useful when you want to prevent new pods from receiving IP addresses from this pool, without impacting any existing pods that have already been assigned addresses from this pool. |
allowedUses[]IPPoolAllowedUse | AllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to [âTunnelâ, âWorkloadâ] for back-compatibility |
IPPoolAllowedUse(string alias)
(Appears on:IPPool)
| Value | Description |
|---|---|
"Tunnel" | |
"Workload" |
Image
(Appears on:ImageSetSpec)
| Field | Description |
|---|---|
imagestring | Image is an image that the operator deploys and instead of using the built in tag
the operator will use the Digest for the image identifier.
The value should be the image name without registry or tag or digest.
For the image |
digeststring | Digest is the image identifier that will be used for the Image.
The field should not include a leading |
ImageSetSpec
(Appears on:ImageSet)
ImageSetSpec defines the desired state of ImageSet.
| Field | Description |
|---|---|
images[]Image | Images is the list of images to use digests. All images that the operator will deploy must be specified. |
Index
(Appears on:TenantSpec)
Index defines how to store a tenantâs data
| Field | Description |
|---|---|
baseIndexNamestring | BaseIndexName defines the name of the index that will be used to store data (this name excludes the numerical identifier suffix) |
dataTypeDataType | DataType represents the type of data stored in the defined index |
InstallationSpec
(Appears on:Installation, InstallationStatus)
InstallationSpec defines configuration for a Calico or Calico Enterprise installation.
| Field | Description |
|---|---|
variantProductVariant | (Optional) Variant is the product to install - one of Calico or TigeraSecureEnterprise Default: Calico |
registrystring | (Optional) Registry is the default Docker registry used for component Docker images.
If specified then the given value must end with a slash character ( Image format:
This option allows configuring the |
imagePathstring | (Optional) ImagePath allows for the path part of an image to be specified. If specified then the specified value will be used as the image path for each image. If not specified or empty, the default for each image will be used. A special case value, UseDefault, is supported to explicitly specify the default image path will be used for each image. Image format:
This option allows configuring the |
imagePrefixstring | (Optional) ImagePrefix allows for the prefix part of an image to be specified. If specified then the given value will be used as a prefix on each image. If not specified or empty, no prefix will be used. A special case value, UseDefault, is supported to explicitly specify the default image prefix will be used for each image. Image format:
This option allows configuring the |
imagePullSecrets[]Kubernetes core/v1.LocalObjectReference | (Optional) ImagePullSecrets is an array of references to container registry pull secrets to use. These are applied to all images to be pulled. |
kubernetesProviderProvider | (Optional) KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. If the specified value is empty, the Operator will attempt to automatically determine the current provider. If the specified value is not empty, the Operator will still attempt auto-detection, but will additionally compare the auto-detected value to the specified value to confirm they match. |
cniCNISpec | (Optional) CNI specifies the CNI that will be used by this installation. |
calicoNetworkCalicoNetworkSpec | (Optional) CalicoNetwork specifies networking configuration options for Calico. |
typhaAffinityTyphaAffinity | (Optional) Deprecated. Please use Installation.Spec.TyphaDeployment instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods. |
controlPlaneNodeSelectormap[string]string | (Optional) ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico components. This is globally applied to all resources created by the operator excluding daemonsets. |
controlPlaneTolerations[]Kubernetes core/v1.Toleration | (Optional) ControlPlaneTolerations specify tolerations which are then globally applied to all resources created by the operator. |
controlPlaneReplicasint32 | (Optional) ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. This field applies to all control plane components that support High Availability. Defaults to 2. |
nodeMetricsPortint32 | (Optional) NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then prometheus metrics may still be configured through FelixConfiguration. |
typhaMetricsPortint32 | (Optional) TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. |
flexVolumePathstring | (Optional) FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled by default. If set to âNoneâ, FlexVolume will be disabled. The default is based on the kubernetesProvider. |
kubeletVolumePluginPathstring | (Optional) KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, CSI will be enabled by default. If set to âNoneâ, CSI will be disabled. Default: /var/lib/kubelet |
nodeUpdateStrategyKubernetes apps/v1.DaemonSetUpdateStrategy | (Optional) NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable field. |
componentResources[]ComponentResource | (Optional) Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. ComponentResources can be used to customize the resource requirements for each component. Node, Typha, and KubeControllers are supported for installations. |
certificateManagementCertificateManagement | (Optional) CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization. |
nonPrivilegedNonPrivilegedType | (Optional) NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible. |
calicoNodeDaemonSetCalicoNodeDaemonSet | CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence. |
csiNodeDriverDaemonSetCSINodeDriverDaemonSet | CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet. |
calicoKubeControllersDeploymentCalicoKubeControllersDeployment | CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence. |
typhaDeploymentTyphaDeployment | TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated ComponentResources or TyphaAffinity, then these overrides take precedence. |
calicoWindowsUpgradeDaemonSetCalicoWindowsUpgradeDaemonSet | Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet. |
calicoNodeWindowsDaemonSetCalicoNodeWindowsDaemonSet | CalicoNodeWindowsDaemonSet configures the calico-node-windows DaemonSet. |
fipsModeFIPSMode | (Optional) FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. Default: Disabled |
loggingLogging | (Optional) Logging Configuration for Components |
windowsNodesWindowsNodeSpec | (Optional) Windows Configuration |
serviceCIDRs[]string | (Optional) Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows. |
azureAzure | (Optional) Azure is used to configure azure provider specific options. |
InstallationStatus
(Appears on:Installation)
InstallationStatus defines the observed state of the Calico or Calico Enterprise installation.
| Field | Description |
|---|---|
variantProductVariant | Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise |
mtuint32 | MTU is the most recently observed value for pod network MTU. This may be an explicitly configured value, or based on Calicoâs native auto-detetion. |
imageSetstring | (Optional) ImageSet is the name of the ImageSet being used, if there is an ImageSet that is being used. If an ImageSet is not being used then this will not be set. |
computedInstallationSpec | (Optional) Computed is the final installation including overlaid resources. |
calicoVersionstring | CalicoVersion shows the current running version of calico. CalicoVersion along with Variant is needed to know the exact version deployed. |
conditions[]Kubernetes meta/v1.Condition | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
Kibana
Kibana is the configuration for the Kibana.
| Field | Description |
|---|---|
specKibanaSpec | (Optional) Spec is the specification of the Kibana. |
KibanaContainer
(Appears on:KibanaPodSpec)
KibanaContainer is a Kibana container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the Kibana Deployment container by name. Supported values are: kibana |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Kibana containerâs resources. If omitted, the Kibana will use its default value for this containerâs resources. |
KibanaInitContainer
(Appears on:KibanaPodSpec)
KibanaInitContainer is a Kibana init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the Kibana init container by name. Supported values are: key-cert-provisioner |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Kibana Deployment init containerâs resources. If omitted, the Kibana Deployment will use its default value for this init containerâs resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
KibanaPodSpec
(Appears on:KibanaPodTemplateSpec)
KibanaPodSpec is the Kibana Deploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]KibanaInitContainer | (Optional) InitContainers is a list of Kibana init containers. If specified, this overrides the specified Kibana Deployment init containers. If omitted, the Kibana Deployment will use its default values for its init containers. |
containers[]KibanaContainer | (Optional) Containers is a list of Kibana containers. If specified, this overrides the specified Kibana Deployment containers. If omitted, the Kibana Deployment will use its default values for its containers. |
KibanaPodTemplateSpec
(Appears on:KibanaSpec)
KibanaPodTemplateSpec is the Kibanaâs PodTemplateSpec
| Field | Description |
|---|---|
specKibanaPodSpec | (Optional) Spec is the Kibanaâs PodSpec. |
KibanaSpec
(Appears on:Kibana)
| Field | Description |
|---|---|
templateKibanaPodTemplateSpec | (Optional) Template describes the Kibana pod that will be created. |
KubernetesAutodetectionMethod(string alias)
(Appears on:NodeAddressAutodetection)
KubernetesAutodetectionMethod is a method of detecting an IP address based on the Kubernetes API.
One of: NodeInternalIP
| Value | Description |
|---|---|
"NodeInternalIP" | NodeInternalIP detects a node IP using the first status.Addresses entry of the relevant IP family with type NodeInternalIP on the Kubernetes nodes API. |
LinseedDeployment
(Appears on:TenantSpec)
LinseedDeployment is the configuration for the linseed Deployment.
| Field | Description |
|---|---|
specLinseedDeploymentSpec | (Optional) Spec is the specification of the linseed Deployment. |
LinseedDeploymentContainer
(Appears on:LinseedDeploymentPodSpec)
LinseedDeploymentContainer is a linseed Deployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the linseed Deployment container by name. Supported values are: tigera-linseed |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named linseed Deployment containerâs resources. If omitted, the linseed Deployment will use its default value for this containerâs resources. |
LinseedDeploymentInitContainer
(Appears on:LinseedDeploymentPodSpec)
LinseedDeploymentInitContainer is a linseed Deployment init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the linseed Deployment init container by name. Supported values are: tigera-secure-linseed-token-tls-key-cert-provisioner,tigera-secure-linseed-cert-key-cert-provisioner |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named linseed Deployment init containerâs resources. If omitted, the linseed Deployment will use its default value for this init containerâs resources. |
LinseedDeploymentPodSpec
(Appears on:LinseedDeploymentPodTemplateSpec)
LinseedDeploymentPodSpec is the linseed Deploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]LinseedDeploymentInitContainer | (Optional) InitContainers is a list of linseed init containers. If specified, this overrides the specified linseed Deployment init containers. If omitted, the linseed Deployment will use its default values for its init containers. |
containers[]LinseedDeploymentContainer | (Optional) Containers is a list of linseed containers. If specified, this overrides the specified linseed Deployment containers. If omitted, the linseed Deployment will use its default values for its containers. |
LinseedDeploymentPodTemplateSpec
(Appears on:LinseedDeploymentSpec)
LinseedDeploymentPodTemplateSpec is the linseed Deploymentâs PodTemplateSpec
| Field | Description |
|---|---|
specLinseedDeploymentPodSpec | (Optional) Spec is the linseed Deploymentâs PodSpec. |
LinseedDeploymentSpec
(Appears on:LinseedDeployment)
LinseedDeploymentSpec defines configuration for the linseed Deployment.
| Field | Description |
|---|---|
templateLinseedDeploymentPodTemplateSpec | (Optional) Template describes the linseed Deployment pod that will be created. |
LinuxDataplaneOption(string alias)
(Appears on:CalicoNetworkSpec)
LinuxDataplaneOption controls which dataplane is to be used on Linux nodes.
One of: Iptables, BPF, VPP, Nftables
| Value | Description |
|---|---|
"BPF" | |
"Iptables" | |
"Nftables" | |
"VPP" |
LogCollectionSpec
(Appears on:ApplicationLayerSpec)
| Field | Description |
|---|---|
collectLogsLogCollectionStatusType | (Optional) This setting enables or disable log collection. Allowed values are Enabled or Disabled. |
logIntervalSecondsint64 | (Optional) Interval in seconds for sending L7 log information for processing. Default: 5 sec |
logRequestsPerIntervalint64 | (Optional) Maximum number of unique L7 logs that are sent LogIntervalSeconds. Adjust this to limit the number of L7 logs sent per LogIntervalSeconds to felix for further processing, use negative number to ignore limits. Default: -1 |
LogCollectionStatusType(string alias)
(Appears on:LogCollectionSpec)
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
LogLevel(string alias)
(Appears on:CNILogging, EgressGatewaySpec)
| Value | Description |
|---|---|
"Debug" | |
"Error" | |
"Fatal" | |
"Info" | |
"Trace" | |
"Warn" |
Logging
(Appears on:InstallationSpec)
| Field | Description |
|---|---|
cniCNILogging | (Optional) Customized logging specification for calico-cni plugin |
Metadata
(Appears on:APIServerDeployment, APIServerDeploymentPodTemplateSpec, CSINodeDriverDaemonSet, CSINodeDriverDaemonSetPodTemplateSpec, CalicoKubeControllersDeployment, CalicoKubeControllersDeploymentPodTemplateSpec, CalicoNodeDaemonSet, CalicoNodeDaemonSetPodTemplateSpec, CalicoNodeWindowsDaemonSet, CalicoNodeWindowsDaemonSetPodTemplateSpec, CalicoWindowsUpgradeDaemonSet, CalicoWindowsUpgradeDaemonSetPodTemplateSpec, TyphaDeployment, TyphaDeploymentPodTemplateSpec)
Metadata contains the standard Kubernetes labels and annotations fields.
| Field | Description |
|---|---|
labelsmap[string]string | (Optional) Labels is a map of string keys and values that may match replicaset and service selectors. Each of these key/value pairs are added to the objectâs labels provided the key does not already exist in the objectâs labels. |
annotationsmap[string]string | (Optional) Annotations is a map of arbitrary non-identifying metadata. Each of these key/value pairs are added to the objectâs annotations provided the key does not already exist in the objectâs annotations. |
MonitorSpec
(Appears on:Monitor)
MonitorSpec defines the desired state of Tigera monitor.
| Field | Description |
|---|---|
externalPrometheusExternalPrometheus | ExternalPrometheus optionally configures integration with an external Prometheus for scraping Calico metrics. When specified, the operator will render resources in the defined namespace. This option can be useful for configuring scraping from git-ops tools without the need of post-installation steps. |
prometheusPrometheus | (Optional) Prometheus is the configuration for the Prometheus. |
alertManagerAlertManager | (Optional) AlertManager is the configuration for the AlertManager. |
MonitorStatus
(Appears on:Monitor)
MonitorStatus defines the observed state of Tigera monitor.
| Field | Description |
|---|---|
statestring | State provides user-readable status. |
conditions[]Kubernetes meta/v1.Condition | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
MultiInterfaceMode(string alias)
(Appears on:CalicoNetworkSpec)
MultiInterfaceMode describes the method of providing multiple pod interfaces.
One of: None, Multus
| Value | Description |
|---|---|
"Multus" | |
"None" |
NATOutgoingType(string alias)
(Appears on:IPPool)
NATOutgoingType describe the type of outgoing NAT to use.
One of: Enabled, Disabled
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
NativeIP(string alias)
(Appears on:AWSEgressGateway)
NativeIP defines if Egress Gateway pods should have AWS IPs. When NativeIP is enabled, the IPPools should be backed by AWS subnet.
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
NodeAddressAutodetection
(Appears on:CalicoNetworkSpec)
NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs must be specified directly on the Node resource.
| Field | Description |
|---|---|
firstFoundbool | (Optional) FirstFound uses default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names. |
kubernetesKubernetesAutodetectionMethod | (Optional) Kubernetes configures Calico to detect node addresses based on the Kubernetes API. |
interfacestring | (Optional) Interface enables IP auto-detection based on interfaces that match the given regex. |
skipInterfacestring | (Optional) SkipInterface enables IP auto-detection based on interfaces that do not match the given regex. |
canReachstring | (Optional) CanReach enables IP auto-detection based on which source address on the node is used to reach the specified IP or domain. |
cidrs[]string | CIDRS enables IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs. |
NodeAffinity
(Appears on:TyphaAffinity)
NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available schedulers.
| Field | Description |
|---|---|
preferredDuringSchedulingIgnoredDuringExecution[]Kubernetes core/v1.PreferredSchedulingTerm | (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. |
requiredDuringSchedulingIgnoredDuringExecutionKubernetes core/v1.NodeSelector | (Optional) WARNING: Please note that if the affinity requirements specified by this field are not met at scheduling time, the pod will NOT be scheduled onto the node. There is no fallback to another affinity rules with this setting. This may cause networking disruption or even catastrophic failure! PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, to avoid scheduling Typhas on virtual-nodes. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. |
NonClusterHostSpec
(Appears on:NonClusterHost)
NonClusterHostSpec enables non-cluster hosts to connect to a cluster.
| Field | Description |
|---|---|
endpointstring | Location of the log ingestion point for non-cluster hosts. example: https://1.2.3.4:443 |
NonPrivilegedType(string alias)
(Appears on:InstallationSpec)
NonPrivilegedType specifies whether Calico runs as permissioned or not
One of: Enabled, Disabled
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
OIDCType(string alias)
OIDCType defines how OIDC is configured for Tigera Enterprise. Dex should be the best option for most use-cases. The Tigera option can help in specific use-cases, for instance, when you are unable to configure a client secret. One of: Dex, Tigera
| Value | Description |
|---|---|
"Dex" | OIDCTypeDex uses Dex IdP, a popular open-source tool for connecting OIDC. |
"Tigera" | OIDCTypeTigera uses customer code to pass OIDC configuration directly into our server applications. |
PacketCaptureAPIDeployment
(Appears on:PacketCaptureAPISpec)
PacketCaptureAPIDeployment is the configuration for the PacketCaptureAPI Deployment.
| Field | Description |
|---|---|
specPacketCaptureAPIDeploymentSpec | (Optional) Spec is the specification of the PacketCaptureAPI Deployment. |
PacketCaptureAPIDeploymentContainer
(Appears on:PacketCaptureAPIDeploymentPodSpec)
PacketCaptureAPIDeploymentContainer is a PacketCaptureAPI Deployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the PacketCaptureAPI Deployment container by name. Supported values are: tigera-packetcapture-server |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named PacketCaptureAPI Deployment containerâs resources. If omitted, the PacketCaptureAPI Deployment will use its default value for this containerâs resources. |
PacketCaptureAPIDeploymentInitContainer
(Appears on:PacketCaptureAPIDeploymentPodSpec)
PacketCaptureAPIDeploymentInitContainer is a PacketCaptureAPI Deployment init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the PacketCaptureAPI Deployment init container by name. Supported values are: tigera-packetcapture-server-tls-key-cert-provisioner |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named PacketCaptureAPI Deployment init containerâs resources. If omitted, the PacketCaptureAPI Deployment will use its default value for this init containerâs resources. |
PacketCaptureAPIDeploymentPodSpec
(Appears on:PacketCaptureAPIDeploymentPodTemplateSpec)
PacketCaptureAPIDeploymentPodSpec is the PacketCaptureAPI Deploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]PacketCaptureAPIDeploymentInitContainer | (Optional) InitContainers is a list of PacketCaptureAPI init containers. If specified, this overrides the specified PacketCaptureAPI Deployment init containers. If omitted, the PacketCaptureAPI Deployment will use its default values for its init containers. |
containers[]PacketCaptureAPIDeploymentContainer | (Optional) Containers is a list of PacketCaptureAPI containers. If specified, this overrides the specified PacketCaptureAPI Deployment containers. If omitted, the PacketCaptureAPI Deployment will use its default values for its containers. |
PacketCaptureAPIDeploymentPodTemplateSpec
(Appears on:PacketCaptureAPIDeploymentSpec)
PacketCaptureAPIDeploymentPodTemplateSpec is the PacketCaptureAPI Deploymentâs PodTemplateSpec
| Field | Description |
|---|---|
specPacketCaptureAPIDeploymentPodSpec | (Optional) Spec is the PacketCaptureAPI Deploymentâs PodSpec. |
PacketCaptureAPIDeploymentSpec
(Appears on:PacketCaptureAPIDeployment)
PacketCaptureAPIDeploymentSpec defines configuration for the PacketCaptureAPI Deployment.
| Field | Description |
|---|---|
templatePacketCaptureAPIDeploymentPodTemplateSpec | (Optional) Template describes the PacketCaptureAPI Deployment pod that will be created. |
PacketCaptureAPISpec
(Appears on:PacketCaptureAPI)
PacketCaptureAPISpec defines configuration for the Packet Capture API.
| Field | Description |
|---|---|
packetCaptureAPIDeploymentPacketCaptureAPIDeployment | (Optional) PacketCaptureAPIDeployment configures the PacketCaptureAPI Deployment. |
PacketCaptureAPIStatus
(Appears on:PacketCaptureAPI)
PacketCaptureAPIStatus defines the observed state of the Packet Capture API.
| Field | Description |
|---|---|
statestring | State provides user-readable status. |
conditions[]Kubernetes meta/v1.Condition | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
PathMatch
(Appears on:TLSTerminatedRouteSpec)
| Field | Description |
|---|---|
pathstring | Path is the path portion of the URL based on which we proxy. |
pathRegexpstring | (Optional) PathRegexp, if not nil, checks if Regexp matches the path. |
pathReplacestring | (Optional) PathReplace if not nil will be used to replace PathRegexp matches. |
PolicyMode(string alias)
(Appears on:Azure)
| Value | Description |
|---|---|
"Default" | |
"Manual" |
PolicyRecommendationDeployment
(Appears on:PolicyRecommendationSpec)
PolicyRecommendationDeployment is the configuration for the PolicyRecommendation Deployment.
| Field | Description |
|---|---|
specPolicyRecommendationDeploymentSpec | (Optional) Spec is the specification of the PolicyRecommendation Deployment. |
PolicyRecommendationDeploymentContainer
(Appears on:PolicyRecommendationDeploymentPodSpec)
PolicyRecommendationDeploymentContainer is a PolicyRecommendation Deployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the PolicyRecommendation Deployment container by name. Supported values are: policy-recommendation-controller |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named PolicyRecommendation Deployment containerâs resources. If omitted, the PolicyRecommendation Deployment will use its default value for this containerâs resources. |
PolicyRecommendationDeploymentInitContainer
(Appears on:PolicyRecommendationDeploymentPodSpec)
PolicyRecommendationDeploymentInitContainer is a PolicyRecommendation Deployment init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the PolicyRecommendation Deployment init container by name. |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named PolicyRecommendation Deployment init containerâs resources. If omitted, the PolicyRecommendation Deployment will use its default value for this init containerâs resources. |
PolicyRecommendationDeploymentPodSpec
(Appears on:PolicyRecommendationDeploymentPodTemplateSpec)
PolicyRecommendationDeploymentPodSpec is the PolicyRecommendation Deploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]PolicyRecommendationDeploymentInitContainer | (Optional) InitContainers is a list of PolicyRecommendation init containers. If specified, this overrides the specified PolicyRecommendation Deployment init containers. If omitted, the PolicyRecommendation Deployment will use its default values for its init containers. |
containers[]PolicyRecommendationDeploymentContainer | (Optional) Containers is a list of PolicyRecommendation containers. If specified, this overrides the specified PolicyRecommendation Deployment containers. If omitted, the PolicyRecommendation Deployment will use its default values for its containers. |
PolicyRecommendationDeploymentPodTemplateSpec
(Appears on:PolicyRecommendationDeploymentSpec)
PolicyRecommendationDeploymentPodTemplateSpec is the PolicyRecommendation Deploymentâs PodTemplateSpec
| Field | Description |
|---|---|
specPolicyRecommendationDeploymentPodSpec | (Optional) Spec is the PolicyRecommendation Deploymentâs PodSpec. |
PolicyRecommendationDeploymentSpec
(Appears on:PolicyRecommendationDeployment)
PolicyRecommendationDeploymentSpec defines configuration for the PolicyRecommendation Deployment.
| Field | Description |
|---|---|
templatePolicyRecommendationDeploymentPodTemplateSpec | (Optional) Template describes the PolicyRecommendation Deployment pod that will be created. |
PolicyRecommendationSpec
(Appears on:PolicyRecommendation)
PolicyRecommendationSpec defines configuration for the Calico Enterprise Policy Recommendation service.
| Field | Description |
|---|---|
policyRecommendationDeploymentPolicyRecommendationDeployment | (Optional) PolicyRecommendation configures the PolicyRecommendation Deployment. |
PolicyRecommendationStatus
(Appears on:PolicyRecommendation)
PolicyRecommendationStatus defines the observed state of Tigera policy recommendation.
| Field | Description |
|---|---|
statestring | State provides user-readable status. |
ProductVariant(string alias)
(Appears on:InstallationSpec, InstallationStatus)
ProductVariant represents the variant of the product.
One of: Calico, TigeraSecureEnterprise
Prometheus
(Appears on:MonitorSpec)
| Field | Description |
|---|---|
specPrometheusSpec | (Optional) Spec is the specification of the Prometheus. |
PrometheusContainer
(Appears on:CommonPrometheusFields)
PrometheusContainer is a Prometheus container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the Prometheus Deployment container by name. Supported values are: authn-proxy |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Prometheus containerâs resources. If omitted, the Prometheus will use its default value for this containerâs resources. |
PrometheusSpec
(Appears on:Prometheus)
| Field | Description |
|---|---|
commonPrometheusFieldsCommonPrometheusFields | CommonPrometheusFields are the options available to both the Prometheus server and agent. |
PromptType(string alias)
PromptType is a value that specifies whether the identity provider prompts the end user for re-authentication and consent. One of: None, Login, Consent, SelectAccount.
| Value | Description |
|---|---|
"Consent" | The identity provider should prompt the end user for consent before returning information to the client. |
"Login" | The identity provider should prompt the end user for reauthentication. |
"None" | The identity provider must not display any authentication or consent user interface pages. |
"SelectAccount" | The identity provider should prompt the end user to select a user account. |
Provider(string alias)
(Appears on:InstallationSpec)
Provider represents a particular provider or flavor of Kubernetes. Valid options are: EKS, GKE, AKS, RKE2, OpenShift, DockerEnterprise, TKG.
SNIMatch
(Appears on:TLSPassThroughRouteSpec)
| Field | Description |
|---|---|
serverNamestring | ServerName is used to match the server name for the request. |
ServiceMonitor
(Appears on:ExternalPrometheus)
| Field | Description |
|---|---|
labelsmap[string]string | Labels are the metadata.labels of the ServiceMonitor. When combined with spec.serviceMonitorSelector.matchLabels on your prometheus instance, the service monitor will automatically be picked up. Default: k8s-app=tigera-prometheus |
endpoints[]Endpoint | The endpoints to scrape. This struct contains a subset of the Endpoint as defined in the prometheus docs. Fields related to connecting to our Prometheus server are automatically set by the operator. |
SidecarStatusType(string alias)
(Appears on:ApplicationLayerSpec)
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
SidecarWebhookStateType(string alias)
(Appears on:ApplicationLayerStatus)
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
StatusConditionType(string alias)
(Appears on:TigeraStatusCondition)
StatusConditionType is a type of condition that may apply to a particular component.
| Value | Description |
|---|---|
"Available" | Available indicates that the component is healthy. |
"Degraded" | Degraded means the component is not operating as desired and user action is required. |
"Progressing" | Progressing means that the component is in the process of being installed or upgraded. |
"Ready" | Ready indicates that the component is healthy and ready.it is identical to Available and used in Status conditions for CRs. |
Sysctl
(Appears on:CalicoNetworkSpec)
| Field | Description |
|---|---|
keystring | |
valuestring |
TLS
| Field | Description |
|---|---|
secretNamestring | (Optional) SecretName indicates the name of the secret in the tigera-operator namespace that contains the private key and certificate that the management cluster uses when it listens for incoming connections. When set to tigera-management-cluster-connection voltron will use the same cert bundle which Guardian client certs are signed with. When set to manager-tls, voltron will use the same cert bundle which Manager UI is served with. This cert bundle must be a publicly signed cert created by the user. Note that Tigera Operator will generate a self-signed manager-tls cert if one does not exist, and use of that cert will result in Guardian being unable to verify Voltronâs identity. If changed on a running cluster with connected managed clusters, all managed clusters will disconnect as they will no longer be able to verify Voltronâs identity. To reconnect existing managed clusters, change the tls.ca of the managed clustersâ ManagementClusterConnection resource. One of: tigera-management-cluster-connection, manager-tls Default: tigera-management-cluster-connection |
TLSPassThroughRouteSpec
(Appears on:TLSPassThroughRoute)
| Field | Description |
|---|---|
targetTargetType | |
sniMatchSNIMatch | SNIMatch is used to match requests based on the server name for the intended destination server. Matching requests will be proxied to the Destination. |
destinationstring | Destination is the destination url to proxy the request to. |
TLSTerminatedRouteSpec
(Appears on:TLSTerminatedRoute)
| Field | Description |
|---|---|
targetTargetType | |
pathMatchPathMatch | PathMatch is used to match requests based on whatâs in the path. Matching requests will be proxied to the Destination defined in this structure. |
destinationstring | Destination is the destination URL where matching traffic is routed to. |
caBundleKubernetes core/v1.ConfigMapKeySelector | CABundle is where we read the CA bundle from to authenticate the destination (if non-empty) |
mtlsCertKubernetes core/v1.SecretKeySelector | (Optional) ForwardingMTLSCert is the certificate used for mTLS between voltron and the destination. Either both ForwardingMTLSCert and ForwardingMTLSKey must be specified, or neither can be specified. |
mtlsKeyKubernetes core/v1.SecretKeySelector | (Optional) ForwardingMTLSKey is the key used for mTLS between voltron and the destination. Either both ForwardingMTLSCert and ForwardingMTLSKey must be specified, or neither can be specified. |
unauthenticatedbool | (Optional) Unauthenticated says whether the request should go through authentication. This is only applicable if the Target is UI. |
TargetType(string alias)
(Appears on:TLSPassThroughRouteSpec, TLSTerminatedRouteSpec)
| Value | Description |
|---|---|
"UI" | |
"UpstreamTunnel" |
TenantElasticSpec
(Appears on:TenantSpec)
| Field | Description |
|---|---|
urlstring | |
kibanaURLstring | |
mutualTLSbool |
TenantSpec
(Appears on:Tenant)
| Field | Description |
|---|---|
idstring | ID is the unique identifier for this tenant. |
namestring | Name is a human readable name for this tenant. |
indices[]Index | Indices defines the how to store a tenantâs data |
elasticTenantElasticSpec | Elastic configures per-tenant ElasticSearch and Kibana parameters. This field is required for clusters using external ES. |
controlPlaneReplicasint32 | (Optional) ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed in the Tenantâs namespace. Defaults to the controlPlaneReplicas in Installation CR |
linseedDeploymentLinseedDeployment | LinseedDeployment configures the linseed Deployment. |
esKubeControllerDeploymentCalicoKubeControllersDeployment | ESKubeControllerDeployment configures the ESKubeController Deployment. |
dashboardsJobDashboardsJob | DashboardsJob configures the Dashboards job |
TenantStatus
(Appears on:Tenant)
TigeraStatusCondition
(Appears on:TigeraStatusStatus)
TigeraStatusCondition represents a condition attached to a particular component.
| Field | Description |
|---|---|
typeStatusConditionType | The type of condition. May be Available, Progressing, or Degraded. |
statusConditionStatus | The status of the condition. May be True, False, or Unknown. |
lastTransitionTimeKubernetes meta/v1.Time | The timestamp representing the start time for the current status. |
reasonstring | A brief reason explaining the condition. |
messagestring | Optionally, a detailed message providing additional context. |
observedGenerationint64 | (Optional) observedGeneration represents the generation that the condition was set based upon. For instance, if generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. |
TigeraStatusReason(string alias)
TigeraStatusReason represents the reason for a particular condition.
| Value | Description |
|---|---|
"AllObjectsAvailable" | |
"CertificateError" | |
"ImageSetError" | |
"InternalServerError" | |
"InvalidConfigurationError" | |
"MigrationError" | |
"NotApplicable" | |
"PodFailure" | |
"ResourceCreateError" | |
"ResourceMigrationError" | |
"ResourceNotFound" | |
"ResourceNotReady" | |
"ResourcePatchError" | |
"ResourceReadError" | |
"ResourceRenderingError" | |
"ResourceScalingError" | |
"ResourceUpdateError" | |
"ResourceValidationError" | |
"Unknown" | |
"UpgradeError" |
TigeraStatusSpec
(Appears on:TigeraStatus)
TigeraStatusSpec defines the desired state of TigeraStatus
TigeraStatusStatus
(Appears on:TigeraStatus)
TigeraStatusStatus defines the observed state of TigeraStatus
| Field | Description |
|---|---|
conditions[]TigeraStatusCondition | Conditions represents the latest observed set of conditions for this component. A component may be one or more of Available, Progressing, or Degraded. |
TyphaAffinity
(Appears on:InstallationSpec)
Deprecated. Please use TyphaDeployment instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods.
| Field | Description |
|---|---|
nodeAffinityNodeAffinity | (Optional) NodeAffinity describes node affinity scheduling rules for typha. |
TyphaDeployment
(Appears on:InstallationSpec)
TyphaDeployment is the configuration for the typha Deployment.
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the Deployment. |
specTyphaDeploymentSpec | (Optional) Spec is the specification of the typha Deployment. |
TyphaDeploymentContainer
(Appears on:TyphaDeploymentPodSpec)
TyphaDeploymentContainer is a typha Deployment container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the typha Deployment container by name. Supported values are: calico-typha |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named typha Deployment containerâs resources. If omitted, the typha Deployment will use its default value for this containerâs resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
TyphaDeploymentInitContainer
(Appears on:TyphaDeploymentPodSpec)
TyphaDeploymentInitContainer is a typha Deployment init container.
| Field | Description |
|---|---|
namestring | Name is an enum which identifies the typha Deployment init container by name. Supported values are: typha-certs-key-cert-provisioner |
resourcesKubernetes core/v1.ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named typha Deployment init containerâs resources. If omitted, the typha Deployment will use its default value for this init containerâs resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
TyphaDeploymentPodSpec
(Appears on:TyphaDeploymentPodTemplateSpec)
TyphaDeploymentPodSpec is the typha Deploymentâs PodSpec.
| Field | Description |
|---|---|
initContainers[]TyphaDeploymentInitContainer | (Optional) InitContainers is a list of typha init containers. If specified, this overrides the specified typha Deployment init containers. If omitted, the typha Deployment will use its default values for its init containers. |
containers[]TyphaDeploymentContainer | (Optional) Containers is a list of typha containers. If specified, this overrides the specified typha Deployment containers. If omitted, the typha Deployment will use its default values for its containers. |
affinityKubernetes core/v1.Affinity | (Optional) Affinity is a group of affinity scheduling rules for the typha pods. If specified, this overrides any affinity that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for affinity. If used in conjunction with the deprecated TyphaAffinity, then this value takes precedence. WARNING: Please note that this field will override the default calico-typha Deployment affinity. |
nodeSelectormap[string]string | NodeSelector is the calico-typha podâs scheduling constraints. If specified, each of the key/value pairs are added to the calico-typha Deployment nodeSelector provided the key does not already exist in the objectâs nodeSelector. If omitted, the calico-typha Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-typha Deployment nodeSelector. |
terminationGracePeriodSecondsint64 | (Optional) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. |
topologySpreadConstraints[]Kubernetes core/v1.TopologySpreadConstraint | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations[]Kubernetes core/v1.Toleration | (Optional) Tolerations is the typha podâs tolerations. If specified, this overrides any tolerations that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default calico-typha Deployment tolerations. |
TyphaDeploymentPodTemplateSpec
(Appears on:TyphaDeploymentSpec)
TyphaDeploymentPodTemplateSpec is the typha Deploymentâs PodTemplateSpec
| Field | Description |
|---|---|
metadataMetadata | (Optional) Metadata is a subset of a Kubernetes objectâs metadata that is added to the podâs metadata. |
specTyphaDeploymentPodSpec | (Optional) Spec is the typha Deploymentâs PodSpec. |
TyphaDeploymentSpec
(Appears on:TyphaDeployment)
TyphaDeploymentSpec defines configuration for the typha Deployment.
| Field | Description |
|---|---|
minReadySecondsint32 | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for minReadySeconds. |
templateTyphaDeploymentPodTemplateSpec | (Optional) Template describes the typha Deployment pod that will be created. |
strategyTyphaDeploymentStrategy | (Optional) The deployment strategy to use to replace existing pods with new ones. |
TyphaDeploymentStrategy
(Appears on:TyphaDeploymentSpec)
TyphaDeploymentStrategy describes how to replace existing pods with new ones. Only RollingUpdate is supported at this time so the Type field is not exposed.
| Field | Description |
|---|---|
rollingUpdateKubernetes apps/v1.RollingUpdateDeployment | (Optional) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. to be. |
WAFStatusType(string alias)
(Appears on:ApplicationLayerSpec)
| Value | Description |
|---|---|
"Disabled" | |
"Enabled" |
WindowsDataplaneOption(string alias)
(Appears on:CalicoNetworkSpec)
| Value | Description |
|---|---|
"Disabled" | |
"HNS" |
WindowsNodeSpec
(Appears on:InstallationSpec)
| Field | Description |
|---|---|
cniBinDirstring | (Optional) CNIBinDir is the path to the CNI binaries directory on Windows, it must match what is used as âbin_dirâ under [plugins] [plugins.âio.containerd.grpc.v1.criâ] [plugins.âio.containerd.grpc.v1.criâ.cni] on the containerd âconfig.tomlâ file on the Windows nodes. |
cniConfigDirstring | (Optional) CNIConfigDir is the path to the CNI configuration directory on Windows, it must match what is used as âconf_dirâ under [plugins] [plugins.âio.containerd.grpc.v1.criâ] [plugins.âio.containerd.grpc.v1.criâ.cni] on the containerd âconfig.tomlâ file on the Windows nodes. |
cniLogDirstring | (Optional) CNILogDir is the path to the Calico CNI logs directory on Windows. |
vxlanMACPrefixstring | (Optional) VXLANMACPrefix is the prefix used when generating MAC addresses for virtual NICs |
vxlanAdapterstring | (Optional) VXLANAdapter is the Network Adapter used for VXLAN, leave blank for primary NIC |
Generated with gen-crd-api-reference-docs
on git commit 8d0e56b.