-OIDC contains the configuration needed to set up OIDC authentication. +OIDC contains the configuration needed to setup OIDC authentication.
@@ -732,7 +732,7 @@ AuthenticationOpenshift (Optional)-Openshift contains the configuration needed to set up Openshift OAuth authentication. +Openshift contains the configuration needed to setup Openshift OAuth authentication.
@@ -752,7 +752,7 @@ AuthenticationLDAP (Optional)-LDAP contains the configuration needed to set up LDAP authentication. +LDAP contains the configuration needed to setup LDAP authentication.
@@ -2157,7 +2157,7 @@ CollectProcessPathOption (Optional)Configuration for enabling/disabling process path collection in flowlogs. -If Enabled, this feature sets hostPID to true to read process cmdline. +If Enabled, this feature sets hostPID to true in order to read process cmdline. Default: Enabled
@@ -4320,7 +4320,7 @@ options are: Token, Basic, OIDC, OAuth-AuthenticationLDAP is the configuration needed to set up LDAP. +AuthenticationLDAP is the configuration needed to setup LDAP.
- -(Appears on: -InstallationSpec) - -
+-CalicoWindowsUpgradeDaemonSet is the configuration for the calico-windows-upgrade DaemonSet. +CalicoNodeWindowsDaemonSet is the configuration for the calico-node-windows DaemonSet.
(Appears on: -CalicoWindowsUpgradeDaemonSetPodSpec) +CalicoNodeWindowsDaemonSetPodSpec)
-CalicoWindowsUpgradeDaemonSetContainer is a calico-windows-upgrade DaemonSet container. +CalicoNodeWindowsDaemonSetContainer is a calico-node-windows DaemonSet container.
|
-Name is an enum which identifies the calico-windows-upgrade DaemonSet container by name. +Name is an enum which identifies the calico-node-windows DaemonSet container by name. |
@@ -6526,23 +6520,84 @@ Kubernetes core/v1.ResourceRequirements
(Optional)
(Appears on: -CalicoWindowsUpgradeDaemonSetPodTemplateSpec) +CalicoNodeWindowsDaemonSetPodSpec)
-CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet’s PodSpec. +CalicoNodeWindowsDaemonSetInitContainer is a calico-node-windows DaemonSet init container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the calico-node-windows DaemonSet init container by name. + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named calico-node-windows DaemonSet init container’s resources. +If omitted, the calico-node-windows DaemonSet will use its default value for this container’s resources. +If used in conjunction with the deprecated ComponentResources, then this value takes precedence. + + + |
+
+ +(Appears on: +CalicoNodeWindowsDaemonSetPodTemplateSpec) + +
++CalicoNodeWindowsDaemonSetPodSpec is the calico-node-windows DaemonSet’s PodSpec.
+initContainers+ + +[]CalicoNodeWindowsDaemonSetInitContainer + + + + |
+
+
+(Optional)
+ +InitContainers is a list of calico-node-windows init containers. +If specified, this overrides the specified calico-node-windows DaemonSet init containers. +If omitted, the calico-node-windows DaemonSet will use its default values for its init containers. + + + |
+
+
containers- -[]CalicoWindowsUpgradeDaemonSetContainer + +[]CalicoNodeWindowsDaemonSetContainer @@ -6567,9 +6644,9 @@ CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet&rsq (Optional) -Containers is a list of calico-windows-upgrade containers. -If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. -If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers. +Containers is a list of calico-node-windows containers. +If specified, this overrides the specified calico-node-windows DaemonSet containers. +If omitted, the calico-node-windows DaemonSet will use its default values for its containers. |
@@ -6589,10 +6666,10 @@ Kubernetes core/v1.Affinity
(Optional)
(Appears on: -CalicoWindowsUpgradeDaemonSetSpec) +CalicoNodeWindowsDaemonSetSpec)
-CalicoWindowsUpgradeDaemonSetPodTemplateSpec is the calico-windows-upgrade DaemonSet’s PodTemplateSpec +CalicoNodeWindowsDaemonSetPodTemplateSpec is the calico-node-windows DaemonSet’s PodTemplateSpec
(Appears on: -CalicoWindowsUpgradeDaemonSet) +CalicoNodeWindowsDaemonSet)
-CalicoWindowsUpgradeDaemonSetSpec defines configuration for the calico-windows-upgrade DaemonSet. +CalicoNodeWindowsDaemonSetSpec defines configuration for the calico-node-windows DaemonSet.
(Appears on: @@ -6778,9 +6855,7 @@ Template describes the calico-windows-upgrade DaemonSet pod that will be created
-CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order -to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise -pods will be stuck during initialization. +CalicoWindowsUpgradeDaemonSet is the configuration for the calico-windows-upgrade DaemonSet.
-caCert+ metadata-[]byte + +Metadata + |
+(Optional)
-Certificate of the authority that signs the CertificateSigningRequests in PEM format. +Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment. |
@@ -6810,26 +6888,51 @@ Certificate of the authority that signs the CertificateSigningRequests in PEM fo
-signerName+ spec-string + +CalicoWindowsUpgradeDaemonSetSpec + |
+(Optional)
-When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request to accommodate for clusters
-with multiple signers.
-Must be formatted as: + + |
+ +(Appears on: +CalicoWindowsUpgradeDaemonSetPodSpec) + +
++CalicoWindowsUpgradeDaemonSetContainer is a calico-windows-upgrade DaemonSet container. +
+| Field | +Description | +
|---|---|
-keyAlgorithm+ namestring @@ -6837,10 +6940,8 @@ string |
-(Optional)
-Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. -Default: RSAWithSize2048 +Name is an enum which identifies the calico-windows-upgrade DaemonSet container by name. |
@@ -6848,9 +6949,11 @@ Default: RSAWithSize2048
-signatureAlgorithm+ resources-string + +Kubernetes core/v1.ResourceRequirements + |
@@ -6858,41 +6961,24 @@ string
(Optional)
string alias)- -(Appears on: -LogCollectorSpec) - -
-- -(Appears on: -Compliance) - -
--ComplianceSpec defines the desired state of Tigera compliance reporting capabilities. -
-(Appears on: -Compliance) +CalicoWindowsUpgradeDaemonSetPodTemplateSpec)
-ComplianceStatus defines the observed state of Tigera compliance reporting capabilities. +CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet’s PodSpec.
-state+ containers-string + +[]CalicoWindowsUpgradeDaemonSetContainer + |
+(Optional)
-State provides user-readable status. +Containers is a list of calico-windows-upgrade containers. +If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. +If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers. |
@@ -6922,10 +7013,10 @@ State provides user-readable status.
-conditions+ affinity- -[]Kubernetes meta/v1.Condition + +Kubernetes core/v1.Affinity @@ -6934,24 +7025,369 @@ State provides user-readable status. (Optional) -Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. +Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. +If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity. +WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity. |
string alias)+
nodeSelector-ComponentName represents a single component. +
+NodeSelector is the calico-windows-upgrade pod’s scheduling constraints. +If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided +the key does not already exist in the object’s nodeSelector. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector. +WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector. +
+ +tolerations+Tolerations is the calico-windows-upgrade pod’s tolerations. +If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations. +WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations. +
+ ++ +(Appears on: +CalicoWindowsUpgradeDaemonSetSpec) + +
++CalicoWindowsUpgradeDaemonSetPodTemplateSpec is the calico-windows-upgrade DaemonSet’s PodTemplateSpec +
+| Field | +Description | +
|---|---|
+
+metadata+ + +Metadata + + + + |
+
+
+(Optional)
+ +Metadata is a subset of a Kubernetes object’s metadata that is added to +the pod’s metadata. + + + |
+
+
+spec+ + +CalicoWindowsUpgradeDaemonSetPodSpec + + + + |
+
+
+(Optional)
+ +Spec is the calico-windows-upgrade DaemonSet’s PodSpec. + ++ + |
+
+ +(Appears on: +CalicoWindowsUpgradeDaemonSet) + +
++CalicoWindowsUpgradeDaemonSetSpec defines configuration for the calico-windows-upgrade DaemonSet. +
+| Field | +Description | +
|---|---|
+
+minReadySeconds+ +int32 + + + |
+
+
+(Optional)
+ +MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should +be ready without any of its container crashing, for it to be considered available. +If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds. + + + |
+
+
+template+ + +CalicoWindowsUpgradeDaemonSetPodTemplateSpec + + + + |
+
+
+(Optional)
+ +Template describes the calico-windows-upgrade DaemonSet pod that will be created. + + + |
+
+ +(Appears on: +InstallationSpec) + +
++CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order +to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise +pods will be stuck during initialization. +
+| Field | +Description | +
|---|---|
+
+caCert+ +[]byte + + + |
+
+
+ +Certificate of the authority that signs the CertificateSigningRequests in PEM format. + + + |
+
+
+signerName+ +string + + + |
+
+
+
+When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters
+with multiple signers.
+Must be formatted as: |
+
+
+keyAlgorithm+ +string + + + |
+
+
+(Optional)
+ +Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. +Default: RSAWithSize2048 + + + |
+
+
+signatureAlgorithm+ +string + + + |
+
+
+(Optional)
+ +Specify the algorithm used for the signature of the X.509 certificate request. +Default: SHA256WithRSA + + + |
+
string alias)+ +(Appears on: +LogCollectorSpec) + +
++ +(Appears on: +Compliance) + +
++ComplianceSpec defines the desired state of Tigera compliance reporting capabilities. +
++ +(Appears on: +Compliance) + +
++ComplianceStatus defines the observed state of Tigera compliance reporting capabilities. +
+| Field | +Description | +
|---|---|
+
+state+ +string + + + |
+
+
+ +State provides user-readable status. + + + |
+
+
+conditions+ + +[]Kubernetes meta/v1.Condition + + + + |
+
+
+(Optional)
+ +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. + + + |
+
string alias)+ +(Appears on: +ComponentResource) + +
++ComponentName represents a single component.
One of: Node, Typha, KubeControllers @@ -7033,10 +7469,233 @@ ConditionStatus represents the status of a particular condition. A condition may (Appears on: CalicoNetworkSpec) -
+ ++ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled. +
++DashboardsJob is the configuration for the Dashboards job. +
+| Field | +Description | +
|---|---|
+
+spec+ + +DashboardsJobSpec + + + + |
+
+
+(Optional)
+ +Spec is the specification of the dashboards job. + ++ + |
+
+ +(Appears on: +DashboardsJobPodSpec) + +
++DashboardsJobContainer is the Dashboards job container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the Dashboard Job container by name. + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Dashboard Job container’s resources. +If omitted, the Dashboard Job will use its default value for this container’s resources. + + + |
+
+ +(Appears on: +DashboardsJobPodTemplateSpec) + +
++DashboardsJobPodSpec is the Dashboards job’s PodSpec. +
+| Field | +Description | +
|---|---|
+
+containers+ + +[]DashboardsJobContainer + + + + |
+
+
+(Optional)
+ +Containers is a list of dashboards job containers. +If specified, this overrides the specified Dashboard job containers. +If omitted, the Dashboard job will use its default values for its containers. + + + |
+
+ +(Appears on: +DashboardsJobSpec) + +
++DashboardsJobPodTemplateSpec is the Dashboards job’s PodTemplateSpec +
+| Field | +Description | +
|---|---|
+
+spec+ + +DashboardsJobPodSpec + + + + |
+
+
+(Optional)
+ +Spec is the Dashboard job’s PodSpec. + ++ + |
+
+ +(Appears on: +DashboardsJob) + +
++DashboardsJobSpec defines configuration for the Dashboards job. +
+| Field | +Description | +
|---|---|
+
+template+ + +DashboardsJobPodTemplateSpec + + + + |
+
+
+(Optional)
-ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled. +Template describes the Dashboards job pod that will be created. + + |
+
@@ -7315,6 +7974,24 @@ If specified, this overrides any tolerations that may be set on the EGW Deployme If omitted, the EGW Deployment will use its default value for tolerations.
+ + +priorityClassName+PriorityClassName allows to specify a PriorityClass resource to be used. +
+<registry><imagePath>/<imagePrefix><imageName>:<image-tag>
-This option allows configuring the <imagePath> portion of the above format.
+This option allows configuring the <imagePath> portion of the above format.
+
imagePrefix+ImagePrefix allows for the prefix part of an image to be specified. If specified +then the given value will be used as a prefix on each image. If not specified +or empty, no prefix will be used. +A special case value, UseDefault, is supported to explicitly specify the default +image prefix will be used for each image. +
+
+Image format:
+<registry><imagePath>/<imagePrefix><imageName>:<image-tag>
+
+This option allows configuring the <imagePrefix> portion of the above format.
+
imagePullSecrets+ImagePullSecrets is an array of references to container registry pull secrets to use. These are +applied to all images to be pulled. +
+ +kubernetesProvider+KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. +If the specified value is empty, the Operator will attempt to automatically determine the current provider. +If the specified value is not empty, the Operator will still attempt auto-detection, but +will additionally compare the auto-detected value to the specified value to confirm they match. +
+ +cni+CNI specifies the CNI that will be used by this installation. +
+ +calicoNetwork+CalicoNetwork specifies networking configuration options for Calico. +
+ +typhaAffinity+Deprecated. Please use Installation.Spec.TyphaDeployment instead. +TyphaAffinity allows configuration of node affinity characteristics for Typha pods. +
+ +controlPlaneNodeSelector+ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico +components. This is globally applied to all resources created by the operator excluding daemonsets. +
+ +controlPlaneTolerations+ControlPlaneTolerations specify tolerations which are then globally applied to all resources +created by the operator. +
+ +controlPlaneReplicas+ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. +This field applies to all control plane components that support High Availability. Defaults to 2. +
+ +nodeMetricsPort+NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. +If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then +prometheus metrics may still be configured through FelixConfiguration. +
+ +typhaMetricsPort+TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled.
<imagePath> portion of the
imagePrefixflexVolumePath-ImagePrefix allows for the prefix part of an image to be specified. If specified -then the given value will be used as a prefix on each image. If not specified -or empty, no prefix will be used. -A special case value, UseDefault, is supported to explicitly specify the default -image prefix will be used for each image. -
-
-Image format:
-<registry><imagePath>/<imagePrefix><imageName>:<image-tag>
-
-This option allows configuring the <imagePrefix> portion of the above format.
+FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be
+enabled by default. If set to ‘None’, FlexVolume will be disabled. The default is based on the
+kubernetesProvider.
<imagePrefix> portion of t
imagePullSecretskubeletVolumePluginPath<imagePrefix> portion of t
(Optional)
-ImagePullSecrets is an array of references to container registry pull secrets to use. These are -applied to all images to be pulled. +KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, +CSI will be enabled by default. If set to ‘None’, CSI will be disabled. +Default: /var/lib/kubelet
@@ -8737,10 +9635,10 @@ applied to all images to be pulled.kubernetesProvidernodeUpdateStrategy-KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. -If the specified value is empty, the Operator will attempt to automatically determine the current provider. -If the specified value is not empty, the Operator will still attempt auto-detection, but -will additionally compare the auto-detected value to the specified value to confirm they match. +NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable +field.
cnicomponentResources-CNI specifies the CNI that will be used by this installation. +Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. +ComponentResources can be used to customize the resource requirements for each component. +Node, Typha, and KubeControllers are supported for installations.
calicoNetworkcertificateManagement-CalicoNetwork specifies networking configuration options for Calico. +CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order +to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise +pods will be stuck during initialization.
typhaAffinitynonPrivileged-Deprecated. Please use Installation.Spec.TyphaDeployment instead. -TyphaAffinity allows configuration of node affinity characteristics for Typha pods. +NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible.
controlPlaneNodeSelectorcalicoNodeDaemonSet-ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico -components. This is globally applied to all resources created by the operator excluding daemonsets. +CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in +conjunction with the deprecated ComponentResources, then these overrides take precedence.
controlPlaneTolerationscsiNodeDriverDaemonSet-ControlPlaneTolerations specify tolerations which are then globally applied to all resources -created by the operator. +CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet.
controlPlaneReplicascalicoKubeControllersDeployment-ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. -This field applies to all control plane components that support High Availability. Defaults to 2. +CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in +conjunction with the deprecated ComponentResources, then these overrides take precedence.
nodeMetricsPorttyphaDeployment-NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. -If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then -prometheus metrics may still be configured through FelixConfiguration. +TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated +ComponentResources or TyphaAffinity, then these overrides take precedence.
typhaMetricsPortcalicoWindowsUpgradeDaemonSet-TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. +CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet.
flexVolumePathfipsMode-FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be -enabled by default. If set to ‘None’, FlexVolume will be disabled. The default is based on the -kubernetesProvider. +FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. +Default: Disabled
@@ -8938,9 +9839,11 @@ kubernetesProvider.kubeletVolumePluginPathlogging-KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, -CSI will be enabled by default. If set to ‘None’, CSI will be disabled. -Default: /var/lib/kubelet +Logging Configuration for Components
+ +(Appears on: +Installation) + +
++InstallationStatus defines the observed state of the Calico or Calico Enterprise installation. +
+| Field | +Description | +
|---|---|
-nodeUpdateStrategy+ variant- -Kubernetes apps/v1.DaemonSetUpdateStrategy + +ProductVariant |
-(Optional)
-NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable -field. +Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise |
@@ -8979,21 +9898,17 @@ field.
-componentResources+ mtu- -[]ComponentResource - +int32 |
-(Optional)
-Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. -ComponentResources can be used to customize the resource requirements for each component. -Node, Typha, and KubeControllers are supported for installations. +MTU is the most recently observed value for pod network MTU. This may be an explicitly +configured value, or based on Calico’s native auto-detetion. |
@@ -9001,11 +9916,9 @@ Node, Typha, and KubeControllers are supported for installations.
-certificateManagement+ imageSet- -CertificateManagement - +string |
@@ -9013,9 +9926,8 @@ CertificateManagement
(Optional)
|
-nonPrivileged+ computed- -NonPrivilegedType + +InstallationSpec @@ -9035,7 +9947,7 @@ NonPrivilegedType (Optional) -NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible. +Computed is the final installation including overlaid resources. |
@@ -9043,19 +9955,18 @@ NonPrivileged configures Calico to be run in non-privileged containers as non-ro
|
-calicoNodeDaemonSet+ calicoVersion- -CalicoNodeDaemonSet - +string |
-CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in -conjunction with the deprecated ComponentResources, then these overrides take precedence. +CalicoVersion shows the current running version of calico. +CalicoVersion along with Variant is needed to know the exact +version deployed. |
@@ -9063,29 +9974,59 @@ conjunction with the deprecated ComponentResources, then these overrides take pr
-csiNodeDriverDaemonSet+ conditions- -CSINodeDriverDaemonSet + +[]Kubernetes meta/v1.Condition |
+(Optional)
-CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet. +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. |
string alias)+ +(Appears on: +IntrusionDetectionComponentResource) + +
++ +(Appears on: +IntrusionDetectionSpec) + +
++The ComponentResource struct associates a ResourceRequirements with a component by name +
+| Field | +Description | +
|---|---|
-calicoKubeControllersDeployment+ componentName- -CalicoKubeControllersDeployment + +IntrusionDetectionComponentName @@ -9093,8 +10034,7 @@ CalicoKubeControllersDeployment |
-CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in -conjunction with the deprecated ComponentResources, then these overrides take precedence. +ComponentName is an enum which identifies the component |
@@ -9102,10 +10042,10 @@ conjunction with the deprecated ComponentResources, then these overrides take pr
-typhaDeployment+ resourceRequirements- -TyphaDeployment + +Kubernetes core/v1.ResourceRequirements @@ -9113,38 +10053,38 @@ TyphaDeployment |
-TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated -ComponentResources or TyphaAffinity, then these overrides take precedence. +ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory. |
-
-calicoWindowsUpgradeDaemonSet- - -CalicoWindowsUpgradeDaemonSet - - + |
- -
-CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet. +IntrusionDetectionSpec defines the desired state of Tigera intrusion detection capabilities.
- -| Field | +Description |
|---|---|
-fipsMode+ componentResources- -FIPSMode + +[]IntrusionDetectionComponentResource @@ -9153,8 +10093,8 @@ FIPSMode (Optional) -FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. -Default: Disabled +ComponentResources can be used to customize the resource requirements for each component. +Only DeepPacketInspection is supported for this spec. |
@@ -9162,10 +10102,10 @@ Default: Disabled
|
-logging+ anomalyDetection- -Logging + +AnomalyDetectionSpec @@ -9174,22 +10114,24 @@ Logging (Optional) -Logging Configuration for Components +AnomalyDetection provides configuration for running AnomalyDetection Component within +IntrusionDetection. Anomaly Detection configuration will only be applied to standalone and +management clusters. |
(Appears on: -Installation) +IntrusionDetection)
-InstallationStatus defines the observed state of the Calico or Calico Enterprise installation. +IntrusionDetectionStatus defines the observed state of Tigera intrusion detection capabilities.
-variant+ state- -ProductVariant - +string |
-Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise +State provides user-readable status. |
@@ -9221,47 +10161,59 @@ Variant is the most recently observed installed variant - one of Calico or Tiger
-mtu+ conditions-int32 + +[]Kubernetes meta/v1.Condition + |
+(Optional)
-MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detetion. +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. |
-
-imageSet- -string - + + |
string alias)- -
-ImageSet is the name of the ImageSet being used, if there is an ImageSet -that is being used. If an ImageSet is not being used then this will not be set. +KubernetesAutodetectionMethod is a method of detecting an IP address based on the Kubernetes API.
- -+One of: NodeInternalIP +
++LinseedDeployment is the configuration for the linseed Deployment. +
+| Field | +Description |
|---|---|
-computed+ spec- -InstallationSpec + +LinseedDeploymentSpec @@ -9270,15 +10222,39 @@ InstallationSpec (Optional) -Computed is the final installation including overlaid resources. +Spec is the specification of the linseed Deployment. ++ + |
+ +(Appears on: +LinseedDeploymentPodSpec) + +
++LinseedDeploymentContainer is a linseed Deployment container. +
+| Field | +Description | +
|---|---|
-calicoVersion+ namestring @@ -9287,9 +10263,7 @@ string |
-CalicoVersion shows the current running version of calico. -CalicoVersion along with Variant is needed to know the exact -version deployed. +Name is an enum which identifies the linseed Deployment container by name. |
@@ -9297,10 +10271,10 @@ version deployed.
-conditions+ resources- -[]Kubernetes meta/v1.Condition + +Kubernetes core/v1.ResourceRequirements @@ -9309,31 +10283,24 @@ version deployed. (Optional) -Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named linseed Deployment container’s resources. +If omitted, the linseed Deployment will use its default value for this container’s resources. |
string alias)- -(Appears on: -IntrusionDetectionComponentResource) - -
-(Appears on: -IntrusionDetectionSpec) +LinseedDeploymentPodSpec)
-The ComponentResource struct associates a ResourceRequirements with a component by name +LinseedDeploymentInitContainer is a linseed Deployment init container.
-componentName+ name- -IntrusionDetectionComponentName - +string |
-ComponentName is an enum which identifies the component +Name is an enum which identifies the linseed Deployment init container by name. |
@@ -9365,7 +10330,7 @@ ComponentName is an enum which identifies the component
-resourceRequirements+ resourcesKubernetes core/v1.ResourceRequirements @@ -9375,23 +10340,26 @@ Kubernetes core/v1.ResourceRequirements |
+(Optional)
-ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named linseed Deployment init container’s resources. +If omitted, the linseed Deployment will use its default value for this init container’s resources. |
(Appears on: -IntrusionDetection) +LinseedDeploymentPodTemplateSpec)
-IntrusionDetectionSpec defines the desired state of Tigera intrusion detection capabilities. +LinseedDeploymentPodSpec is the linseed Deployment’s PodSpec.
-componentResources+ initContainers- -[]IntrusionDetectionComponentResource + +[]LinseedDeploymentInitContainer @@ -9416,8 +10384,9 @@ IntrusionDetectionSpec defines the desired state of Tigera intrusion detection c (Optional) -ComponentResources can be used to customize the resource requirements for each component. -Only DeepPacketInspection is supported for this spec. +InitContainers is a list of linseed init containers. +If specified, this overrides the specified linseed Deployment init containers. +If omitted, the linseed Deployment will use its default values for its init containers. |
@@ -9425,10 +10394,10 @@ Only DeepPacketInspection is supported for this spec.
-anomalyDetection+ containers- -AnomalyDetectionSpec + +[]LinseedDeploymentContainer @@ -9437,24 +10406,24 @@ AnomalyDetectionSpec (Optional) -AnomalyDetection provides configuration for running AnomalyDetection Component within -IntrusionDetection. Anomaly Detection configuration will only be applied to standalone and -management clusters. +Containers is a list of linseed containers. +If specified, this overrides the specified linseed Deployment containers. +If omitted, the linseed Deployment will use its default values for its containers. |
(Appears on: -IntrusionDetection) +LinseedDeploymentSpec)
-IntrusionDetectionStatus defines the observed state of Tigera intrusion detection capabilities. +LinseedDeploymentPodTemplateSpec is the linseed Deployment’s PodTemplateSpec
-state+ spec-string + +LinseedDeploymentPodSpec + |
+(Optional)
-State provides user-readable status. +Spec is the linseed Deployment’s PodSpec. ++ + |
+ +(Appears on: +LinseedDeployment) + +
++LinseedDeploymentSpec defines configuration for the linseed Deployment. +
+| Field | +Description | +
|---|---|
-conditions+ template- -[]Kubernetes meta/v1.Condition + +LinseedDeploymentPodTemplateSpec @@ -9496,28 +10492,13 @@ State provides user-readable status. (Optional) -Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. +Template describes the linseed Deployment pod that will be created. |
string alias)- -(Appears on: -NodeAddressAutodetection) - -
--KubernetesAutodetectionMethod is a method of detecting an IP address based on the Kubernetes API. -
--One of: NodeInternalIP -
string alias)@@ -9692,7 +10673,7 @@ CollectProcessPathOption (Optional)
Configuration for enabling/disabling process path collection in flowlogs. -If Enabled, this feature sets hostPID to true to read process cmdline. +If Enabled, this feature sets hostPID to true in order to read process cmdline. Default: Enabled
@@ -10445,6 +11426,8 @@ Ready, Progressing, Degraded or other customer types. CalicoKubeControllersDeploymentPodTemplateSpec, CalicoNodeDaemonSet, CalicoNodeDaemonSetPodTemplateSpec, +CalicoNodeWindowsDaemonSet, +CalicoNodeWindowsDaemonSetPodTemplateSpec, CalicoWindowsUpgradeDaemonSet, CalicoWindowsUpgradeDaemonSetPodTemplateSpec, TyphaDeployment,