Installation reference
The Kubernetes resources below configure Calico Enterprise installation when using the operator. Each resource is responsible for installing and configuring a different subsystem of Calico Enterprise during installation. Most options can be modified on a running cluster using kubectl
.
Packages
operator.tigera.io/v1
API Schema definitions for configuring the installation of Calico and Calico Enterprise
Package v1 contains API Schema definitions for the operator v1 API group
Resource Types
- APIServer
- ApplicationLayer
- Authentication
- Compliance
- EgressGateway
- GatewayAPI
- Goldmane
- ImageSet
- Installation
- IntrusionDetection
- LogCollector
- LogStorage
- ManagementCluster
- ManagementClusterConnection
- Manager
- Monitor
- NonClusterHost
- PacketCaptureAPI
- PolicyRecommendation
- TigeraStatus
- Whisker
APIServer
APIServer installs the Tigera API server and related resources. At most one instance of this resource is supported. It must be named "default" or "tigera-secure".
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | APIServer |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec APIServerSpec | Specification of the desired state for the Tigera API server. |
status APIServerStatus | Most recently observed status for the Tigera API server. |
APIServerDeployment
APIServerDeployment is the configuration for the API server Deployment.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec APIServerDeploymentSpec | (Optional) Spec is the specification of the API server Deployment. |
APIServerDeploymentContainer
APIServerDeploymentContainer is an API server Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the API server Deployment container by name. Supported values are: calico-apiserver, tigera-queryserver, calico-l7-admission-controller |
ports APIServerDeploymentContainerPort array | (Optional) Ports allows customization of container's ports. If specified, this overrides the named APIServer Deployment container's ports. If omitted, the API server Deployment will use its default value for this container's port. |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named API server Deployment container's resources. If omitted, the API server Deployment will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
APIServerDeploymentContainerPort
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the API server Deployment Container port by name. Supported values are: apiserver, queryserver, l7admctrl |
containerPort integer | Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. |
APIServerDeploymentInitContainer
APIServerDeploymentInitContainer is an API server Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the API server Deployment init container by name. Supported values are: calico-apiserver-certs-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named API server Deployment init container's resources. If omitted, the API server Deployment will use its default value for this init container's resources. |
APIServerDeploymentPodSpec
APIServerDeploymentDeploymentPodSpec is the API server Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers APIServerDeploymentInitContainer array | (Optional) InitContainers is a list of API server init containers. If specified, this overrides the specified API server Deployment init containers. If omitted, the API server Deployment will use its default values for its init containers. |
containers APIServerDeploymentContainer array | (Optional) Containers is a list of API server containers. If specified, this overrides the specified API server Deployment containers. If omitted, the API server Deployment will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the API server pods. If specified, this overrides any affinity that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for affinity. WARNING: Please note that this field will override the default API server Deployment affinity. |
nodeSelector object (keys:string, values:string) | NodeSelector is the API server pod's scheduling constraints. If specified, each of the key/value pairs are added to the API server Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the API server Deployment and each of this field's key/value pairs are added to the API server Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the API server Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default API server Deployment nodeSelector. |
topologySpreadConstraints TopologySpreadConstraint array | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations Toleration array | (Optional) Tolerations is the API server pod's tolerations. If specified, this overrides any tolerations that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default API server Deployment tolerations. |
priorityClassName string | (Optional) PriorityClassName allows to specify a PriorityClass resource to be used. |
APIServerDeploymentPodTemplateSpec
APIServerDeploymentPodTemplateSpec is the API server Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec APIServerDeploymentPodSpec | (Optional) Spec is the API server Deployment's PodSpec. |
APIServerDeploymentSpec
APIServerDeploymentSpec defines configuration for the API server Deployment.
Appears in:
Field | Description |
---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the API server Deployment. If omitted, the API server Deployment will use its default value for minReadySeconds. |
template APIServerDeploymentPodTemplateSpec | (Optional) Template describes the API server Deployment pod that will be created. |
APIServerLogging
Appears in:
Field | Description |
---|---|
logSeverity LogSeverity | (Optional) LogSeverity defines log level for APIServer container. |
APIServerPodLogging
Appears in:
Field | Description |
---|---|
apiServer APIServerLogging | (Optional) |
queryServer QueryServerLogging | (Optional) |
APIServerSpec
APIServerSpec defines the desired state of Tigera API server.
Appears in:
Field | Description |
---|---|
logging APIServerPodLogging | (Optional) |
apiServerDeployment APIServerDeployment | APIServerDeployment configures the calico-apiserver (or tigera-apiserver in Enterprise) Deployment. If used in conjunction with ControlPlaneNodeSelector or ControlPlaneTolerations, then these overrides take precedence. |
APIServerStatus
APIServerStatus defines the observed state of Tigera API server.
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
AWSEgressGateway
AWSEgressGateway defines the configurations for deploying EgressGateway in AWS
Appears in:
Field | Description |
---|---|
nativeIP NativeIP | (Optional) NativeIP defines if EgressGateway is to use an AWS backed IPPool. Default: Disabled |
elasticIPs string array | (Optional) ElasticIPs defines the set of elastic IPs that can be used for Egress Gateway pods. NativeIP must be Enabled if elastic IPs are set. |
AdditionalLogSourceSpec
Appears in:
Field | Description |
---|---|
eksCloudwatchLog EksCloudwatchLogsSpec | (Optional) If specified with EKS Provider in Installation, enables fetching EKS audit logs. |
AdditionalLogStoreSpec
Appears in:
Field | Description |
---|---|
s3 S3StoreSpec | (Optional) If specified, enables exporting of flow, audit, and DNS logs to Amazon S3 storage. |
syslog SyslogStoreSpec | (Optional) If specified, enables exporting of flow, audit, and DNS logs to syslog. |
splunk SplunkStoreSpec | (Optional) If specified, enables exporting of flow, audit, and DNS logs to splunk. |
AlertManager
Appears in:
Field | Description |
---|---|
spec AlertManagerSpec | (Optional) Spec is the specification of the Alertmanager. |
AlertManagerSpec
Appears in:
Field | Description |
---|---|
resources ResourceRequirements | Define resources requests and limits for single Pods. |
AnomalyDetectionSpec
Appears in:
Field | Description |
---|---|
storageClassName string | (Optional) StorageClassName is now deprecated, and configuring it has no effect. |
ApplicationLayer
ApplicationLayer is the Schema for the applicationlayers API
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | ApplicationLayer |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec ApplicationLayerSpec | |
status ApplicationLayerStatus |
ApplicationLayerPolicyStatusType
Underlying type: string
Validation:
- Enum: [Enabled Disabled]
Appears in:
Value | Description |
---|---|
Enabled | |
Disabled |
ApplicationLayerSpec
ApplicationLayerSpec defines the desired state of ApplicationLayer
Appears in:
Field | Description |
---|---|
webApplicationFirewall WAFStatusType | WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. When enabled, Services may opt-in to having ingress traffic examed by ModSecurity. |
logCollection LogCollectionSpec | Specification for application layer (L7) log collection. |
applicationLayerPolicy ApplicationLayerPolicyStatusType | Application Layer Policy controls whether or not ALP enforcement is enabled for the cluster. When enabled, NetworkPolicies with HTTP Match rules may be defined to opt-in workloads for traffic enforcement on the application layer. |
envoy EnvoySettings | User-configurable settings for the Envoy proxy. |
l7LogCollectorDaemonSet L7LogCollectorDaemonSet | (Optional) L7LogCollectorDaemonSet configures the L7LogCollector DaemonSet. |
sidecarInjection SidecarStatusType | (Optional) SidecarInjection controls whether or not sidecar injection is enabled for the cluster. When enabled, pods with the label "applicationlayer.projectcalico.org/sidecar"="true" will have their L7 functionality such as WAF and ALP implemented using an injected sidecar instead of a per-host proxy. The per-host proxy will continue to be used for pods without this label. |
ApplicationLayerStatus
ApplicationLayerStatus defines the observed state of ApplicationLayer
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
sidecarWebhook SidecarWebhookStateType | SidecarWebhook provides the state of sidecar injection mutatinwebhookconfiguration |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
Authentication
Authentication is the Schema for the authentications API
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | Authentication |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec AuthenticationSpec | |
status AuthenticationStatus |
AuthenticationLDAP
AuthenticationLDAP is the configuration needed to setup LDAP.
Appears in:
Field | Description |
---|---|
host string | The host and port of the LDAP server. Example: ad.example.com:636 |
startTLS boolean | (Optional) StartTLS whether to enable the startTLS feature for establishing TLS on an existing LDAP session. If true, the ldap:// protocol is used and then issues a StartTLS command, otherwise, connections will use the ldaps:// protocol. |
userSearch UserSearch | User entry search configuration to match the credentials with a user. |
groupSearch GroupSearch | (Optional) Group search configuration to find the groups that a user is in. |
AuthenticationOIDC
AuthenticationOIDC is the configuration needed to setup OIDC.
Appears in:
Field | Description |
---|---|
issuerURL string | IssuerURL is the URL to the OIDC provider. |
usernameClaim string | UsernameClaim specifies which claim to use from the OIDC provider as the username. |
requestedScopes string array | (Optional) RequestedScopes is a list of scopes to request from the OIDC provider. If not provided, the following scopes are requested: ["openid", "email", "profile", "groups", "offline_access"]. |
usernamePrefix string | (Optional) Deprecated. Please use Authentication.Spec.UsernamePrefix instead. |
groupsClaim string | (Optional) GroupsClaim specifies which claim to use from the OIDC provider as the group. |
groupsPrefix string | (Optional) Deprecated. Please use Authentication.Spec.GroupsPrefix instead. |
emailVerification EmailVerificationType | (Optional) Some providers do not include the claim "email_verified" when there is no verification in the user enrollment process or if they are acting as a proxy for another identity provider. By default those tokens are deemed invalid. To skip this check, set the value to "InsecureSkip". Default: Verify |
promptTypes PromptType array | (Optional) PromptTypes is an optional list of string values that specifies whether the identity provider prompts the end user for re-authentication and consent. See the RFC for more information on prompt types: https://openid.net/specs/openid-connect-core-1_0.html. Default: "Consent" |
type OIDCType | (Optional) Default: "Dex" |
AuthenticationOpenshift
AuthenticationOpenshift is the configuration needed to setup Openshift.
Appears in:
Field | Description |
---|---|
issuerURL string | IssuerURL is the URL to the Openshift OAuth provider. Ex.: https://api.my-ocp-domain.com:6443 |
AuthenticationSpec
AuthenticationSpec defines the desired state of Authentication
Appears in:
Field | Description |
---|---|
managerDomain string | ManagerDomain is the domain name of the Manager |
usernamePrefix string | (Optional) If specified, UsernamePrefix is prepended to each user obtained from the identity provider. Note that Kibana does not support a user prefix, so this prefix is removed from Kubernetes User when translating log access ClusterRoleBindings into Elastic. |
groupsPrefix string | (Optional) If specified, GroupsPrefix is prepended to each group obtained from the identity provider. Note that Kibana does not support a groups prefix, so this prefix is removed from Kubernetes Groups when translating log access ClusterRoleBindings into Elastic. |
oidc AuthenticationOIDC | (Optional) OIDC contains the configuration needed to setup OIDC authentication. |
openshift AuthenticationOpenshift | (Optional) Openshift contains the configuration needed to setup Openshift OAuth authentication. |
ldap AuthenticationLDAP | (Optional) LDAP contains the configuration needed to setup LDAP authentication. |
dexDeployment DexDeployment | (Optional) DexDeployment configures the Dex Deployment. |
AuthenticationStatus
AuthenticationStatus defines the observed state of Authentication
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
Azure
Appears in:
Field | Description |
---|---|
policyMode PolicyMode | (Optional) PolicyMode determines whether the "control-plane" label is applied to namespaces. It offers two options: Default and Manual. The Default option adds the "control-plane" label to the required namespaces. The Manual option does not apply the "control-plane" label to any namespace. Default: Default |
BGPOption
Underlying type: string
BGPOption describes the mode of BGP to use.
One of: Enabled, Disabled
Appears in:
Value | Description |
---|---|
Enabled | |
Disabled |
CAType
Underlying type: string
CAType specifies which verification method the tunnel client should use to verify the tunnel server's identity.
One of: Tigera, Public
Appears in:
Value | Description |
---|---|
Tigera | |
Public |
CNILogging
Appears in:
Field | Description |
---|---|
logSeverity LogLevel | (Optional) Default: Info |
logFileMaxSize Quantity | (Optional) Default: 100Mi |
logFileMaxAgeDays integer | (Optional) Default: 30 (days) |
logFileMaxCount integer | (Optional) Default: 10 |
CNIPluginType
Underlying type: string
CNIPluginType describes the type of CNI plugin used.
One of: Calico, GKE, AmazonVPC, AzureVNET
Appears in:
Value | Description |
---|---|
Calico | |
GKE | |
AmazonVPC | |
AzureVNET |
CNISpec
CNISpec contains configuration for the CNI plugin.
Appears in:
Field | Description |
---|---|
type CNIPluginType | Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation. * For KubernetesProvider GKE, this field defaults to GKE. * For KubernetesProvider AKS, this field defaults to AzureVNET. * For KubernetesProvider EKS, this field defaults to AmazonVPC. * If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC. * For all other cases this field defaults to Calico. For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment, for all other values the CNI plugin binaries and CNI config is a dependency that is expected to be installed separately. Default: Calico |
ipam IPAMSpec | (Optional) IPAM specifies the pod IP address management that will be used in the Calico or Calico Enterprise installation. |
CRDManagement
Underlying type: string
Validation:
- Enum: [Reconcile PreferExisting]
Appears in:
Value | Description |
---|---|
Reconcile | |
PreferExisting |
CSINodeDriverDaemonSet
CSINodeDriverDaemonSet is the configuration for the csi-node-driver DaemonSet.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec CSINodeDriverDaemonSetSpec | (Optional) Spec is the specification of the csi-node-driver DaemonSet. |
CSINodeDriverDaemonSetContainer
CSINodeDriverDaemonSetContainer is a csi-node-driver DaemonSet container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the csi-node-driver DaemonSet container by name. Supported values are: calico-csi, csi-node-driver-registrar. |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named csi-node-driver DaemonSet container's resources. If omitted, the csi-node-driver DaemonSet will use its default value for this container's resources. |
CSINodeDriverDaemonSetPodSpec
CSINodeDriverDaemonSetPodSpec is the csi-node-driver DaemonSet's PodSpec.
Appears in:
Field | Description |
---|---|
containers CSINodeDriverDaemonSetContainer array | (Optional) Containers is a list of csi-node-driver containers. If specified, this overrides the specified csi-node-driver DaemonSet containers. If omitted, the csi-node-driver DaemonSet will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the csi-node-driver pods. If specified, this overrides any affinity that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default csi-node-driver DaemonSet affinity. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector is the csi-node-driver pod's scheduling constraints. If specified, each of the key/value pairs are added to the csi-node-driver DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the csi-node-driver DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default csi-node-driver DaemonSet nodeSelector. |
tolerations Toleration array | (Optional) Tolerations is the csi-node-driver pod's tolerations. If specified, this overrides any tolerations that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default csi-node-driver DaemonSet tolerations. |
CSINodeDriverDaemonSetPodTemplateSpec
CSINodeDriverDaemonSetPodTemplateSpec is the csi-node-driver DaemonSet's PodTemplateSpec
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec CSINodeDriverDaemonSetPodSpec | (Optional) Spec is the csi-node-driver DaemonSet's PodSpec. |
CSINodeDriverDaemonSetSpec
CSINodeDriverDaemonSetSpec defines configuration for the csi-node-driver DaemonSet.
Appears in:
Field | Description |
---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the csi-node-driver DaemonSet. If omitted, the csi-node-driver DaemonSet will use its default value for minReadySeconds. |
template CSINodeDriverDaemonSetPodTemplateSpec | (Optional) Template describes the csi-node-driver DaemonSet pod that will be created. |
CalicoKubeControllersDeployment
CalicoKubeControllersDeployment is the configuration for the calico-kube-controllers Deployment.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec CalicoKubeControllersDeploymentSpec | (Optional) Spec is the specification of the calico-kube-controllers Deployment. |
CalicoKubeControllersDeploymentContainer
CalicoKubeControllersDeploymentContainer is a calico-kube-controllers Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the calico-kube-controllers Deployment container by name. Supported values are: calico-kube-controllers, es-calico-kube-controllers |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-kube-controllers Deployment container's resources. If omitted, the calico-kube-controllers Deployment will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoKubeControllersDeploymentPodSpec
CalicoKubeControllersDeploymentPodSpec is the calico-kube-controller Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
containers CalicoKubeControllersDeploymentContainer array | (Optional) Containers is a list of calico-kube-controllers containers. If specified, this overrides the specified calico-kube-controllers Deployment containers. If omitted, the calico-kube-controllers Deployment will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-kube-controllers pods. If specified, this overrides any affinity that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for affinity. WARNING: Please note that this field will override the default calico-kube-controllers Deployment affinity. |
nodeSelector object (keys:string, values:string) | NodeSelector is the calico-kube-controllers pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-kube-controllers Deployment and each of this field's key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-kube-controllers Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-kube-controllers Deployment nodeSelector. |
tolerations Toleration array | (Optional) Tolerations is the calico-kube-controllers pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default calico-kube-controllers Deployment tolerations. |
CalicoKubeControllersDeploymentPodTemplateSpec
CalicoKubeControllersDeploymentPodTemplateSpec is the calico-kube-controllers Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec CalicoKubeControllersDeploymentPodSpec | (Optional) Spec is the calico-kube-controllers Deployment's PodSpec. |
CalicoKubeControllersDeploymentSpec
CalicoKubeControllersDeploymentSpec defines configuration for the calico-kube-controllers Deployment.
Appears in:
Field | Description |
---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-kube-controllers Deployment. If omitted, the calico-kube-controllers Deployment will use its default value for minReadySeconds. |
template CalicoKubeControllersDeploymentPodTemplateSpec | (Optional) Template describes the calico-kube-controllers Deployment pod that will be created. |
CalicoNetworkSpec
CalicoNetworkSpec specifies configuration options for Calico provided pod networking.
Appears in:
Field | Description |
---|---|
linuxDataplane LinuxDataplaneOption | (Optional) LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, iptables mode is used. Default: Iptables |
windowsDataplane WindowsDataplaneOption | (Optional) WindowsDataplane is used to select the dataplane used for Windows nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, it is disabled and the operator will not render the Calico Windows nodes daemonset. Default: Disabled |
bgp BGPOption | (Optional) BGP configures whether or not to enable Calico's BGP capabilities. |
ipPools IPPool array | (Optional) IPPools contains a list of IP pools to manage. If nil, a single IPv4 IP pool will be created by the operator. If an empty list is provided, the operator will not create any IP pools and will instead wait for IP pools to be created out-of-band. IP pools in this list will be reconciled by the operator and should not be modified out-of-band. |
mtu integer | (Optional) MTU specifies the maximum transmission unit to use on the pod network. If not specified, Calico will perform MTU auto-detection based on the cluster network. |
nodeAddressAutodetectionV4 NodeAddressAutodetection | (Optional) NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified, will use default auto-detection settings to acquire an IPv4 address for each node. |
nodeAddressAutodetectionV6 NodeAddressAutodetection | (Optional) NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified, IPv6 addresses will not be auto-detected. |
hostPorts HostPortsType | (Optional) HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin. Default: Enabled |
multiInterfaceMode MultiInterfaceMode | (Optional) MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations using the Calico CNI plugin. Default: None |
containerIPForwarding ContainerIPForwardingType | (Optional) ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration. Default: Disabled |
sysctl Sysctl array | (Optional) Sysctl configures sysctl parameters for tuning plugin |
linuxPolicySetupTimeoutSeconds integer | (Optional) LinuxPolicySetupTimeoutSeconds delays new pods from running containers until their policy has been programmed in the dataplane. The specified delay defines the maximum amount of time that the Calico CNI plugin will wait for policy to be programmed. Only applies to pods created on Linux nodes. * A value of 0 disables pod startup delays. Default: 0 |
CalicoNodeDaemonSet
CalicoNodeDaemonSet is the configuration for the calico-node DaemonSet.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec CalicoNodeDaemonSetSpec | (Optional) Spec is the specification of the calico-node DaemonSet. |
CalicoNodeDaemonSetContainer
CalicoNodeDaemonSetContainer is a calico-node DaemonSet container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the calico-node DaemonSet container by name. Supported values are: calico-node |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node DaemonSet container's resources. If omitted, the calico-node DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeDaemonSetInitContainer
CalicoNodeDaemonSetInitContainer is a calico-node DaemonSet init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the calico-node DaemonSet init container by name. Supported values are: install-cni, hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-prometheus-server-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node DaemonSet init container's resources. If omitted, the calico-node DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeDaemonSetPodSpec
CalicoNodeDaemonSetPodSpec is the calico-node DaemonSet's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers CalicoNodeDaemonSetInitContainer array | (Optional) InitContainers is a list of calico-node init containers. If specified, this overrides the specified calico-node DaemonSet init containers. If omitted, the calico-node DaemonSet will use its default values for its init containers. |
containers CalicoNodeDaemonSetContainer array | (Optional) Containers is a list of calico-node containers. If specified, this overrides the specified calico-node DaemonSet containers. If omitted, the calico-node DaemonSet will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-node pods. If specified, this overrides any affinity that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-node DaemonSet affinity. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector is the calico-node pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-node DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-node DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-node DaemonSet nodeSelector. |
tolerations Toleration array | (Optional) Tolerations is the calico-node pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-node DaemonSet tolerations. |
CalicoNodeDaemonSetPodTemplateSpec
CalicoNodeDaemonSetPodTemplateSpec is the calico-node DaemonSet's PodTemplateSpec
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec CalicoNodeDaemonSetPodSpec | (Optional) Spec is the calico-node DaemonSet's PodSpec. |
CalicoNodeDaemonSetSpec
CalicoNodeDaemonSetSpec defines configuration for the calico-node DaemonSet.
Appears in:
Field | Description |
---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-node DaemonSet. If omitted, the calico-node DaemonSet will use its default value for minReadySeconds. |
template CalicoNodeDaemonSetPodTemplateSpec | (Optional) Template describes the calico-node DaemonSet pod that will be created. |
CalicoNodeWindowsDaemonSet
CalicoNodeWindowsDaemonSet is the configuration for the calico-node-windows DaemonSet.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec CalicoNodeWindowsDaemonSetSpec | (Optional) Spec is the specification of the calico-node-windows DaemonSet. |
CalicoNodeWindowsDaemonSetContainer
CalicoNodeWindowsDaemonSetContainer is a calico-node-windows DaemonSet container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the calico-node-windows DaemonSet container by name. Supported values are: calico-node-windows |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node-windows DaemonSet container's resources. If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeWindowsDaemonSetInitContainer
CalicoNodeWindowsDaemonSetInitContainer is a calico-node-windows DaemonSet init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the calico-node-windows DaemonSet init container by name. Supported values are: install-cni;hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-windows-prometheus-server-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-node-windows DaemonSet init container's resources. If omitted, the calico-node-windows DaemonSet will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
CalicoNodeWindowsDaemonSetPodSpec
CalicoNodeWindowsDaemonSetPodSpec is the calico-node-windows DaemonSet's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers CalicoNodeWindowsDaemonSetInitContainer array | (Optional) InitContainers is a list of calico-node-windows init containers. If specified, this overrides the specified calico-node-windows DaemonSet init containers. If omitted, the calico-node-windows DaemonSet will use its default values for its init containers. |
containers CalicoNodeWindowsDaemonSetContainer array | (Optional) Containers is a list of calico-node-windows containers. If specified, this overrides the specified calico-node-windows DaemonSet containers. If omitted, the calico-node-windows DaemonSet will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-node-windows pods. If specified, this overrides any affinity that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-node-windows DaemonSet affinity. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector is the calico-node-windows pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-node-windows DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-node-windows DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-node-windows DaemonSet nodeSelector. |
tolerations Toleration array | (Optional) Tolerations is the calico-node-windows pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-node-windows DaemonSet tolerations. |
CalicoNodeWindowsDaemonSetPodTemplateSpec
CalicoNodeWindowsDaemonSetPodTemplateSpec is the calico-node-windows DaemonSet's PodTemplateSpec
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec CalicoNodeWindowsDaemonSetPodSpec | (Optional) Spec is the calico-node-windows DaemonSet's PodSpec. |
CalicoNodeWindowsDaemonSetSpec
CalicoNodeWindowsDaemonSetSpec defines configuration for the calico-node-windows DaemonSet.
Appears in:
Field | Description |
---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet. If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds. |
template CalicoNodeWindowsDaemonSetPodTemplateSpec | (Optional) Template describes the calico-node-windows DaemonSet pod that will be created. |
CalicoWindowsUpgradeDaemonSet
Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet is the configuration for the calico-windows-upgrade DaemonSet.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec CalicoWindowsUpgradeDaemonSetSpec | (Optional) Spec is the specification of the calico-windows-upgrade DaemonSet. |
CalicoWindowsUpgradeDaemonSetContainer
CalicoWindowsUpgradeDaemonSetContainer is a calico-windows-upgrade DaemonSet container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the calico-windows-upgrade DaemonSet container by name. |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named calico-windows-upgrade DaemonSet container's resources. If omitted, the calico-windows-upgrade DaemonSet will use its default value for this container's resources. |
CalicoWindowsUpgradeDaemonSetPodSpec
CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet's PodSpec.
Appears in:
Field | Description |
---|---|
containers CalicoWindowsUpgradeDaemonSetContainer array | (Optional) Containers is a list of calico-windows-upgrade containers. If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector is the calico-windows-upgrade pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector. |
tolerations Toleration array | (Optional) Tolerations is the calico-windows-upgrade pod's tolerations. If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations. |
CalicoWindowsUpgradeDaemonSetPodTemplateSpec
CalicoWindowsUpgradeDaemonSetPodTemplateSpec is the calico-windows-upgrade DaemonSet's PodTemplateSpec
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec CalicoWindowsUpgradeDaemonSetPodSpec | (Optional) Spec is the calico-windows-upgrade DaemonSet's PodSpec. |
CalicoWindowsUpgradeDaemonSetSpec
CalicoWindowsUpgradeDaemonSetSpec defines configuration for the calico-windows-upgrade DaemonSet.
Appears in:
Field | Description |
---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet. If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds. |
template CalicoWindowsUpgradeDaemonSetPodTemplateSpec | (Optional) Template describes the calico-windows-upgrade DaemonSet pod that will be created. |
CertificateManagement
CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization.
Appears in:
Field | Description |
---|---|
caCert integer array | Certificate of the authority that signs the CertificateSigningRequests in PEM format. |
signerName string | When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters with multiple signers. Must be formatted as: <my-domain>/<my-signername> . |
keyAlgorithm string | (Optional) Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. Default: RSAWithSize2048 |
signatureAlgorithm string | (Optional) Specify the algorithm used for the signature of the X.509 certificate request. Default: SHA256WithRSA |
CollectProcessPathOption
Underlying type: string
Appears in:
Value | Description |
---|---|
Enabled | |
Disabled |
CommonPrometheusFields
Appears in:
Field | Description |
---|---|
containers PrometheusContainer array | (Optional) Containers is a list of Prometheus containers. If specified, this overrides the specified Prometheus Deployment containers. If omitted, the Prometheus Deployment will use its default values for its containers. |
resources ResourceRequirements | Define resources requests and limits for single Pods. |
Compliance
Compliance installs the components required for Tigera compliance reporting. At most one instance of this resource is supported. It must be named "tigera-secure".
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | Compliance |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec ComplianceSpec | Specification of the desired state for Tigera compliance reporting. |
status ComplianceStatus | Most recently observed state for Tigera compliance reporting. |
ComplianceBenchmarkerDaemonSet
ComplianceBenchmarkerDaemonSet is the configuration for the Compliance Benchmarker DaemonSet.
Appears in:
Field | Description |
---|---|
spec ComplianceBenchmarkerDaemonSetSpec | (Optional) Spec is the specification of the Compliance Benchmarker DaemonSet. |
ComplianceBenchmarkerDaemonSetContainer
ComplianceBenchmarkerDaemonSetContainer is a Compliance Benchmarker DaemonSet container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Compliance Benchmarker DaemonSet container by name. Supported values are: compliance-benchmarker |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Compliance Benchmarker DaemonSet container's resources. If omitted, the Compliance Benchmarker DaemonSet will use its default value for this container's resources. |
ComplianceBenchmarkerDaemonSetInitContainer
ComplianceBenchmarkerDaemonSetInitContainer is a Compliance Benchmarker DaemonSet init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Compliance Benchmarker DaemonSet init container by name. Supported values are: tigera-compliance-benchmarker-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Compliance Benchmarker DaemonSet init container's resources. If omitted, the Compliance Benchmarker DaemonSet will use its default value for this init container's resources. |
ComplianceBenchmarkerDaemonSetPodSpec
ComplianceBenchmarkerDaemonSetPodSpec is the Compliance Benchmarker DaemonSet's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers ComplianceBenchmarkerDaemonSetInitContainer array | (Optional) InitContainers is a list of Compliance benchmark init containers. If specified, this overrides the specified Compliance Benchmarker DaemonSet init containers. If omitted, the Compliance Benchmarker DaemonSet will use its default values for its init containers. |
containers ComplianceBenchmarkerDaemonSetContainer array | (Optional) Containers is a list of Compliance benchmark containers. If specified, this overrides the specified Compliance Benchmarker DaemonSet containers. If omitted, the Compliance Benchmarker DaemonSet will use its default values for its containers. |
ComplianceBenchmarkerDaemonSetPodTemplateSpec
ComplianceBenchmarkerDaemonSetPodTemplateSpec is the Compliance Benchmarker DaemonSet's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec ComplianceBenchmarkerDaemonSetPodSpec | (Optional) Spec is the Compliance Benchmarker DaemonSet's PodSpec. |
ComplianceBenchmarkerDaemonSetSpec
ComplianceBenchmarkerDaemonSetSpec defines configuration for the Compliance Benchmarker DaemonSet.
Appears in:
Field | Description |
---|---|
template ComplianceBenchmarkerDaemonSetPodTemplateSpec | (Optional) Template describes the Compliance Benchmarker DaemonSet pod that will be created. |
ComplianceControllerDeployment
ComplianceControllerDeployment is the configuration for the compliance controller Deployment.
Appears in:
Field | Description |
---|---|
spec ComplianceControllerDeploymentSpec | (Optional) Spec is the specification of the compliance controller Deployment. |
ComplianceControllerDeploymentContainer
ComplianceControllerDeploymentContainer is a compliance controller Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the compliance controller Deployment container by name. Supported values are: compliance-controller |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named compliance controller Deployment container's resources. If omitted, the compliance controller Deployment will use its default value for this container's resources. |
ComplianceControllerDeploymentInitContainer
ComplianceControllerDeploymentInitContainer is a compliance controller Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the compliance controller Deployment init container by name. Supported values are: tigera-compliance-controller-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named compliance controller Deployment init container's resources. If omitted, the compliance controller Deployment will use its default value for this init container's resources. |
ComplianceControllerDeploymentPodSpec
ComplianceControllerDeploymentPodSpec is the compliance controller Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers ComplianceControllerDeploymentInitContainer array | (Optional) InitContainers is a list of compliance controller init containers. If specified, this overrides the specified compliance controller Deployment init containers. If omitted, the compliance controller Deployment will use its default values for its init containers. |
containers ComplianceControllerDeploymentContainer array | (Optional) Containers is a list of compliance controller containers. If specified, this overrides the specified compliance controller Deployment containers. If omitted, the compliance controller Deployment will use its default values for its containers. |
ComplianceControllerDeploymentPodTemplateSpec
ComplianceControllerDeploymentPodTemplateSpec is the compliance controller Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec ComplianceControllerDeploymentPodSpec | (Optional) Spec is the compliance controller Deployment's PodSpec. |
ComplianceControllerDeploymentSpec
ComplianceControllerDeploymentSpec defines configuration for the compliance controller Deployment.
Appears in:
Field | Description |
---|---|
template ComplianceControllerDeploymentPodTemplateSpec | (Optional) Template describes the compliance controller Deployment pod that will be created. |
ComplianceReporterPodSpec
ComplianceReporterPodSpec is the ComplianceReporter PodSpec.
Appears in:
Field | Description |
---|---|
initContainers ComplianceReporterPodTemplateInitContainer array | (Optional) InitContainers is a list of ComplianceReporter PodSpec init containers. If specified, this overrides the specified ComplianceReporter PodSpec init containers. If omitted, the ComplianceServer Deployment will use its default values for its init containers. |
containers ComplianceReporterPodTemplateContainer array | (Optional) Containers is a list of ComplianceServer containers. If specified, this overrides the specified ComplianceReporter PodSpec containers. If omitted, the ComplianceServer Deployment will use its default values for its containers. |
ComplianceReporterPodTemplate
ComplianceReporterPodTemplate is the configuration for the ComplianceReporter PodTemplate.
Appears in:
Field | Description |
---|---|
template ComplianceReporterPodTemplateSpec | (Optional) Spec is the specification of the ComplianceReporter PodTemplateSpec. |
ComplianceReporterPodTemplateContainer
ComplianceReporterPodTemplateContainer is a ComplianceServer Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the ComplianceServer Deployment container by name. Supported values are: reporter |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ComplianceServer Deployment container's resources. If omitted, the ComplianceServer Deployment will use its default value for this container's resources. |
ComplianceReporterPodTemplateInitContainer
ComplianceReporterPodTemplateInitContainer is a ComplianceServer Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the ComplianceReporter PodSpec init container by name. Supported values are: tigera-compliance-reporter-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ComplianceReporter PodSpec init container's resources. If omitted, the ComplianceServer Deployment will use its default value for this init container's resources. |
ComplianceReporterPodTemplateSpec
ComplianceReporterPodTemplateSpec is the ComplianceReporter PodTemplateSpec.
Appears in:
Field | Description |
---|---|
spec ComplianceReporterPodSpec | (Optional) Spec is the ComplianceReporter PodTemplate's PodSpec. |
ComplianceServerDeployment
ComplianceServerDeployment is the configuration for the ComplianceServer Deployment.
Appears in:
Field | Description |
---|---|
spec ComplianceServerDeploymentSpec | (Optional) Spec is the specification of the ComplianceServer Deployment. |
ComplianceServerDeploymentContainer
ComplianceServerDeploymentContainer is a ComplianceServer Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the ComplianceServer Deployment container by name. Supported values are: compliance-server |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ComplianceServer Deployment container's resources. If omitted, the ComplianceServer Deployment will use its default value for this container's resources. |
ComplianceServerDeploymentInitContainer
ComplianceServerDeploymentInitContainer is a ComplianceServer Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the ComplianceServer Deployment init container by name. Supported values are: tigera-compliance-server-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ComplianceServer Deployment init container's resources. If omitted, the ComplianceServer Deployment will use its default value for this init container's resources. |
ComplianceServerDeploymentPodSpec
ComplianceServerDeploymentPodSpec is the ComplianceServer Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers ComplianceServerDeploymentInitContainer array | (Optional) InitContainers is a list of ComplianceServer init containers. If specified, this overrides the specified ComplianceServer Deployment init containers. If omitted, the ComplianceServer Deployment will use its default values for its init containers. |
containers ComplianceServerDeploymentContainer array | (Optional) Containers is a list of ComplianceServer containers. If specified, this overrides the specified ComplianceServer Deployment containers. If omitted, the ComplianceServer Deployment will use its default values for its containers. |
ComplianceServerDeploymentPodTemplateSpec
ComplianceServerDeploymentPodTemplateSpec is the ComplianceServer Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec ComplianceServerDeploymentPodSpec | (Optional) Spec is the ComplianceServer Deployment's PodSpec. |
ComplianceServerDeploymentSpec
ComplianceServerDeploymentSpec defines configuration for the ComplianceServer Deployment.
Appears in:
Field | Description |
---|---|
template ComplianceServerDeploymentPodTemplateSpec | (Optional) Template describes the ComplianceServer Deployment pod that will be created. |
ComplianceSnapshotterDeployment
ComplianceSnapshotterDeployment is the configuration for the compliance snapshotter Deployment.
Appears in:
Field | Description |
---|---|
spec ComplianceSnapshotterDeploymentSpec | (Optional) Spec is the specification of the compliance snapshotter Deployment. |
ComplianceSnapshotterDeploymentContainer
ComplianceSnapshotterDeploymentContainer is a compliance snapshotter Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the compliance snapshotter Deployment container by name. Supported values are: compliance-snapshotter |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named compliance snapshotter Deployment container's resources. If omitted, the compliance snapshotter Deployment will use its default value for this container's resources. |
ComplianceSnapshotterDeploymentInitContainer
ComplianceSnapshotterDeploymentInitContainer is a compliance snapshotter Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the compliance snapshotter Deployment init container by name. Supported values are: tigera-compliance-snapshotter-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named compliance snapshotter Deployment init container's resources. If omitted, the compliance snapshotter Deployment will use its default value for this init container's resources. |
ComplianceSnapshotterDeploymentPodSpec
ComplianceSnapshotterDeploymentPodSpec is the compliance snapshotter Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers ComplianceSnapshotterDeploymentInitContainer array | (Optional) InitContainers is a list of compliance snapshotter init containers. If specified, this overrides the specified compliance snapshotter Deployment init containers. If omitted, the compliance snapshotter Deployment will use its default values for its init containers. |
containers ComplianceSnapshotterDeploymentContainer array | (Optional) Containers is a list of compliance snapshotter containers. If specified, this overrides the specified compliance snapshotter Deployment containers. If omitted, the compliance snapshotter Deployment will use its default values for its containers. |
ComplianceSnapshotterDeploymentPodTemplateSpec
ComplianceSnapshotterDeploymentPodTemplateSpec is the compliance snapshotter Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec ComplianceSnapshotterDeploymentPodSpec | (Optional) Spec is the compliance snapshotter Deployment's PodSpec. |
ComplianceSnapshotterDeploymentSpec
ComplianceSnapshotterDeploymentSpec defines configuration for the compliance snapshotter Deployment.
Appears in:
Field | Description |
---|---|
template ComplianceSnapshotterDeploymentPodTemplateSpec | (Optional) Template describes the compliance snapshotter Deployment pod that will be created. |
ComplianceSpec
ComplianceSpec defines the desired state of Tigera compliance reporting capabilities.
Appears in:
Field | Description |
---|---|
complianceControllerDeployment ComplianceControllerDeployment | (Optional) ComplianceControllerDeployment configures the Compliance Controller Deployment. |
complianceSnapshotterDeployment ComplianceSnapshotterDeployment | (Optional) ComplianceSnapshotterDeployment configures the Compliance Snapshotter Deployment. |
complianceBenchmarkerDaemonSet ComplianceBenchmarkerDaemonSet | (Optional) ComplianceBenchmarkerDaemonSet configures the Compliance Benchmarker DaemonSet. |
complianceServerDeployment ComplianceServerDeployment | (Optional) ComplianceServerDeployment configures the Compliance Server Deployment. |
complianceReporterPodTemplate ComplianceReporterPodTemplate | (Optional) ComplianceReporterPodTemplate configures the Compliance Reporter PodTemplate. |
ComplianceStatus
ComplianceStatus defines the observed state of Tigera compliance reporting capabilities.
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
ComponentName
Underlying type: string
ComponentName represents a single component.
One of: Node, Typha, KubeControllers
Appears in:
Value | Description |
---|---|
Node | |
NodeWindows | |
FelixWindows | |
ConfdWindows | |
Typha | |
KubeControllers |
ComponentResource
Deprecated. Please use component resource config fields in Installation.Spec instead. The ComponentResource struct associates a ResourceRequirements with a component by name
Appears in:
Field | Description |
---|---|
componentName ComponentName | ComponentName is an enum which identifies the component |
resourceRequirements ResourceRequirements | ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory. |
ConditionStatus
Underlying type: string
ConditionStatus represents the status of a particular condition. A condition may be one of: True, False, Unknown.
Appears in:
Value | Description |
---|---|
True | |
False | |
Unknown |
ContainerIPForwardingType
Underlying type: string
ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled.
Appears in:
Value | Description |
---|---|
Enabled | |
Disabled |
DPIDaemonsetInitContainer
Appears in:
Field | Description |
---|---|
name string | Name is an enum that identifies the init container by its name. |
image string | Image name for the init container |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the init container's resources. If omitted, the default values will be used for the init container's resources. |
DPIDaemonsetSpec
Appears in:
Field | Description |
---|---|
template DPIDaemonsetTemplate | (Optional) Template specifies DPI Daemonset Template |
DPIDaemonsetTemplate
Appears in:
Field | Description |
---|---|
spec DPIDaemonsetTemplateSpec | (Optional) Spec specifies DPI Daemonset Template Spec |
DPIDaemonsetTemplateSpec
Appears in:
Field | Description |
---|---|
initContainers DPIDaemonsetInitContainer array | List of DPI Daemonset Init containers definitions |
DashboardsJobContainer
DashboardsJobContainer is the Dashboards job container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Dashboard Job container by name. Supported values are: dashboards-installer |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Dashboard Job container's resources. If omitted, the Dashboard Job will use its default value for this container's resources. |
DashboardsJobPodSpec
DashboardsJobPodSpec is the Dashboards job's PodSpec.
Appears in:
Field | Description |
---|---|
containers DashboardsJobContainer array | (Optional) Containers is a list of dashboards job containers. If specified, this overrides the specified Dashboard job containers. If omitted, the Dashboard job will use its default values for its containers. |
DashboardsJobPodTemplateSpec
DashboardsJobPodTemplateSpec is the Dashboards job's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec DashboardsJobPodSpec | (Optional) Spec is the Dashboard job's PodSpec. |
DashboardsJobSpec
DashboardsJobSpec defines configuration for the Dashboards job.
Appears in:
Field | Description |
---|---|
template DashboardsJobPodTemplateSpec | (Optional) Template describes the Dashboards job pod that will be created. |
DataType
Underlying type: string
DataType represent the type of data stored
Validation:
- Enum: [Alerts AuditLogs BGPLogs ComplianceBenchmarks ComplianceReports ComplianceSnapshots DNSLogs FlowLogs L7Logs RuntimeReports ThreatFeedsDomainSet ThreatFeedsIPSet WAFLogs]
Appears in:
Value | Description |
---|---|
Alerts | |
AuditLogs | |
BGPLogs | |
ComplianceBenchmarks | |
ComplianceReports | |
ComplianceSnapshots | |
DNSLogs | |
FlowLogs | |
L7Logs | |
RuntimeReports | |
ThreatFeedsDomainSet | |
ThreatFeedsIPSet | |
WAFLogs |
DeepPacketInspectionDaemonset
Appears in:
Field | Description |
---|---|
spec DPIDaemonsetSpec | (Optional) DPIDaemonsetSpec configures the DPI Daemonset |
DexDeployment
DexDeployment is the configuration for the Dex Deployment.
Appears in:
Field | Description |
---|---|
spec DexDeploymentSpec | (Optional) Spec is the specification of the Dex Deployment. |
DexDeploymentContainer
DexDeploymentContainer is a Dex Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Dex Deployment container by name. Supported values are: tigera-dex |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Dex Deployment container's resources. If omitted, the Dex Deployment will use its default value for this container's resources. |
DexDeploymentInitContainer
DexDeploymentInitContainer is a Dex Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Dex Deployment init container by name. Supported values are: tigera-dex-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Dex Deployment init container's resources. If omitted, the Dex Deployment will use its default value for this init container's resources. |
DexDeploymentPodSpec
DexDeploymentPodSpec is the Dex Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers DexDeploymentInitContainer array | (Optional) InitContainers is a list of Dex init containers. If specified, this overrides the specified Dex Deployment init containers. If omitted, the Dex Deployment will use its default values for its init containers. |
containers DexDeploymentContainer array | (Optional) Containers is a list of Dex containers. If specified, this overrides the specified Dex Deployment containers. If omitted, the Dex Deployment will use its default values for its containers. |
DexDeploymentPodTemplateSpec
DexDeploymentPodTemplateSpec is the Dex Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec DexDeploymentPodSpec | (Optional) Spec is the Dex Deployment's PodSpec. |
DexDeploymentSpec
DexDeploymentSpec defines configuration for the Dex Deployment.
Appears in:
Field | Description |
---|---|
template DexDeploymentPodTemplateSpec | (Optional) Template describes the Dex Deployment pod that will be created. |
ECKOperatorStatefulSet
ECKOperatorStatefulSet is the configuration for the ECKOperator StatefulSet.
Appears in:
Field | Description |
---|---|
spec ECKOperatorStatefulSetSpec | (Optional) Spec is the specification of the ECKOperator StatefulSet. |
ECKOperatorStatefulSetContainer
ECKOperatorStatefulSetContainer is a ECKOperator StatefulSet container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the ECKOperator StatefulSet container by name. Supported values are: manager |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ECKOperator StatefulSet container's resources. If omitted, the ECKOperator StatefulSet will use its default value for this container's resources. |
ECKOperatorStatefulSetInitContainer
ECKOperatorStatefulSetInitContainer is a ECKOperator StatefulSet init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the ECKOperator StatefulSet init container by name. |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ECKOperator StatefulSet init container's resources. If omitted, the ECKOperator StatefulSet will use its default value for this init container's resources. |
ECKOperatorStatefulSetPodSpec
ECKOperatorStatefulSetPodSpec is the ECKOperator StatefulSet's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers ECKOperatorStatefulSetInitContainer array | (Optional) InitContainers is a list of ECKOperator StatefulSet init containers. If specified, this overrides the specified ECKOperator StatefulSet init containers. If omitted, the ECKOperator StatefulSet will use its default values for its init containers. |
containers ECKOperatorStatefulSetContainer array | (Optional) Containers is a list of ECKOperator StatefulSet containers. If specified, this overrides the specified ECKOperator StatefulSet containers. If omitted, the ECKOperator StatefulSet will use its default values for its containers. |
ECKOperatorStatefulSetPodTemplateSpec
ECKOperatorStatefulSetPodTemplateSpec is the ECKOperator StatefulSet's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec ECKOperatorStatefulSetPodSpec | (Optional) Spec is the ECKOperator StatefulSet's PodSpec. |
ECKOperatorStatefulSetSpec
ECKOperatorStatefulSetSpec defines configuration for the ECKOperator StatefulSet.
Appears in:
Field | Description |
---|---|
template ECKOperatorStatefulSetPodTemplateSpec | (Optional) Template describes the ECKOperator StatefulSet pod that will be created. |
EGWDeploymentContainer
EGWDeploymentContainer is a Egress Gateway Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the EGW Deployment container by name. Supported values are: calico-egw |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named EGW Deployment container's resources. If omitted, the EGW Deployment will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
EGWDeploymentInitContainer
EGWDeploymentInitContainer is a Egress Gateway Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the EGW Deployment init container by name. Supported values are: egress-gateway-init |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named EGW Deployment init container's resources. If omitted, the EGW Deployment will use its default value for this init container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
EKSLogForwarderDeployment
EKSLogForwarderDeployment is the configuration for the EKSLogForwarder Deployment.
Appears in:
Field | Description |
---|---|
spec EKSLogForwarderDeploymentSpec | (Optional) Spec is the specification of the EKSLogForwarder Deployment. |
EKSLogForwarderDeploymentContainer
EKSLogForwarderDeploymentContainer is a EKSLogForwarder Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the EKSLogForwarder Deployment container by name. Supported values are: eks-log-forwarder |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named EKSLogForwarder Deployment container's resources. If omitted, the EKSLogForwarder Deployment will use its default value for this container's resources. |
EKSLogForwarderDeploymentInitContainer
EKSLogForwarderDeploymentInitContainer is a EKSLogForwarder Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the EKSLogForwarder Deployment init container by name. Supported values are: eks-log-forwarder-startup |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named EKSLogForwarder Deployment init container's resources. If omitted, the EKSLogForwarder Deployment will use its default value for this init container's resources. |
EKSLogForwarderDeploymentPodSpec
EKSLogForwarderDeploymentPodSpec is the EKSLogForwarder Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers EKSLogForwarderDeploymentInitContainer array | (Optional) InitContainers is a list of EKSLogForwarder init containers. If specified, this overrides the specified EKSLogForwarder Deployment init containers. If omitted, the EKSLogForwarder Deployment will use its default values for its init containers. |
containers EKSLogForwarderDeploymentContainer array | (Optional) Containers is a list of EKSLogForwarder containers. If specified, this overrides the specified EKSLogForwarder Deployment containers. If omitted, the EKSLogForwarder Deployment will use its default values for its containers. |
EKSLogForwarderDeploymentPodTemplateSpec
EKSLogForwarderDeploymentPodTemplateSpec is the EKSLogForwarder Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec EKSLogForwarderDeploymentPodSpec | (Optional) Spec is the EKSLogForwarder Deployment's PodSpec. |
EKSLogForwarderDeploymentSpec
EKSLogForwarderDeploymentSpec defines configuration for the EKSLogForwarder Deployment.
Appears in:
Field | Description |
---|---|
template EKSLogForwarderDeploymentPodTemplateSpec | (Optional) Template describes the EKSLogForwarder Deployment pod that will be created. |
ESGatewayDeployment
ESGatewayDeployment is the configuration for the es-gateway Deployment.
Appears in:
Field | Description |
---|---|
spec ESGatewayDeploymentSpec | (Optional) Spec is the specification of the es-gateway Deployment. |
ESGatewayDeploymentContainer
ESGatewayDeploymentContainer is a es-gateway Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the es-gateway Deployment container by name. Supported values are: tigera-secure-es-gateway |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named es-gateway Deployment container's resources. If omitted, the es-gateway Deployment will use its default value for this container's resources. |
ESGatewayDeploymentInitContainer
ESGatewayDeploymentInitContainer is a es-gateway Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the es-gateway Deployment init container by name. Supported values are: tigera-secure-elasticsearch-cert-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named es-gateway Deployment init container's resources. If omitted, the es-gateway Deployment will use its default value for this init container's resources. |
ESGatewayDeploymentPodSpec
ESGatewayDeploymentPodSpec is the es-gateway Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers ESGatewayDeploymentInitContainer array | (Optional) InitContainers is a list of es-gateway init containers. If specified, this overrides the specified es-gateway Deployment init containers. If omitted, the es-gateway Deployment will use its default values for its init containers. |
containers ESGatewayDeploymentContainer array | (Optional) Containers is a list of es-gateway containers. If specified, this overrides the specified es-gateway Deployment containers. If omitted, the es-gateway Deployment will use its default values for its containers. |
ESGatewayDeploymentPodTemplateSpec
ESGatewayDeploymentPodTemplateSpec is the es-gateway Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec ESGatewayDeploymentPodSpec | (Optional) Spec is the es-gateway Deployment's PodSpec. |
ESGatewayDeploymentSpec
ESGatewayDeploymentSpec defines configuration for the es-gateway Deployment.
Appears in:
Field | Description |
---|---|
template ESGatewayDeploymentPodTemplateSpec | (Optional) Template describes the es-gateway Deployment pod that will be created. |
EgressGateway
EgressGateway is the Schema for the egressgateways API
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | EgressGateway |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec EgressGatewaySpec | |
status EgressGatewayStatus |
EgressGatewayDeploymentPodSpec
EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers EGWDeploymentInitContainer array | (Optional) InitContainers is a list of EGW init containers. If specified, this overrides the specified EGW Deployment init containers. If omitted, the EGW Deployment will use its default values for its init containers. |
containers EGWDeploymentContainer array | (Optional) Containers is a list of EGW containers. If specified, this overrides the specified EGW Deployment containers. If omitted, the EGW Deployment will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the EGW pods. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector gives more control over the nodes where the Egress Gateway pods will run on. |
terminationGracePeriodSeconds integer | (Optional) TerminationGracePeriodSeconds defines the termination grace period of the Egress Gateway pods in seconds. |
topologySpreadConstraints TopologySpreadConstraint array | (Optional) TopologySpreadConstraints defines how the Egress Gateway pods should be spread across different AZs. |
tolerations Toleration array | (Optional) Tolerations is the egress gateway pod's tolerations. If specified, this overrides any tolerations that may be set on the EGW Deployment. If omitted, the EGW Deployment will use its default value for tolerations. |
priorityClassName string | (Optional) PriorityClassName allows to specify a PriorityClass resource to be used. |
EgressGatewayDeploymentPodTemplateSpec
EgressGatewayDeploymentPodTemplateSpec is the EGW Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
metadata EgressGatewayMetadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec EgressGatewayDeploymentPodSpec | (Optional) Spec is the EGW Deployment's PodSpec. |
EgressGatewayFailureDetection
EgressGatewayFailureDetection defines the fields the needed for determining Egress Gateway readiness.
Appears in:
Field | Description |
---|---|
healthTimeoutDataStoreSeconds integer | (Optional) HealthTimeoutDataStoreSeconds defines how long Egress Gateway can fail to connect to the datastore before reporting not ready. This value must be greater than 0. Default: 90 |
icmpProbe ICMPProbe | (Optional) ICMPProbe define outgoing ICMP probes that Egress Gateway will use to verify its upstream connection. Egress Gateway will report not ready if all fail. Timeout must be greater than interval. |
httpProbe HTTPProbe | (Optional) HTTPProbe define outgoing HTTP probes that Egress Gateway will use to verify its upsteam connection. Egress Gateway will report not ready if all fail. Timeout must be greater than interval. |
EgressGatewayIPPool
Appears in:
Field | Description |
---|---|
name string | (Optional) Name is the name of the IPPool that the Egress Gateways can use. |
cidr string | (Optional) CIDR is the IPPool CIDR that the Egress Gateways can use. |
EgressGatewayMetadata
EgressGatewayMetadata contains the standard Kubernetes labels and annotations fields.
Appears in:
Field | Description |
---|---|
labels object (keys:string, values:string) | (Optional) Labels is a map of string keys and values that may match replica set and service selectors. Each of these key/value pairs are added to the object's labels provided the key does not already exist in the object's labels. If not specified will default to projectcalico.org/egw:[name], where [name] is the name of the Egress Gateway resource. |
annotations object (keys:string, values:string) | (Optional) Annotations is a map of arbitrary non-identifying metadata. Each of these key/value pairs are added to the object's annotations provided the key does not already exist in the object's annotations. |
EgressGatewaySpec
EgressGatewaySpec defines the desired state of EgressGateway
Appears in:
Field | Description |
---|---|
replicas integer | (Optional) Replicas defines how many instances of the Egress Gateway pod will run. |
ipPools EgressGatewayIPPool array | IPPools defines the IP Pools that the Egress Gateway pods should be using. Either name or CIDR must be specified. IPPools must match existing IPPools. |
externalNetworks string array | (Optional) ExternalNetworks defines the external network names this Egress Gateway is associated with. ExternalNetworks must match existing external networks. |
logSeverity LogSeverity | (Optional) LogSeverity defines the logging level of the Egress Gateway. |
template EgressGatewayDeploymentPodTemplateSpec | (Optional) Template describes the EGW Deployment pod that will be created. |
egressGatewayFailureDetection EgressGatewayFailureDetection | (Optional) EgressGatewayFailureDetection is used to configure how Egress Gateway determines readiness. If both ICMP, HTTP probes are defined, one ICMP probe and one HTTP probe should succeed for Egress Gateways to become ready. Otherwise one of ICMP or HTTP probe should succeed for Egress gateways to become ready if configured. |
aws AWSEgressGateway | (Optional) AWS defines the additional configuration options for Egress Gateways on AWS. |
EgressGatewayStatus
EgressGatewayStatus defines the observed state of EgressGateway
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
EksCloudwatchLogsSpec
EksConfigSpec defines configuration for fetching EKS audit logs.
Appears in:
Field | Description |
---|---|
region string | AWS Region EKS cluster is hosted in. |
groupName string | Cloudwatch log-group name containing EKS audit logs. |
streamPrefix string | (Optional) Prefix of Cloudwatch log stream containing EKS audit logs in the log-group. Default: kube-apiserver-audit- |
fetchInterval integer | (Optional) Cloudwatch audit logs fetching interval in seconds. Default: 60 |
ElasticsearchMetricsDeployment
ElasticsearchMetricsDeployment is the configuration for the tigera-elasticsearch-metric Deployment.
Appears in:
Field | Description |
---|---|
spec ElasticsearchMetricsDeploymentSpec | (Optional) Spec is the specification of the ElasticsearchMetrics Deployment. |
ElasticsearchMetricsDeploymentContainer
ElasticsearchMetricsDeploymentContainer is a ElasticsearchMetricsDeployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the ElasticsearchMetricsDeployment container by name. Supported values are: tigera-elasticsearch-metrics |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ElasticsearchMetricsDeployment container's resources. If omitted, the ElasticsearchMetrics Deployment will use its default value for this container's resources. |
ElasticsearchMetricsDeploymentInitContainer
ElasticsearchMetricsDeploymentInitContainer is a ElasticsearchMetricsDeployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the ElasticsearchMetricsDeployment init container by name. Supported values are: tigera-ee-elasticsearch-metrics-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named ElasticsearchMetricsDeployment init container's resources. If omitted, the ElasticsearchMetrics Deployment will use its default value for this init container's resources. |
ElasticsearchMetricsDeploymentPodSpec
ElasticsearchMetricsDeploymentPodSpec is the tElasticsearchMetricsDeployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers ElasticsearchMetricsDeploymentInitContainer array | (Optional) InitContainers is a list of ElasticsearchMetricsDeployment init containers. If specified, this overrides the specified ElasticsearchMetricsDeployment init containers. If omitted, the ElasticsearchMetrics Deployment will use its default values for its init containers. |
containers ElasticsearchMetricsDeploymentContainer array | (Optional) Containers is a list of ElasticsearchMetricsDeployment containers. If specified, this overrides the specified ElasticsearchMetricsDeployment containers. If omitted, the ElasticsearchMetrics Deployment will use its default values for its containers. |
ElasticsearchMetricsDeploymentPodTemplateSpec
ElasticsearchMetricsDeploymentPodTemplateSpec is the ElasticsearchMetricsDeployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec ElasticsearchMetricsDeploymentPodSpec | (Optional) Spec is the ElasticsearchMetrics Deployment's PodSpec. |
ElasticsearchMetricsDeploymentSpec
ElasticsearchMetricsDeploymentSpec defines configuration for the ElasticsearchMetricsDeployment Deployment.
Appears in:
Field | Description |
---|---|
template ElasticsearchMetricsDeploymentPodTemplateSpec | (Optional) Template describes the ElasticsearchMetrics Deployment pod that will be created. |
EmailVerificationType
Underlying type: string
Appears in:
Value | Description |
---|---|
Verify | |
InsecureSkip |
EncapsulationType
Underlying type: string
EncapsulationType is the type of encapsulation to use on an IP pool.
One of: IPIP, VXLAN, IPIPCrossSubnet, VXLANCrossSubnet, None
Appears in:
Value | Description |
---|---|
IPIPCrossSubnet | |
IPIP | |
VXLAN | |
VXLANCrossSubnet | |
None |
EncryptionOption
Underlying type: string
EncryptionOption specifies the traffic encryption mode when connecting to a Syslog server.
One of: None, TLS
Appears in:
Value | Description |
---|---|
None | |
TLS |
Endpoint
Endpoint contains a subset of relevant fields from the Prometheus Endpoint struct.
Appears in:
Field | Description |
---|---|
params object (keys:string, values:string array) | Optional HTTP URL parameters Default: scrape all metrics. |
bearerTokenSecret SecretKeySelector | Secret to mount to read bearer token for scraping targets. Recommended: when unset, the operator will create a Secret, a ClusterRole and a ClusterRoleBinding. |
interval Duration | Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used. |
scrapeTimeout Duration | Timeout after which the scrape is ended. If not specified, the Prometheus global scrape timeout is used unless it is less than Interval in which the latter is used. |
honorLabels boolean | HonorLabels chooses the metric's labels on collisions with target labels. |
honorTimestamps boolean | HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. |
metricRelabelings RelabelConfig array | MetricRelabelConfigs to apply to samples before ingestion. |
relabelings RelabelConfig array | RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields. The original scrape job's name is available via the __tmp_prometheus_job_name label. More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config |
EnvoySettings
Appears in:
Field | Description |
---|---|
xffNumTrustedHops integer | (Optional) The number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust when determining the origin client’s IP address. 0 is permitted, but >=1 is the typical setting. |
useRemoteAddress boolean | (Optional) If set to true, the Envoy connection manager will use the real remote address of the client connection when determining internal versus external origin and manipulating various headers. |
ExternalPrometheus
Appears in:
Field | Description |
---|---|
serviceMonitor ServiceMonitor | (Optional) ServiceMonitor when specified, the operator will create a ServiceMonitor object in the namespace. It is recommended that you configure labels if you want your prometheus instance to pick up the configuration automatically. The operator will configure 1 endpoint by default: - Params to scrape all metrics available in Calico Enterprise. - BearerTokenSecret (If not overridden, the operator will also create corresponding RBAC that allows authz to the metrics.) - TLSConfig, containing the caFile and serverName. |
namespace string | Namespace is the namespace where the operator will create resources for your Prometheus instance. The namespace must be created before the operator will create Prometheus resources. |
FIPSMode
Underlying type: string
Appears in:
Value | Description |
---|---|
Enabled | |
Disabled |
FluentdDaemonSet
FluentdDaemonSet is the configuration for the Fluentd DaemonSet.
Appears in:
Field | Description |
---|---|
spec FluentdDaemonSetSpec | (Optional) Spec is the specification of the Fluentd DaemonSet. |
FluentdDaemonSetContainer
FluentdDaemonSetContainer is a Fluentd DaemonSet container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Fluentd DaemonSet container by name. Supported values are: fluentd |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Fluentd DaemonSet container's resources. If omitted, the Fluentd DaemonSet will use its default value for this container's resources. |
FluentdDaemonSetInitContainer
FluentdDaemonSetInitContainer is a Fluentd DaemonSet init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Fluentd DaemonSet init container by name. Supported values are: tigera-fluentd-prometheus-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Fluentd DaemonSet init container's resources. If omitted, the Fluentd DaemonSet will use its default value for this init container's resources. |
FluentdDaemonSetPodSpec
FluentdDaemonSetPodSpec is the Fluentd DaemonSet's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers FluentdDaemonSetInitContainer array | (Optional) InitContainers is a list of Fluentd DaemonSet init containers. If specified, this overrides the specified Fluentd DaemonSet init containers. If omitted, the Fluentd DaemonSet will use its default values for its init containers. |
containers FluentdDaemonSetContainer array | (Optional) Containers is a list of Fluentd DaemonSet containers. If specified, this overrides the specified Fluentd DaemonSet containers. If omitted, the Fluentd DaemonSet will use its default values for its containers. |
FluentdDaemonSetPodTemplateSpec
FluentdDaemonSetPodTemplateSpec is the Fluentd DaemonSet's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec FluentdDaemonSetPodSpec | (Optional) Spec is the Fluentd DaemonSet's PodSpec. |
FluentdDaemonSetSpec
FluentdDaemonSetSpec defines configuration for the Fluentd DaemonSet.
Appears in:
Field | Description |
---|---|
template FluentdDaemonSetPodTemplateSpec | (Optional) Template describes the Fluentd DaemonSet pod that will be created. |
GatewayAPI
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | GatewayAPI |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec GatewayAPISpec |
GatewayAPISpec
GatewayAPISpec has fields that can be used to customize our GatewayAPI support.
Appears in:
Field | Description |
---|---|
gatewayControllerDeployment GatewayControllerDeployment | Allow optional customization of the gateway controller deployment. |
gatewayCertgenJob GatewayCertgenJob | Allow optional customization of the gateway certgen job. |
gatewayDeployment GatewayDeployment | Allow optional customization of gateway deployments. |
crdManagement CRDManagement | Configure how to manage and update Gateway API CRDs. The default behaviour - which is used when this field is not set, or is set to "PreferExisting" - is that the Tigera operator will create the Gateway API CRDs if they do not already exist, but will not overwrite any existing Gateway API CRDs. This setting may be preferable if the customer is using other implementations of the Gateway API concurrently with the Gateway API support in Calico Enterprise. It is then the customer's responsibility to ensure that CRDs are installed that meet the needs of all the Gateway API implementations in their cluster. Alternatively, if this field is set to "Reconcile", the Tigera operator will keep the cluster's Gateway API CRDs aligned with those that it would install on a cluster that does not yet have any version of those CRDs. |
GatewayCertgenJob
GatewayCertgenJob allows customization of the gateway certgen job.
If GatewayCertgenJob.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the job's top-level metadata.
For customization of the job spec see GatewayCertgenJobSpec.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec GatewayCertgenJobSpec | (Optional) |
GatewayCertgenJobContainer
GatewayCertgenJobContainer allows customization of the gateway certgen job's resource requirements.
If GatewayCertgenJob.Spec.Template.Spec.Containers["envoy-gateway-certgen"].Resources is non-nil, it overrides the ResourceRequirements of the job's "envoy-gateway-certgen" container.
Appears in:
Field | Description |
---|---|
name string | |
resources ResourceRequirements | (Optional) |
GatewayCertgenJobPodSpec
GatewayCertgenJobPodSpec allows customization of the gateway certgen job's pod spec.
If GatewayCertgenJob.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of the job's pod template.
If GatewayCertgenJob.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for where job pods may be scheduled.
If GatewayCertgenJob.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of the job's pod template.
For customization of job container resources see GatewayCertgenJobContainer.
Appears in:
Field | Description |
---|---|
affinity Affinity | (Optional) |
containers GatewayCertgenJobContainer array | (Optional) |
nodeSelector object (keys:string, values:string) | (Optional) |
tolerations Toleration array | (Optional) |
GatewayCertgenJobPodTemplate
GatewayCertgenJobPodTemplate allows customization of the gateway certgen job's pod template.
If GatewayCertgenJob.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the job's pod template.
For customization of the pod template spec see GatewayCertgenJobPodSpec.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec GatewayCertgenJobPodSpec | (Optional) |
GatewayCertgenJobSpec
GatewayCertgenJobSpec allows customization of the gateway certgen job spec.
For customization of the job template see GatewayCertgenJobPodTemplate.
Appears in:
Field | Description |
---|---|
template GatewayCertgenJobPodTemplate | (Optional) |
GatewayControllerDeployment
GatewayControllerDeployment allows customization of the gateway controller deployment.
If GatewayControllerDeployment.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the deployment's top-level metadata.
For customization of the deployment spec see GatewayControllerDeploymentSpec.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec GatewayControllerDeploymentSpec | (Optional) |
GatewayControllerDeploymentContainer
GatewayControllerDeploymentContainer allows customization of the gateway controller's resource requirements.
If GatewayControllerDeployment.Spec.Template.Spec.Containers["envoy-gateway"].Resources is non-nil, it overrides the ResourceRequirements of the controller's "envoy-gateway" container.
Appears in:
Field | Description |
---|---|
name string | |
resources ResourceRequirements | (Optional) |
GatewayControllerDeploymentPodSpec
GatewayControllerDeploymentPodSpec allows customization of the gateway controller deployment pod spec.
If GatewayControllerDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of the deployment's pod template.
If GatewayControllerDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for where controller pods may be scheduled.
If GatewayControllerDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of the deployment's pod template.
For customization of container resources see GatewayControllerDeploymentContainer.
Appears in:
Field | Description |
---|---|
affinity Affinity | (Optional) |
containers GatewayControllerDeploymentContainer array | (Optional) |
nodeSelector object (keys:string, values:string) | (Optional) |
tolerations Toleration array | (Optional) |
GatewayControllerDeploymentPodTemplate
GatewayControllerDeploymentPodTemplate allows customization of the gateway controller deployment pod template.
If GatewayControllerDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into the deployment's pod template.
For customization of the pod template spec see GatewayControllerDeploymentPodSpec.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec GatewayControllerDeploymentPodSpec | (Optional) |
GatewayControllerDeploymentSpec
GatewayControllerDeploymentSpec allows customization of the gateway controller deployment spec.
If GatewayControllerDeployment.Spec.MinReadySeconds is non-nil, it sets the minReadySeconds field for the deployment.
For customization of the pod template see GatewayControllerDeploymentPodTemplate.
Appears in:
Field | Description |
---|---|
minReadySeconds integer | (Optional) |
template GatewayControllerDeploymentPodTemplate | (Optional) |
GatewayDeployment
GatewayDeployment allows customization of gateway deployments.
For detail see GatewayDeploymentSpec.
Appears in:
Field | Description |
---|---|
spec GatewayDeploymentSpec | (Optional) |
GatewayDeploymentContainer
GatewayDeploymentContainer allows customization of the resource requirements of gateway deployments.
If GatewayDeployment.Spec.Template.Spec.Containers["envoy"].Resources is non-nil, it overrides the ResourceRequirements of the "envoy" container in each gateway deployment.
Appears in:
Field | Description |
---|---|
name string | |
resources ResourceRequirements | (Optional) |
GatewayDeploymentPodSpec
GatewayDeploymentPodSpec allows customization of the pod spec of gateway deployments.
If GatewayDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of each deployment's pod template.
If GatewayDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for where gateway pods may be scheduled.
If GatewayDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of each deployment's pod template.
If GatewayDeployment.Spec.Template.Spec.TopologySpreadConstraints is non-nil, it sets the topology spread constraints of each deployment's pod template.
For customization of container resources see GatewayControllerDeploymentContainer.
Appears in:
Field | Description |
---|---|
affinity Affinity | (Optional) |
containers GatewayDeploymentContainer array | (Optional) |
nodeSelector object (keys:string, values:string) | (Optional) |
topologySpreadConstraints TopologySpreadConstraint array | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations Toleration array | (Optional) |
GatewayDeploymentPodTemplate
GatewayDeploymentPodTemplate allows customization of the pod template of gateway deployments.
If GatewayDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from that metadata are added into each deployment's pod template.
For customization of the pod template spec see GatewayDeploymentPodSpec.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec GatewayDeploymentPodSpec | (Optional) |
GatewayDeploymentSpec
GatewayDeploymentSpec allows customization of the spec of gateway deployments.
For customization of the pod template see GatewayDeploymentPodTemplate.
For customization of the deployment strategy see GatewayDeploymentStrategy.
Appears in:
Field | Description |
---|---|
template GatewayDeploymentPodTemplate | (Optional) |
strategy GatewayDeploymentStrategy | (Optional) The deployment strategy to use to replace existing pods with new ones. |
GatewayDeploymentStrategy
GatewayDeploymentStrategy allows customization of the deployment strategy for gateway deployments.
If GatewayDeployment.Spec.Strategy is non-nil, gateway deployments are set to use a rolling update strategy, with the parameters specified in GatewayDeployment.Spec.Strategy.
Only RollingUpdate is supported at this time so the Type field is not exposed.
Appears in:
Field | Description |
---|---|
rollingUpdate RollingUpdateDeployment | (Optional) |
Goldmane
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | Goldmane |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec GoldmaneSpec | |
status GoldmaneStatus |
GoldmaneDeployment
GoldmaneDeployment is the configuration for the goldmane Deployment.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec GoldmaneDeploymentSpec | (Optional) Spec is the specification of the goldmane Deployment. |
GoldmaneDeploymentContainer
Appears in:
Field | Description |
---|---|
name string | |
resources ResourceRequirements | (Optional) |
GoldmaneDeploymentPodSpec
GoldmaneDeploymentPodSpec is the goldmane Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the goldmane pods. |
containers GoldmaneDeploymentContainer array | (Optional) Containers is a list of goldmane containers. If specified, this overrides the specified EGW Deployment containers. If omitted, the goldmane Deployment will use its default values for its containers. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector gives more control over the nodes where the goldmane pods will run on. |
terminationGracePeriodSeconds integer | (Optional) TerminationGracePeriodSeconds defines the termination grace period of the goldmane pods in seconds. |
topologySpreadConstraints TopologySpreadConstraint array | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations Toleration array | (Optional) Tolerations is the goldmane pod's tolerations. If specified, this overrides any tolerations that may be set on the goldmane Deployment. If omitted, the goldmane Deployment will use its default value for tolerations. |
priorityClassName string | (Optional) PriorityClassName allows to specify a PriorityClass resource to be used. |
GoldmaneDeploymentPodTemplateSpec
GoldmaneDeploymentPodTemplateSpec is the goldmane Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec GoldmaneDeploymentPodSpec | (Optional) Spec is the goldmane Deployment's PodSpec. |
GoldmaneDeploymentSpec
GoldmaneDeploymentSpec defines configuration for the goldmane Deployment.
Appears in:
Field | Description |
---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the goldmane Deployment. If omitted, the goldmane Deployment will use its default value for minReadySeconds. |
template GoldmaneDeploymentPodTemplateSpec | (Optional) Template describes the goldmane Deployment pod that will be created. |
strategy GoldmaneDeploymentStrategy | (Optional) The deployment strategy to use to replace existing pods with new ones. |
GoldmaneDeploymentStrategy
Appears in:
Field | Description |
---|---|
rollingUpdate RollingUpdateDeployment | (Optional) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. to be. |
GoldmaneSpec
Appears in:
Field | Description |
---|---|
goldmaneDeployment GoldmaneDeployment |
GoldmaneStatus
GoldmaneStatus defines the observed state of Goldmane
Appears in:
Field | Description |
---|---|
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
GroupSearch
Group search configuration to find the groups that a user is in.
Appears in:
Field | Description |
---|---|
baseDN string | BaseDN to start the search from. For example "cn=groups,dc=example,dc=com" |
filter string | (Optional) Optional filter to apply when searching the directory. For example "(objectClass=posixGroup)" |
nameAttribute string | The attribute of the group that represents its name. This attribute can be used to apply RBAC to a user group. |
userMatchers UserMatch array | Following list contains field pairs that are used to match a user to a group. It adds an additional requirement to the filter that an attribute in the group must match the user's attribute value. |
GuardianDeployment
GuardianDeployment is the configuration for the guardian Deployment.
Appears in:
Field | Description |
---|---|
spec GuardianDeploymentSpec | (Optional) Spec is the specification of the guardian Deployment. |
GuardianDeploymentContainer
GuardianDeploymentContainer is a guardian Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the guardian Deployment container by name. Supported values are: tigera-guardian |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named guardian Deployment container's resources. If omitted, the guardian Deployment will use its default value for this container's resources. |
GuardianDeploymentInitContainer
GuardianDeploymentInitContainer is a guardian Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the guardian Deployment init container by name. |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named guardian Deployment init container's resources. If omitted, the guardian Deployment will use its default value for this init container's resources. |
GuardianDeploymentPodSpec
GuardianDeploymentPodSpec is the guardian Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers GuardianDeploymentInitContainer array | (Optional) InitContainers is a list of guardian init containers. If specified, this overrides the specified guardian Deployment init containers. If omitted, the guardian Deployment will use its default values for its init containers. |
containers GuardianDeploymentContainer array | (Optional) Containers is a list of guardian containers. If specified, this overrides the specified guardian Deployment containers. If omitted, the guardian Deployment will use its default values for its containers. |
GuardianDeploymentPodTemplateSpec
GuardianDeploymentPodTemplateSpec is the guardian Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec GuardianDeploymentPodSpec | (Optional) Spec is the guardian Deployment's PodSpec. |
GuardianDeploymentSpec
GuardianDeploymentSpec defines configuration for the guardian Deployment.
Appears in:
Field | Description |
---|---|
template GuardianDeploymentPodTemplateSpec | (Optional) Template describes the guardian Deployment pod that will be created. |
HTTPProbe
HTTPProbe defines the HTTP probe configuration for Egress Gateway.
Appears in:
Field | Description |
---|---|
urls string array | URLs define the list of HTTP probe URLs. Egress Gateway will probe each URL periodically.If all probes fail, Egress Gateway will report non-ready. |
intervalSeconds integer | (Optional) IntervalSeconds defines the interval of HTTP probes. Used when URLs is non-empty. Default: 10 |
timeoutSeconds integer | (Optional) TimeoutSeconds defines the timeout value of HTTP probes. Used when URLs is non-empty. Default: 30 |
HostPortsType
Underlying type: string
HostPortsType specifies host port support.
One of: Enabled, Disabled
Appears in:
Value | Description |
---|---|
Enabled | |
Disabled |
ICMPProbe
ICMPProbe defines the ICMP probe configuration for Egress Gateway.
Appears in:
Field | Description |
---|---|
ips string array | IPs define the list of ICMP probe IPs. Egress Gateway will probe each IP periodically. If all probes fail, Egress Gateway will report non-ready. |
intervalSeconds integer | (Optional) IntervalSeconds defines the interval of ICMP probes. Used when IPs is non-empty. Default: 5 |
timeoutSeconds integer | (Optional) TimeoutSeconds defines the timeout value of ICMP probes. Used when IPs is non-empty. Default: 15 |
IPAMPluginType
Underlying type: string
Appears in:
Value | Description |
---|---|
Calico | |
HostLocal | |
AmazonVPC | |
AzureVNET |
IPAMSpec
IPAMSpec contains configuration for pod IP address management.
Appears in:
Field | Description |
---|---|
type IPAMPluginType | Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation. * For CNI Plugin Calico, this field defaults to Calico. * For CNI Plugin GKE, this field defaults to HostLocal. * For CNI Plugin AzureVNET, this field defaults to AzureVNET. * For CNI Plugin AmazonVPC, this field defaults to AmazonVPC. The IPAM plugin is installed and configured only if the CNI plugin is set to Calico, for all other values of the CNI plugin the plugin binaries and CNI config is a dependency that is expected to be installed separately. Default: Calico |
IPPool
Appears in:
Field | Description |
---|---|
name string | Name is the name of the IP pool. If omitted, this will be generated. |
cidr string | CIDR contains the address range for the IP Pool in classless inter-domain routing format. |
encapsulation EncapsulationType | (Optional) Encapsulation specifies the encapsulation type that will be used with the IP Pool. Default: IPIP |
natOutgoing NATOutgoingType | (Optional) NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic. Default: Enabled |
nodeSelector string | (Optional) NodeSelector specifies the node selector that will be set for the IP Pool. Default: 'all()' |
blockSize integer | (Optional) BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6) |
disableBGPExport boolean | (Optional) DisableBGPExport specifies whether routes from this IP pool's CIDR are exported over BGP. Default: false |
disableNewAllocations boolean | DisableNewAllocations specifies whether or not new IP allocations are allowed from this pool. This is useful when you want to prevent new pods from receiving IP addresses from this pool, without impacting any existing pods that have already been assigned addresses from this pool. |
allowedUses IPPoolAllowedUse array | AllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility |
assignmentMode AssignmentMode | AssignmentMode determines if IP addresses from this pool should be assigned automatically or on request only |
IPPoolAllowedUse
Underlying type: string
Appears in:
Value | Description |
---|---|
Workload | |
Tunnel | |
LoadBalancer |
Image
Appears in:
Field | Description |
---|---|
image string | Image is an image that the operator deploys and instead of using the built in tag the operator will use the Digest for the image identifier. The value should be the original image name without registry or tag or digest. For the image docker.io/calico/node:v3.17.1 it should be represented as calico/node The "Installation" spec allows defining custom image registries, paths or prefixes. Even for custom images such as example.com/custompath/customprefix-calico-node:v3.17.1, this value should still be calico/node . |
digest string | Digest is the image identifier that will be used for the Image. The field should not include a leading @ and must be prefixed with sha256: . |
ImageSet
ImageSet is used to specify image digests for the images that the operator deploys.
The name of the ImageSet is expected to be in the format <variant>-<release>
.
The variant
used is enterprise
if the InstallationSpec Variant is
TigeraSecureEnterprise
otherwise it is calico
.
The release
must match the version of the variant that the operator is built to deploy,
this version can be obtained by passing the --version
flag to the operator binary.
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | ImageSet |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec ImageSetSpec |
ImageSetSpec
ImageSetSpec defines the desired state of ImageSet.
Appears in:
Field | Description |
---|---|
images Image array | Images is the list of images to use digests. All images that the operator will deploy must be specified. |
Indices
Indices defines the configuration for the indices in an Elasticsearch cluster.
Appears in:
Field | Description |
---|---|
replicas integer | (Optional) Replicas defines how many replicas each index will have. See https://www.elastic.co/guide/en/elasticsearch/reference/current/scalability.html |
Installation
Installation configures an installation of Calico or Calico Enterprise. At most one instance of this resource is supported. It must be named "default". The Installation API installs core networking and network policy components, and provides general install-time configuration.
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | Installation |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec InstallationSpec | Specification of the desired state for the Calico or Calico Enterprise installation. |
status InstallationStatus | Most recently observed state for the Calico or Calico Enterprise installation. |
InstallationSpec
InstallationSpec defines configuration for a Calico or Calico Enterprise installation.
Appears in:
Field | Description |
---|---|
variant ProductVariant | (Optional) Variant is the product to install - one of Calico or TigeraSecureEnterprise Default: Calico |
registry string | (Optional) Registry is the default Docker registry used for component Docker images. If specified then the given value must end with a slash character (/ ) and all images will be pulled from this registry. If not specified then the default registries will be used. A special case value, UseDefault, is supported to explicitly specify the default registries will be used. Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag> This option allows configuring the <registry> portion of the above format. |
imagePath string | (Optional) ImagePath allows for the path part of an image to be specified. If specified then the specified value will be used as the image path for each image. If not specified or empty, the default for each image will be used. A special case value, UseDefault, is supported to explicitly specify the default image path will be used for each image. Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag> This option allows configuring the <imagePath> portion of the above format. |
imagePrefix string | (Optional) ImagePrefix allows for the prefix part of an image to be specified. If specified then the given value will be used as a prefix on each image. If not specified or empty, no prefix will be used. A special case value, UseDefault, is supported to explicitly specify the default image prefix will be used for each image. Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag> This option allows configuring the <imagePrefix> portion of the above format. |
imagePullSecrets LocalObjectReference array | (Optional) ImagePullSecrets is an array of references to container registry pull secrets to use. These are applied to all images to be pulled. |
kubernetesProvider Provider | (Optional) KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. If the specified value is empty, the Operator will attempt to automatically determine the current provider. If the specified value is not empty, the Operator will still attempt auto-detection, but will additionally compare the auto-detected value to the specified value to confirm they match. |
cni CNISpec | (Optional) CNI specifies the CNI that will be used by this installation. |
calicoNetwork CalicoNetworkSpec | (Optional) CalicoNetwork specifies networking configuration options for Calico. |
typhaAffinity TyphaAffinity | (Optional) Deprecated. Please use Installation.Spec.TyphaDeployment instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods. |
controlPlaneNodeSelector object (keys:string, values:string) | (Optional) ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico components. This is globally applied to all resources created by the operator excluding daemonsets. |
controlPlaneTolerations Toleration array | (Optional) ControlPlaneTolerations specify tolerations which are then globally applied to all resources created by the operator. |
controlPlaneReplicas integer | (Optional) ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. This field applies to all control plane components that support High Availability. Defaults to 2. |
nodeMetricsPort integer | (Optional) NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then prometheus metrics may still be configured through FelixConfiguration. |
typhaMetricsPort integer | (Optional) TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. |
flexVolumePath string | (Optional) FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled by default. If set to 'None', FlexVolume will be disabled. The default is based on the kubernetesProvider. |
kubeletVolumePluginPath string | (Optional) KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, CSI will be enabled by default. If set to 'None', CSI will be disabled. Default: /var/lib/kubelet |
nodeUpdateStrategy DaemonSetUpdateStrategy | (Optional) NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable field. |
componentResources ComponentResource array | (Optional) Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. ComponentResources can be used to customize the resource requirements for each component. Node, Typha, and KubeControllers are supported for installations. |
certificateManagement CertificateManagement | (Optional) CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization. |
nonPrivileged NonPrivilegedType | (Optional) NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible. |
calicoNodeDaemonSet CalicoNodeDaemonSet | CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence. |
csiNodeDriverDaemonSet CSINodeDriverDaemonSet | CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet. |
calicoKubeControllersDeployment CalicoKubeControllersDeployment | CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence. |
typhaDeployment TyphaDeployment | TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated ComponentResources or TyphaAffinity, then these overrides take precedence. |
calicoWindowsUpgradeDaemonSet CalicoWindowsUpgradeDaemonSet | Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet. |
calicoNodeWindowsDaemonSet CalicoNodeWindowsDaemonSet | CalicoNodeWindowsDaemonSet configures the calico-node-windows DaemonSet. |
fipsMode FIPSMode | (Optional) FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. Only supported for Variant=Calico. Default: Disabled |
logging Logging | (Optional) Logging Configuration for Components |
windowsNodes WindowsNodeSpec | (Optional) Windows Configuration |
serviceCIDRs string array | (Optional) Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows. |
azure Azure | (Optional) Azure is used to configure azure provider specific options. |
proxy Proxy | (Optional) Proxy is used to configure the HTTP(S) proxy settings that will be applied to Tigera containers that connect to destinations outside the cluster. It is expected that NO_PROXY is configured such that destinations within the cluster (including the API server) are exempt from proxying. |
InstallationStatus
InstallationStatus defines the observed state of the Calico or Calico Enterprise installation.
Appears in:
Field | Description |
---|---|
variant ProductVariant | Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise |
mtu integer | MTU is the most recently observed value for pod network MTU. This may be an explicitly configured value, or based on Calico's native auto-detetion. |
imageSet string | (Optional) ImageSet is the name of the ImageSet being used, if there is an ImageSet that is being used. If an ImageSet is not being used then this will not be set. |
computed InstallationSpec | (Optional) Computed is the final installation including overlaid resources. |
calicoVersion string | CalicoVersion shows the current running version of calico. CalicoVersion along with Variant is needed to know the exact version deployed. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
IntrusionDetection
IntrusionDetection installs the components required for Tigera intrusion detection. At most one instance of this resource is supported. It must be named "tigera-secure".
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | IntrusionDetection |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec IntrusionDetectionSpec | Specification of the desired state for Tigera intrusion detection. |
status IntrusionDetectionStatus | Most recently observed state for Tigera intrusion detection. |
IntrusionDetectionComponentName
Underlying type: string
Appears in:
Value | Description |
---|---|
DeepPacketInspection |
IntrusionDetectionComponentResource
The ComponentResource struct associates a ResourceRequirements with a component by name
Appears in:
Field | Description |
---|---|
componentName IntrusionDetectionComponentName | ComponentName is an enum which identifies the component |
resourceRequirements ResourceRequirements | ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory. |
IntrusionDetectionControllerDeployment
IntrusionDetectionControllerDeployment is the configuration for the IntrusionDetectionController Deployment.
Appears in:
Field | Description |
---|---|
spec IntrusionDetectionControllerDeploymentSpec | (Optional) Spec is the specification of the IntrusionDetectionController Deployment. |
IntrusionDetectionControllerDeploymentContainer
IntrusionDetectionControllerDeploymentContainer is a IntrusionDetectionController Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the IntrusionDetectionController Deployment container by name. Supported values are: controller, webhooks-processor |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named IntrusionDetectionController Deployment container's resources. If omitted, the IntrusionDetection Deployment will use its default value for this container's resources. |
IntrusionDetectionControllerDeploymentInitContainer
IntrusionDetectionControllerDeploymentInitContainer is a IntrusionDetectionController Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the IntrusionDetectionController Deployment init container by name. Supported values are: intrusion-detection-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named IntrusionDetectionController Deployment init container's resources. If omitted, the IntrusionDetectionController Deployment will use its default value for this init container's resources. |
IntrusionDetectionControllerDeploymentPodSpec
IntrusionDetectionControllerDeploymentPodSpec is the IntrusionDetectionController Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers IntrusionDetectionControllerDeploymentInitContainer array | (Optional) InitContainers is a list of IntrusionDetectionController init containers. If specified, this overrides the specified IntrusionDetectionController Deployment init containers. If omitted, the IntrusionDetectionController Deployment will use its default values for its init containers. |
containers IntrusionDetectionControllerDeploymentContainer array | (Optional) Containers is a list of IntrusionDetectionController containers. If specified, this overrides the specified IntrusionDetectionController Deployment containers. If omitted, the IntrusionDetectionController Deployment will use its default values for its containers. |
IntrusionDetectionControllerDeploymentPodTemplateSpec
IntrusionDetectionControllerDeploymentPodTemplateSpec is the IntrusionDetectionController Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec IntrusionDetectionControllerDeploymentPodSpec | (Optional) Spec is the IntrusionDetectionController Deployment's PodSpec. |
IntrusionDetectionControllerDeploymentSpec
IntrusionDetectionControllerDeploymentSpec defines configuration for the IntrusionDetectionController Deployment.
Appears in:
Field | Description |
---|---|
template IntrusionDetectionControllerDeploymentPodTemplateSpec | (Optional) Template describes the IntrusionDetectionController Deployment pod that will be created. |
IntrusionDetectionSpec
IntrusionDetectionSpec defines the desired state of Tigera intrusion detection capabilities.
Appears in:
Field | Description |
---|---|
componentResources IntrusionDetectionComponentResource array | (Optional) ComponentResources can be used to customize the resource requirements for each component. Only DeepPacketInspection is supported for this spec. |
anomalyDetection AnomalyDetectionSpec | (Optional) AnomalyDetection is now deprecated, and configuring it has no effect. |
intrusionDetectionControllerDeployment IntrusionDetectionControllerDeployment | (Optional) IntrusionDetectionControllerDeployment configures the IntrusionDetection Controller Deployment. |
deepPacketInspectionDaemonset DeepPacketInspectionDaemonset | (Optional) DeepPacketInspectionDaemonset configures the DPI Daemonset |
IntrusionDetectionStatus
IntrusionDetectionStatus defines the observed state of Tigera intrusion detection capabilities.
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
Kibana
Kibana is the configuration for the Kibana.
Appears in:
Field | Description |
---|---|
spec KibanaSpec | (Optional) Spec is the specification of the Kibana. |
KibanaContainer
KibanaContainer is a Kibana container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Kibana Deployment container by name. Supported values are: kibana |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Kibana container's resources. If omitted, the Kibana will use its default value for this container's resources. |
KibanaInitContainer
KibanaInitContainer is a Kibana init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Kibana init container by name. Supported values are: key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Kibana Deployment init container's resources. If omitted, the Kibana Deployment will use its default value for this init container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
KibanaPodSpec
KibanaPodSpec is the Kibana Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers KibanaInitContainer array | (Optional) InitContainers is a list of Kibana init containers. If specified, this overrides the specified Kibana Deployment init containers. If omitted, the Kibana Deployment will use its default values for its init containers. |
containers KibanaContainer array | (Optional) Containers is a list of Kibana containers. If specified, this overrides the specified Kibana Deployment containers. If omitted, the Kibana Deployment will use its default values for its containers. |
KibanaPodTemplateSpec
KibanaPodTemplateSpec is the Kibana's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec KibanaPodSpec | (Optional) Spec is the Kibana's PodSpec. |
KibanaSpec
Appears in:
Field | Description |
---|---|
template KibanaPodTemplateSpec | (Optional) Template describes the Kibana pod that will be created. |
KubernetesAutodetectionMethod
Underlying type: string
KubernetesAutodetectionMethod is a method of detecting an IP address based on the Kubernetes API.
One of: NodeInternalIP
Appears in:
Value | Description |
---|---|
NodeInternalIP | NodeInternalIP detects a node IP using the first status.Addresses entry of the relevant IP family with type NodeInternalIP on the Kubernetes nodes API. |
L7LogCollectorDaemonSet
L7LogCollectorDaemonSet is the configuration for the L7LogCollector DaemonSet.
Appears in:
Field | Description |
---|---|
spec L7LogCollectorDaemonSetSpec | (Optional) Spec is the specification of the L7LogCollector DaemonSet. |
L7LogCollectorDaemonSetContainer
L7LogCollectorDaemonSetContainer is a L7LogCollector DaemonSet container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the L7LogCollector DaemonSet container by name. Supported values are: l7-collector, envoy-proxy, dikastes |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named L7LogCollector DaemonSet container's resources. If omitted, the L7LogCollector DaemonSet will use its default value for this container's resources. |
L7LogCollectorDaemonSetInitContainer
L7LogCollectorDaemonSetInitContainer is a L7LogCollector DaemonSet init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the L7LogCollector DaemonSet init container by name. |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named L7LogCollector DaemonSet init container's resources. If omitted, the L7LogCollector DaemonSet will use its default value for this init container's resources. |
L7LogCollectorDaemonSetPodSpec
L7LogCollectorDaemonSetPodSpec is the L7LogCollector DaemonSet's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers L7LogCollectorDaemonSetInitContainer array | (Optional) InitContainers is a list of L7LogCollector DaemonSet init containers. If specified, this overrides the specified L7LogCollector DaemonSet init containers. If omitted, the L7LogCollector DaemonSet will use its default values for its init containers. |
containers L7LogCollectorDaemonSetContainer array | (Optional) Containers is a list of L7LogCollector DaemonSet containers. If specified, this overrides the specified L7LogCollector DaemonSet containers. If omitted, the L7LogCollector DaemonSet will use its default values for its containers. |
L7LogCollectorDaemonSetPodTemplateSpec
L7LogCollectorDaemonSetPodTemplateSpec is the L7LogCollector DaemonSet's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec L7LogCollectorDaemonSetPodSpec | (Optional) Spec is the L7LogCollector DaemonSet's PodSpec. |
L7LogCollectorDaemonSetSpec
L7LogCollectorDaemonSetSpec defines configuration for the L7LogCollector DaemonSet.
Appears in:
Field | Description |
---|---|
template L7LogCollectorDaemonSetPodTemplateSpec | (Optional) Template describes the L7LogCollector DaemonSet pod that will be created. |
LinseedDeployment
LinseedDeployment is the configuration for the linseed Deployment.
Appears in:
Field | Description |
---|---|
spec LinseedDeploymentSpec | (Optional) Spec is the specification of the linseed Deployment. |
LinseedDeploymentContainer
LinseedDeploymentContainer is a linseed Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the linseed Deployment container by name. Supported values are: tigera-linseed |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named linseed Deployment container's resources. If omitted, the linseed Deployment will use its default value for this container's resources. |
LinseedDeploymentInitContainer
LinseedDeploymentInitContainer is a linseed Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the linseed Deployment init container by name. Supported values are: tigera-secure-linseed-token-tls-key-cert-provisioner,tigera-secure-linseed-cert-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named linseed Deployment init container's resources. If omitted, the linseed Deployment will use its default value for this init container's resources. |
LinseedDeploymentPodSpec
LinseedDeploymentPodSpec is the linseed Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers LinseedDeploymentInitContainer array | (Optional) InitContainers is a list of linseed init containers. If specified, this overrides the specified linseed Deployment init containers. If omitted, the linseed Deployment will use its default values for its init containers. |
containers LinseedDeploymentContainer array | (Optional) Containers is a list of linseed containers. If specified, this overrides the specified linseed Deployment containers. If omitted, the linseed Deployment will use its default values for its containers. |
LinseedDeploymentPodTemplateSpec
LinseedDeploymentPodTemplateSpec is the linseed Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec LinseedDeploymentPodSpec | (Optional) Spec is the linseed Deployment's PodSpec. |
LinseedDeploymentSpec
LinseedDeploymentSpec defines configuration for the linseed Deployment.
Appears in:
Field | Description |
---|---|
template LinseedDeploymentPodTemplateSpec | (Optional) Template describes the linseed Deployment pod that will be created. |
LinuxDataplaneOption
Underlying type: string
LinuxDataplaneOption controls which dataplane is to be used on Linux nodes.
One of: Iptables, BPF, VPP, Nftables
Validation:
- Enum: [Iptables BPF VPP Nftables]
Appears in:
Value | Description |
---|---|
Iptables | |
BPF | |
VPP | |
Nftables |
LogCollectionSpec
Appears in:
Field | Description |
---|---|
collectLogs LogCollectionStatusType | (Optional) This setting enables or disable log collection. Allowed values are Enabled or Disabled. |
logIntervalSeconds integer | (Optional) Interval in seconds for sending L7 log information for processing. Default: 5 sec |
logRequestsPerInterval integer | (Optional) Maximum number of unique L7 logs that are sent LogIntervalSeconds. Adjust this to limit the number of L7 logs sent per LogIntervalSeconds to felix for further processing, use negative number to ignore limits. Default: -1 |
LogCollectionStatusType
Underlying type: string
Validation:
- Enum: [Enabled Disabled]
Appears in:
Value | Description |
---|---|
Disabled | |
Enabled |
LogCollector
LogCollector installs the components required for Tigera flow and DNS log collection. At most one instance of this resource is supported. It must be named "tigera-secure". When created, this installs fluentd on all nodes configured to collect Tigera log data and export it to Tigera's Elasticsearch cluster as well as any additionally configured destinations.
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | LogCollector |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec LogCollectorSpec | Specification of the desired state for Tigera log collection. |
status LogCollectorStatus | Most recently observed state for Tigera log collection. |
LogCollectorSpec
LogCollectorSpec defines the desired state of Tigera flow, audit, and DNS log collection.
Appears in:
Field | Description |
---|---|
additionalStores AdditionalLogStoreSpec | (Optional) Configuration for exporting flow, audit, and DNS logs to external storage. |
additionalSources AdditionalLogSourceSpec | (Optional) Configuration for importing audit logs from managed kubernetes cluster log sources. |
collectProcessPath CollectProcessPathOption | (Optional) Configuration for enabling/disabling process path collection in flowlogs. If Enabled, this feature sets hostPID to true in order to read process cmdline. Default: Enabled |
multiTenantManagementClusterNamespace string | (Optional) If running as a multi-tenant management cluster, the namespace in which the management cluster's tenant services are running. |
fluentdDaemonSet FluentdDaemonSet | FluentdDaemonSet configures the Fluentd DaemonSet. |
eksLogForwarderDeployment EKSLogForwarderDeployment | (Optional) EKSLogForwarderDeployment configures the EKSLogForwarderDeployment Deployment. |
LogCollectorStatus
LogCollectorStatus defines the observed state of Tigera flow and DNS log collection
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
LogLevel
Underlying type: string
Validation:
- Enum: [Error Warning Info Debug]
Appears in:
Value | Description |
---|---|
Error | |
Warn | |
Info | |
Debug |
LogSeverity
Underlying type: string
Validation:
- Enum: [Fatal Error Warn Info Debug Trace]
Appears in:
Value | Description |
---|---|
Fatal | |
Error | |
Warn | |
Info | |
Debug | |
Trace |
LogStorage
LogStorage installs the components required for Tigera flow and DNS log storage. At most one instance of this resource is supported. It must be named "tigera-secure". When created, this installs an Elasticsearch cluster for use by Calico Enterprise.
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | LogStorage |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec LogStorageSpec | Specification of the desired state for Tigera log storage. |
status LogStorageStatus | Most recently observed state for Tigera log storage. |
LogStorageComponentName
Underlying type: string
LogStorageComponentName CRD enum
Appears in:
Value | Description |
---|---|
ECKOperator |
LogStorageComponentResource
The ComponentResource struct associates a ResourceRequirements with a component by name
Appears in:
Field | Description |
---|---|
componentName LogStorageComponentName | Deprecated. Please use ECKOperatorStatefulSet. ComponentName is an enum which identifies the component |
resourceRequirements ResourceRequirements | ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory. |
LogStorageSpec
LogStorageSpec defines the desired state of Tigera flow and DNS log storage.
Appears in:
Field | Description |
---|---|
nodes Nodes | Nodes defines the configuration for a set of identical Elasticsearch cluster nodes, each of type master, data, and ingest. |
indices Indices | (Optional) Index defines the configuration for the indices in the Elasticsearch cluster. |
retention Retention | (Optional) Retention defines how long data is retained in the Elasticsearch cluster before it is cleared. |
storageClassName string | (Optional) StorageClassName will populate the PersistentVolumeClaim.StorageClassName that is used to provision disks to the Tigera Elasticsearch cluster. The StorageClassName should only be modified when no LogStorage is currently active. We recommend choosing a storage class dedicated to Tigera LogStorage only. Otherwise, data retention cannot be guaranteed during upgrades. See https://docs.tigera.io/maintenance/upgrading for up-to-date instructions. Default: tigera-elasticsearch |
dataNodeSelector object (keys:string, values:string) | (Optional) DataNodeSelector gives you more control over the node that Elasticsearch will run on. The contents of DataNodeSelector will be added to the PodSpec of the Elasticsearch nodes. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels as well as access to the specified StorageClassName. |
componentResources LogStorageComponentResource array | (Optional) ComponentResources can be used to customize the resource requirements for each component. Only ECKOperator is supported for this spec. |
eckOperatorStatefulSet ECKOperatorStatefulSet | (Optional) ECKOperatorStatefulSet configures the ECKOperator StatefulSet. If used in conjunction with the deprecated ComponentResources, then these overrides take precedence. |
kibana Kibana | (Optional) Kibana configures the Kibana Spec. |
linseedDeployment LinseedDeployment | LinseedDeployment configures the linseed Deployment. |
elasticsearchMetricsDeployment ElasticsearchMetricsDeployment | ElasticsearchMetricsDeployment configures the tigera-elasticsearch-metric Deployment. |
esGatewayDeployment ESGatewayDeployment | ESGatewayDeployment configures the es-gateway Deployment. |
LogStorageStatus
LogStorageStatus defines the observed state of Tigera flow and DNS log storage.
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
elasticsearchHash string | ElasticsearchHash represents the current revision and configuration of the installed Elasticsearch cluster. This is an opaque string which can be monitored for changes to perform actions when Elasticsearch is modified. |
kibanaHash string | KibanaHash represents the current revision and configuration of the installed Kibana dashboard. This is an opaque string which can be monitored for changes to perform actions when Kibana is modified. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
Logging
Appears in:
Field | Description |
---|---|
cni CNILogging | (Optional) Customized logging specification for calico-cni plugin |
ManagementCluster
The presence of ManagementCluster in your cluster, will configure it to be the management plane to which managed clusters can connect. At most one instance of this resource is supported. It must be named "tigera-secure".
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | ManagementCluster |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec ManagementClusterSpec |
ManagementClusterConnection
ManagementClusterConnection represents a link between a managed cluster and a management cluster. At most one instance of this resource is supported. It must be named "tigera-secure".
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | ManagementClusterConnection |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec ManagementClusterConnectionSpec | |
status ManagementClusterConnectionStatus |
ManagementClusterConnectionSpec
ManagementClusterConnectionSpec defines the desired state of ManagementClusterConnection
Appears in:
Field | Description |
---|---|
managementClusterAddr string | (Optional) Specify where the managed cluster can reach the management cluster. Ex.: "10.128.0.10:30449". A managed cluster should be able to access this address. This field is used by managed clusters only. |
tls ManagementClusterTLS | (Optional) TLS provides options for configuring how Managed Clusters can establish an mTLS connection with the Management Cluster. |
guardianDeployment GuardianDeployment | GuardianDeployment configures the guardian Deployment. |
ManagementClusterConnectionStatus
ManagementClusterConnectionStatus defines the observed state of ManagementClusterConnection
Appears in:
Field | Description |
---|---|
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
ManagementClusterSpec
ManagementClusterSpec defines the desired state of a ManagementCluster
Appears in:
Field | Description |
---|---|
address string | (Optional) This field specifies the externally reachable address to which your managed cluster will connect. When a managed cluster is added, this field is used to populate an easy-to-apply manifest that will connect both clusters. Valid examples are: "0.0.0.0:31000", "example.com:32000", "[::1]:32500" |
tls TLS | (Optional) TLS provides options for configuring how Managed Clusters can establish an mTLS connection with the Management Cluster. |
ManagementClusterTLS
Appears in:
Field | Description |
---|---|
ca CAType | CA indicates which verification method the tunnel client should use to verify the tunnel server's identity. When left blank or set to 'Tigera', the tunnel client will expect a self-signed cert to be included in the certificate bundle and will expect the cert to have a Common Name (CN) of 'voltron'. When set to 'Public', the tunnel client will use its installed system certs and will use the managementClusterAddr to verify the tunnel server's identity. Default: Tigera |
Manager
Manager installs the Calico Enterprise manager graphical user interface. At most one instance of this resource is supported. It must be named "tigera-secure".
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | Manager |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec ManagerSpec | Specification of the desired state for the Calico Enterprise manager. |
status ManagerStatus | Most recently observed state for the Calico Enterprise manager. |
ManagerDeployment
ManagerDeployment is the configuration for the Manager Deployment.
Appears in:
Field | Description |
---|---|
spec ManagerDeploymentSpec | (Optional) Spec is the specification of the Manager Deployment. |
ManagerDeploymentContainer
ManagerDeploymentContainer is a Manager Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Manager Deployment container by name. Supported values are: tigera-voltron, tigera-manager, tigera-ui-apis, and tigera-es-proxy (deprecated). |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Manager Deployment container's resources. If omitted, the Manager Deployment will use its default value for this container's resources. |
ManagerDeploymentInitContainer
ManagerDeploymentInitContainer is a Manager Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Manager Deployment init container by name. Supported values are: manager-tls-key-cert-provisioner, internal-manager-tls-key-cert-provisioner, tigera-voltron-linseed-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Manager Deployment init container's resources. If omitted, the Manager Deployment will use its default value for this init container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
ManagerDeploymentPodSpec
ManagerDeploymentPodSpec is the Manager Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers ManagerDeploymentInitContainer array | (Optional) InitContainers is a list of Manager init containers. If specified, this overrides the specified Manager Deployment init containers. If omitted, the Manager Deployment will use its default values for its init containers. |
containers ManagerDeploymentContainer array | (Optional) Containers is a list of Manager containers. If specified, this overrides the specified Manager Deployment containers. If omitted, the Manager Deployment will use its default values for its containers. |
ManagerDeploymentPodTemplateSpec
ManagerDeploymentPodTemplateSpec is the Manager Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec ManagerDeploymentPodSpec | (Optional) Spec is the Manager Deployment's PodSpec. |
ManagerDeploymentSpec
ManagerDeploymentSpec defines configuration for the Manager Deployment.
Appears in:
Field | Description |
---|---|
template ManagerDeploymentPodTemplateSpec | (Optional) Template describes the Manager Deployment pod that will be created. |
ManagerSpec
ManagerSpec defines configuration for the Calico Enterprise manager GUI.
Appears in:
Field | Description |
---|---|
managerDeployment ManagerDeployment | (Optional) ManagerDeployment configures the Manager Deployment. |
ManagerStatus
ManagerStatus defines the observed state of the Calico Enterprise manager GUI.
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
Metadata
Metadata contains the standard Kubernetes labels and annotations fields.
Appears in:
- APIServerDeployment
- APIServerDeploymentPodTemplateSpec
- CSINodeDriverDaemonSet
- CSINodeDriverDaemonSetPodTemplateSpec
- CalicoKubeControllersDeployment
- CalicoKubeControllersDeploymentPodTemplateSpec
- CalicoNodeDaemonSet
- CalicoNodeDaemonSetPodTemplateSpec
- CalicoNodeWindowsDaemonSet
- CalicoNodeWindowsDaemonSetPodTemplateSpec
- CalicoWindowsUpgradeDaemonSet
- CalicoWindowsUpgradeDaemonSetPodTemplateSpec
- GatewayCertgenJob
- GatewayCertgenJobPodTemplate
- GatewayControllerDeployment
- GatewayControllerDeploymentPodTemplate
- GatewayDeploymentPodTemplate
- GoldmaneDeployment
- GoldmaneDeploymentPodTemplateSpec
- TyphaDeployment
- TyphaDeploymentPodTemplateSpec
- WhiskerDeployment
- WhiskerDeploymentPodTemplateSpec
Field | Description |
---|---|
labels object (keys:string, values:string) | (Optional) Labels is a map of string keys and values that may match replicaset and service selectors. Each of these key/value pairs are added to the object's labels provided the key does not already exist in the object's labels. |
annotations object (keys:string, values:string) | (Optional) Annotations is a map of arbitrary non-identifying metadata. Each of these key/value pairs are added to the object's annotations provided the key does not already exist in the object's annotations. |
Monitor
Monitor is the Schema for the monitor API. At most one instance of this resource is supported. It must be named "tigera-secure".
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | Monitor |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec MonitorSpec | |
status MonitorStatus |
MonitorSpec
MonitorSpec defines the desired state of Tigera monitor.
Appears in:
Field | Description |
---|---|
externalPrometheus ExternalPrometheus | ExternalPrometheus optionally configures integration with an external Prometheus for scraping Calico metrics. When specified, the operator will render resources in the defined namespace. This option can be useful for configuring scraping from git-ops tools without the need of post-installation steps. |
prometheus Prometheus | (Optional) Prometheus is the configuration for the Prometheus. |
alertManager AlertManager | (Optional) AlertManager is the configuration for the AlertManager. |
MonitorStatus
MonitorStatus defines the observed state of Tigera monitor.
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
MultiInterfaceMode
Underlying type: string
MultiInterfaceMode describes the method of providing multiple pod interfaces.
One of: None, Multus
Appears in:
Value | Description |
---|---|
None | |
Multus |
NATOutgoingType
Underlying type: string
NATOutgoingType describe the type of outgoing NAT to use.
One of: Enabled, Disabled
Appears in:
Value | Description |
---|---|
Enabled | |
Disabled |
NativeIP
Underlying type: string
NativeIP defines if Egress Gateway pods should have AWS IPs. When NativeIP is enabled, the IPPools should be backed by AWS subnet.
Appears in:
Value | Description |
---|---|
Enabled | |
Disabled |
NodeAddressAutodetection
NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs must be specified directly on the Node resource.
Appears in:
Field | Description |
---|---|
firstFound boolean | (Optional) FirstFound uses default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names. |
kubernetes KubernetesAutodetectionMethod | (Optional) Kubernetes configures Calico to detect node addresses based on the Kubernetes API. |
interface string | (Optional) Interface enables IP auto-detection based on interfaces that match the given regex. |
skipInterface string | (Optional) SkipInterface enables IP auto-detection based on interfaces that do not match the given regex. |
canReach string | (Optional) CanReach enables IP auto-detection based on which source address on the node is used to reach the specified IP or domain. |
cidrs string array | CIDRS enables IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs. |
NodeAffinity
NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available schedulers.
Appears in:
Field | Description |
---|---|
preferredDuringSchedulingIgnoredDuringExecution PreferredSchedulingTerm array | (Optional) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. |
requiredDuringSchedulingIgnoredDuringExecution NodeSelector | (Optional) WARNING: Please note that if the affinity requirements specified by this field are not met at scheduling time, the pod will NOT be scheduled onto the node. There is no fallback to another affinity rules with this setting. This may cause networking disruption or even catastrophic failure! PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, to avoid scheduling Typhas on virtual-nodes. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. |
NodeSet
NodeSets defines configuration specific to each Elasticsearch Node Set
Appears in:
Field | Description |
---|---|
selectionAttributes NodeSetSelectionAttribute array | SelectionAttributes defines K8s node attributes a NodeSet should use when setting the Node Affinity selectors and Elasticsearch cluster awareness attributes for the Elasticsearch nodes. The list of SelectionAttributes are used to define Node Affinities and set the node awareness configuration in the running Elasticsearch instance. |
NodeSetSelectionAttribute
NodeSetSelectionAttribute defines a K8s node "attribute" the Elasticsearch nodes should be aware of. The "Name" and "Value" are used together to set the "awareness" attributes in Elasticsearch, while the "NodeLabel" and "Value" are used together to define Node Affinity for the Pods created for the Elasticsearch nodes.
Appears in:
Field | Description |
---|---|
name string | |
nodeLabel string | |
value string |
Nodes
Nodes defines the configuration for a set of identical Elasticsearch cluster nodes, each of type master, data, and ingest.
Appears in:
Field | Description |
---|---|
count integer | Count defines the number of nodes in the Elasticsearch cluster. |
nodeSets NodeSet array | (Optional) NodeSets defines configuration specific to each Elasticsearch Node Set |
resourceRequirements ResourceRequirements | (Optional) ResourceRequirements defines the resource limits and requirements for the Elasticsearch cluster. |
NonClusterHost
NonClusterHost installs the components required for non-cluster host log collection. At most one instance of this resource is supported. It must be named "tigera-secure".
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | NonClusterHost |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec NonClusterHostSpec | Specification of the desired state for non-cluster host log collection. |
NonClusterHostSpec
NonClusterHostSpec enables non-cluster hosts to connect to a cluster.
Appears in:
Field | Description |
---|---|
endpoint string | Location of the log ingestion point for non-cluster hosts. For example: https://1.2.3.4:443 |
typhaEndpoint string | Location of the Typha endpoint for non-cluster host Felix and Typha communication. For example: 5.6.7.8:5473 |
NonPrivilegedType
Underlying type: string
NonPrivilegedType specifies whether Calico runs as permissioned or not
One of: Enabled, Disabled
Appears in:
Value | Description |
---|---|
Enabled | |
Disabled |
NotificationMode
Underlying type: string
Appears in:
Value | Description |
---|---|
Disabled | |
Enabled |
OIDCType
Underlying type: string
OIDCType defines how OIDC is configured for Tigera Enterprise. Dex should be the best option for most use-cases. The Tigera option can help in specific use-cases, for instance, when you are unable to configure a client secret. One of: Dex, Tigera
Validation:
- Enum: [Dex Tigera]
Appears in:
Value | Description |
---|---|
Dex | OIDCTypeDex uses Dex IdP, a popular open-source tool for connecting OIDC. |
Tigera | OIDCTypeTigera uses customer code to pass OIDC configuration directly into our server applications. |
PacketCaptureAPI
PacketCaptureAPI is used to configure the resource requirement for PacketCaptureAPI deployment. It must be named "tigera-secure".
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | PacketCaptureAPI |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec PacketCaptureAPISpec | Specification of the desired state for the PacketCaptureAPI. |
status PacketCaptureAPIStatus | Most recently observed state for the PacketCaptureAPI. |
PacketCaptureAPIDeployment
PacketCaptureAPIDeployment is the configuration for the PacketCaptureAPI Deployment.
Appears in:
Field | Description |
---|---|
spec PacketCaptureAPIDeploymentSpec | (Optional) Spec is the specification of the PacketCaptureAPI Deployment. |
PacketCaptureAPIDeploymentContainer
PacketCaptureAPIDeploymentContainer is a PacketCaptureAPI Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the PacketCaptureAPI Deployment container by name. Supported values are: tigera-packetcapture-server |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named PacketCaptureAPI Deployment container's resources. If omitted, the PacketCaptureAPI Deployment will use its default value for this container's resources. |
PacketCaptureAPIDeploymentInitContainer
PacketCaptureAPIDeploymentInitContainer is a PacketCaptureAPI Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the PacketCaptureAPI Deployment init container by name. Supported values are: tigera-packetcapture-server-tls-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named PacketCaptureAPI Deployment init container's resources. If omitted, the PacketCaptureAPI Deployment will use its default value for this init container's resources. |
PacketCaptureAPIDeploymentPodSpec
PacketCaptureAPIDeploymentPodSpec is the PacketCaptureAPI Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers PacketCaptureAPIDeploymentInitContainer array | (Optional) InitContainers is a list of PacketCaptureAPI init containers. If specified, this overrides the specified PacketCaptureAPI Deployment init containers. If omitted, the PacketCaptureAPI Deployment will use its default values for its init containers. |
containers PacketCaptureAPIDeploymentContainer array | (Optional) Containers is a list of PacketCaptureAPI containers. If specified, this overrides the specified PacketCaptureAPI Deployment containers. If omitted, the PacketCaptureAPI Deployment will use its default values for its containers. |
PacketCaptureAPIDeploymentPodTemplateSpec
PacketCaptureAPIDeploymentPodTemplateSpec is the PacketCaptureAPI Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec PacketCaptureAPIDeploymentPodSpec | (Optional) Spec is the PacketCaptureAPI Deployment's PodSpec. |
PacketCaptureAPIDeploymentSpec
PacketCaptureAPIDeploymentSpec defines configuration for the PacketCaptureAPI Deployment.
Appears in:
Field | Description |
---|---|
template PacketCaptureAPIDeploymentPodTemplateSpec | (Optional) Template describes the PacketCaptureAPI Deployment pod that will be created. |
PacketCaptureAPISpec
PacketCaptureAPISpec defines configuration for the Packet Capture API.
Appears in:
Field | Description |
---|---|
packetCaptureAPIDeployment PacketCaptureAPIDeployment | (Optional) PacketCaptureAPIDeployment configures the PacketCaptureAPI Deployment. |
PacketCaptureAPIStatus
PacketCaptureAPIStatus defines the observed state of the Packet Capture API.
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
PathMatch
Appears in:
Field | Description |
---|---|
path string | Path is the path portion of the URL based on which we proxy. |
pathRegexp string | (Optional) PathRegexp, if not nil, checks if Regexp matches the path. |
pathReplace string | (Optional) PathReplace if not nil will be used to replace PathRegexp matches. |
PolicyMode
Underlying type: string
Appears in:
Value | Description |
---|---|
Default | |
Manual |
PolicyRecommendation
PolicyRecommendation is the Schema for the policy recommendation API. At most one instance of this resource is supported. It must be named "tigera-secure".
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | PolicyRecommendation |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec PolicyRecommendationSpec | |
status PolicyRecommendationStatus |
PolicyRecommendationDeployment
PolicyRecommendationDeployment is the configuration for the PolicyRecommendation Deployment.
Appears in:
Field | Description |
---|---|
spec PolicyRecommendationDeploymentSpec | (Optional) Spec is the specification of the PolicyRecommendation Deployment. |
PolicyRecommendationDeploymentContainer
PolicyRecommendationDeploymentContainer is a PolicyRecommendation Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the PolicyRecommendation Deployment container by name. Supported values are: policy-recommendation-controller |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named PolicyRecommendation Deployment container's resources. If omitted, the PolicyRecommendation Deployment will use its default value for this container's resources. |
PolicyRecommendationDeploymentInitContainer
PolicyRecommendationDeploymentInitContainer is a PolicyRecommendation Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the PolicyRecommendation Deployment init container by name. |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named PolicyRecommendation Deployment init container's resources. If omitted, the PolicyRecommendation Deployment will use its default value for this init container's resources. |
PolicyRecommendationDeploymentPodSpec
PolicyRecommendationDeploymentPodSpec is the PolicyRecommendation Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers PolicyRecommendationDeploymentInitContainer array | (Optional) InitContainers is a list of PolicyRecommendation init containers. If specified, this overrides the specified PolicyRecommendation Deployment init containers. If omitted, the PolicyRecommendation Deployment will use its default values for its init containers. |
containers PolicyRecommendationDeploymentContainer array | (Optional) Containers is a list of PolicyRecommendation containers. If specified, this overrides the specified PolicyRecommendation Deployment containers. If omitted, the PolicyRecommendation Deployment will use its default values for its containers. |
PolicyRecommendationDeploymentPodTemplateSpec
PolicyRecommendationDeploymentPodTemplateSpec is the PolicyRecommendation Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
spec PolicyRecommendationDeploymentPodSpec | (Optional) Spec is the PolicyRecommendation Deployment's PodSpec. |
PolicyRecommendationDeploymentSpec
PolicyRecommendationDeploymentSpec defines configuration for the PolicyRecommendation Deployment.
Appears in:
Field | Description |
---|---|
template PolicyRecommendationDeploymentPodTemplateSpec | (Optional) Template describes the PolicyRecommendation Deployment pod that will be created. |
PolicyRecommendationSpec
PolicyRecommendationSpec defines configuration for the Calico Enterprise Policy Recommendation service.
Appears in:
Field | Description |
---|---|
policyRecommendationDeployment PolicyRecommendationDeployment | (Optional) PolicyRecommendation configures the PolicyRecommendation Deployment. |
PolicyRecommendationStatus
PolicyRecommendationStatus defines the observed state of Tigera policy recommendation.
Appears in:
Field | Description |
---|---|
state string | State provides user-readable status. |
ProductVariant
Underlying type: string
ProductVariant represents the variant of the product.
One of: Calico, TigeraSecureEnterprise
Appears in:
Prometheus
Appears in:
Field | Description |
---|---|
spec PrometheusSpec | (Optional) Spec is the specification of the Prometheus. |
PrometheusContainer
PrometheusContainer is a Prometheus container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the Prometheus Deployment container by name. Supported values are: authn-proxy |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named Prometheus container's resources. If omitted, the Prometheus will use its default value for this container's resources. |
PrometheusSpec
Appears in:
Field | Description |
---|---|
commonPrometheusFields CommonPrometheusFields | CommonPrometheusFields are the options available to both the Prometheus server and agent. |
PromptType
Underlying type: string
PromptType is a value that specifies whether the identity provider prompts the end user for re-authentication and consent. One of: None, Login, Consent, SelectAccount.
Validation:
- Enum: [None Login Consent SelectAccount]
Appears in:
Value | Description |
---|---|
None | The identity provider must not display any authentication or consent user interface pages. |
Login | The identity provider should prompt the end user for reauthentication. |
Consent | The identity provider should prompt the end user for consent before returning information to the client. |
SelectAccount | The identity provider should prompt the end user to select a user account. |
Provider
Underlying type: string
Provider represents a particular provider or flavor of Kubernetes. Valid options are: EKS, GKE, AKS, RKE2, OpenShift, DockerEnterprise, TKG.
Appears in:
Proxy
Appears in:
Field | Description |
---|---|
httpProxy string | (Optional) HTTPProxy defines the value of the HTTP_PROXY environment variable that will be set on Tigera containers that connect to destinations outside the cluster. |
httpsProxy string | (Optional) HTTPSProxy defines the value of the HTTPS_PROXY environment variable that will be set on Tigera containers that connect to destinations outside the cluster. |
noProxy string | (Optional) NoProxy defines the value of the NO_PROXY environment variable that will be set on Tigera containers that connect to destinations outside the cluster. This value must be set such that destinations within the scope of the cluster, including the Kubernetes API server, are exempt from being proxied. |
QueryServerLogging
Appears in:
Field | Description |
---|---|
logSeverity LogSeverity | (Optional) LogSeverity defines log level for QueryServer container. |
Retention
Retention defines how long data is retained in an Elasticsearch cluster before it is cleared.
Appears in:
Field | Description |
---|---|
flows integer | (Optional) Flows configures the retention period for flow logs, in days. Logs written on a day that started at least this long ago are removed. To keep logs for at least x days, use a retention period of x+1. Default: 8 |
auditReports integer | (Optional) AuditReports configures the retention period for audit logs, in days. Logs written on a day that started at least this long ago are removed. To keep logs for at least x days, use a retention period of x+1. Default: 91 |
snapshots integer | (Optional) Snapshots configures the retention period for snapshots, in days. Snapshots are periodic captures of resources which along with audit events are used to generate reports. Consult the Compliance Reporting documentation for more details on snapshots. Logs written on a day that started at least this long ago are removed. To keep logs for at least x days, use a retention period of x+1. Default: 91 |
complianceReports integer | (Optional) ComplianceReports configures the retention period for compliance reports, in days. Reports are output from the analysis of the system state and audit events for compliance reporting. Consult the Compliance Reporting documentation for more details on reports. Logs written on a day that started at least this long ago are removed. To keep logs for at least x days, use a retention period of x+1. Default: 91 |
dnsLogs integer | (Optional) DNSLogs configures the retention period for DNS logs, in days. Logs written on a day that started at least this long ago are removed. To keep logs for at least x days, use a retention period of x+1. Default: 8 |
bgpLogs integer | (Optional) BGPLogs configures the retention period for BGP logs, in days. Logs written on a day that started at least this long ago are removed. To keep logs for at least x days, use a retention period of x+1. Default: 8 |
S3StoreSpec
S3StoreSpec defines configuration for exporting logs to Amazon S3.
Appears in:
Field | Description |
---|---|
region string | AWS Region of the S3 bucket |
bucketName string | Name of the S3 bucket to send logs |
bucketPath string | Path in the S3 bucket where to send logs |
SNIMatch
Appears in:
Field | Description |
---|---|
serverName string | ServerName is used to match the server name for the request. |
ServiceMonitor
Appears in:
Field | Description |
---|---|
labels object (keys:string, values:string) | Labels are the metadata.labels of the ServiceMonitor. When combined with spec.serviceMonitorSelector.matchLabels on your prometheus instance, the service monitor will automatically be picked up. Default: k8s-app=tigera-prometheus |
endpoints Endpoint array | The endpoints to scrape. This struct contains a subset of the Endpoint as defined in the prometheus docs. Fields related to connecting to our Prometheus server are automatically set by the operator. |
SidecarStatusType
Underlying type: string
Validation:
- Enum: [Enabled Disabled]
Appears in:
Value | Description |
---|---|
Enabled | |
Disabled |
SidecarWebhookStateType
Underlying type: string
Validation:
- Enum: [Enabled Disabled]
Appears in:
Value | Description |
---|---|
Enabled | |
Disabled |
SplunkStoreSpec
SplunkStoreSpec defines configuration for exporting logs to splunk.
Appears in:
Field | Description |
---|---|
endpoint string | Location for splunk's http event collector end point. example https://1.2.3.4:8088 |
StatusConditionType
Underlying type: string
StatusConditionType is a type of condition that may apply to a particular component.
Appears in:
Value | Description |
---|---|
Available | Available indicates that the component is healthy. |
Progressing | Progressing means that the component is in the process of being installed or upgraded. |
Degraded | Degraded means the component is not operating as desired and user action is required. |
Ready | Ready indicates that the component is healthy and ready.it is identical to Available and used in Status conditions for CRs. |
Sysctl
Appears in:
Field | Description |
---|---|
key string | |
value string |
SyslogLogType
Underlying type: string
SyslogLogType represents the allowable log types for syslog. Allowable values are Audit, DNS, Flows and IDSEvents.
- Audit corresponds to audit logs for both Kubernetes resources and Enterprise custom resources.
- DNS corresponds to DNS logs generated by Calico node.
- Flows corresponds to flow logs generated by Calico node.
- IDSEvents corresponds to event logs for the intrusion detection system (anomaly detection, suspicious IPs, suspicious domains and global alerts).
Validation:
- Enum: [Audit DNS Flows IDSEvents]
Appears in:
Value | Description |
---|---|
Audit | |
DNS | |
Flows | |
L7 | |
IDSEvents |
SyslogStoreSpec
SyslogStoreSpec defines configuration for exporting logs to syslog.
Appears in:
Field | Description |
---|---|
endpoint string | Location of the syslog server. example: tcp://1.2.3.4:601 |
packetSize integer | (Optional) PacketSize defines the maximum size of packets to send to syslog. In general this is only needed if you notice long logs being truncated. Default: 1024 |
logTypes SyslogLogType array | If no values are provided, the list will be updated to include log types Audit, DNS and Flows. Default: Audit, DNS, Flows |
encryption EncryptionOption | (Optional) Encryption configures traffic encryption to the Syslog server. Default: None |
TLS
Appears in:
Field | Description |
---|---|
secretName string | (Optional) SecretName indicates the name of the secret in the tigera-operator namespace that contains the private key and certificate that the management cluster uses when it listens for incoming connections. When set to tigera-management-cluster-connection voltron will use the same cert bundle which Guardian client certs are signed with. When set to manager-tls, voltron will use the same cert bundle which Manager UI is served with. This cert bundle must be a publicly signed cert created by the user. Note that Tigera Operator will generate a self-signed manager-tls cert if one does not exist, and use of that cert will result in Guardian being unable to verify Voltron's identity. If changed on a running cluster with connected managed clusters, all managed clusters will disconnect as they will no longer be able to verify Voltron's identity. To reconnect existing managed clusters, change the tls.ca of the managed clusters' ManagementClusterConnection resource. One of: tigera-management-cluster-connection, manager-tls Default: tigera-management-cluster-connection |
TLSPassThroughRouteSpec
Appears in:
Field | Description |
---|---|
target TargetType | |
sniMatch SNIMatch | SNIMatch is used to match requests based on the server name for the intended destination server. Matching requests will be proxied to the Destination. |
destination string | Destination is the destination url to proxy the request to. |
TLSTerminatedRouteSpec
Appears in:
Field | Description |
---|---|
target TargetType | |
pathMatch PathMatch | PathMatch is used to match requests based on what's in the path. Matching requests will be proxied to the Destination defined in this structure. |
destination string | Destination is the destination URL where matching traffic is routed to. |
caBundle ConfigMapKeySelector | CABundle is where we read the CA bundle from to authenticate the destination (if non-empty) |
mtlsCert SecretKeySelector | (Optional) ForwardingMTLSCert is the certificate used for mTLS between voltron and the destination. Either both ForwardingMTLSCert and ForwardingMTLSKey must be specified, or neither can be specified. |
mtlsKey SecretKeySelector | (Optional) ForwardingMTLSKey is the key used for mTLS between voltron and the destination. Either both ForwardingMTLSCert and ForwardingMTLSKey must be specified, or neither can be specified. |
unauthenticated boolean | (Optional) Unauthenticated says whether the request should go through authentication. This is only applicable if the Target is UI. |
TargetType
Underlying type: string
Appears in:
Value | Description |
---|---|
UpstreamTunnel | |
UI |
TigeraStatus
TigeraStatus represents the most recently observed status for Calico or a Calico Enterprise functional area.
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | TigeraStatus |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec TigeraStatusSpec | |
status TigeraStatusStatus |
TigeraStatusCondition
TigeraStatusCondition represents a condition attached to a particular component.
Appears in:
Field | Description |
---|---|
type StatusConditionType | The type of condition. May be Available, Progressing, or Degraded. |
status ConditionStatus | The status of the condition. May be True, False, or Unknown. |
lastTransitionTime Time | The timestamp representing the start time for the current status. |
reason string | A brief reason explaining the condition. |
message string | Optionally, a detailed message providing additional context. |
observedGeneration integer | (Optional) observedGeneration represents the generation that the condition was set based upon. For instance, if generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. |
TigeraStatusSpec
TigeraStatusSpec defines the desired state of TigeraStatus
Appears in:
TigeraStatusStatus
TigeraStatusStatus defines the observed state of TigeraStatus
Appears in:
Field | Description |
---|---|
conditions TigeraStatusCondition array | Conditions represents the latest observed set of conditions for this component. A component may be one or more of Available, Progressing, or Degraded. |
TyphaAffinity
Deprecated. Please use TyphaDeployment instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods.
Appears in:
Field | Description |
---|---|
nodeAffinity NodeAffinity | (Optional) NodeAffinity describes node affinity scheduling rules for typha. |
TyphaDeployment
TyphaDeployment is the configuration for the typha Deployment.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec TyphaDeploymentSpec | (Optional) Spec is the specification of the typha Deployment. |
TyphaDeploymentContainer
TyphaDeploymentContainer is a typha Deployment container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the typha Deployment container by name. Supported values are: calico-typha |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named typha Deployment container's resources. If omitted, the typha Deployment will use its default value for this container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
TyphaDeploymentInitContainer
TyphaDeploymentInitContainer is a typha Deployment init container.
Appears in:
Field | Description |
---|---|
name string | Name is an enum which identifies the typha Deployment init container by name. Supported values are: typha-certs-key-cert-provisioner |
resources ResourceRequirements | (Optional) Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named typha Deployment init container's resources. If omitted, the typha Deployment will use its default value for this init container's resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
TyphaDeploymentPodSpec
TyphaDeploymentPodSpec is the typha Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
initContainers TyphaDeploymentInitContainer array | (Optional) InitContainers is a list of typha init containers. If specified, this overrides the specified typha Deployment init containers. If omitted, the typha Deployment will use its default values for its init containers. |
containers TyphaDeploymentContainer array | (Optional) Containers is a list of typha containers. If specified, this overrides the specified typha Deployment containers. If omitted, the typha Deployment will use its default values for its containers. |
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the typha pods. If specified, this overrides any affinity that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for affinity. If used in conjunction with the deprecated TyphaAffinity, then this value takes precedence. WARNING: Please note that this field will override the default calico-typha Deployment affinity. |
nodeSelector object (keys:string, values:string) | NodeSelector is the calico-typha pod's scheduling constraints. If specified, each of the key/value pairs are added to the calico-typha Deployment nodeSelector provided the key does not already exist in the object's nodeSelector. If omitted, the calico-typha Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default calico-typha Deployment nodeSelector. |
terminationGracePeriodSeconds integer | (Optional) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. |
topologySpreadConstraints TopologySpreadConstraint array | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations Toleration array | (Optional) Tolerations is the typha pod's tolerations. If specified, this overrides any tolerations that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default calico-typha Deployment tolerations. |
TyphaDeploymentPodTemplateSpec
TyphaDeploymentPodTemplateSpec is the typha Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec TyphaDeploymentPodSpec | (Optional) Spec is the typha Deployment's PodSpec. |
TyphaDeploymentSpec
TyphaDeploymentSpec defines configuration for the typha Deployment.
Appears in:
Field | Description |
---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the typha Deployment. If omitted, the typha Deployment will use its default value for minReadySeconds. |
template TyphaDeploymentPodTemplateSpec | (Optional) Template describes the typha Deployment pod that will be created. |
strategy TyphaDeploymentStrategy | (Optional) The deployment strategy to use to replace existing pods with new ones. |
TyphaDeploymentStrategy
TyphaDeploymentStrategy describes how to replace existing pods with new ones. Only RollingUpdate is supported at this time so the Type field is not exposed.
Appears in:
Field | Description |
---|---|
rollingUpdate RollingUpdateDeployment | (Optional) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. to be. |
UserMatch
UserMatch when the value of a UserAttribute and a GroupAttribute match, a user belongs to the group.
Appears in:
Field | Description |
---|---|
userAttribute string | The attribute of a user that links it to a group. |
groupAttribute string | The attribute of a group that links it to a user. |
UserSearch
User entry search configuration to match the credentials with a user.
Appears in:
Field | Description |
---|---|
baseDN string | BaseDN to start the search from. For example "cn=users,dc=example,dc=com" |
filter string | (Optional) Optional filter to apply when searching the directory. For example "(objectClass=person)" |
nameAttribute string | (Optional) A mapping of the attribute that is used as the username. This attribute can be used to apply RBAC to a user. Default: uid |
WAFStatusType
Underlying type: string
Validation:
- Enum: [Enabled Disabled]
Appears in:
Value | Description |
---|---|
Disabled | |
Enabled |
Whisker
Field | Description |
---|---|
apiVersion string | operator.tigera.io/v1 |
kind string | Whisker |
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata . |
spec WhiskerSpec | |
status WhiskerStatus |
WhiskerDeployment
WhiskerDeployment is the configuration for the whisker Deployment.
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec WhiskerDeploymentSpec | (Optional) Spec is the specification of the whisker Deployment. |
WhiskerDeploymentContainer
Appears in:
Field | Description |
---|---|
name string | |
resources ResourceRequirements | (Optional) |
WhiskerDeploymentPodSpec
WhiskerDeploymentPodSpec is the whisker Deployment's PodSpec.
Appears in:
Field | Description |
---|---|
affinity Affinity | (Optional) Affinity is a group of affinity scheduling rules for the whisker pods. |
containers WhiskerDeploymentContainer array | (Optional) Containers is a list of whisker containers. If specified, this overrides the specified EGW Deployment containers. If omitted, the whisker Deployment will use its default values for its containers. |
nodeSelector object (keys:string, values:string) | (Optional) NodeSelector gives more control over the nodes where the whisker pods will run on. |
terminationGracePeriodSeconds integer | (Optional) TerminationGracePeriodSeconds defines the termination grace period of the whisker pods in seconds. |
topologySpreadConstraints TopologySpreadConstraint array | (Optional) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. |
tolerations Toleration array | (Optional) Tolerations is the whisker pod's tolerations. If specified, this overrides any tolerations that may be set on the whisker Deployment. If omitted, the whisker Deployment will use its default value for tolerations. |
priorityClassName string | (Optional) PriorityClassName allows to specify a PriorityClass resource to be used. |
WhiskerDeploymentPodTemplateSpec
WhiskerDeploymentPodTemplateSpec is the whisker Deployment's PodTemplateSpec
Appears in:
Field | Description |
---|---|
metadata Metadata | (Optional) Refer to Kubernetes API documentation for fields of metadata . |
spec WhiskerDeploymentPodSpec | (Optional) Spec is the whisker Deployment's PodSpec. |
WhiskerDeploymentSpec
WhiskerDeploymentSpec defines configuration for the whisker Deployment.
Appears in:
Field | Description |
---|---|
minReadySeconds integer | (Optional) MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the whisker Deployment. If omitted, the whisker Deployment will use its default value for minReadySeconds. |
template WhiskerDeploymentPodTemplateSpec | (Optional) Template describes the whisker Deployment pod that will be created. |
strategy WhiskerDeploymentStrategy | (Optional) The deployment strategy to use to replace existing pods with new ones. |
WhiskerDeploymentStrategy
Appears in:
Field | Description |
---|---|
rollingUpdate RollingUpdateDeployment | (Optional) Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. to be. |
WhiskerSpec
Appears in:
Field | Description |
---|---|
whiskerDeployment WhiskerDeployment | |
notifications NotificationMode | (Optional) Default: Enabled This setting enables calls to an external API to retrieve notification banner text in the Whisker UI. Allowed values are Enabled or Disabled. Defaults to Enabled. |
WhiskerStatus
WhiskerStatus defines the observed state of Whisker
Appears in:
Field | Description |
---|---|
conditions Condition array | (Optional) Conditions represents the latest observed set of conditions for the component. A component may be one or more of Ready, Progressing, Degraded or other customer types. |
WindowsDataplaneOption
Underlying type: string
Validation:
- Enum: [HNS Disabled]
Appears in:
Value | Description |
---|---|
Disabled | |
HNS |
WindowsNodeSpec
Appears in:
Field | Description |
---|---|
cniBinDir string | (Optional) CNIBinDir is the path to the CNI binaries directory on Windows, it must match what is used as 'bin_dir' under [plugins] [plugins."io.containerd.grpc.v1.cri"] [plugins."io.containerd.grpc.v1.cri".cni] on the containerd 'config.toml' file on the Windows nodes. |
cniConfigDir string | (Optional) CNIConfigDir is the path to the CNI configuration directory on Windows, it must match what is used as 'conf_dir' under [plugins] [plugins."io.containerd.grpc.v1.cri"] [plugins."io.containerd.grpc.v1.cri".cni] on the containerd 'config.toml' file on the Windows nodes. |
cniLogDir string | (Optional) CNILogDir is the path to the Calico CNI logs directory on Windows. |
vxlanMACPrefix string | (Optional) VXLANMACPrefix is the prefix used when generating MAC addresses for virtual NICs |
vxlanAdapter string | (Optional) VXLANAdapter is the Network Adapter used for VXLAN, leave blank for primary NIC |