Skip to main content
Calico Open Source 3.29 (latest) documentation

Installation reference

The Kubernetes resources below configure Calico installation when using the operator. Each resource is responsible for installing and configuring a different subsystem of Calico during installation. Most options can be modified on a running cluster using kubectl.

Packages:

operator.tigera.io/v1

API Schema definitions for configuring the installation of Calico and Calico Enterprise

Resource Types:

APIServer

APIServer installs the Tigera API server and related resources. At most one instance of this resource is supported. It must be named “default” or “tigera-secure”.

FieldDescription

apiVersion
string

operator.tigera.io/v1

kind
string

APIServer
metadata

Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec

APIServerSpec

Specification of the desired state for the Tigera API server.



apiServerDeployment

APIServerDeployment

APIServerDeployment configures the calico-apiserver (or tigera-apiserver in Enterprise) Deployment. If used in conjunction with ControlPlaneNodeSelector or ControlPlaneTolerations, then these overrides take precedence.

status

APIServerStatus

Most recently observed status for the Tigera API server.

ApplicationLayer

ApplicationLayer is the Schema for the applicationlayers API

FieldDescription

apiVersion
string

operator.tigera.io/v1

kind
string

ApplicationLayer
metadata

Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec

ApplicationLayerSpec



webApplicationFirewall

WAFStatusType

WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.

logCollection

LogCollectionSpec

Specification for application layer (L7) log collection.

applicationLayerPolicy

ApplicationLayerPolicyStatusType

Application Layer Policy controls whether or not ALP enforcement is enabled for the cluster. When enabled, NetworkPolicies with HTTP Match rules may be defined to opt-in workloads for traffic enforcement on the application layer.

envoy

EnvoySettings

User-configurable settings for the Envoy proxy.

status

ApplicationLayerStatus

EgressGateway

EgressGateway is the Schema for the egressgateways API

FieldDescription

apiVersion
string

operator.tigera.io/v1

kind
string

EgressGateway
metadata

Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec

EgressGatewaySpec



replicas

int32

(Optional)

Replicas defines how many instances of the Egress Gateway pod will run.

ipPools

[]EgressGatewayIPPool

IPPools defines the IP Pools that the Egress Gateway pods should be using. Either name or CIDR must be specified. IPPools must match existing IPPools.

externalNetworks

[]string

(Optional)

ExternalNetworks defines the external network names this Egress Gateway is associated with. ExternalNetworks must match existing external networks.

logSeverity

LogLevel

(Optional)

LogSeverity defines the logging level of the Egress Gateway. Default: Info

template

EgressGatewayDeploymentPodTemplateSpec

(Optional)

Template describes the EGW Deployment pod that will be created.

egressGatewayFailureDetection

EgressGatewayFailureDetection

(Optional)

EgressGatewayFailureDetection is used to configure how Egress Gateway determines readiness. If both ICMP, HTTP probes are defined, one ICMP probe and one HTTP probe should succeed for Egress Gateways to become ready. Otherwise one of ICMP or HTTP probe should succeed for Egress gateways to become ready if configured.

aws

AWSEgressGateway

(Optional)

AWS defines the additional configuration options for Egress Gateways on AWS.

status

EgressGatewayStatus

ImageSet

ImageSet is used to specify image digests for the images that the operator deploys. The name of the ImageSet is expected to be in the format <variant>-<release>. The variant used is enterprise if the InstallationSpec Variant is TigeraSecureEnterprise otherwise it is calico. The release must match the version of the variant that the operator is built to deploy, this version can be obtained by passing the --version flag to the operator binary.

FieldDescription

apiVersion
string

operator.tigera.io/v1

kind
string

ImageSet
metadata

Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec

ImageSetSpec



images

[]Image

Images is the list of images to use digests. All images that the operator will deploy must be specified.

Installation

Installation configures an installation of Calico or Calico Enterprise. At most one instance of this resource is supported. It must be named “default”. The Installation API installs core networking and network policy components, and provides general install-time configuration.

FieldDescription

apiVersion
string

operator.tigera.io/v1

kind
string

Installation
metadata

Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec

InstallationSpec

Specification of the desired state for the Calico or Calico Enterprise installation.



variant

ProductVariant

(Optional)

Variant is the product to install - one of Calico or TigeraSecureEnterprise Default: Calico

registry

string

(Optional)

Registry is the default Docker registry used for component Docker images. If specified then the given value must end with a slash character (/) and all images will be pulled from this registry. If not specified then the default registries will be used. A special case value, UseDefault, is supported to explicitly specify the default registries will be used.

Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag>

This option allows configuring the <registry> portion of the above format.

imagePath

string

(Optional)

ImagePath allows for the path part of an image to be specified. If specified then the specified value will be used as the image path for each image. If not specified or empty, the default for each image will be used. A special case value, UseDefault, is supported to explicitly specify the default image path will be used for each image.

Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag>

This option allows configuring the <imagePath> portion of the above format.

imagePrefix

string

(Optional)

ImagePrefix allows for the prefix part of an image to be specified. If specified then the given value will be used as a prefix on each image. If not specified or empty, no prefix will be used. A special case value, UseDefault, is supported to explicitly specify the default image prefix will be used for each image.

Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag>

This option allows configuring the <imagePrefix> portion of the above format.

imagePullSecrets

[]Kubernetes core/v1.LocalObjectReference

(Optional)

ImagePullSecrets is an array of references to container registry pull secrets to use. These are applied to all images to be pulled.

kubernetesProvider

Provider

(Optional)

KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. If the specified value is empty, the Operator will attempt to automatically determine the current provider. If the specified value is not empty, the Operator will still attempt auto-detection, but will additionally compare the auto-detected value to the specified value to confirm they match.

cni

CNISpec

(Optional)

CNI specifies the CNI that will be used by this installation.

calicoNetwork

CalicoNetworkSpec

(Optional)

CalicoNetwork specifies networking configuration options for Calico.

typhaAffinity

TyphaAffinity

(Optional)

Deprecated. Please use Installation.Spec.TyphaDeployment instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods.

controlPlaneNodeSelector

map[string]string

(Optional)

ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico components. This is globally applied to all resources created by the operator excluding daemonsets.

controlPlaneTolerations

[]Kubernetes core/v1.Toleration

(Optional)

ControlPlaneTolerations specify tolerations which are then globally applied to all resources created by the operator.

controlPlaneReplicas

int32

(Optional)

ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. This field applies to all control plane components that support High Availability. Defaults to 2.

nodeMetricsPort

int32

(Optional)

NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then prometheus metrics may still be configured through FelixConfiguration.

typhaMetricsPort

int32

(Optional)

TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled.

flexVolumePath

string

(Optional)

FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled by default. If set to ‘None’, FlexVolume will be disabled. The default is based on the kubernetesProvider.

kubeletVolumePluginPath

string

(Optional)

KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, CSI will be enabled by default. If set to ‘None’, CSI will be disabled. Default: /var/lib/kubelet

nodeUpdateStrategy

Kubernetes apps/v1.DaemonSetUpdateStrategy

(Optional)

NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable field.

componentResources

[]ComponentResource

(Optional)

Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. ComponentResources can be used to customize the resource requirements for each component. Node, Typha, and KubeControllers are supported for installations.

certificateManagement

CertificateManagement

(Optional)

CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization.

nonPrivileged

NonPrivilegedType

(Optional)

NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible.

calicoNodeDaemonSet

CalicoNodeDaemonSet

CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence.

csiNodeDriverDaemonSet

CSINodeDriverDaemonSet

CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet.

calicoKubeControllersDeployment

CalicoKubeControllersDeployment

CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence.

typhaDeployment

TyphaDeployment

TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated ComponentResources or TyphaAffinity, then these overrides take precedence.

calicoWindowsUpgradeDaemonSet

CalicoWindowsUpgradeDaemonSet

Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet.

calicoNodeWindowsDaemonSet

CalicoNodeWindowsDaemonSet

CalicoNodeWindowsDaemonSet configures the calico-node-windows DaemonSet.

fipsMode

FIPSMode

(Optional)

FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. Default: Disabled

logging

Logging

(Optional)

Logging Configuration for Components

windowsNodes

WindowsNodeSpec

(Optional)

Windows Configuration

serviceCIDRs

[]string

(Optional)

Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows.

status

InstallationStatus

Most recently observed state for the Calico or Calico Enterprise installation.

Monitor

Monitor is the Schema for the monitor API. At most one instance of this resource is supported. It must be named “tigera-secure”.

FieldDescription

apiVersion
string

operator.tigera.io/v1

kind
string

Monitor
metadata

Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec

MonitorSpec



status

MonitorStatus

PolicyRecommendation

PolicyRecommendation is the Schema for the policy recommendation API. At most one instance of this resource is supported. It must be named “tigera-secure”.

FieldDescription

apiVersion
string

operator.tigera.io/v1

kind
string

PolicyRecommendation
metadata

Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec

PolicyRecommendationSpec



status

PolicyRecommendationStatus

Tenant

Tenant is the Schema for the tenants API

FieldDescription

apiVersion
string

operator.tigera.io/v1

kind
string

Tenant
metadata

Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec

TenantSpec



id

string

ID is the unique identifier for this tenant.

indices

[]Index

Indices defines the how to store a tenant’s data

status

TenantStatus

TigeraStatus

TigeraStatus represents the most recently observed status for Calico or a Calico Enterprise functional area.

FieldDescription

apiVersion
string

operator.tigera.io/v1

kind
string

TigeraStatus
metadata

Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the metadata field.

spec

TigeraStatusSpec



status

TigeraStatusStatus

APIServerDeployment

(Appears on: APIServerSpec)

APIServerDeployment is the configuration for the API server Deployment.

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment.

spec

APIServerDeploymentSpec

(Optional)

Spec is the specification of the API server Deployment.



APIServerDeploymentContainer

(Appears on: APIServerDeploymentPodSpec)

APIServerDeploymentContainer is an API server Deployment container.

FieldDescription
name

string

Name is an enum which identifies the API server Deployment container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named API server Deployment container’s resources. If omitted, the API server Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

APIServerDeploymentInitContainer

(Appears on: APIServerDeploymentPodSpec)

APIServerDeploymentInitContainer is an API server Deployment init container.

FieldDescription
name

string

Name is an enum which identifies the API server Deployment init container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named API server Deployment init container’s resources. If omitted, the API server Deployment will use its default value for this init container’s resources.

APIServerDeploymentPodSpec

(Appears on: APIServerDeploymentPodTemplateSpec)

APIServerDeploymentDeploymentPodSpec is the API server Deployment’s PodSpec.

FieldDescription
initContainers

[]APIServerDeploymentInitContainer

(Optional)

InitContainers is a list of API server init containers. If specified, this overrides the specified API server Deployment init containers. If omitted, the API server Deployment will use its default values for its init containers.

containers

[]APIServerDeploymentContainer

(Optional)

Containers is a list of API server containers. If specified, this overrides the specified API server Deployment containers. If omitted, the API server Deployment will use its default values for its containers.

affinity

Kubernetes core/v1.Affinity

(Optional)

Affinity is a group of affinity scheduling rules for the API server pods. If specified, this overrides any affinity that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for affinity. WARNING: Please note that this field will override the default API server Deployment affinity.

nodeSelector

map[string]string

NodeSelector is the API server pod’s scheduling constraints. If specified, each of the key/value pairs are added to the API server Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the API server Deployment and each of this field’s key/value pairs are added to the API server Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the API server Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default API server Deployment nodeSelector.

topologySpreadConstraints

[]Kubernetes core/v1.TopologySpreadConstraint

(Optional)

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.

tolerations

[]Kubernetes core/v1.Toleration

(Optional)

Tolerations is the API server pod’s tolerations. If specified, this overrides any tolerations that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default API server Deployment tolerations.

APIServerDeploymentPodTemplateSpec

(Appears on: APIServerDeploymentSpec)

APIServerDeploymentPodTemplateSpec is the API server Deployment’s PodTemplateSpec

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec

APIServerDeploymentPodSpec

(Optional)

Spec is the API server Deployment’s PodSpec.



APIServerDeploymentSpec

(Appears on: APIServerDeployment)

APIServerDeploymentSpec defines configuration for the API server Deployment.

FieldDescription
minReadySeconds

int32

(Optional)

MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for minReadySeconds.

template

APIServerDeploymentPodTemplateSpec

(Optional)

Template describes the API server Deployment pod that will be created.

APIServerSpec

(Appears on: APIServer)

APIServerSpec defines the desired state of Tigera API server.

FieldDescription
apiServerDeployment

APIServerDeployment

APIServerDeployment configures the calico-apiserver (or tigera-apiserver in Enterprise) Deployment. If used in conjunction with ControlPlaneNodeSelector or ControlPlaneTolerations, then these overrides take precedence.

APIServerStatus

(Appears on: APIServer)

APIServerStatus defines the observed state of Tigera API server.

FieldDescription
state

string

State provides user-readable status.

conditions

[]Kubernetes meta/v1.Condition

(Optional)

Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types.

AWSEgressGateway

(Appears on: EgressGatewaySpec)

AWSEgressGateway defines the configurations for deploying EgressGateway in AWS

FieldDescription
nativeIP

NativeIP

(Optional)

NativeIP defines if EgressGateway is to use an AWS backed IPPool. Default: Disabled

elasticIPs

[]string

(Optional)

ElasticIPs defines the set of elastic IPs that can be used for Egress Gateway pods. NativeIP must be Enabled if elastic IPs are set.

AnomalyDetectionSpec

FieldDescription
storageClassName

string

(Optional)

StorageClassName is now deprecated, and configuring it has no effect.

ApplicationLayerPolicyStatusType (string alias)

(Appears on: ApplicationLayerSpec)

ApplicationLayerSpec

(Appears on: ApplicationLayer)

ApplicationLayerSpec defines the desired state of ApplicationLayer

FieldDescription
webApplicationFirewall

WAFStatusType

WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.

logCollection

LogCollectionSpec

Specification for application layer (L7) log collection.

applicationLayerPolicy

ApplicationLayerPolicyStatusType

Application Layer Policy controls whether or not ALP enforcement is enabled for the cluster. When enabled, NetworkPolicies with HTTP Match rules may be defined to opt-in workloads for traffic enforcement on the application layer.

envoy

EnvoySettings

User-configurable settings for the Envoy proxy.

ApplicationLayerStatus

(Appears on: ApplicationLayer)

ApplicationLayerStatus defines the observed state of ApplicationLayer

FieldDescription
state

string

State provides user-readable status.

conditions

[]Kubernetes meta/v1.Condition

(Optional)

Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types.

BGPOption (string alias)

(Appears on: CalicoNetworkSpec)

BGPOption describes the mode of BGP to use.

One of: Enabled, Disabled

CAType (string alias)

CAType specifies which verification method the tunnel client should use to verify the tunnel server’s identity.

One of: Tigera, Public

CNILogging

(Appears on: Logging)

FieldDescription
logSeverity

LogLevel

(Optional)

Default: Info

logFileMaxSize

k8s.io/apimachinery/pkg/api/resource.Quantity

(Optional)

Default: 100Mi

logFileMaxAgeDays

uint32

(Optional)

Default: 30 (days)

logFileMaxCount

uint32

(Optional)

Default: 10

CNIPluginType (string alias)

(Appears on: CNISpec)

CNIPluginType describes the type of CNI plugin used.

One of: Calico, GKE, AmazonVPC, AzureVNET

CNISpec

(Appears on: InstallationSpec)

CNISpec contains configuration for the CNI plugin.

FieldDescription
type

CNIPluginType

Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation.

  • For KubernetesProvider GKE, this field defaults to GKE.
  • For KubernetesProvider AKS, this field defaults to AzureVNET.
  • For KubernetesProvider EKS, this field defaults to AmazonVPC.
  • If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC.
  • For all other cases this field defaults to Calico.

For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment, for all other values the CNI plugin binaries and CNI config is a dependency that is expected to be installed separately.

Default: Calico

ipam

IPAMSpec

(Optional)

IPAM specifies the pod IP address management that will be used in the Calico or Calico Enterprise installation.

CSINodeDriverDaemonSet

(Appears on: InstallationSpec)

CSINodeDriverDaemonSet is the configuration for the csi-node-driver DaemonSet.

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the DaemonSet.

spec

CSINodeDriverDaemonSetSpec

(Optional)

Spec is the specification of the csi-node-driver DaemonSet.



CSINodeDriverDaemonSetContainer

(Appears on: CSINodeDriverDaemonSetPodSpec)

CSINodeDriverDaemonSetContainer is a csi-node-driver DaemonSet container.

FieldDescription
name

string

Name is an enum which identifies the csi-node-driver DaemonSet container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named csi-node-driver DaemonSet container’s resources. If omitted, the csi-node-driver DaemonSet will use its default value for this container’s resources.

CSINodeDriverDaemonSetPodSpec

(Appears on: CSINodeDriverDaemonSetPodTemplateSpec)

CSINodeDriverDaemonSetPodSpec is the csi-node-driver DaemonSet’s PodSpec.

FieldDescription
containers

[]CSINodeDriverDaemonSetContainer

(Optional)

Containers is a list of csi-node-driver containers. If specified, this overrides the specified csi-node-driver DaemonSet containers. If omitted, the csi-node-driver DaemonSet will use its default values for its containers.

affinity

Kubernetes core/v1.Affinity

(Optional)

Affinity is a group of affinity scheduling rules for the csi-node-driver pods. If specified, this overrides any affinity that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default csi-node-driver DaemonSet affinity.

nodeSelector

map[string]string

(Optional)

NodeSelector is the csi-node-driver pod’s scheduling constraints. If specified, each of the key/value pairs are added to the csi-node-driver DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the csi-node-driver DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default csi-node-driver DaemonSet nodeSelector.

tolerations

[]Kubernetes core/v1.Toleration

(Optional)

Tolerations is the csi-node-driver pod’s tolerations. If specified, this overrides any tolerations that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default csi-node-driver DaemonSet tolerations.

CSINodeDriverDaemonSetPodTemplateSpec

(Appears on: CSINodeDriverDaemonSetSpec)

CSINodeDriverDaemonSetPodTemplateSpec is the csi-node-driver DaemonSet’s PodTemplateSpec

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec

CSINodeDriverDaemonSetPodSpec

(Optional)

Spec is the csi-node-driver DaemonSet’s PodSpec.



CSINodeDriverDaemonSetSpec

(Appears on: CSINodeDriverDaemonSet)

CSINodeDriverDaemonSetSpec defines configuration for the csi-node-driver DaemonSet.

FieldDescription
minReadySeconds

int32

(Optional)

MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for minReadySeconds.

template

CSINodeDriverDaemonSetPodTemplateSpec

(Optional)

Template describes the csi-node-driver DaemonSet pod that will be created.

CalicoKubeControllersDeployment

(Appears on: InstallationSpec)

CalicoKubeControllersDeployment is the configuration for the calico-kube-controllers Deployment.

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment.

spec

CalicoKubeControllersDeploymentSpec

(Optional)

Spec is the specification of the calico-kube-controllers Deployment.



CalicoKubeControllersDeploymentContainer

(Appears on: CalicoKubeControllersDeploymentPodSpec)

CalicoKubeControllersDeploymentContainer is a calico-kube-controllers Deployment container.

FieldDescription
name

string

Name is an enum which identifies the calico-kube-controllers Deployment container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-kube-controllers Deployment container’s resources. If omitted, the calico-kube-controllers Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CalicoKubeControllersDeploymentPodSpec

(Appears on: CalicoKubeControllersDeploymentPodTemplateSpec)

CalicoKubeControllersDeploymentPodSpec is the calico-kube-controller Deployment’s PodSpec.

FieldDescription
containers

[]CalicoKubeControllersDeploymentContainer

(Optional)

Containers is a list of calico-kube-controllers containers. If specified, this overrides the specified calico-kube-controllers Deployment containers. If omitted, the calico-kube-controllers Deployment will use its default values for its containers.

affinity

Kubernetes core/v1.Affinity

(Optional)

Affinity is a group of affinity scheduling rules for the calico-kube-controllers pods. If specified, this overrides any affinity that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for affinity. WARNING: Please note that this field will override the default calico-kube-controllers Deployment affinity.

nodeSelector

map[string]string

NodeSelector is the calico-kube-controllers pod’s scheduling constraints. If specified, each of the key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-kube-controllers Deployment and each of this field’s key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the calico-kube-controllers Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-kube-controllers Deployment nodeSelector.

tolerations

[]Kubernetes core/v1.Toleration

(Optional)

Tolerations is the calico-kube-controllers pod’s tolerations. If specified, this overrides any tolerations that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default calico-kube-controllers Deployment tolerations.

CalicoKubeControllersDeploymentPodTemplateSpec

(Appears on: CalicoKubeControllersDeploymentSpec)

CalicoKubeControllersDeploymentPodTemplateSpec is the calico-kube-controllers Deployment’s PodTemplateSpec

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec

CalicoKubeControllersDeploymentPodSpec

(Optional)

Spec is the calico-kube-controllers Deployment’s PodSpec.



CalicoKubeControllersDeploymentSpec

(Appears on: CalicoKubeControllersDeployment)

CalicoKubeControllersDeploymentSpec defines configuration for the calico-kube-controllers Deployment.

FieldDescription
minReadySeconds

int32

(Optional)

MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for minReadySeconds.

template

CalicoKubeControllersDeploymentPodTemplateSpec

(Optional)

Template describes the calico-kube-controllers Deployment pod that will be created.

CalicoNetworkSpec

(Appears on: InstallationSpec)

CalicoNetworkSpec specifies configuration options for Calico provided pod networking.

FieldDescription
linuxDataplane

LinuxDataplaneOption

(Optional)

LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, iptables mode is used. Default: Iptables

windowsDataplane

WindowsDataplaneOption

(Optional)

WindowsDataplane is used to select the dataplane used for Windows nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, it is disabled and the operator will not render the Calico Windows nodes daemonset. Default: Disabled

bgp

BGPOption

(Optional)

BGP configures whether or not to enable Calico’s BGP capabilities.

ipPools

[]IPPool

(Optional)

IPPools contains a list of IP pools to create if none exist. At most one IP pool of each address family may be specified. If omitted, a single pool will be configured if needed.

mtu

int32

(Optional)

MTU specifies the maximum transmission unit to use on the pod network. If not specified, Calico will perform MTU auto-detection based on the cluster network.

nodeAddressAutodetectionV4

NodeAddressAutodetection

(Optional)

NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified, will use default auto-detection settings to acquire an IPv4 address for each node.

nodeAddressAutodetectionV6

NodeAddressAutodetection

(Optional)

NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified, IPv6 addresses will not be auto-detected.

hostPorts

HostPortsType

(Optional)

HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin. Default: Enabled

multiInterfaceMode

MultiInterfaceMode

(Optional)

MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations using the Calico CNI plugin. Default: None

containerIPForwarding

ContainerIPForwardingType

(Optional)

ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration. Default: Disabled

CalicoNodeDaemonSet

(Appears on: InstallationSpec)

CalicoNodeDaemonSet is the configuration for the calico-node DaemonSet.

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the DaemonSet.

spec

CalicoNodeDaemonSetSpec

(Optional)

Spec is the specification of the calico-node DaemonSet.



CalicoNodeDaemonSetContainer

(Appears on: CalicoNodeDaemonSetPodSpec)

CalicoNodeDaemonSetContainer is a calico-node DaemonSet container.

FieldDescription
name

string

Name is an enum which identifies the calico-node DaemonSet container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node DaemonSet container’s resources. If omitted, the calico-node DaemonSet will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CalicoNodeDaemonSetInitContainer

(Appears on: CalicoNodeDaemonSetPodSpec)

CalicoNodeDaemonSetInitContainer is a calico-node DaemonSet init container.

FieldDescription
name

string

Name is an enum which identifies the calico-node DaemonSet init container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node DaemonSet init container’s resources. If omitted, the calico-node DaemonSet will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CalicoNodeDaemonSetPodSpec

(Appears on: CalicoNodeDaemonSetPodTemplateSpec)

CalicoNodeDaemonSetPodSpec is the calico-node DaemonSet’s PodSpec.

FieldDescription
initContainers

[]CalicoNodeDaemonSetInitContainer

(Optional)

InitContainers is a list of calico-node init containers. If specified, this overrides the specified calico-node DaemonSet init containers. If omitted, the calico-node DaemonSet will use its default values for its init containers.

containers

[]CalicoNodeDaemonSetContainer

(Optional)

Containers is a list of calico-node containers. If specified, this overrides the specified calico-node DaemonSet containers. If omitted, the calico-node DaemonSet will use its default values for its containers.

affinity

Kubernetes core/v1.Affinity

(Optional)

Affinity is a group of affinity scheduling rules for the calico-node pods. If specified, this overrides any affinity that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-node DaemonSet affinity.

nodeSelector

map[string]string

(Optional)

NodeSelector is the calico-node pod’s scheduling constraints. If specified, each of the key/value pairs are added to the calico-node DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the calico-node DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-node DaemonSet nodeSelector.

tolerations

[]Kubernetes core/v1.Toleration

(Optional)

Tolerations is the calico-node pod’s tolerations. If specified, this overrides any tolerations that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-node DaemonSet tolerations.

CalicoNodeDaemonSetPodTemplateSpec

(Appears on: CalicoNodeDaemonSetSpec)

CalicoNodeDaemonSetPodTemplateSpec is the calico-node DaemonSet’s PodTemplateSpec

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec

CalicoNodeDaemonSetPodSpec

(Optional)

Spec is the calico-node DaemonSet’s PodSpec.



CalicoNodeDaemonSetSpec

(Appears on: CalicoNodeDaemonSet)

CalicoNodeDaemonSetSpec defines configuration for the calico-node DaemonSet.

FieldDescription
minReadySeconds

int32

(Optional)

MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for minReadySeconds.

template

CalicoNodeDaemonSetPodTemplateSpec

(Optional)

Template describes the calico-node DaemonSet pod that will be created.

CalicoNodeWindowsDaemonSet

(Appears on: InstallationSpec)

CalicoNodeWindowsDaemonSet is the configuration for the calico-node-windows DaemonSet.

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the DaemonSet.

spec

CalicoNodeWindowsDaemonSetSpec

(Optional)

Spec is the specification of the calico-node-windows DaemonSet.



CalicoNodeWindowsDaemonSetContainer

(Appears on: CalicoNodeWindowsDaemonSetPodSpec)

CalicoNodeWindowsDaemonSetContainer is a calico-node-windows DaemonSet container.

FieldDescription
name

string

Name is an enum which identifies the calico-node-windows DaemonSet container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node-windows DaemonSet container’s resources. If omitted, the calico-node-windows DaemonSet will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CalicoNodeWindowsDaemonSetInitContainer

(Appears on: CalicoNodeWindowsDaemonSetPodSpec)

CalicoNodeWindowsDaemonSetInitContainer is a calico-node-windows DaemonSet init container.

FieldDescription
name

string

Name is an enum which identifies the calico-node-windows DaemonSet init container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node-windows DaemonSet init container’s resources. If omitted, the calico-node-windows DaemonSet will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CalicoNodeWindowsDaemonSetPodSpec

(Appears on: CalicoNodeWindowsDaemonSetPodTemplateSpec)

CalicoNodeWindowsDaemonSetPodSpec is the calico-node-windows DaemonSet’s PodSpec.

FieldDescription
initContainers

[]CalicoNodeWindowsDaemonSetInitContainer

(Optional)

InitContainers is a list of calico-node-windows init containers. If specified, this overrides the specified calico-node-windows DaemonSet init containers. If omitted, the calico-node-windows DaemonSet will use its default values for its init containers.

containers

[]CalicoNodeWindowsDaemonSetContainer

(Optional)

Containers is a list of calico-node-windows containers. If specified, this overrides the specified calico-node-windows DaemonSet containers. If omitted, the calico-node-windows DaemonSet will use its default values for its containers.

affinity

Kubernetes core/v1.Affinity

(Optional)

Affinity is a group of affinity scheduling rules for the calico-node-windows pods. If specified, this overrides any affinity that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-node-windows DaemonSet affinity.

nodeSelector

map[string]string

(Optional)

NodeSelector is the calico-node-windows pod’s scheduling constraints. If specified, each of the key/value pairs are added to the calico-node-windows DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the calico-node-windows DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-node-windows DaemonSet nodeSelector.

tolerations

[]Kubernetes core/v1.Toleration

(Optional)

Tolerations is the calico-node-windows pod’s tolerations. If specified, this overrides any tolerations that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-node-windows DaemonSet tolerations.

CalicoNodeWindowsDaemonSetPodTemplateSpec

(Appears on: CalicoNodeWindowsDaemonSetSpec)

CalicoNodeWindowsDaemonSetPodTemplateSpec is the calico-node-windows DaemonSet’s PodTemplateSpec

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec

CalicoNodeWindowsDaemonSetPodSpec

(Optional)

Spec is the calico-node-windows DaemonSet’s PodSpec.



CalicoNodeWindowsDaemonSetSpec

(Appears on: CalicoNodeWindowsDaemonSet)

CalicoNodeWindowsDaemonSetSpec defines configuration for the calico-node-windows DaemonSet.

FieldDescription
minReadySeconds

int32

(Optional)

MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds.

template

CalicoNodeWindowsDaemonSetPodTemplateSpec

(Optional)

Template describes the calico-node-windows DaemonSet pod that will be created.

CalicoWindowsUpgradeDaemonSet

(Appears on: InstallationSpec)

Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet is the configuration for the calico-windows-upgrade DaemonSet.

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment.

spec

CalicoWindowsUpgradeDaemonSetSpec

(Optional)

Spec is the specification of the calico-windows-upgrade DaemonSet.



CalicoWindowsUpgradeDaemonSetContainer

(Appears on: CalicoWindowsUpgradeDaemonSetPodSpec)

CalicoWindowsUpgradeDaemonSetContainer is a calico-windows-upgrade DaemonSet container.

FieldDescription
name

string

Name is an enum which identifies the calico-windows-upgrade DaemonSet container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-windows-upgrade DaemonSet container’s resources. If omitted, the calico-windows-upgrade DaemonSet will use its default value for this container’s resources.

CalicoWindowsUpgradeDaemonSetPodSpec

(Appears on: CalicoWindowsUpgradeDaemonSetPodTemplateSpec)

CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet’s PodSpec.

FieldDescription
containers

[]CalicoWindowsUpgradeDaemonSetContainer

(Optional)

Containers is a list of calico-windows-upgrade containers. If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers.

affinity

Kubernetes core/v1.Affinity

(Optional)

Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity.

nodeSelector

map[string]string

(Optional)

NodeSelector is the calico-windows-upgrade pod’s scheduling constraints. If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector.

tolerations

[]Kubernetes core/v1.Toleration

(Optional)

Tolerations is the calico-windows-upgrade pod’s tolerations. If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations.

CalicoWindowsUpgradeDaemonSetPodTemplateSpec

(Appears on: CalicoWindowsUpgradeDaemonSetSpec)

CalicoWindowsUpgradeDaemonSetPodTemplateSpec is the calico-windows-upgrade DaemonSet’s PodTemplateSpec

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec

CalicoWindowsUpgradeDaemonSetPodSpec

(Optional)

Spec is the calico-windows-upgrade DaemonSet’s PodSpec.



CalicoWindowsUpgradeDaemonSetSpec

(Appears on: CalicoWindowsUpgradeDaemonSet)

CalicoWindowsUpgradeDaemonSetSpec defines configuration for the calico-windows-upgrade DaemonSet.

FieldDescription
minReadySeconds

int32

(Optional)

MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds.

template

CalicoWindowsUpgradeDaemonSetPodTemplateSpec

(Optional)

Template describes the calico-windows-upgrade DaemonSet pod that will be created.

CertificateManagement

(Appears on: InstallationSpec)

CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization.

FieldDescription
caCert

[]byte

Certificate of the authority that signs the CertificateSigningRequests in PEM format.

signerName

string

When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters with multiple signers. Must be formatted as: <my-domain>/<my-signername>.

keyAlgorithm

string

(Optional)

Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. Default: RSAWithSize2048

signatureAlgorithm

string

(Optional)

Specify the algorithm used for the signature of the X.509 certificate request. Default: SHA256WithRSA

CollectProcessPathOption (string alias)

ComponentName (string alias)

(Appears on: ComponentResource)

ComponentName represents a single component.

One of: Node, Typha, KubeControllers

ComponentResource

(Appears on: InstallationSpec)

Deprecated. Please use component resource config fields in Installation.Spec instead. The ComponentResource struct associates a ResourceRequirements with a component by name

FieldDescription
componentName

ComponentName

ComponentName is an enum which identifies the component

resourceRequirements

Kubernetes core/v1.ResourceRequirements

ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory.

ConditionStatus (string alias)

(Appears on: TigeraStatusCondition)

ConditionStatus represents the status of a particular condition. A condition may be one of: True, False, Unknown.

ContainerIPForwardingType (string alias)

(Appears on: CalicoNetworkSpec)

ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled.

DataType (string alias)

(Appears on: Index)

DataType represent the type of data stored

EGWDeploymentContainer

(Appears on: EgressGatewayDeploymentPodSpec)

EGWDeploymentContainer is a Egress Gateway Deployment container.

FieldDescription
name

string

Name is an enum which identifies the EGW Deployment container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named EGW Deployment container’s resources. If omitted, the EGW Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

EGWDeploymentInitContainer

(Appears on: EgressGatewayDeploymentPodSpec)

EGWDeploymentInitContainer is a Egress Gateway Deployment init container.

FieldDescription
name

string

Name is an enum which identifies the EGW Deployment init container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named EGW Deployment init container’s resources. If omitted, the EGW Deployment will use its default value for this init container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

EgressGatewayDeploymentPodSpec

(Appears on: EgressGatewayDeploymentPodTemplateSpec)

EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment’s PodSpec.

FieldDescription
initContainers

[]EGWDeploymentInitContainer

(Optional)

InitContainers is a list of EGW init containers. If specified, this overrides the specified EGW Deployment init containers. If omitted, the EGW Deployment will use its default values for its init containers.

containers

[]EGWDeploymentContainer

(Optional)

Containers is a list of EGW containers. If specified, this overrides the specified EGW Deployment containers. If omitted, the EGW Deployment will use its default values for its containers.

affinity

Kubernetes core/v1.Affinity

(Optional)

Affinity is a group of affinity scheduling rules for the EGW pods.

nodeSelector

map[string]string

(Optional)

NodeSelector gives more control over the nodes where the Egress Gateway pods will run on.

terminationGracePeriodSeconds

int64

(Optional)

TerminationGracePeriodSeconds defines the termination grace period of the Egress Gateway pods in seconds.

topologySpreadConstraints

[]Kubernetes core/v1.TopologySpreadConstraint

(Optional)

TopologySpreadConstraints defines how the Egress Gateway pods should be spread across different AZs.

tolerations

[]Kubernetes core/v1.Toleration

(Optional)

Tolerations is the egress gateway pod’s tolerations. If specified, this overrides any tolerations that may be set on the EGW Deployment. If omitted, the EGW Deployment will use its default value for tolerations.

EgressGatewayDeploymentPodTemplateSpec

(Appears on: EgressGatewaySpec)

EgressGatewayDeploymentPodTemplateSpec is the EGW Deployment’s PodTemplateSpec

FieldDescription
metadata

EgressGatewayMetadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec

EgressGatewayDeploymentPodSpec

(Optional)

Spec is the EGW Deployment’s PodSpec.



EgressGatewayFailureDetection

(Appears on: EgressGatewaySpec)

EgressGatewayFailureDetection defines the fields the needed for determining Egress Gateway readiness.

FieldDescription
healthTimeoutDataStoreSeconds

int32

(Optional)

HealthTimeoutDataStoreSeconds defines how long Egress Gateway can fail to connect to the datastore before reporting not ready. This value must be greater than 0. Default: 90

icmpProbe

ICMPProbe

(Optional)

ICMPProbe define outgoing ICMP probes that Egress Gateway will use to verify its upstream connection. Egress Gateway will report not ready if all fail. Timeout must be greater than interval.

httpProbe

HTTPProbe

(Optional)

HTTPProbe define outgoing HTTP probes that Egress Gateway will use to verify its upsteam connection. Egress Gateway will report not ready if all fail. Timeout must be greater than interval.

EgressGatewayIPPool

(Appears on: EgressGatewaySpec)

FieldDescription
name

string

(Optional)

Name is the name of the IPPool that the Egress Gateways can use.

cidr

string

(Optional)

CIDR is the IPPool CIDR that the Egress Gateways can use.

EgressGatewayMetadata

(Appears on: EgressGatewayDeploymentPodTemplateSpec)

EgressGatewayMetadata contains the standard Kubernetes labels and annotations fields.

FieldDescription
labels

map[string]string

(Optional)

Labels is a map of string keys and values that may match replica set and service selectors. Each of these key/value pairs are added to the object’s labels provided the key does not already exist in the object’s labels. If not specified will default to projectcalico.org/egw:[name], where [name] is the name of the Egress Gateway resource.

annotations

map[string]string

(Optional)

Annotations is a map of arbitrary non-identifying metadata. Each of these key/value pairs are added to the object’s annotations provided the key does not already exist in the object’s annotations.

EgressGatewaySpec

(Appears on: EgressGateway)

EgressGatewaySpec defines the desired state of EgressGateway

FieldDescription
replicas

int32

(Optional)

Replicas defines how many instances of the Egress Gateway pod will run.

ipPools

[]EgressGatewayIPPool

IPPools defines the IP Pools that the Egress Gateway pods should be using. Either name or CIDR must be specified. IPPools must match existing IPPools.

externalNetworks

[]string

(Optional)

ExternalNetworks defines the external network names this Egress Gateway is associated with. ExternalNetworks must match existing external networks.

logSeverity

LogLevel

(Optional)

LogSeverity defines the logging level of the Egress Gateway. Default: Info

template

EgressGatewayDeploymentPodTemplateSpec

(Optional)

Template describes the EGW Deployment pod that will be created.

egressGatewayFailureDetection

EgressGatewayFailureDetection

(Optional)

EgressGatewayFailureDetection is used to configure how Egress Gateway determines readiness. If both ICMP, HTTP probes are defined, one ICMP probe and one HTTP probe should succeed for Egress Gateways to become ready. Otherwise one of ICMP or HTTP probe should succeed for Egress gateways to become ready if configured.

aws

AWSEgressGateway

(Optional)

AWS defines the additional configuration options for Egress Gateways on AWS.

EgressGatewayStatus

(Appears on: EgressGateway)

EgressGatewayStatus defines the observed state of EgressGateway

FieldDescription
state

string

State provides user-readable status.

conditions

[]Kubernetes meta/v1.Condition

(Optional)

Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types.

EncapsulationType (string alias)

(Appears on: IPPool)

EncapsulationType is the type of encapsulation to use on an IP pool.

One of: IPIP, VXLAN, IPIPCrossSubnet, VXLANCrossSubnet, None

EncryptionOption (string alias)

EncryptionOption specifies the traffic encryption mode when connecting to a Syslog server.

One of: None, TLS

EnvoySettings

(Appears on: ApplicationLayerSpec)

FieldDescription
xffNumTrustedHops

int32

(Optional)

The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust when determining the origin client’s IP address. 0 is permitted, but >=1 is the typical setting.

useRemoteAddress

bool

(Optional)

If set to true, the Envoy connection manager will use the real remote address of the client connection when determining internal versus external origin and manipulating various headers.

FIPSMode (string alias)

(Appears on: InstallationSpec)

HTTPProbe

(Appears on: EgressGatewayFailureDetection)

HTTPProbe defines the HTTP probe configuration for Egress Gateway.

FieldDescription
urls

[]string

URLs define the list of HTTP probe URLs. Egress Gateway will probe each URL periodically.If all probes fail, Egress Gateway will report non-ready.

intervalSeconds

int32

(Optional)

IntervalSeconds defines the interval of HTTP probes. Used when URLs is non-empty. Default: 10

timeoutSeconds

int32

(Optional)

TimeoutSeconds defines the timeout value of HTTP probes. Used when URLs is non-empty. Default: 30

HostPortsType (string alias)

(Appears on: CalicoNetworkSpec)

HostPortsType specifies host port support.

One of: Enabled, Disabled

ICMPProbe

(Appears on: EgressGatewayFailureDetection)

ICMPProbe defines the ICMP probe configuration for Egress Gateway.

FieldDescription
ips

[]string

IPs define the list of ICMP probe IPs. Egress Gateway will probe each IP periodically. If all probes fail, Egress Gateway will report non-ready.

intervalSeconds

int32

(Optional)

IntervalSeconds defines the interval of ICMP probes. Used when IPs is non-empty. Default: 5

timeoutSeconds

int32

(Optional)

TimeoutSeconds defines the timeout value of ICMP probes. Used when IPs is non-empty. Default: 15

IPAMPluginType (string alias)

(Appears on: IPAMSpec)

IPAMSpec

(Appears on: CNISpec)

IPAMSpec contains configuration for pod IP address management.

FieldDescription
type

IPAMPluginType

Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation.

  • For CNI Plugin Calico, this field defaults to Calico.
  • For CNI Plugin GKE, this field defaults to HostLocal.
  • For CNI Plugin AzureVNET, this field defaults to AzureVNET.
  • For CNI Plugin AmazonVPC, this field defaults to AmazonVPC.

The IPAM plugin is installed and configured only if the CNI plugin is set to Calico, for all other values of the CNI plugin the plugin binaries and CNI config is a dependency that is expected to be installed separately.

Default: Calico

IPPool

(Appears on: CalicoNetworkSpec)

FieldDescription
cidr

string

CIDR contains the address range for the IP Pool in classless inter-domain routing format.

encapsulation

EncapsulationType

(Optional)

Encapsulation specifies the encapsulation type that will be used with the IP Pool. Default: IPIP

natOutgoing

NATOutgoingType

(Optional)

NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic. Default: Enabled

nodeSelector

string

(Optional)

NodeSelector specifies the node selector that will be set for the IP Pool. Default: ‘all()’

blockSize

int32

(Optional)

BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)

disableBGPExport

bool

(Optional)

DisableBGPExport specifies whether routes from this IP pool’s CIDR are exported over BGP. Default: false

Image

(Appears on: ImageSetSpec)

FieldDescription
image

string

Image is an image that the operator deploys and instead of using the built in tag the operator will use the Digest for the image identifier. The value should be the image name without registry or tag or digest. For the image docker.io/calico/node:v3.17.1 it should be represented as calico/node

digest

string

Digest is the image identifier that will be used for the Image. The field should not include a leading @ and must be prefixed with sha256:.

ImageSetSpec

(Appears on: ImageSet)

ImageSetSpec defines the desired state of ImageSet.

FieldDescription
images

[]Image

Images is the list of images to use digests. All images that the operator will deploy must be specified.

Index

(Appears on: TenantSpec)

Index defines how to store a tenant’s data

FieldDescription
baseIndexName

string

BaseIndexName defines the name of the index that will be used to store data (this name excludes the numerical identifier suffix)

dataType

DataType

DataType represents the type of data stored in the defined index

InstallationSpec

(Appears on: Installation, InstallationStatus)

InstallationSpec defines configuration for a Calico or Calico Enterprise installation.

FieldDescription
variant

ProductVariant

(Optional)

Variant is the product to install - one of Calico or TigeraSecureEnterprise Default: Calico

registry

string

(Optional)

Registry is the default Docker registry used for component Docker images. If specified then the given value must end with a slash character (/) and all images will be pulled from this registry. If not specified then the default registries will be used. A special case value, UseDefault, is supported to explicitly specify the default registries will be used.

Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag>

This option allows configuring the <registry> portion of the above format.

imagePath

string

(Optional)

ImagePath allows for the path part of an image to be specified. If specified then the specified value will be used as the image path for each image. If not specified or empty, the default for each image will be used. A special case value, UseDefault, is supported to explicitly specify the default image path will be used for each image.

Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag>

This option allows configuring the <imagePath> portion of the above format.

imagePrefix

string

(Optional)

ImagePrefix allows for the prefix part of an image to be specified. If specified then the given value will be used as a prefix on each image. If not specified or empty, no prefix will be used. A special case value, UseDefault, is supported to explicitly specify the default image prefix will be used for each image.

Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag>

This option allows configuring the <imagePrefix> portion of the above format.

imagePullSecrets

[]Kubernetes core/v1.LocalObjectReference

(Optional)

ImagePullSecrets is an array of references to container registry pull secrets to use. These are applied to all images to be pulled.

kubernetesProvider

Provider

(Optional)

KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. If the specified value is empty, the Operator will attempt to automatically determine the current provider. If the specified value is not empty, the Operator will still attempt auto-detection, but will additionally compare the auto-detected value to the specified value to confirm they match.

cni

CNISpec

(Optional)

CNI specifies the CNI that will be used by this installation.

calicoNetwork

CalicoNetworkSpec

(Optional)

CalicoNetwork specifies networking configuration options for Calico.

typhaAffinity

TyphaAffinity

(Optional)

Deprecated. Please use Installation.Spec.TyphaDeployment instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods.

controlPlaneNodeSelector

map[string]string

(Optional)

ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico components. This is globally applied to all resources created by the operator excluding daemonsets.

controlPlaneTolerations

[]Kubernetes core/v1.Toleration

(Optional)

ControlPlaneTolerations specify tolerations which are then globally applied to all resources created by the operator.

controlPlaneReplicas

int32

(Optional)

ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. This field applies to all control plane components that support High Availability. Defaults to 2.

nodeMetricsPort

int32

(Optional)

NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then prometheus metrics may still be configured through FelixConfiguration.

typhaMetricsPort

int32

(Optional)

TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled.

flexVolumePath

string

(Optional)

FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled by default. If set to ‘None’, FlexVolume will be disabled. The default is based on the kubernetesProvider.

kubeletVolumePluginPath

string

(Optional)

KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, CSI will be enabled by default. If set to ‘None’, CSI will be disabled. Default: /var/lib/kubelet

nodeUpdateStrategy

Kubernetes apps/v1.DaemonSetUpdateStrategy

(Optional)

NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable field.

componentResources

[]ComponentResource

(Optional)

Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. ComponentResources can be used to customize the resource requirements for each component. Node, Typha, and KubeControllers are supported for installations.

certificateManagement

CertificateManagement

(Optional)

CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization.

nonPrivileged

NonPrivilegedType

(Optional)

NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible.

calicoNodeDaemonSet

CalicoNodeDaemonSet

CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence.

csiNodeDriverDaemonSet

CSINodeDriverDaemonSet

CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet.

calicoKubeControllersDeployment

CalicoKubeControllersDeployment

CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence.

typhaDeployment

TyphaDeployment

TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated ComponentResources or TyphaAffinity, then these overrides take precedence.

calicoWindowsUpgradeDaemonSet

CalicoWindowsUpgradeDaemonSet

Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet.

calicoNodeWindowsDaemonSet

CalicoNodeWindowsDaemonSet

CalicoNodeWindowsDaemonSet configures the calico-node-windows DaemonSet.

fipsMode

FIPSMode

(Optional)

FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. Default: Disabled

logging

Logging

(Optional)

Logging Configuration for Components

windowsNodes

WindowsNodeSpec

(Optional)

Windows Configuration

serviceCIDRs

[]string

(Optional)

Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows.

InstallationStatus

(Appears on: Installation)

InstallationStatus defines the observed state of the Calico or Calico Enterprise installation.

FieldDescription
variant

ProductVariant

Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise

mtu

int32

MTU is the most recently observed value for pod network MTU. This may be an explicitly configured value, or based on Calico’s native auto-detetion.

imageSet

string

(Optional)

ImageSet is the name of the ImageSet being used, if there is an ImageSet that is being used. If an ImageSet is not being used then this will not be set.

computed

InstallationSpec

(Optional)

Computed is the final installation including overlaid resources.

calicoVersion

string

CalicoVersion shows the current running version of calico. CalicoVersion along with Variant is needed to know the exact version deployed.

conditions

[]Kubernetes meta/v1.Condition

(Optional)

Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types.

KubernetesAutodetectionMethod (string alias)

(Appears on: NodeAddressAutodetection)

KubernetesAutodetectionMethod is a method of detecting an IP address based on the Kubernetes API.

One of: NodeInternalIP

LinuxDataplaneOption (string alias)

(Appears on: CalicoNetworkSpec)

LinuxDataplaneOption controls which dataplane is to be used on Linux nodes.

One of: Iptables, BPF

LogCollectionSpec

(Appears on: ApplicationLayerSpec)

FieldDescription
collectLogs

LogCollectionStatusType

(Optional)

This setting enables or disable log collection. Allowed values are Enabled or Disabled.

logIntervalSeconds

int64

(Optional)

Interval in seconds for sending L7 log information for processing. Default: 5 sec

logRequestsPerInterval

int64

(Optional)

Maximum number of unique L7 logs that are sent LogIntervalSeconds. Adjust this to limit the number of L7 logs sent per LogIntervalSeconds to felix for further processing, use negative number to ignore limits. Default: -1

LogCollectionStatusType (string alias)

(Appears on: LogCollectionSpec)

LogLevel (string alias)

(Appears on: CNILogging, EgressGatewaySpec)

Logging

(Appears on: InstallationSpec)

FieldDescription
cni

CNILogging

(Optional)

Customized logging specification for calico-cni plugin

Metadata

(Appears on: APIServerDeployment, APIServerDeploymentPodTemplateSpec, CSINodeDriverDaemonSet, CSINodeDriverDaemonSetPodTemplateSpec, CalicoKubeControllersDeployment, CalicoKubeControllersDeploymentPodTemplateSpec, CalicoNodeDaemonSet, CalicoNodeDaemonSetPodTemplateSpec, CalicoNodeWindowsDaemonSet, CalicoNodeWindowsDaemonSetPodTemplateSpec, CalicoWindowsUpgradeDaemonSet, CalicoWindowsUpgradeDaemonSetPodTemplateSpec, TyphaDeployment, TyphaDeploymentPodTemplateSpec)

Metadata contains the standard Kubernetes labels and annotations fields.

FieldDescription
labels

map[string]string

(Optional)

Labels is a map of string keys and values that may match replicaset and service selectors. Each of these key/value pairs are added to the object’s labels provided the key does not already exist in the object’s labels.

annotations

map[string]string

(Optional)

Annotations is a map of arbitrary non-identifying metadata. Each of these key/value pairs are added to the object’s annotations provided the key does not already exist in the object’s annotations.

MonitorSpec

(Appears on: Monitor)

MonitorSpec defines the desired state of Tigera monitor.

MonitorStatus

(Appears on: Monitor)

MonitorStatus defines the observed state of Tigera monitor.

FieldDescription
state

string

State provides user-readable status.

conditions

[]Kubernetes meta/v1.Condition

(Optional)

Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types.

MultiInterfaceMode (string alias)

(Appears on: CalicoNetworkSpec)

MultiInterfaceMode describes the method of providing multiple pod interfaces.

One of: None, Multus

NATOutgoingType (string alias)

(Appears on: IPPool)

NATOutgoingType describe the type of outgoing NAT to use.

One of: Enabled, Disabled

NativeIP (string alias)

(Appears on: AWSEgressGateway)

NativeIP defines if Egress Gateway pods should have AWS IPs. When NativeIP is enabled, the IPPools should be backed by AWS subnet.

NodeAddressAutodetection

(Appears on: CalicoNetworkSpec)

NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs must be specified directly on the Node resource.

FieldDescription
firstFound

bool

(Optional)

FirstFound uses default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names.

kubernetes

KubernetesAutodetectionMethod

(Optional)

Kubernetes configures Calico to detect node addresses based on the Kubernetes API.

interface

string

(Optional)

Interface enables IP auto-detection based on interfaces that match the given regex.

skipInterface

string

(Optional)

SkipInterface enables IP auto-detection based on interfaces that do not match the given regex.

canReach

string

(Optional)

CanReach enables IP auto-detection based on which source address on the node is used to reach the specified IP or domain.

cidrs

[]string

CIDRS enables IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs.

NodeAffinity

(Appears on: TyphaAffinity)

NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available schedulers.

FieldDescription
preferredDuringSchedulingIgnoredDuringExecution

[]Kubernetes core/v1.PreferredSchedulingTerm

(Optional)

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.

requiredDuringSchedulingIgnoredDuringExecution

Kubernetes core/v1.NodeSelector

(Optional)

WARNING: Please note that if the affinity requirements specified by this field are not met at scheduling time, the pod will NOT be scheduled onto the node. There is no fallback to another affinity rules with this setting. This may cause networking disruption or even catastrophic failure! PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, to avoid scheduling Typhas on virtual-nodes. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.

NonPrivilegedType (string alias)

(Appears on: InstallationSpec)

NonPrivilegedType specifies whether Calico runs as permissioned or not

One of: Enabled, Disabled

OIDCType (string alias)

OIDCType defines how OIDC is configured for Tigera Enterprise. Dex should be the best option for most use-cases. The Tigera option can help in specific use-cases, for instance, when you are unable to configure a client secret. One of: Dex, Tigera

PolicyRecommendationSpec

(Appears on: PolicyRecommendation)

PolicyRecommendationSpec defines configuration for the Calico Enterprise Policy Recommendation service.

PolicyRecommendationStatus

(Appears on: PolicyRecommendation)

PolicyRecommendationStatus defines the observed state of Tigera policy recommendation.

FieldDescription
state

string

State provides user-readable status.

ProductVariant (string alias)

(Appears on: InstallationSpec, InstallationStatus)

ProductVariant represents the variant of the product.

One of: Calico, TigeraSecureEnterprise

PromptType (string alias)

PromptType is a value that specifies whether the identity provider prompts the end user for re-authentication and consent. One of: None, Login, Consent, SelectAccount.

Provider (string alias)

(Appears on: InstallationSpec)

Provider represents a particular provider or flavor of Kubernetes. Valid options are: EKS, GKE, AKS, RKE2, OpenShift, DockerEnterprise.

StatusConditionType (string alias)

(Appears on: TigeraStatusCondition)

StatusConditionType is a type of condition that may apply to a particular component.

TLS

FieldDescription
secretName

string

(Optional)

SecretName indicates the name of the secret in the tigera-operator namespace that contains the private key and certificate that the management cluster uses when it listens for incoming connections.

When set to tigera-management-cluster-connection voltron will use the same cert bundle which Guardian client certs are signed with.

When set to manager-tls, voltron will use the same cert bundle which Manager UI is served with. This cert bundle must be a publicly signed cert created by the user. Note that Tigera Operator will generate a self-signed manager-tls cert if one does not exist, and use of that cert will result in Guardian being unable to verify Voltron’s identity.

If changed on a running cluster with connected managed clusters, all managed clusters will disconnect as they will no longer be able to verify Voltron’s identity. To reconnect existing managed clusters, change the tls.ca of the managed clusters’ ManagementClusterConnection resource.

One of: tigera-management-cluster-connection, manager-tls

Default: tigera-management-cluster-connection

TenantSpec

(Appears on: Tenant)

FieldDescription
id

string

ID is the unique identifier for this tenant.

indices

[]Index

Indices defines the how to store a tenant’s data

TenantStatus

(Appears on: Tenant)

TigeraStatusCondition

(Appears on: TigeraStatusStatus)

TigeraStatusCondition represents a condition attached to a particular component.

FieldDescription
type

StatusConditionType

The type of condition. May be Available, Progressing, or Degraded.

status

ConditionStatus

The status of the condition. May be True, False, or Unknown.

lastTransitionTime

Kubernetes meta/v1.Time

The timestamp representing the start time for the current status.

reason

string

A brief reason explaining the condition.

message

string

Optionally, a detailed message providing additional context.

observedGeneration

int64

(Optional)

observedGeneration represents the generation that the condition was set based upon. For instance, if generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

TigeraStatusReason (string alias)

TigeraStatusReason represents the reason for a particular condition.

TigeraStatusSpec

(Appears on: TigeraStatus)

TigeraStatusSpec defines the desired state of TigeraStatus

TigeraStatusStatus

(Appears on: TigeraStatus)

TigeraStatusStatus defines the observed state of TigeraStatus

FieldDescription
conditions

[]TigeraStatusCondition

Conditions represents the latest observed set of conditions for this component. A component may be one or more of Available, Progressing, or Degraded.

TyphaAffinity

(Appears on: InstallationSpec)

Deprecated. Please use TyphaDeployment instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods.

FieldDescription
nodeAffinity

NodeAffinity

(Optional)

NodeAffinity describes node affinity scheduling rules for typha.

TyphaDeployment

(Appears on: InstallationSpec)

TyphaDeployment is the configuration for the typha Deployment.

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment.

spec

TyphaDeploymentSpec

(Optional)

Spec is the specification of the typha Deployment.



TyphaDeploymentContainer

(Appears on: TyphaDeploymentPodSpec)

TyphaDeploymentContainer is a typha Deployment container.

FieldDescription
name

string

Name is an enum which identifies the typha Deployment container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named typha Deployment container’s resources. If omitted, the typha Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

TyphaDeploymentInitContainer

(Appears on: TyphaDeploymentPodSpec)

TyphaDeploymentInitContainer is a typha Deployment init container.

FieldDescription
name

string

Name is an enum which identifies the typha Deployment init container by name.

resources

Kubernetes core/v1.ResourceRequirements

(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named typha Deployment init container’s resources. If omitted, the typha Deployment will use its default value for this init container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

TyphaDeploymentPodSpec

(Appears on: TyphaDeploymentPodTemplateSpec)

TyphaDeploymentPodSpec is the typha Deployment’s PodSpec.

FieldDescription
initContainers

[]TyphaDeploymentInitContainer

(Optional)

InitContainers is a list of typha init containers. If specified, this overrides the specified typha Deployment init containers. If omitted, the typha Deployment will use its default values for its init containers.

containers

[]TyphaDeploymentContainer

(Optional)

Containers is a list of typha containers. If specified, this overrides the specified typha Deployment containers. If omitted, the typha Deployment will use its default values for its containers.

affinity

Kubernetes core/v1.Affinity

(Optional)

Affinity is a group of affinity scheduling rules for the typha pods. If specified, this overrides any affinity that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for affinity. If used in conjunction with the deprecated TyphaAffinity, then this value takes precedence. WARNING: Please note that this field will override the default calico-typha Deployment affinity.

nodeSelector

map[string]string

NodeSelector is the calico-typha pod’s scheduling constraints. If specified, each of the key/value pairs are added to the calico-typha Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the calico-typha Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-typha Deployment nodeSelector.

terminationGracePeriodSeconds

int64

(Optional)

Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.

topologySpreadConstraints

[]Kubernetes core/v1.TopologySpreadConstraint

(Optional)

TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.

tolerations

[]Kubernetes core/v1.Toleration

(Optional)

Tolerations is the typha pod’s tolerations. If specified, this overrides any tolerations that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default calico-typha Deployment tolerations.

TyphaDeploymentPodTemplateSpec

(Appears on: TyphaDeploymentSpec)

TyphaDeploymentPodTemplateSpec is the typha Deployment’s PodTemplateSpec

FieldDescription
metadata

Metadata

(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec

TyphaDeploymentPodSpec

(Optional)

Spec is the typha Deployment’s PodSpec.



TyphaDeploymentSpec

(Appears on: TyphaDeployment)

TyphaDeploymentSpec defines configuration for the typha Deployment.

FieldDescription
minReadySeconds

int32

(Optional)

MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for minReadySeconds.

template

TyphaDeploymentPodTemplateSpec

(Optional)

Template describes the typha Deployment pod that will be created.

strategy

TyphaDeploymentStrategy

(Optional)

The deployment strategy to use to replace existing pods with new ones.

TyphaDeploymentStrategy

(Appears on: TyphaDeploymentSpec)

TyphaDeploymentStrategy describes how to replace existing pods with new ones. Only RollingUpdate is supported at this time so the Type field is not exposed.

FieldDescription
rollingUpdate

Kubernetes apps/v1.RollingUpdateDeployment

(Optional)

Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. to be.

WAFStatusType (string alias)

(Appears on: ApplicationLayerSpec)

WindowsDataplaneOption (string alias)

(Appears on: CalicoNetworkSpec)

WindowsNodeSpec

(Appears on: InstallationSpec)

FieldDescription
cniBinDir

string

(Optional)

CNIBinDir is the path to the CNI binaries directory on Windows, it must match what is used as ‘bin_dir’ under [plugins] [plugins.“io.containerd.grpc.v1.cri”] [plugins.“io.containerd.grpc.v1.cri”.cni] on the containerd ‘config.toml’ file on the Windows nodes.

cniConfigDir

string

(Optional)

CNIConfigDir is the path to the CNI configuration directory on Windows, it must match what is used as ‘conf_dir’ under [plugins] [plugins.“io.containerd.grpc.v1.cri”] [plugins.“io.containerd.grpc.v1.cri”.cni] on the containerd ‘config.toml’ file on the Windows nodes.

cniLogDir

string

(Optional)

CNILogDir is the path to the Calico CNI logs directory on Windows.

vxlanMACPrefix

string

(Optional)

VXLANMACPrefix is the prefix used when generating MAC addresses for virtual NICs

vxlanAdapter

string

(Optional)

VXLANAdapter is the Network Adapter used for VXLAN, leave blank for primary NIC