Skip to main content
Version: 3.28 (latest)

Kubernetes controllers configuration

A Calico Kubernetes controllers configuration resource (KubeControllersConfiguration) represents configuration options for the Calico Kubernetes controllers.

Sample YAML

apiVersion: projectcalico.org/v3
kind: KubeControllersConfiguration
metadata:
name: default
spec:
logSeverityScreen: Info
healthChecks: Enabled
etcdV3CompactionPeriod: 10m
prometheusMetricsPort: 9094
controllers:
node:
reconcilerPeriod: 5m
leakGracePeriod: 15m
syncLabels: Enabled
hostEndpoint:
autoCreate: Disabled
policy:
reconcilerPeriod: 5m
workloadEndpoint:
reconcilerPeriod: 5m
serviceAccount:
reconcilerPeriod: 5m
namespace:
reconcilerPeriod: 5m

Kubernetes controllers configuration definition

Metadata

FieldDescriptionAccepted ValuesSchema
nameUnique name to describe this resource instance. Required.Must be defaultstring
  • Calico automatically creates a resource named default containing the configuration settings, only the name default is used and only one object of this type is allowed. You can use calicoctl to view and edit these settings

Spec

FieldDescriptionAccepted ValuesSchemaDefault
logSeverityScreenThe log severity above which logs are sent to the stdout.Debug, Info, Warning, Error, FatalstringInfo
healthChecksEnable support for health checksEnabled, DisabledstringEnabled
prometheusMetricsPortPort on which to serve prometheus metrics.Set to 0 to disable, > 0 to enable.TCP port9094
etcdV3CompactionPeriodThe period between etcdv3 compaction requests. Only applies when using etcd as the Calico datastore.Set to 0 to disable, > 0 to enableDuration string10m
controllersEnabled controllers and their settingsControllers

Controllers

FieldDescriptionSchema
nodeEnable and configure the node controlleromit to disable, or NodeController
policyEnable and configure the network policy controlleromit to disable, or PolicyController
workloadEndpointEnable and configure the workload endpoint controlleromit to disable, or WorkloadEndpointController
serviceAccountEnable and configure the service account controlleromit to disable, or ServiceAccountController
namespaceEnable and configure the namespace controlleromit to disable, or NamespaceController

NodeController

The node controller automatically cleans up configuration for nodes that no longer exist. Optionally, it can create host endpoints for all Kubernetes nodes.

FieldDescriptionAccepted ValuesSchemaDefault
reconcilerPeriodPeriod to perform reconciliation with the Calico datastoreDuration string5m
syncLabelsWhen enabled, Kubernetes node labels will be copied to Calico node objects.Enabled, DisabledstringEnabled
hostEndpointControls allocation of host endpointsHostEndpoint
leakGracePeriodGrace period to use when garbage collecting suspected leaked IP addresses.Duration string15m

HostEndpoint

FieldDescriptionAccepted ValuesSchemaDefault
autoCreateWhen enabled, automatically create a host endpoint for each nodeEnabled, DisabledstringDisabled

PolicyController

The policy controller syncs Kubernetes network policies to the Calico datastore. This controller is only valid when using etcd as the Calico datastore.

FieldDescriptionSchemaDefault
reconcilerPeriodPeriod to perform reconciliation with the Calico datastoreDuration string5m

WorkloadEndpointController

The workload endpoint controller automatically syncs Kubernetes pod label changes to the Calico datastore by updating the corresponding workload endpoints appropriately. This controller is only valid when using etcd as the Calico datastore.

FieldDescriptionSchemaDefault
reconcilerPeriodPeriod to perform reconciliation with the Calico datastoreDuration string5m

ServiceAccountController

The service account controller syncs Kubernetes service account changes to the Calico datastore. This controller is only valid when using etcd as the Calico datastore.

FieldDescriptionSchemaDefault
reconcilerPeriodPeriod to perform reconciliation with the Calico datastoreDuration string5m

NamespaceController

The namespace controller syncs Kubernetes namespace label changes to the Calico datastore. This controller is only valid when using etcd as the Calico datastore.

FieldDescriptionSchemaDefault
reconcilerPeriodPeriod to perform reconciliation with the Calico datastoreDuration string5m

Supported operations

Datastore typeCreateDelete (Global default)UpdateGet/ListNotes
etcdv3YesYesYesYes
Kubernetes API serverYesYesYesYes