WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -566,6 +567,7 @@ ApplicationLayerStatusWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -9412,7 +9421,7 @@ int32 (Optional)-BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)
@@ -10333,7 +10342,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion.
@@ -12055,6 +12064,7 @@ stringWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -566,6 +567,7 @@ ApplicationLayerStatusWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -9412,7 +9421,7 @@ int32 (Optional)-BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)
@@ -10333,7 +10342,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion.
@@ -12055,6 +12064,7 @@ string-AmazonCloudIntegration is the Schema for the amazoncloudintegrations API -
-| Field | -Description | -||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-
-apiVersion-string - |
-
-
-
-operator.tigera.io/v1
-
-
- |
-||||||||||||||||
-
-kind-string - - |
-
-AmazonCloudIntegration
- |
-||||||||||||||||
-
-metadata- - -Kubernetes meta/v1.ObjectMeta - - - - |
-
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
-
- |
-||||||||||||||||
-
-spec- - -AmazonCloudIntegrationSpec - - - - |
-
-
- - -
|
-||||||||||||||||
-
-status- - -AmazonCloudIntegrationStatus - - - - |
-- | + | @@ -817,6 +583,7 @@ AuthenticationStatus+ | @@ -1249,6 +1016,7 @@ EgressGatewayStatus+ | @@ -3022,6 +2790,7 @@ ManagementClusterConnectionStatus+ | @@ -3292,14 +3061,14 @@ MonitorStatus+ |
-PolicyRecommendation is the Schema for the policy recommendation API. At most one instance -of this resource is supported. It must be named “tigera-secure”. +PacketCaptureAPI is used to configure the resource requirement for PacketCaptureAPI deployment. It must be named “tigera-secure”.
-PolicyRecommendation
+PacketCaptureAPI
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
+ +Specification of the desired state for the PacketCaptureAPI. +
TLSPassThroughRoute+PolicyRecommendation++PolicyRecommendation is the Schema for the policy recommendation API. At most one instance +of this resource is supported. It must be named “tigera-secure”. +
TLSPassThroughRoute+
AmazonCloudIntegrationStatus+ApplicationLayerStatus(Appears on: -AmazonCloudIntegration) +ApplicationLayer) -AmazonCloudIntegrationStatus defines the observed state of AmazonCloudIntegration +ApplicationLayerStatus defines the observed state of ApplicationLayer AnomalyDetectionSpec+AuthMethod
+(
+ |
-storageClassName+ hoststring @@ -5118,57 +5011,28 @@ string |
-(Optional)
-StorageClassName is now deprecated, and configuring it has no effect. +The host and port of the LDAP server. Example: ad.example.com:636 |
string alias)- -(Appears on: -ApplicationLayerSpec) - -
-- -(Appears on: -ApplicationLayer) - -
--ApplicationLayerSpec defines the desired state of ApplicationLayer -
-| Field | -Description | -
|---|---|
-webApplicationFirewall+ startTLS- -WAFStatusType - +bool |
+(Optional)
-WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +StartTLS whether to enable the startTLS feature for establishing TLS on an existing LDAP session. +If true, the ldap:// protocol is used and then issues a StartTLS command, otherwise, connections will use +the ldaps:// protocol. |
@@ -5176,205 +5040,10 @@ When enabled, Services may opt-in to having ingress traffic examined by ModSecur
-logCollection+ userSearch- -LogCollectionSpec - - - - |
-
-
- -Specification for application layer (L7) log collection. - - - |
-
-
-applicationLayerPolicy- - -ApplicationLayerPolicyStatusType - - - - |
-
-
- -Application Layer Policy controls whether or not ALP enforcement is enabled for the cluster. -When enabled, NetworkPolicies with HTTP Match rules may be defined to opt-in workloads for traffic enforcement on the application layer. - - - |
-
-
-envoy- - -EnvoySettings - - - - |
-
-
- -User-configurable settings for the Envoy proxy. - - - |
-
-
-l7LogCollectorDaemonSet- - -L7LogCollectorDaemonSet - - - - |
-
-
-(Optional)
- -L7LogCollectorDaemonSet configures the L7LogCollector DaemonSet. - - - |
-
- -(Appears on: -ApplicationLayer) - -
--ApplicationLayerStatus defines the observed state of ApplicationLayer -
-| Field | -Description | -
|---|---|
-
-state- -string - - - |
-
-
- -State provides user-readable status. - - - |
-
-
-conditions- - -[]Kubernetes meta/v1.Condition - - - - |
-
-
-(Optional)
- -Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. - - - |
-
string alias)- -(Appears on: -AuthenticationSpec) - -
--AuthenticationLDAP is the configuration needed to setup LDAP. -
-| Field | -Description | -
|---|---|
-
-host- -string - - - |
-
-
- -The host and port of the LDAP server. Example: ad.example.com:636 - - - |
-
-
-startTLS- -bool - - - |
-
-
-(Optional)
- -StartTLS whether to enable the startTLS feature for establishing TLS on an existing LDAP session. -If true, the ldap:// protocol is used and then issues a StartTLS command, otherwise, connections will use -the ldaps:// protocol. - - - |
-
-
-userSearch- - -UserSearch + +UserSearch @@ -14026,7 +13695,7 @@ int32 (Optional) -BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6) @@ -14975,7 +14644,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion. |
@@ -17964,17 +17633,6 @@ already exist in the object’s annotations.
string alias)- -(Appears on: -AmazonCloudIntegrationSpec) - -
--MetadataAccessAllowedType -
@@ -18133,38 +17791,453 @@ One of: None, Multus
(Appears on: -IPPool) +IPPool) + +
++NATOutgoingType describe the type of outgoing NAT to use. +
++One of: Enabled, Disabled +
+string alias)+ +(Appears on: +AWSEgressGateway) + +
++NativeIP defines if Egress Gateway pods should have AWS IPs. +When NativeIP is enabled, the IPPools should be backed by AWS subnet. +
++ +(Appears on: +CalicoNetworkSpec) + +
++NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option +can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs +must be specified directly on the Node resource. +
+| Field | +Description | +
|---|---|
+
+firstFound+ +bool + + + |
+
+
+(Optional)
+ +FirstFound uses default interface matching parameters to select an interface, performing best-effort +filtering based on well-known interface names. + + + |
+
+
+kubernetes+ + +KubernetesAutodetectionMethod + + + + |
+
+
+(Optional)
+ +Kubernetes configures Calico to detect node addresses based on the Kubernetes API. + + + |
+
+
+interface+ +string + + + |
+
+
+(Optional)
+ +Interface enables IP auto-detection based on interfaces that match the given regex. + + + |
+
+
+skipInterface+ +string + + + |
+
+
+(Optional)
+ +SkipInterface enables IP auto-detection based on interfaces that do not match +the given regex. + + + |
+
+
+canReach+ +string + + + |
+
+
+(Optional)
+ +CanReach enables IP auto-detection based on which source address on the node is used to reach the +specified IP or domain. + + + |
+
+
+cidrs+ +[]string + + + |
+
+
+ +CIDRS enables IP auto-detection based on which addresses on the nodes are within +one of the provided CIDRs. + + + |
+
+ +(Appears on: +TyphaAffinity) + +
++NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available schedulers. +
+| Field | +Description | +
|---|---|
+
+preferredDuringSchedulingIgnoredDuringExecution+ + +[]Kubernetes core/v1.PreferredSchedulingTerm + + + + |
+
+
+(Optional)
+ +The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. + + + |
+
+
+requiredDuringSchedulingIgnoredDuringExecution+ + +Kubernetes core/v1.NodeSelector + + + + |
+
+
+(Optional)
+ +WARNING: Please note that if the affinity requirements specified by this field are not met at +scheduling time, the pod will NOT be scheduled onto the node. +There is no fallback to another affinity rules with this setting. +This may cause networking disruption or even catastrophic failure! +PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity +unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and +you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. +NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, +to avoid scheduling Typhas on virtual-nodes. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node. + + + |
+
+ +(Appears on: +Nodes) + +
++NodeSets defines configuration specific to each Elasticsearch Node Set +
+| Field | +Description | +
|---|---|
+
+selectionAttributes+ + +[]NodeSetSelectionAttribute + + + + |
+
+
+ +SelectionAttributes defines K8s node attributes a NodeSet should use when setting the Node Affinity selectors and +Elasticsearch cluster awareness attributes for the Elasticsearch nodes. The list of SelectionAttributes are used +to define Node Affinities and set the node awareness configuration in the running Elasticsearch instance. + + + |
+
+ +(Appears on: +NodeSet) + +
++NodeSetSelectionAttribute defines a K8s node “attribute” the Elasticsearch nodes should be aware of. The “Name” and “Value” +are used together to set the “awareness” attributes in Elasticsearch, while the “NodeLabel” and “Value” are used together +to define Node Affinity for the Pods created for the Elasticsearch nodes. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
++ + + | +
+
+nodeLabel+ +string + + + |
++ + + | +
+
+value+ +string + + + |
++ + + | +
+ +(Appears on: +LogStorageSpec) + +
++Nodes defines the configuration for a set of identical Elasticsearch cluster nodes, each of type master, data, and ingest. +
+| Field | +Description | +
|---|---|
+
+count+ +int64 + + + |
+
+
+ +Count defines the number of nodes in the Elasticsearch cluster. + + + |
+
+
+nodeSets+ + +[]NodeSet + + + + |
+
+
+(Optional)
+ +NodeSets defines configuration specific to each Elasticsearch Node Set + + + |
+
+
+resourceRequirements+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +ResourceRequirements defines the resource limits and requirements for the Elasticsearch cluster. + + + |
+
string alias)+ +(Appears on: +InstallationSpec)
-NATOutgoingType describe the type of outgoing NAT to use. +NonPrivilegedType specifies whether Calico runs as permissioned or not
One of: Enabled, Disabled
-string alias)(Appears on: -AWSEgressGateway) +AuthenticationOIDC)
-NativeIP defines if Egress Gateway pods should have AWS IPs. -When NativeIP is enabled, the IPPools should be backed by AWS subnet. +OIDCType defines how OIDC is configured for Tigera Enterprise. Dex should be the best option for most use-cases. +The Tigera option can help in specific use-cases, for instance, when you are unable to configure a client secret. +One of: Dex, Tigera
-(Appears on: -CalicoNetworkSpec) +PacketCaptureAPISpec)
-NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option -can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs -must be specified directly on the Node resource. +PacketCaptureAPIDeployment is the configuration for the PacketCaptureAPI Deployment.
-firstFound+ spec-bool + +PacketCaptureAPIDeploymentSpec + |
@@ -18187,36 +18262,39 @@ bool
(Optional)
kubernetes- -
-Kubernetes configures Calico to detect node addresses based on the Kubernetes API. +PacketCaptureAPIDeploymentContainer is a PacketCaptureAPI Deployment container.
- -| Field | +Description |
|---|---|
-interface+ namestring @@ -18224,9 +18302,9 @@ string |
-(Optional)
-Interface enables IP auto-detection based on interfaces that match the given regex. +Name is an enum which identifies the PacketCaptureAPI Deployment container by name. +Supported values are: tigera-packetcapture-server |
@@ -18234,9 +18312,11 @@ Interface enables IP auto-detection based on interfaces that match the given reg
-skipInterface+ resources-string + +Kubernetes core/v1.ResourceRequirements + |
@@ -18244,16 +18324,37 @@ string
(Optional)
+ +(Appears on: +PacketCaptureAPIDeploymentPodSpec) + +
++PacketCaptureAPIDeploymentInitContainer is a PacketCaptureAPI Deployment init container. +
+| Field | +Description | +
|---|---|
-canReach+ namestring @@ -18261,10 +18362,9 @@ string |
-(Optional)
-CanReach enables IP auto-detection based on which source address on the node is used to reach the -specified IP or domain. +Name is an enum which identifies the PacketCaptureAPI Deployment init container by name. +Supported values are: tigera-packetcapture-server-tls-key-cert-provisioner |
@@ -18272,32 +18372,36 @@ specified IP or domain.
-cidrs+ resources-[]string + +Kubernetes core/v1.ResourceRequirements + |
+(Optional)
-CIDRS enables IP auto-detection based on which addresses on the nodes are within -one of the provided CIDRs. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named PacketCaptureAPI Deployment init container’s resources. +If omitted, the PacketCaptureAPI Deployment will use its default value for this init container’s resources. |
(Appears on: -TyphaAffinity) +PacketCaptureAPIDeploymentPodTemplateSpec)
-NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available schedulers. +PacketCaptureAPIDeploymentPodSpec is the PacketCaptureAPI Deployment’s PodSpec.
-preferredDuringSchedulingIgnoredDuringExecution+ initContainers- -[]Kubernetes core/v1.PreferredSchedulingTerm + +[]PacketCaptureAPIDeploymentInitContainer @@ -18322,9 +18426,9 @@ NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available sc (Optional) -The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. +InitContainers is a list of PacketCaptureAPI init containers. +If specified, this overrides the specified PacketCaptureAPI Deployment init containers. +If omitted, the PacketCaptureAPI Deployment will use its default values for its init containers. |
@@ -18332,10 +18436,10 @@ a node that violates one or more of the expressions.
-requiredDuringSchedulingIgnoredDuringExecution+ containers- -Kubernetes core/v1.NodeSelector + +[]PacketCaptureAPIDeploymentContainer @@ -18344,33 +18448,24 @@ Kubernetes core/v1.NodeSelector (Optional) -WARNING: Please note that if the affinity requirements specified by this field are not met at -scheduling time, the pod will NOT be scheduled onto the node. -There is no fallback to another affinity rules with this setting. -This may cause networking disruption or even catastrophic failure! -PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity -unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and -you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. -NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, -to avoid scheduling Typhas on virtual-nodes. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node. +Containers is a list of PacketCaptureAPI containers. +If specified, this overrides the specified PacketCaptureAPI Deployment containers. +If omitted, the PacketCaptureAPI Deployment will use its default values for its containers. |
(Appears on: -Nodes) +PacketCaptureAPIDeploymentSpec)
-NodeSets defines configuration specific to each Elasticsearch Node Set +PacketCaptureAPIDeploymentPodTemplateSpec is the PacketCaptureAPI Deployment’s PodTemplateSpec
-selectionAttributes+ spec- -[]NodeSetSelectionAttribute + +PacketCaptureAPIDeploymentPodSpec |
+(Optional)
-SelectionAttributes defines K8s node attributes a NodeSet should use when setting the Node Affinity selectors and -Elasticsearch cluster awareness attributes for the Elasticsearch nodes. The list of SelectionAttributes are used -to define Node Affinities and set the node awareness configuration in the running Elasticsearch instance. +Spec is the PacketCaptureAPI Deployment’s PodSpec. ++ + |
(Appears on: -NodeSet) +PacketCaptureAPIDeployment)
-NodeSetSelectionAttribute defines a K8s node “attribute” the Elasticsearch nodes should be aware of. The “Name” and “Value” -are used together to set the “awareness” attributes in Elasticsearch, while the “NodeLabel” and “Value” are used together -to define Node Affinity for the Pods created for the Elasticsearch nodes. +PacketCaptureAPIDeploymentSpec defines configuration for the PacketCaptureAPI Deployment.
-name- -string - - - |
-- - | -
-
-nodeLabel+ template-string + +PacketCaptureAPIDeploymentPodTemplateSpec + |
- | -
-
-value- -string - - - |
-
+(Optional)
+ +Template describes the PacketCaptureAPI Deployment pod that will be created. + |
(Appears on: -LogStorageSpec) +PacketCaptureAPI)
-Nodes defines the configuration for a set of identical Elasticsearch cluster nodes, each of type master, data, and ingest. +PacketCaptureAPISpec defines configuration for the Packet Capture API.
-count+ packetCaptureAPIDeployment-int64 + +PacketCaptureAPIDeployment + |
+(Optional)
-Count defines the number of nodes in the Elasticsearch cluster. +PacketCaptureAPIDeployment configures the PacketCaptureAPI Deployment. |
+ +(Appears on: +PacketCaptureAPI) + +
++PacketCaptureAPIStatus defines the observed state of the Packet Capture API. +
+| Field | +Description | +
|---|---|
-nodeSets+ state- -[]NodeSet - +string |
-(Optional)
-NodeSets defines configuration specific to each Elasticsearch Node Set +State provides user-readable status. |
@@ -18522,10 +18619,10 @@ NodeSets defines configuration specific to each Elasticsearch Node Set
-resourceRequirements+ conditions- -Kubernetes core/v1.ResourceRequirements + +[]Kubernetes meta/v1.Condition @@ -18534,40 +18631,14 @@ Kubernetes core/v1.ResourceRequirements (Optional) -ResourceRequirements defines the resource limits and requirements for the Elasticsearch cluster. +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. |
string alias)- -(Appears on: -InstallationSpec) - -
--NonPrivilegedType specifies whether Calico runs as permissioned or not -
--One of: Enabled, Disabled -
-string alias)- -(Appears on: -AuthenticationOIDC) - -
--OIDCType defines how OIDC is configured for Tigera Enterprise. Dex should be the best option for most use-cases. -The Tigera option can help in specific use-cases, for instance, when you are unable to configure a client secret. -One of: Dex, Tigera -
@@ -19585,6 +19656,7 @@ string
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -543,6 +544,7 @@ ApplicationLayerStatusWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -7739,7 +7746,7 @@ int32 (Optional)-BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)
@@ -8505,7 +8512,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion.
@@ -10137,6 +10144,7 @@ stringWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -564,6 +565,7 @@ ApplicationLayerStatusWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -9095,7 +9103,7 @@ int32 (Optional)-BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)
@@ -9900,7 +9908,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion.
@@ -11878,6 +11886,7 @@ stringWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -566,6 +567,7 @@ ApplicationLayerStatusWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -9110,7 +9119,7 @@ int32 (Optional)-BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)
@@ -10031,7 +10040,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion.
@@ -11722,6 +11731,7 @@ stringWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -564,6 +565,7 @@ ApplicationLayerStatusWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -8418,7 +8426,7 @@ int32 (Optional)-BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)
@@ -9223,7 +9231,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion.
@@ -10895,6 +10903,7 @@ stringWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -566,6 +567,7 @@ ApplicationLayerStatusWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -9412,7 +9421,7 @@ int32 (Optional)-BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)
@@ -10333,7 +10342,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion.
@@ -12055,6 +12064,7 @@ string-AmazonCloudIntegration is the Schema for the amazoncloudintegrations API -
-| Field | -Description | -||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-
-apiVersion-string - |
-
-
-
-operator.tigera.io/v1
-
-
- |
-||||||||||||||||
-
-kind-string - - |
-
-AmazonCloudIntegration
- |
-||||||||||||||||
-
-metadata- - -Kubernetes meta/v1.ObjectMeta - - - - |
-
-
-Refer to the Kubernetes API documentation for the fields of the
-metadata field.
-
- |
-||||||||||||||||
-
-spec- - -AmazonCloudIntegrationSpec - - - - |
-
-
- - -
|
-||||||||||||||||
-
-status- - -AmazonCloudIntegrationStatus - - - - |
-- | + | @@ -817,6 +583,7 @@ AuthenticationStatus+ | @@ -1249,6 +1016,7 @@ EgressGatewayStatus+ | @@ -3022,6 +2790,7 @@ ManagementClusterConnectionStatus+ | @@ -3292,14 +3061,14 @@ MonitorStatus+ |
-PolicyRecommendation is the Schema for the policy recommendation API. At most one instance -of this resource is supported. It must be named “tigera-secure”. +PacketCaptureAPI is used to configure the resource requirement for PacketCaptureAPI deployment. It must be named “tigera-secure”.
-PolicyRecommendation
+PacketCaptureAPI
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
+ +Specification of the desired state for the PacketCaptureAPI. +
TLSPassThroughRoute+PolicyRecommendation++PolicyRecommendation is the Schema for the policy recommendation API. At most one instance +of this resource is supported. It must be named “tigera-secure”. +
TLSPassThroughRoute+
AmazonCloudIntegrationStatus+ApplicationLayerStatus(Appears on: -AmazonCloudIntegration) +ApplicationLayer) -AmazonCloudIntegrationStatus defines the observed state of AmazonCloudIntegration +ApplicationLayerStatus defines the observed state of ApplicationLayer AnomalyDetectionSpec+AuthMethod
+(
+ |
-storageClassName+ hoststring @@ -5118,57 +5011,28 @@ string |
-(Optional)
-StorageClassName is now deprecated, and configuring it has no effect. +The host and port of the LDAP server. Example: ad.example.com:636 |
string alias)- -(Appears on: -ApplicationLayerSpec) - -
-- -(Appears on: -ApplicationLayer) - -
--ApplicationLayerSpec defines the desired state of ApplicationLayer -
-| Field | -Description | -
|---|---|
-webApplicationFirewall+ startTLS- -WAFStatusType - +bool |
+(Optional)
-WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +StartTLS whether to enable the startTLS feature for establishing TLS on an existing LDAP session. +If true, the ldap:// protocol is used and then issues a StartTLS command, otherwise, connections will use +the ldaps:// protocol. |
@@ -5176,205 +5040,10 @@ When enabled, Services may opt-in to having ingress traffic examined by ModSecur
-logCollection+ userSearch- -LogCollectionSpec - - - - |
-
-
- -Specification for application layer (L7) log collection. - - - |
-
-
-applicationLayerPolicy- - -ApplicationLayerPolicyStatusType - - - - |
-
-
- -Application Layer Policy controls whether or not ALP enforcement is enabled for the cluster. -When enabled, NetworkPolicies with HTTP Match rules may be defined to opt-in workloads for traffic enforcement on the application layer. - - - |
-
-
-envoy- - -EnvoySettings - - - - |
-
-
- -User-configurable settings for the Envoy proxy. - - - |
-
-
-l7LogCollectorDaemonSet- - -L7LogCollectorDaemonSet - - - - |
-
-
-(Optional)
- -L7LogCollectorDaemonSet configures the L7LogCollector DaemonSet. - - - |
-
- -(Appears on: -ApplicationLayer) - -
--ApplicationLayerStatus defines the observed state of ApplicationLayer -
-| Field | -Description | -
|---|---|
-
-state- -string - - - |
-
-
- -State provides user-readable status. - - - |
-
-
-conditions- - -[]Kubernetes meta/v1.Condition - - - - |
-
-
-(Optional)
- -Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. - - - |
-
string alias)- -(Appears on: -AuthenticationSpec) - -
--AuthenticationLDAP is the configuration needed to setup LDAP. -
-| Field | -Description | -
|---|---|
-
-host- -string - - - |
-
-
- -The host and port of the LDAP server. Example: ad.example.com:636 - - - |
-
-
-startTLS- -bool - - - |
-
-
-(Optional)
- -StartTLS whether to enable the startTLS feature for establishing TLS on an existing LDAP session. -If true, the ldap:// protocol is used and then issues a StartTLS command, otherwise, connections will use -the ldaps:// protocol. - - - |
-
-
-userSearch- - -UserSearch + +UserSearch @@ -14026,7 +13695,7 @@ int32 (Optional) -BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6) @@ -14975,7 +14644,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion. |
@@ -17964,17 +17633,6 @@ already exist in the object’s annotations.
string alias)- -(Appears on: -AmazonCloudIntegrationSpec) - -
--MetadataAccessAllowedType -
@@ -18133,38 +17791,453 @@ One of: None, Multus
(Appears on: -IPPool) +IPPool) + +
++NATOutgoingType describe the type of outgoing NAT to use. +
++One of: Enabled, Disabled +
+string alias)+ +(Appears on: +AWSEgressGateway) + +
++NativeIP defines if Egress Gateway pods should have AWS IPs. +When NativeIP is enabled, the IPPools should be backed by AWS subnet. +
++ +(Appears on: +CalicoNetworkSpec) + +
++NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option +can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs +must be specified directly on the Node resource. +
+| Field | +Description | +
|---|---|
+
+firstFound+ +bool + + + |
+
+
+(Optional)
+ +FirstFound uses default interface matching parameters to select an interface, performing best-effort +filtering based on well-known interface names. + + + |
+
+
+kubernetes+ + +KubernetesAutodetectionMethod + + + + |
+
+
+(Optional)
+ +Kubernetes configures Calico to detect node addresses based on the Kubernetes API. + + + |
+
+
+interface+ +string + + + |
+
+
+(Optional)
+ +Interface enables IP auto-detection based on interfaces that match the given regex. + + + |
+
+
+skipInterface+ +string + + + |
+
+
+(Optional)
+ +SkipInterface enables IP auto-detection based on interfaces that do not match +the given regex. + + + |
+
+
+canReach+ +string + + + |
+
+
+(Optional)
+ +CanReach enables IP auto-detection based on which source address on the node is used to reach the +specified IP or domain. + + + |
+
+
+cidrs+ +[]string + + + |
+
+
+ +CIDRS enables IP auto-detection based on which addresses on the nodes are within +one of the provided CIDRs. + + + |
+
+ +(Appears on: +TyphaAffinity) + +
++NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available schedulers. +
+| Field | +Description | +
|---|---|
+
+preferredDuringSchedulingIgnoredDuringExecution+ + +[]Kubernetes core/v1.PreferredSchedulingTerm + + + + |
+
+
+(Optional)
+ +The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. + + + |
+
+
+requiredDuringSchedulingIgnoredDuringExecution+ + +Kubernetes core/v1.NodeSelector + + + + |
+
+
+(Optional)
+ +WARNING: Please note that if the affinity requirements specified by this field are not met at +scheduling time, the pod will NOT be scheduled onto the node. +There is no fallback to another affinity rules with this setting. +This may cause networking disruption or even catastrophic failure! +PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity +unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and +you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. +NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, +to avoid scheduling Typhas on virtual-nodes. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node. + + + |
+
+ +(Appears on: +Nodes) + +
++NodeSets defines configuration specific to each Elasticsearch Node Set +
+| Field | +Description | +
|---|---|
+
+selectionAttributes+ + +[]NodeSetSelectionAttribute + + + + |
+
+
+ +SelectionAttributes defines K8s node attributes a NodeSet should use when setting the Node Affinity selectors and +Elasticsearch cluster awareness attributes for the Elasticsearch nodes. The list of SelectionAttributes are used +to define Node Affinities and set the node awareness configuration in the running Elasticsearch instance. + + + |
+
+ +(Appears on: +NodeSet) + +
++NodeSetSelectionAttribute defines a K8s node “attribute” the Elasticsearch nodes should be aware of. The “Name” and “Value” +are used together to set the “awareness” attributes in Elasticsearch, while the “NodeLabel” and “Value” are used together +to define Node Affinity for the Pods created for the Elasticsearch nodes. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
++ + + | +
+
+nodeLabel+ +string + + + |
++ + + | +
+
+value+ +string + + + |
++ + + | +
+ +(Appears on: +LogStorageSpec) + +
++Nodes defines the configuration for a set of identical Elasticsearch cluster nodes, each of type master, data, and ingest. +
+| Field | +Description | +
|---|---|
+
+count+ +int64 + + + |
+
+
+ +Count defines the number of nodes in the Elasticsearch cluster. + + + |
+
+
+nodeSets+ + +[]NodeSet + + + + |
+
+
+(Optional)
+ +NodeSets defines configuration specific to each Elasticsearch Node Set + + + |
+
+
+resourceRequirements+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +ResourceRequirements defines the resource limits and requirements for the Elasticsearch cluster. + + + |
+
string alias)+ +(Appears on: +InstallationSpec)
-NATOutgoingType describe the type of outgoing NAT to use. +NonPrivilegedType specifies whether Calico runs as permissioned or not
One of: Enabled, Disabled
-string alias)(Appears on: -AWSEgressGateway) +AuthenticationOIDC)
-NativeIP defines if Egress Gateway pods should have AWS IPs. -When NativeIP is enabled, the IPPools should be backed by AWS subnet. +OIDCType defines how OIDC is configured for Tigera Enterprise. Dex should be the best option for most use-cases. +The Tigera option can help in specific use-cases, for instance, when you are unable to configure a client secret. +One of: Dex, Tigera
-(Appears on: -CalicoNetworkSpec) +PacketCaptureAPISpec)
-NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option -can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs -must be specified directly on the Node resource. +PacketCaptureAPIDeployment is the configuration for the PacketCaptureAPI Deployment.
-firstFound+ spec-bool + +PacketCaptureAPIDeploymentSpec + |
@@ -18187,36 +18262,39 @@ bool
(Optional)
kubernetes- -
-Kubernetes configures Calico to detect node addresses based on the Kubernetes API. +PacketCaptureAPIDeploymentContainer is a PacketCaptureAPI Deployment container.
- -| Field | +Description |
|---|---|
-interface+ namestring @@ -18224,9 +18302,9 @@ string |
-(Optional)
-Interface enables IP auto-detection based on interfaces that match the given regex. +Name is an enum which identifies the PacketCaptureAPI Deployment container by name. +Supported values are: tigera-packetcapture-server |
@@ -18234,9 +18312,11 @@ Interface enables IP auto-detection based on interfaces that match the given reg
-skipInterface+ resources-string + +Kubernetes core/v1.ResourceRequirements + |
@@ -18244,16 +18324,37 @@ string
(Optional)
+ +(Appears on: +PacketCaptureAPIDeploymentPodSpec) + +
++PacketCaptureAPIDeploymentInitContainer is a PacketCaptureAPI Deployment init container. +
+| Field | +Description | +
|---|---|
-canReach+ namestring @@ -18261,10 +18362,9 @@ string |
-(Optional)
-CanReach enables IP auto-detection based on which source address on the node is used to reach the -specified IP or domain. +Name is an enum which identifies the PacketCaptureAPI Deployment init container by name. +Supported values are: tigera-packetcapture-server-tls-key-cert-provisioner |
@@ -18272,32 +18372,36 @@ specified IP or domain.
-cidrs+ resources-[]string + +Kubernetes core/v1.ResourceRequirements + |
+(Optional)
-CIDRS enables IP auto-detection based on which addresses on the nodes are within -one of the provided CIDRs. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named PacketCaptureAPI Deployment init container’s resources. +If omitted, the PacketCaptureAPI Deployment will use its default value for this init container’s resources. |
(Appears on: -TyphaAffinity) +PacketCaptureAPIDeploymentPodTemplateSpec)
-NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available schedulers. +PacketCaptureAPIDeploymentPodSpec is the PacketCaptureAPI Deployment’s PodSpec.
-preferredDuringSchedulingIgnoredDuringExecution+ initContainers- -[]Kubernetes core/v1.PreferredSchedulingTerm + +[]PacketCaptureAPIDeploymentInitContainer @@ -18322,9 +18426,9 @@ NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available sc (Optional) -The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. +InitContainers is a list of PacketCaptureAPI init containers. +If specified, this overrides the specified PacketCaptureAPI Deployment init containers. +If omitted, the PacketCaptureAPI Deployment will use its default values for its init containers. |
@@ -18332,10 +18436,10 @@ a node that violates one or more of the expressions.
-requiredDuringSchedulingIgnoredDuringExecution+ containers- -Kubernetes core/v1.NodeSelector + +[]PacketCaptureAPIDeploymentContainer @@ -18344,33 +18448,24 @@ Kubernetes core/v1.NodeSelector (Optional) -WARNING: Please note that if the affinity requirements specified by this field are not met at -scheduling time, the pod will NOT be scheduled onto the node. -There is no fallback to another affinity rules with this setting. -This may cause networking disruption or even catastrophic failure! -PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity -unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and -you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. -NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, -to avoid scheduling Typhas on virtual-nodes. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node. +Containers is a list of PacketCaptureAPI containers. +If specified, this overrides the specified PacketCaptureAPI Deployment containers. +If omitted, the PacketCaptureAPI Deployment will use its default values for its containers. |
(Appears on: -Nodes) +PacketCaptureAPIDeploymentSpec)
-NodeSets defines configuration specific to each Elasticsearch Node Set +PacketCaptureAPIDeploymentPodTemplateSpec is the PacketCaptureAPI Deployment’s PodTemplateSpec
-selectionAttributes+ spec- -[]NodeSetSelectionAttribute + +PacketCaptureAPIDeploymentPodSpec |
+(Optional)
-SelectionAttributes defines K8s node attributes a NodeSet should use when setting the Node Affinity selectors and -Elasticsearch cluster awareness attributes for the Elasticsearch nodes. The list of SelectionAttributes are used -to define Node Affinities and set the node awareness configuration in the running Elasticsearch instance. +Spec is the PacketCaptureAPI Deployment’s PodSpec. ++ + |
(Appears on: -NodeSet) +PacketCaptureAPIDeployment)
-NodeSetSelectionAttribute defines a K8s node “attribute” the Elasticsearch nodes should be aware of. The “Name” and “Value” -are used together to set the “awareness” attributes in Elasticsearch, while the “NodeLabel” and “Value” are used together -to define Node Affinity for the Pods created for the Elasticsearch nodes. +PacketCaptureAPIDeploymentSpec defines configuration for the PacketCaptureAPI Deployment.
-name- -string - - - |
-- - | -
-
-nodeLabel+ template-string + +PacketCaptureAPIDeploymentPodTemplateSpec + |
- | -
-
-value- -string - - - |
-
+(Optional)
+ +Template describes the PacketCaptureAPI Deployment pod that will be created. + |
(Appears on: -LogStorageSpec) +PacketCaptureAPI)
-Nodes defines the configuration for a set of identical Elasticsearch cluster nodes, each of type master, data, and ingest. +PacketCaptureAPISpec defines configuration for the Packet Capture API.
-count+ packetCaptureAPIDeployment-int64 + +PacketCaptureAPIDeployment + |
+(Optional)
-Count defines the number of nodes in the Elasticsearch cluster. +PacketCaptureAPIDeployment configures the PacketCaptureAPI Deployment. |
+ +(Appears on: +PacketCaptureAPI) + +
++PacketCaptureAPIStatus defines the observed state of the Packet Capture API. +
+| Field | +Description | +
|---|---|
-nodeSets+ state- -[]NodeSet - +string |
-(Optional)
-NodeSets defines configuration specific to each Elasticsearch Node Set +State provides user-readable status. |
@@ -18522,10 +18619,10 @@ NodeSets defines configuration specific to each Elasticsearch Node Set
-resourceRequirements+ conditions- -Kubernetes core/v1.ResourceRequirements + +[]Kubernetes meta/v1.Condition @@ -18534,40 +18631,14 @@ Kubernetes core/v1.ResourceRequirements (Optional) -ResourceRequirements defines the resource limits and requirements for the Elasticsearch cluster. +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. |
string alias)- -(Appears on: -InstallationSpec) - -
--NonPrivilegedType specifies whether Calico runs as permissioned or not -
--One of: Enabled, Disabled -
-string alias)- -(Appears on: -AuthenticationOIDC) - -
--OIDCType defines how OIDC is configured for Tigera Enterprise. Dex should be the best option for most use-cases. -The Tigera option can help in specific use-cases, for instance, when you are unable to configure a client secret. -One of: Dex, Tigera -
@@ -19585,6 +19656,7 @@ string
WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -313,6 +313,7 @@ ApplicationLayerStatusWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -6392,7 +6398,7 @@ int32 (Optional)-BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)
@@ -7275,7 +7281,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion.
diff --git a/calico_versioned_docs/version-3.26/reference/installation/_api.mdx b/calico_versioned_docs/version-3.26/reference/installation/_api.mdx index a05c28c5a9..903100d710 100644 --- a/calico_versioned_docs/version-3.26/reference/installation/_api.mdx +++ b/calico_versioned_docs/version-3.26/reference/installation/_api.mdx @@ -232,7 +232,7 @@ WAFStatusTypeWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -311,6 +311,7 @@ ApplicationLayerStatusWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -5735,7 +5740,7 @@ int32 (Optional)-BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)
@@ -6502,7 +6507,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion.
diff --git a/calico_versioned_docs/version-3.27/reference/installation/_api.mdx b/calico_versioned_docs/version-3.27/reference/installation/_api.mdx index b2b524aa81..c2aa0c644d 100644 --- a/calico_versioned_docs/version-3.27/reference/installation/_api.mdx +++ b/calico_versioned_docs/version-3.27/reference/installation/_api.mdx @@ -234,7 +234,7 @@ WAFStatusTypeWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -313,6 +313,7 @@ ApplicationLayerStatusWebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -5481,6 +5487,24 @@ If specified, this overrides any tolerations that may be set on the EGW Deployme If omitted, the EGW Deployment will use its default value for tolerations. + + +priorityClassName+PriorityClassName allows to specify a PriorityClass resource to be used. +
+-BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)
@@ -7275,7 +7299,7 @@ int32MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +configured value, or based on Calico’s native auto-detetion.
@@ -8011,7 +8035,7 @@ One of: None, Login, Consent, SelectAccount.Provider represents a particular provider or flavor of Kubernetes. Valid options -are: EKS, GKE, AKS, RKE2, OpenShift, DockerEnterprise. +are: EKS, GKE, AKS, RKE2, OpenShift, DockerEnterprise, TKG.
string alias)WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity.
@@ -295,6 +301,26 @@ EnvoySettings User-configurable settings for the Envoy proxy. + + +l7LogCollectorDaemonSet+L7LogCollectorDaemonSet configures the L7LogCollector DaemonSet. +
+externalPrometheus+ExternalPrometheus optionally configures integration with an external Prometheus for scraping Calico metrics. When +specified, the operator will render resources in the defined namespace. This option can be useful for configuring +scraping from git-ops tools without the need of post-installation steps. +
+ +prometheus+Prometheus is the configuration for the Prometheus. +
+ +alertManager+AlertManager is the configuration for the AlertManager. +
+-PolicyRecommendation is the Schema for the policy recommendation API. At most one instance -of this resource is supported. It must be named “tigera-secure”. +PacketCaptureAPI is used to configure the resource requirement for PacketCaptureAPI deployment. It must be named “tigera-secure”.
-PolicyRecommendation
+PacketCaptureAPI
|
|
|
+ +Specification of the desired state for the PacketCaptureAPI. + | |
+packetCaptureAPIDeployment+ + +PacketCaptureAPIDeployment + + + + |
+
+
+(Optional)
+ +PacketCaptureAPIDeployment configures the PacketCaptureAPI Deployment. + + |
+
status+Most recently observed state for the PacketCaptureAPI. +
+-Tenant is the Schema for the tenants API +PolicyRecommendation is the Schema for the policy recommendation API. At most one instance +of this resource is supported. It must be named “tigera-secure”.
-Tenant
+PolicyRecommendation
|
||||||||||
-id- -string - - - |
-
-
- -ID is the unique identifier for this tenant. - - - |
-|
-
-indices+ policyRecommendationDeployment- -[]Index + +PolicyRecommendationDeployment |
+(Optional)
-Indices defines the how to store a tenant’s data +PolicyRecommendation configures the PolicyRecommendation Deployment. |
@@ -1681,22 +1778,20 @@ Indices defines the how to store a tenant’s data
+ |
-TigeraStatus represents the most recently observed status for Calico or a Calico Enterprise functional area. -
+
-TigeraStatus
+TLSPassThroughRoute
|
|
|
+ +Dest is the destination URL + | |
+target+ + +TargetType + + + + |
++ |
-status+ sniMatch- -TigeraStatusStatus + +SNIMatch |
+ +SNIMatch is used to match requests based on the server name for the intended destination server. Matching requests +will be proxied to the Destination. + + |
+
destination-APIServerDeployment is the configuration for the API server Deployment. +Destination is the destination url to proxy the request to.
+ +
+apiVersion+string + |
+
+
+
+operator.tigera.io/v1
+
+
+ |
+
+
+kind+string + + |
+
+TLSTerminatedRoute
+ |
+
+
metadata- -Metadata + +Kubernetes meta/v1.ObjectMeta |
-(Optional)
- -Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment. - +Refer to the Kubernetes API documentation for the fields of the +metadata field.
|
-(Optional)
- -Spec is the specification of the API server Deployment. - |
+target+ + +TargetType + + |
-
+
-APIServerDeploymentContainer is an API server Deployment container. -
-| Field | -Description | +
|---|---|
-name+ pathMatch-string + +PathMatch + |
-Name is an enum which identifies the API server Deployment container by name. +PathMatch is used to match requests based on what’s in the path. Matching requests will be proxied to the Destination +defined in this structure. |
@@ -1887,59 +2025,57 @@ Name is an enum which identifies the API server Deployment container by name.
-resources+ destination- -Kubernetes core/v1.ResourceRequirements - +string |
-(Optional)
-Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named API server Deployment container’s resources. -If omitted, the API server Deployment will use its default value for this container’s resources. -If used in conjunction with the deprecated ComponentResources, then this value takes precedence. +Destination is the destination URL where matching traffic is routed to. |
+
caBundle-APIServerDeploymentInitContainer is an API server Deployment init container. +CABundle is where we read the CA bundle from to authenticate the +destination (if non-empty)
-| Field | -Description | + +
|---|---|
-name+ mtlsCert-string + +Kubernetes core/v1.SecretKeySelector + |
+(Optional)
-Name is an enum which identifies the API server Deployment init container by name. +ForwardingMTLSCert is the certificate used for mTLS between voltron and the destination. Either both ForwardingMTLSCert +and ForwardingMTLSKey must be specified, or neither can be specified. |
@@ -1947,10 +2083,10 @@ Name is an enum which identifies the API server Deployment init container by nam
-resources+ mtlsKey- -Kubernetes core/v1.ResourceRequirements + +Kubernetes core/v1.SecretKeySelector @@ -1959,24 +2095,39 @@ Kubernetes core/v1.ResourceRequirements (Optional) -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named API server Deployment init container’s resources. -If omitted, the API server Deployment will use its default value for this init container’s resources. +ForwardingMTLSKey is the key used for mTLS between voltron and the destination. Either both ForwardingMTLSCert +and ForwardingMTLSKey must be specified, or neither can be specified. |
+
unauthenticated+Unauthenticated says whether the request should go through authentication. This is only applicable if the Target +is UI.
+ +-APIServerDeploymentDeploymentPodSpec is the API server Deployment’s PodSpec. +Tenant is the Schema for the tenants API
-initContainers- - -[]APIServerDeploymentInitContainer - - + apiVersion+string + |
+
+
+
+operator.tigera.io/v1
+
|
+|||||||||||||||||
|
-(Optional)
- -InitContainers is a list of API server init containers. -If specified, this overrides the specified API server Deployment init containers. -If omitted, the API server Deployment will use its default values for its init containers. - +kind+string + |
+
+Tenant
|
|||||||||||||||||
-containers+ metadata- -[]APIServerDeploymentContainer + +Kubernetes meta/v1.ObjectMeta |
-(Optional)
- -Containers is a list of API server containers. -If specified, this overrides the specified API server Deployment containers. -If omitted, the API server Deployment will use its default values for its containers. - +Refer to the Kubernetes API documentation for the fields of the +metadata field.
|
|||||||||||||||||
-affinity+ spec- -Kubernetes core/v1.Affinity + +TenantSpec |
-(Optional)
+ + +
APIServerDeploymentPodTemplateSpec-- -(Appears on: -APIServerDeploymentSpec) - - --APIServerDeploymentPodTemplateSpec is the API server Deployment’s PodTemplateSpec - -
APIServerDeploymentSpec-- -(Appears on: -APIServerDeployment) - - --APIServerDeploymentSpec defines configuration for the API server Deployment. - -
|
|||||||||||||||||
-template+ status- -APIServerDeploymentPodTemplateSpec + +TenantStatus |
-(Optional)
- -Template describes the API server Deployment pod that will be created. - |
- -(Appears on: -APIServer) - -
--APIServerSpec defines the desired state of Tigera API server. +TigeraStatus represents the most recently observed status for Calico or a Calico Enterprise functional area.
-apiServerDeployment+ apiVersion+string + |
+
+
+
+operator.tigera.io/v1
+
+
+ |
+
+
+kind+string + + |
+
+TigeraStatus
+ |
+
+
+metadata- -APIServerDeployment + +Kubernetes meta/v1.ObjectMeta + + + + |
+
+
+Refer to the Kubernetes API documentation for the fields of the
+metadata field.
+
+ |
+
+
+spec+ + +TigeraStatusSpec + + + + |
+
+
+ + + |
+
+
+status+ + +TigeraStatusStatus |
- -APIServerDeployment configures the calico-apiserver (or tigera-apiserver in Enterprise) Deployment. If -used in conjunction with ControlPlaneNodeSelector or ControlPlaneTolerations, then these overrides -take precedence. - |
(Appears on: -APIServer) +APIServerSpec)
-APIServerStatus defines the observed state of Tigera API server. +APIServerDeployment is the configuration for the API server Deployment.
-state+ metadata-string + +Metadata + |
+(Optional)
-State provides user-readable status. +Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment. |
@@ -2329,10 +2480,10 @@ State provides user-readable status.
-conditions+ spec- -[]Kubernetes meta/v1.Condition + +APIServerDeploymentSpec @@ -2341,23 +2492,26 @@ State provides user-readable status. (Optional) -Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. +Spec is the specification of the API server Deployment. ++ + |
(Appears on: -EgressGatewaySpec) +APIServerDeploymentPodSpec)
-AWSEgressGateway defines the configurations for deploying EgressGateway in AWS +APIServerDeploymentContainer is an API server Deployment container.
-nativeIP+ name- -NativeIP - +string |
-(Optional)
-NativeIP defines if EgressGateway is to use an AWS backed IPPool. -Default: Disabled +Name is an enum which identifies the API server Deployment container by name. +Supported values are: calico-apiserver, tigera-queryserver |
@@ -2391,9 +2542,11 @@ Default: Disabled
-elasticIPs+ resources-[]string + +Kubernetes core/v1.ResourceRequirements + |
@@ -2401,15 +2554,26 @@ Default: Disabled
(Optional)
+ +(Appears on: +APIServerDeploymentPodSpec) + +
++APIServerDeploymentInitContainer is an API server Deployment init container. +
-storageClassName+ namestring @@ -2429,32 +2593,46 @@ string |
-(Optional)
-StorageClassName is now deprecated, and configuring it has no effect. +Name is an enum which identifies the API server Deployment init container by name. +Supported values are: calico-apiserver-certs-key-cert-provisioner |
string alias)+
resources+Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named API server Deployment init container’s resources. +If omitted, the API server Deployment will use its default value for this init container’s resources.
-(Appears on: -ApplicationLayer) +APIServerDeploymentPodTemplateSpec)
-ApplicationLayerSpec defines the desired state of ApplicationLayer +APIServerDeploymentDeploymentPodSpec is the API server Deployment’s PodSpec.
-webApplicationFirewall+ initContainers- -WAFStatusType + +[]APIServerDeploymentInitContainer |
+(Optional)
-WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. -When enabled, Services may opt-in to having ingress traffic examined by ModSecurity. +InitContainers is a list of API server init containers. +If specified, this overrides the specified API server Deployment init containers. +If omitted, the API server Deployment will use its default values for its init containers. |
@@ -2487,18 +2667,21 @@ When enabled, Services may opt-in to having ingress traffic examined by ModSecur
-logCollection+ containers- -LogCollectionSpec + +[]APIServerDeploymentContainer |
+(Optional)
-Specification for application layer (L7) log collection. +Containers is a list of API server containers. +If specified, this overrides the specified API server Deployment containers. +If omitted, the API server Deployment will use its default values for its containers. |
@@ -2506,19 +2689,22 @@ Specification for application layer (L7) log collection.
-applicationLayerPolicy+ affinity- -ApplicationLayerPolicyStatusType + +Kubernetes core/v1.Affinity |
+(Optional)
-Application Layer Policy controls whether or not ALP enforcement is enabled for the cluster. -When enabled, NetworkPolicies with HTTP Match rules may be defined to opt-in workloads for traffic enforcement on the application layer. +Affinity is a group of affinity scheduling rules for the API server pods. +If specified, this overrides any affinity that may be set on the API server Deployment. +If omitted, the API server Deployment will use its default value for affinity. +WARNING: Please note that this field will override the default API server Deployment affinity. |
@@ -2526,55 +2712,45 @@ When enabled, NetworkPolicies with HTTP Match rules may be defined to opt-in wor
-envoy+ nodeSelector- -EnvoySettings - +map[string]string |
-User-configurable settings for the Envoy proxy. +NodeSelector is the API server pod’s scheduling constraints. +If specified, each of the key/value pairs are added to the API server Deployment nodeSelector provided +the key does not already exist in the object’s nodeSelector. +If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the API server Deployment +and each of this field’s key/value pairs are added to the API server Deployment nodeSelector provided +the key does not already exist in the object’s nodeSelector. +If omitted, the API server Deployment will use its default value for nodeSelector. +WARNING: Please note that this field will modify the default API server Deployment nodeSelector. |
- -(Appears on: -ApplicationLayer) - -
--ApplicationLayerStatus defines the observed state of ApplicationLayer -
-| Field | -Description | -
|---|---|
-state+ topologySpreadConstraints-string - - + +[]Kubernetes core/v1.TopologySpreadConstraint + + + |
+(Optional)
-State provides user-readable status. +TopologySpreadConstraints describes how a group of pods ought to spread across topology +domains. Scheduler will schedule pods in a way which abides by the constraints. +All topologySpreadConstraints are ANDed. |
@@ -2582,10 +2758,10 @@ State provides user-readable status.
-conditions+ tolerations- -[]Kubernetes meta/v1.Condition + +[]Kubernetes core/v1.Toleration @@ -2594,42 +2770,25 @@ State provides user-readable status. (Optional) -Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. +Tolerations is the API server pod’s tolerations. +If specified, this overrides any tolerations that may be set on the API server Deployment. +If omitted, the API server Deployment will use its default value for tolerations. +WARNING: Please note that this field will override the default API server Deployment tolerations. |
string alias)(Appears on: -CalicoNetworkSpec) +APIServerDeploymentSpec)
-BGPOption describes the mode of BGP to use. -
--One of: Enabled, Disabled -
-string alias)-CAType specifies which verification method the tunnel client should use to verify the tunnel server’s identity. -
--One of: Tigera, Public -
-- -(Appears on: -Logging) - +APIServerDeploymentPodTemplateSpec is the API server Deployment’s PodTemplateSpec
-logSeverity+ metadata- -LogLevel + +Metadata @@ -2654,7 +2813,8 @@ LogLevel (Optional) -Default: Info +Metadata is a subset of a Kubernetes object’s metadata that is added to +the pod’s metadata. |
@@ -2662,9 +2822,11 @@ Default: Info
-logFileMaxSize+ spec-k8s.io/apimachinery/pkg/api/resource.Quantity + +APIServerDeploymentPodSpec + |
@@ -2672,17 +2834,41 @@ k8s.io/apimachinery/pkg/api/resource.Quantity
(Optional)
+ +(Appears on: +APIServerDeployment) + +
++APIServerDeploymentSpec defines configuration for the API server Deployment. +
+| Field | +Description | +
|---|---|
-logFileMaxAgeDays+ minReadySeconds-uint32 +int32 |
@@ -2690,7 +2876,10 @@ uint32
(Optional)
|
-logFileMaxCount+ template-uint32 + +APIServerDeploymentPodTemplateSpec + |
@@ -2708,36 +2899,22 @@ uint32
(Optional)
string alias)- -(Appears on: -CNISpec) - -
--CNIPluginType describes the type of CNI plugin used. -
--One of: Calico, GKE, AmazonVPC, AzureVNET -
-(Appears on: -InstallationSpec) +APIServer)
-CNISpec contains configuration for the CNI plugin. +APIServerSpec defines the desired state of Tigera API server.
-type- - -CNIPluginType - - - - |
-
-
- -Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation. -* For KubernetesProvider GKE, this field defaults to GKE. -* For KubernetesProvider AKS, this field defaults to AzureVNET. -* For KubernetesProvider EKS, this field defaults to AmazonVPC. -* If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC. -* For all other cases this field defaults to Calico. - --For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment, -for all other values the CNI plugin binaries and CNI config is a dependency that is expected -to be installed separately. - --Default: Calico - - - |
-
-
-ipam+ apiServerDeployment- -IPAMSpec + +APIServerDeployment |
-(Optional)
-IPAM specifies the pod IP address management that will be used in the Calico or -Calico Enterprise installation. +APIServerDeployment configures the calico-apiserver (or tigera-apiserver in Enterprise) Deployment. If +used in conjunction with ControlPlaneNodeSelector or ControlPlaneTolerations, then these overrides +take precedence. |
(Appears on: -InstallationSpec) +APIServer)
-CSINodeDriverDaemonSet is the configuration for the csi-node-driver DaemonSet. +APIServerStatus defines the observed state of Tigera API server.
-metadata+ state- -Metadata - +string |
-(Optional)
-Metadata is a subset of a Kubernetes object’s metadata that is added to the DaemonSet. +State provides user-readable status. |
@@ -2843,10 +2985,10 @@ Metadata is a subset of a Kubernetes object’s metadata that is added to th
-spec+ conditions- -CSINodeDriverDaemonSetSpec + +[]Kubernetes meta/v1.Condition @@ -2855,26 +2997,23 @@ CSINodeDriverDaemonSetSpec (Optional) -Spec is the specification of the csi-node-driver DaemonSet. +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. -- - |
(Appears on: -CSINodeDriverDaemonSetPodSpec) +EgressGatewaySpec)
-CSINodeDriverDaemonSetContainer is a csi-node-driver DaemonSet container. +AWSEgressGateway defines the configurations for deploying EgressGateway in AWS
-name+ nativeIP-string + +NativeIP + |
+(Optional)
-Name is an enum which identifies the csi-node-driver DaemonSet container by name. +NativeIP defines if EgressGateway is to use an AWS backed IPPool. +Default: Disabled |
@@ -2904,11 +3047,9 @@ Name is an enum which identifies the csi-node-driver DaemonSet container by name
-resources+ elasticIPs- -Kubernetes core/v1.ResourceRequirements - +[]string |
@@ -2916,25 +3057,15 @@ Kubernetes core/v1.ResourceRequirements
(Optional)
- -(Appears on: -CSINodeDriverDaemonSetPodTemplateSpec) - -
--CSINodeDriverDaemonSetPodSpec is the csi-node-driver DaemonSet’s PodSpec. -
+
-containers+ storageClassName- -[]CSINodeDriverDaemonSetContainer - +string |
@@ -2958,32 +3087,55 @@ CSINodeDriverDaemonSetPodSpec is the csi-node-driver DaemonSet’s PodSpec.
(Optional)
| + + |
string alias)
-affinity
-
-
-Kubernetes core/v1.Affinity
+(Appears on:
+ApplicationLayerSpec)
+
+
+ +(Appears on: +ApplicationLayer) + +
++ApplicationLayerSpec defines the desired state of ApplicationLayer +
+| Field | +Description | +
|---|---|
+
+webApplicationFirewall+ + +WAFStatusType |
-(Optional)
-Affinity is a group of affinity scheduling rules for the csi-node-driver pods. -If specified, this overrides any affinity that may be set on the csi-node-driver DaemonSet. -If omitted, the csi-node-driver DaemonSet will use its default value for affinity. -WARNING: Please note that this field will override the default csi-node-driver DaemonSet affinity. +WebApplicationFirewall controls whether or not ModSecurity enforcement is enabled for the cluster. +When enabled, Services may opt-in to having ingress traffic examed by ModSecurity. |
@@ -2991,21 +3143,18 @@ WARNING: Please note that this field will override the default csi-node-driver D
-nodeSelector+ logCollection-map[string]string + +LogCollectionSpec + |
-(Optional)
-NodeSelector is the csi-node-driver pod’s scheduling constraints. -If specified, each of the key/value pairs are added to the csi-node-driver DaemonSet nodeSelector provided -the key does not already exist in the object’s nodeSelector. -If omitted, the csi-node-driver DaemonSet will use its default value for nodeSelector. -WARNING: Please note that this field will modify the default csi-node-driver DaemonSet nodeSelector. +Specification for application layer (L7) log collection. |
@@ -3013,63 +3162,38 @@ WARNING: Please note that this field will modify the default csi-node-driver Dae
-tolerations+ applicationLayerPolicy- -[]Kubernetes core/v1.Toleration + +ApplicationLayerPolicyStatusType |
-(Optional)
-Tolerations is the csi-node-driver pod’s tolerations. -If specified, this overrides any tolerations that may be set on the csi-node-driver DaemonSet. -If omitted, the csi-node-driver DaemonSet will use its default value for tolerations. -WARNING: Please note that this field will override the default csi-node-driver DaemonSet tolerations. +Application Layer Policy controls whether or not ALP enforcement is enabled for the cluster. +When enabled, NetworkPolicies with HTTP Match rules may be defined to opt-in workloads for traffic enforcement on the application layer. |
- -(Appears on: -CSINodeDriverDaemonSetSpec) - -
--CSINodeDriverDaemonSetPodTemplateSpec is the csi-node-driver DaemonSet’s PodTemplateSpec -
-| Field | -Description | -
|---|---|
-metadata+ envoy- -Metadata + +EnvoySettings |
-(Optional)
-Metadata is a subset of a Kubernetes object’s metadata that is added to -the pod’s metadata. +User-configurable settings for the Envoy proxy. |
@@ -3077,10 +3201,10 @@ the pod’s metadata.
-spec+ l7LogCollectorDaemonSet- -CSINodeDriverDaemonSetPodSpec + +L7LogCollectorDaemonSet @@ -3089,26 +3213,22 @@ CSINodeDriverDaemonSetPodSpec (Optional) -Spec is the csi-node-driver DaemonSet’s PodSpec. +L7LogCollectorDaemonSet configures the L7LogCollector DaemonSet. -- - |
(Appears on: -CSINodeDriverDaemonSet) +ApplicationLayer)
-CSINodeDriverDaemonSetSpec defines configuration for the csi-node-driver DaemonSet. +ApplicationLayerStatus defines the observed state of ApplicationLayer
-minReadySeconds+ state-int32 +string |
-(Optional)
-MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should -be ready without any of its container crashing, for it to be considered available. -If specified, this overrides any minReadySeconds value that may be set on the csi-node-driver DaemonSet. -If omitted, the csi-node-driver DaemonSet will use its default value for minReadySeconds. +State provides user-readable status. |
@@ -3142,10 +3258,10 @@ If omitted, the csi-node-driver DaemonSet will use its default value for minRead
-template+ conditions- -CSINodeDriverDaemonSetPodTemplateSpec + +[]Kubernetes meta/v1.Condition @@ -3154,22 +3270,42 @@ CSINodeDriverDaemonSetPodTemplateSpec (Optional) -Template describes the csi-node-driver DaemonSet pod that will be created. +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. |
string alias)(Appears on: -InstallationSpec) +CalicoNetworkSpec)
-CalicoKubeControllersDeployment is the configuration for the calico-kube-controllers Deployment. +BGPOption describes the mode of BGP to use. +
++One of: Enabled, Disabled +
+string alias)+CAType specifies which verification method the tunnel client should use to verify the tunnel server’s identity. +
++One of: Tigera, Public +
++ +(Appears on: +Logging) +
-metadata+ logSeverity- -Metadata + +LogLevel @@ -3194,7 +3330,7 @@ Metadata (Optional) -Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment. +Default: Info |
@@ -3202,11 +3338,9 @@ Metadata is a subset of a Kubernetes object’s metadata that is added to th
-spec+ logFileMaxSize- -CalicoKubeControllersDeploymentSpec - +k8s.io/apimachinery/pkg/api/resource.Quantity |
@@ -3214,48 +3348,25 @@ CalicoKubeControllersDeploymentSpec
(Optional)
- -(Appears on: -CalicoKubeControllersDeploymentPodSpec) - -
--CalicoKubeControllersDeploymentContainer is a calico-kube-controllers Deployment container. -
-| Field | -Description | -
|---|---|
-name+ logFileMaxAgeDays-string +uint32 |
+(Optional)
-Name is an enum which identifies the calico-kube-controllers Deployment container by name. +Default: 30 (days) |
@@ -3263,11 +3374,9 @@ Name is an enum which identifies the calico-kube-controllers Deployment containe
-resources+ logFileMaxCount- -Kubernetes core/v1.ResourceRequirements - +uint32 |
@@ -3275,25 +3384,36 @@ Kubernetes core/v1.ResourceRequirements
(Optional)
string alias)(Appears on: -CalicoKubeControllersDeploymentPodTemplateSpec) +CNISpec)
-CalicoKubeControllersDeploymentPodSpec is the calico-kube-controller Deployment’s PodSpec. +CNIPluginType describes the type of CNI plugin used. +
++One of: Calico, GKE, AmazonVPC, AzureVNET +
++ +(Appears on: +InstallationSpec) + +
++CNISpec contains configuration for the CNI plugin.
-containers+ type- -[]CalicoKubeControllersDeploymentContainer + +CNIPluginType |
-(Optional)
-Containers is a list of calico-kube-controllers containers. -If specified, this overrides the specified calico-kube-controllers Deployment containers. -If omitted, the calico-kube-controllers Deployment will use its default values for its containers. +Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation. +* For KubernetesProvider GKE, this field defaults to GKE. +* For KubernetesProvider AKS, this field defaults to AzureVNET. +* For KubernetesProvider EKS, this field defaults to AmazonVPC. +* If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC. +* For all other cases this field defaults to Calico. + ++For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment, +for all other values the CNI plugin binaries and CNI config is a dependency that is expected +to be installed separately. + ++Default: Calico |
@@ -3328,57 +3458,10 @@ If omitted, the calico-kube-controllers Deployment will use its default values f
-affinity+ ipam- -Kubernetes core/v1.Affinity - - - - |
-
-
-(Optional)
- -Affinity is a group of affinity scheduling rules for the calico-kube-controllers pods. -If specified, this overrides any affinity that may be set on the calico-kube-controllers Deployment. -If omitted, the calico-kube-controllers Deployment will use its default value for affinity. -WARNING: Please note that this field will override the default calico-kube-controllers Deployment affinity. - - - |
-
-
-nodeSelector- -map[string]string - - - |
-
-
- -NodeSelector is the calico-kube-controllers pod’s scheduling constraints. -If specified, each of the key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided -the key does not already exist in the object’s nodeSelector. -If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-kube-controllers Deployment -and each of this field’s key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided -the key does not already exist in the object’s nodeSelector. -If omitted, the calico-kube-controllers Deployment will use its default value for nodeSelector. -WARNING: Please note that this field will modify the default calico-kube-controllers Deployment nodeSelector. - - - |
-
-
-tolerations- - -[]Kubernetes core/v1.Toleration + +IPAMSpec @@ -3387,25 +3470,23 @@ WARNING: Please note that this field will modify the default calico-kube-control (Optional) -Tolerations is the calico-kube-controllers pod’s tolerations. -If specified, this overrides any tolerations that may be set on the calico-kube-controllers Deployment. -If omitted, the calico-kube-controllers Deployment will use its default value for tolerations. -WARNING: Please note that this field will override the default calico-kube-controllers Deployment tolerations. +IPAM specifies the pod IP address management that will be used in the Calico or +Calico Enterprise installation. |
(Appears on: -CalicoKubeControllersDeploymentSpec) +InstallationSpec)
-CalicoKubeControllersDeploymentPodTemplateSpec is the calico-kube-controllers Deployment’s PodTemplateSpec +CSINodeDriverDaemonSet is the configuration for the csi-node-driver DaemonSet.
(Appears on: -CalicoKubeControllersDeployment) +CSINodeDriverDaemonSetPodSpec)
-CalicoKubeControllersDeploymentSpec defines configuration for the calico-kube-controllers Deployment. +CSINodeDriverDaemonSetContainer is a csi-node-driver DaemonSet container.
-minReadySeconds+ name-int32 +string |
-(Optional)
-MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should -be ready without any of its container crashing, for it to be considered available. -If specified, this overrides any minReadySeconds value that may be set on the calico-kube-controllers Deployment. -If omitted, the calico-kube-controllers Deployment will use its default value for minReadySeconds. +Name is an enum which identifies the csi-node-driver DaemonSet container by name. +Supported values are: calico-csi, csi-node-driver-registrar. |
@@ -3504,10 +3581,10 @@ If omitted, the calico-kube-controllers Deployment will use its default value fo
-template+ resources- -CalicoKubeControllersDeploymentPodTemplateSpec + +Kubernetes core/v1.ResourceRequirements @@ -3516,22 +3593,24 @@ CalicoKubeControllersDeploymentPodTemplateSpec (Optional) -Template describes the calico-kube-controllers Deployment pod that will be created. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named csi-node-driver DaemonSet container’s resources. +If omitted, the csi-node-driver DaemonSet will use its default value for this container’s resources. |
(Appears on: -InstallationSpec) +CSINodeDriverDaemonSetPodTemplateSpec)
-CalicoNetworkSpec specifies configuration options for Calico provided pod networking. +CSINodeDriverDaemonSetPodSpec is the csi-node-driver DaemonSet’s PodSpec.
-linuxDataplane+ containers- -LinuxDataplaneOption + +[]CSINodeDriverDaemonSetContainer @@ -3556,10 +3635,9 @@ LinuxDataplaneOption (Optional) -LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it -causes the operator to add required mounts and environment variables for the particular dataplane. -If not specified, iptables mode is used. -Default: Iptables +Containers is a list of csi-node-driver containers. +If specified, this overrides the specified csi-node-driver DaemonSet containers. +If omitted, the csi-node-driver DaemonSet will use its default values for its containers. |
@@ -3567,10 +3645,10 @@ Default: Iptables
-windowsDataplane+ affinity- -WindowsDataplaneOption + +Kubernetes core/v1.Affinity @@ -3579,10 +3657,10 @@ WindowsDataplaneOption (Optional) -WindowsDataplane is used to select the dataplane used for Windows nodes. In particular, it -causes the operator to add required mounts and environment variables for the particular dataplane. -If not specified, it is disabled and the operator will not render the Calico Windows nodes daemonset. -Default: Disabled +Affinity is a group of affinity scheduling rules for the csi-node-driver pods. +If specified, this overrides any affinity that may be set on the csi-node-driver DaemonSet. +If omitted, the csi-node-driver DaemonSet will use its default value for affinity. +WARNING: Please note that this field will override the default csi-node-driver DaemonSet affinity. |
@@ -3590,11 +3668,9 @@ Default: Disabled
-bgp+ nodeSelector- -BGPOption - +map[string]string |
@@ -3602,7 +3678,11 @@ BGPOption
(Optional)
-ipPools+ tolerations- -[]IPPool + +[]Kubernetes core/v1.Toleration @@ -3622,38 +3702,41 @@ BGP configures whether or not to enable Calico’s BGP capabilities. (Optional) -IPPools contains a list of IP pools to create if none exist. At most one IP pool of each -address family may be specified. If omitted, a single pool will be configured if needed. +Tolerations is the csi-node-driver pod’s tolerations. +If specified, this overrides any tolerations that may be set on the csi-node-driver DaemonSet. +If omitted, the csi-node-driver DaemonSet will use its default value for tolerations. +WARNING: Please note that this field will override the default csi-node-driver DaemonSet tolerations. |
-
-mtu- -int32 - + + |
- -
-MTU specifies the maximum transmission unit to use on the pod network. -If not specified, Calico will perform MTU auto-detection based on the cluster network. +CSINodeDriverDaemonSetPodTemplateSpec is the csi-node-driver DaemonSet’s PodTemplateSpec
- -| Field | +Description |
|---|---|
-nodeAddressAutodetectionV4+ metadata- -NodeAddressAutodetection + +Metadata @@ -3662,8 +3745,8 @@ NodeAddressAutodetection (Optional) -NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified, -will use default auto-detection settings to acquire an IPv4 address for each node. +Metadata is a subset of a Kubernetes object’s metadata that is added to +the pod’s metadata. |
@@ -3671,10 +3754,10 @@ will use default auto-detection settings to acquire an IPv4 address for each nod
|
-nodeAddressAutodetectionV6+ spec- -NodeAddressAutodetection + +CSINodeDriverDaemonSetPodSpec @@ -3683,41 +3766,41 @@ NodeAddressAutodetection (Optional) -NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified, -IPv6 addresses will not be auto-detected. +Spec is the csi-node-driver DaemonSet’s PodSpec. ++ + |
|
-
-hostPorts- - -HostPortsType - - + |
- -
-HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin. -Default: Enabled +CSINodeDriverDaemonSetSpec defines configuration for the csi-node-driver DaemonSet.
- -| Field | +Description |
|---|---|
-multiInterfaceMode+ minReadySeconds- -MultiInterfaceMode - +int32 |
@@ -3725,9 +3808,10 @@ MultiInterfaceMode
(Optional)
|
-containerIPForwarding+ template- -ContainerIPForwardingType + +CSINodeDriverDaemonSetPodTemplateSpec @@ -3747,15 +3831,14 @@ ContainerIPForwardingType (Optional) -ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration. -Default: Disabled +Template describes the csi-node-driver DaemonSet pod that will be created. |
(Appears on: @@ -3763,7 +3846,7 @@ Default: Disabled
-CalicoNodeDaemonSet is the configuration for the calico-node DaemonSet. +CalicoKubeControllersDeployment is the configuration for the calico-kube-controllers Deployment.
- -(Appears on: -CalicoNodeDaemonSetPodSpec) - -
--CalicoNodeDaemonSetContainer is a calico-node DaemonSet container. -
-| Field | -Description | -
|---|---|
-
-name- -string - - - |
-
-
- -Name is an enum which identifies the calico-node DaemonSet container by name. - - - |
-
-
-resources- - -Kubernetes core/v1.ResourceRequirements - - - - |
-
-
-(Optional)
- -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named calico-node DaemonSet container’s resources. -If omitted, the calico-node DaemonSet will use its default value for this container’s resources. -If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - - - |
-
(Appears on: -CalicoNodeDaemonSetPodSpec) +CalicoKubeControllersDeploymentPodSpec)
-CalicoNodeDaemonSetInitContainer is a calico-node DaemonSet init container. +CalicoKubeControllersDeploymentContainer is a calico-kube-controllers Deployment container.
|
-Name is an enum which identifies the calico-node DaemonSet init container by name. +Name is an enum which identifies the calico-kube-controllers Deployment container by name. +Supported values are: calico-kube-controllers |
@@ -3930,8 +3954,8 @@ Kubernetes core/v1.ResourceRequirements
(Optional)
(Appears on: -CalicoNodeDaemonSetPodTemplateSpec) +CalicoKubeControllersDeploymentPodTemplateSpec)
-CalicoNodeDaemonSetPodSpec is the calico-node DaemonSet’s PodSpec. +CalicoKubeControllersDeploymentPodSpec is the calico-kube-controller Deployment’s PodSpec.
-initContainers- - -[]CalicoNodeDaemonSetInitContainer - - - - |
-
-
-(Optional)
- -InitContainers is a list of calico-node init containers. -If specified, this overrides the specified calico-node DaemonSet init containers. -If omitted, the calico-node DaemonSet will use its default values for its init containers. - - - |
-
-
containers- -[]CalicoNodeDaemonSetContainer + +[]CalicoKubeControllersDeploymentContainer @@ -3994,9 +3996,9 @@ If omitted, the calico-node DaemonSet will use its default values for its init c (Optional) -Containers is a list of calico-node containers. -If specified, this overrides the specified calico-node DaemonSet containers. -If omitted, the calico-node DaemonSet will use its default values for its containers. +Containers is a list of calico-kube-controllers containers. +If specified, this overrides the specified calico-kube-controllers Deployment containers. +If omitted, the calico-kube-controllers Deployment will use its default values for its containers. |
@@ -4016,10 +4018,10 @@ Kubernetes core/v1.Affinity
(Optional)
-(Optional)
-NodeSelector is the calico-node pod’s scheduling constraints. -If specified, each of the key/value pairs are added to the calico-node DaemonSet nodeSelector provided +NodeSelector is the calico-kube-controllers pod’s scheduling constraints. +If specified, each of the key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. -If omitted, the calico-node DaemonSet will use its default value for nodeSelector. -WARNING: Please note that this field will modify the default calico-node DaemonSet nodeSelector. +If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the calico-kube-controllers Deployment +and each of this field’s key/value pairs are added to the calico-kube-controllers Deployment nodeSelector provided +the key does not already exist in the object’s nodeSelector. +If omitted, the calico-kube-controllers Deployment will use its default value for nodeSelector. +WARNING: Please note that this field will modify the default calico-kube-controllers Deployment nodeSelector. |
@@ -4061,25 +4065,25 @@ WARNING: Please note that this field will modify the default calico-node DaemonS
(Optional)
(Appears on: -CalicoNodeDaemonSetSpec) +CalicoKubeControllersDeploymentSpec)
-CalicoNodeDaemonSetPodTemplateSpec is the calico-node DaemonSet’s PodTemplateSpec +CalicoKubeControllersDeploymentPodTemplateSpec is the calico-kube-controllers Deployment’s PodTemplateSpec
(Appears on: -CalicoNodeDaemonSet) +CalicoKubeControllersDeployment)
-CalicoNodeDaemonSetSpec defines configuration for the calico-node DaemonSet. +CalicoKubeControllersDeploymentSpec defines configuration for the calico-kube-controllers Deployment.
(Appears on: @@ -4205,7 +4209,7 @@ Template describes the calico-node DaemonSet pod that will be created.
-CalicoNodeWindowsDaemonSet is the configuration for the calico-node-windows DaemonSet. +CalicoNetworkSpec specifies configuration options for Calico provided pod networking.
-metadata+ linuxDataplane- -Metadata + +LinuxDataplaneOption @@ -4230,7 +4234,10 @@ Metadata (Optional) -Metadata is a subset of a Kubernetes object’s metadata that is added to the DaemonSet. +LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it +causes the operator to add required mounts and environment variables for the particular dataplane. +If not specified, iptables mode is used. +Default: Iptables |
@@ -4238,10 +4245,10 @@ Metadata is a subset of a Kubernetes object’s metadata that is added to th
-spec+ windowsDataplane- -CalicoNodeWindowsDaemonSetSpec + +WindowsDataplaneOption @@ -4250,48 +4257,30 @@ CalicoNodeWindowsDaemonSetSpec (Optional) -Spec is the specification of the calico-node-windows DaemonSet. +WindowsDataplane is used to select the dataplane used for Windows nodes. In particular, it +causes the operator to add required mounts and environment variables for the particular dataplane. +If not specified, it is disabled and the operator will not render the Calico Windows nodes daemonset. +Default: Disabled -- - |
- -(Appears on: -CalicoNodeWindowsDaemonSetPodSpec) - -
--CalicoNodeWindowsDaemonSetContainer is a calico-node-windows DaemonSet container. -
-| Field | -Description | -
|---|---|
-name+ bgp-string + +BGPOption + |
+(Optional)
-Name is an enum which identifies the calico-node-windows DaemonSet container by name. +BGP configures whether or not to enable Calico’s BGP capabilities. |
@@ -4299,10 +4288,10 @@ Name is an enum which identifies the calico-node-windows DaemonSet container by
-resources+ ipPools- -Kubernetes core/v1.ResourceRequirements + +[]IPPool @@ -4311,47 +4300,27 @@ Kubernetes core/v1.ResourceRequirements (Optional) -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named calico-node-windows DaemonSet container’s resources. -If omitted, the calico-node-windows DaemonSet will use its default value for this container’s resources. -If used in conjunction with the deprecated ComponentResources, then this value takes precedence. +IPPools contains a list of IP pools to create if none exist. At most one IP pool of each +address family may be specified. If omitted, a single pool will be configured if needed. |
- -(Appears on: -CalicoNodeWindowsDaemonSetPodSpec) - -
--CalicoNodeWindowsDaemonSetInitContainer is a calico-node-windows DaemonSet init container. -
-| Field | -Description | -
|---|---|
-name+ mtu-string +int32 |
+(Optional)
-Name is an enum which identifies the calico-node-windows DaemonSet init container by name. +MTU specifies the maximum transmission unit to use on the pod network. +If not specified, Calico will perform MTU auto-detection based on the cluster network. |
@@ -4359,10 +4328,10 @@ Name is an enum which identifies the calico-node-windows DaemonSet init containe
-resources+ nodeAddressAutodetectionV4- -Kubernetes core/v1.ResourceRequirements + +NodeAddressAutodetection @@ -4371,41 +4340,40 @@ Kubernetes core/v1.ResourceRequirements (Optional) -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named calico-node-windows DaemonSet init container’s resources. -If omitted, the calico-node-windows DaemonSet will use its default value for this container’s resources. -If used in conjunction with the deprecated ComponentResources, then this value takes precedence. +NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified, +will use default auto-detection settings to acquire an IPv4 address for each node. |
+
nodeAddressAutodetectionV6-CalicoNodeWindowsDaemonSetPodSpec is the calico-node-windows DaemonSet’s PodSpec. +NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified, +IPv6 addresses will not be auto-detected.
-| Field | -Description | + +
|---|---|
-initContainers+ hostPorts- -[]CalicoNodeWindowsDaemonSetInitContainer + +HostPortsType @@ -4414,9 +4382,8 @@ CalicoNodeWindowsDaemonSetPodSpec is the calico-node-windows DaemonSet’s P (Optional) -InitContainers is a list of calico-node-windows init containers. -If specified, this overrides the specified calico-node-windows DaemonSet init containers. -If omitted, the calico-node-windows DaemonSet will use its default values for its init containers. +HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin. +Default: Enabled |
@@ -4424,10 +4391,10 @@ If omitted, the calico-node-windows DaemonSet will use its default values for it
|
-containers+ multiInterfaceMode- -[]CalicoNodeWindowsDaemonSetContainer + +MultiInterfaceMode @@ -4436,9 +4403,9 @@ If omitted, the calico-node-windows DaemonSet will use its default values for it (Optional) -Containers is a list of calico-node-windows containers. -If specified, this overrides the specified calico-node-windows DaemonSet containers. -If omitted, the calico-node-windows DaemonSet will use its default values for its containers. +MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations +using the Calico CNI plugin. +Default: None |
@@ -4446,10 +4413,10 @@ If omitted, the calico-node-windows DaemonSet will use its default values for it
|
-affinity+ containerIPForwarding- -Kubernetes core/v1.Affinity + +ContainerIPForwardingType @@ -4458,10 +4425,8 @@ Kubernetes core/v1.Affinity (Optional) -Affinity is a group of affinity scheduling rules for the calico-node-windows pods. -If specified, this overrides any affinity that may be set on the calico-node-windows DaemonSet. -If omitted, the calico-node-windows DaemonSet will use its default value for affinity. -WARNING: Please note that this field will override the default calico-node-windows DaemonSet affinity. +ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration. +Default: Disabled |
@@ -4469,9 +4434,11 @@ WARNING: Please note that this field will override the default calico-node-windo
|
-nodeSelector+ sysctl-map[string]string + +[]Sysctl + |
@@ -4479,11 +4446,7 @@ map[string]string
(Optional)
|
-tolerations+ linuxPolicySetupTimeoutSeconds- -[]Kubernetes core/v1.Toleration - +int32 |
@@ -4503,25 +4464,34 @@ WARNING: Please note that this field will modify the default calico-node-windows
(Optional)
(Appears on: -CalicoNodeWindowsDaemonSetSpec) +InstallationSpec)
-CalicoNodeWindowsDaemonSetPodTemplateSpec is the calico-node-windows DaemonSet’s PodTemplateSpec +CalicoNodeDaemonSet is the configuration for the calico-node DaemonSet.
(Appears on: -CalicoNodeWindowsDaemonSet) +CalicoNodeDaemonSetPodSpec)
-CalicoNodeWindowsDaemonSetSpec defines configuration for the calico-node-windows DaemonSet. +CalicoNodeDaemonSetContainer is a calico-node DaemonSet container.
-minReadySeconds+ name-int32 +string |
-(Optional)
-MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should -be ready without any of its container crashing, for it to be considered available. -If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet. -If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds. +Name is an enum which identifies the calico-node DaemonSet container by name. +Supported values are: calico-node |
@@ -4620,10 +4586,10 @@ If omitted, the calico-node-windows DaemonSet will use its default value for min
-template+ resources- -CalicoNodeWindowsDaemonSetPodTemplateSpec + +Kubernetes core/v1.ResourceRequirements @@ -4632,23 +4598,25 @@ CalicoNodeWindowsDaemonSetPodTemplateSpec (Optional) -Template describes the calico-node-windows DaemonSet pod that will be created. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named calico-node DaemonSet container’s resources. +If omitted, the calico-node DaemonSet will use its default value for this container’s resources. +If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
(Appears on: -InstallationSpec) +CalicoNodeDaemonSetPodSpec)
-Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. -CalicoWindowsUpgradeDaemonSet is the configuration for the calico-windows-upgrade DaemonSet. +CalicoNodeDaemonSetInitContainer is a calico-node DaemonSet init container.
-metadata+ name- -Metadata - +string |
-(Optional)
-Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment. +Name is an enum which identifies the calico-node DaemonSet init container by name. +Supported values are: install-cni, hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-prometheus-server-tls-key-cert-provisioner |
@@ -4681,10 +4647,10 @@ Metadata is a subset of a Kubernetes object’s metadata that is added to th
-spec+ resources- -CalicoWindowsUpgradeDaemonSetSpec + +Kubernetes core/v1.ResourceRequirements @@ -4693,26 +4659,25 @@ CalicoWindowsUpgradeDaemonSetSpec (Optional) -Spec is the specification of the calico-windows-upgrade DaemonSet. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named calico-node DaemonSet init container’s resources. +If omitted, the calico-node DaemonSet will use its default value for this container’s resources. +If used in conjunction with the deprecated ComponentResources, then this value takes precedence. -- - |
(Appears on: -CalicoWindowsUpgradeDaemonSetPodSpec) +CalicoNodeDaemonSetPodTemplateSpec)
-CalicoWindowsUpgradeDaemonSetContainer is a calico-windows-upgrade DaemonSet container. +CalicoNodeDaemonSetPodSpec is the calico-node DaemonSet’s PodSpec.
-name+ initContainers-string + +[]CalicoNodeDaemonSetInitContainer + |
+(Optional)
-Name is an enum which identifies the calico-windows-upgrade DaemonSet container by name. +InitContainers is a list of calico-node init containers. +If specified, this overrides the specified calico-node DaemonSet init containers. +If omitted, the calico-node DaemonSet will use its default values for its init containers. |
@@ -4742,10 +4712,10 @@ Name is an enum which identifies the calico-windows-upgrade DaemonSet container
-resources+ containers- -Kubernetes core/v1.ResourceRequirements + +[]CalicoNodeDaemonSetContainer @@ -4754,40 +4724,20 @@ Kubernetes core/v1.ResourceRequirements (Optional) -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named calico-windows-upgrade DaemonSet container’s resources. -If omitted, the calico-windows-upgrade DaemonSet will use its default value for this container’s resources. +Containers is a list of calico-node containers. +If specified, this overrides the specified calico-node DaemonSet containers. +If omitted, the calico-node DaemonSet will use its default values for its containers. |
- -(Appears on: -CalicoWindowsUpgradeDaemonSetPodTemplateSpec) - -
--CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet’s PodSpec. -
-| Field | -Description | -
|---|---|
-containers+ affinity- -[]CalicoWindowsUpgradeDaemonSetContainer + +Kubernetes core/v1.Affinity @@ -4796,32 +4746,10 @@ CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet&rsq (Optional) -Containers is a list of calico-windows-upgrade containers. -If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. -If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers. - - - |
-|
-
-affinity- - -Kubernetes core/v1.Affinity - - - - |
-
-
-(Optional)
- -Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. -If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. -If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity. -WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity. +Affinity is a group of affinity scheduling rules for the calico-node pods. +If specified, this overrides any affinity that may be set on the calico-node DaemonSet. +If omitted, the calico-node DaemonSet will use its default value for affinity. +WARNING: Please note that this field will override the default calico-node DaemonSet affinity. |
@@ -4839,11 +4767,11 @@ map[string]string
(Optional)
(Appears on: -CalicoWindowsUpgradeDaemonSetSpec) +CalicoNodeDaemonSetSpec)
-CalicoWindowsUpgradeDaemonSetPodTemplateSpec is the calico-windows-upgrade DaemonSet’s PodTemplateSpec +CalicoNodeDaemonSetPodTemplateSpec is the calico-node DaemonSet’s PodTemplateSpec
(Appears on: -CalicoWindowsUpgradeDaemonSet) +CalicoNodeDaemonSet)
-CalicoWindowsUpgradeDaemonSetSpec defines configuration for the calico-windows-upgrade DaemonSet. +CalicoNodeDaemonSetSpec defines configuration for the calico-node DaemonSet.
(Appears on: @@ -5007,9 +4935,7 @@ Template describes the calico-windows-upgrade DaemonSet pod that will be created
-CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order -to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise -pods will be stuck during initialization. +CalicoNodeWindowsDaemonSet is the configuration for the calico-node-windows DaemonSet.
-caCert- -[]byte - - - |
-
-
- -Certificate of the authority that signs the CertificateSigningRequests in PEM format. - - - |
-
-
-signerName- -string - - - |
-
-
-
-When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters
-with multiple signers.
-Must be formatted as: |
-
-
-keyAlgorithm+ metadata-string + +Metadata + |
@@ -5068,8 +4960,7 @@ string
(Optional)
|
-signatureAlgorithm+ spec-string + +CalicoNodeWindowsDaemonSetSpec + |
@@ -5087,40 +4980,26 @@ string
(Optional)
string alias)string alias)- -(Appears on: -ComponentResource) - -
--ComponentName represents a single component. -
--One of: Node, Typha, KubeControllers -
-(Appears on: -InstallationSpec) +CalicoNodeWindowsDaemonSetPodSpec)
-Deprecated. Please use component resource config fields in Installation.Spec instead. -The ComponentResource struct associates a ResourceRequirements with a component by name +CalicoNodeWindowsDaemonSetContainer is a calico-node-windows DaemonSet container.
-componentName+ name- -ComponentName - +string |
-ComponentName is an enum which identifies the component +Name is an enum which identifies the calico-node-windows DaemonSet container by name. +Supported values are: calico-node-windows |
@@ -5152,7 +5030,7 @@ ComponentName is an enum which identifies the component
-resourceRequirements+ resourcesKubernetes core/v1.ResourceRequirements @@ -5162,56 +5040,27 @@ Kubernetes core/v1.ResourceRequirements |
+(Optional)
-ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named calico-node-windows DaemonSet container’s resources. +If omitted, the calico-node-windows DaemonSet will use its default value for this container’s resources. +If used in conjunction with the deprecated ComponentResources, then this value takes precedence. |
string alias)- -(Appears on: -TigeraStatusCondition) - -
--ConditionStatus represents the status of a particular condition. A condition may be one of: True, False, Unknown. -
-string alias)- -(Appears on: -CalicoNetworkSpec) - -
--ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled. -
-string alias)- -(Appears on: -Index) - -
--DataType represent the type of data stored -
-(Appears on: -EgressGatewayDeploymentPodSpec) +CalicoNodeWindowsDaemonSetPodSpec)
-EGWDeploymentContainer is a Egress Gateway Deployment container. +CalicoNodeWindowsDaemonSetInitContainer is a calico-node-windows DaemonSet init container.
|
-Name is an enum which identifies the EGW Deployment container by name. +Name is an enum which identifies the calico-node-windows DaemonSet init container by name. +Supported values are: install-cni;hostpath-init, flexvol-driver, mount-bpffs, node-certs-key-cert-provisioner, calico-node-windows-prometheus-server-tls-key-cert-provisioner |
@@ -5254,8 +5104,8 @@ Kubernetes core/v1.ResourceRequirements
(Optional)
(Appears on: -EgressGatewayDeploymentPodSpec) +CalicoNodeWindowsDaemonSetPodTemplateSpec)
-EGWDeploymentInitContainer is a Egress Gateway Deployment init container. +CalicoNodeWindowsDaemonSetPodSpec is the calico-node-windows DaemonSet’s PodSpec.
-name+ initContainers-string + +[]CalicoNodeWindowsDaemonSetInitContainer + |
+(Optional)
-Name is an enum which identifies the EGW Deployment init container by name. +InitContainers is a list of calico-node-windows init containers. +If specified, this overrides the specified calico-node-windows DaemonSet init containers. +If omitted, the calico-node-windows DaemonSet will use its default values for its init containers. |
@@ -5301,10 +5156,10 @@ Name is an enum which identifies the EGW Deployment init container by name.
-resources+ containers- -Kubernetes core/v1.ResourceRequirements + +[]CalicoNodeWindowsDaemonSetContainer @@ -5313,74 +5168,9 @@ Kubernetes core/v1.ResourceRequirements (Optional) -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named EGW Deployment init container’s resources. -If omitted, the EGW Deployment will use its default value for this init container’s resources. -If used in conjunction with the deprecated ComponentResources, then this value takes precedence. - - - |
-
- -(Appears on: -EgressGatewayDeploymentPodTemplateSpec) - -
--EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment’s PodSpec. -
-| Field | -Description | -
|---|---|
-
-initContainers- - -[]EGWDeploymentInitContainer - - - - |
-
-
-(Optional)
- -InitContainers is a list of EGW init containers. -If specified, this overrides the specified EGW Deployment init containers. -If omitted, the EGW Deployment will use its default values for its init containers. - - - |
-
-
-containers- - -[]EGWDeploymentContainer - - - - |
-
-
-(Optional)
- -Containers is a list of EGW containers. -If specified, this overrides the specified EGW Deployment containers. -If omitted, the EGW Deployment will use its default values for its containers. +Containers is a list of calico-node-windows containers. +If specified, this overrides the specified calico-node-windows DaemonSet containers. +If omitted, the calico-node-windows DaemonSet will use its default values for its containers. |
@@ -5400,7 +5190,10 @@ Kubernetes core/v1.Affinity
(Optional)
-
-terminationGracePeriodSeconds- -int64 - - - |
-
-
-(Optional)
- -TerminationGracePeriodSeconds defines the termination grace period of the Egress Gateway pods in seconds. - - - |
-
-
-topologySpreadConstraints- - -[]Kubernetes core/v1.TopologySpreadConstraint - - - - |
-
-
-(Optional)
- -TopologySpreadConstraints defines how the Egress Gateway pods should be spread across different AZs. +NodeSelector is the calico-node-windows pod’s scheduling constraints. +If specified, each of the key/value pairs are added to the calico-node-windows DaemonSet nodeSelector provided +the key does not already exist in the object’s nodeSelector. +If omitted, the calico-node-windows DaemonSet will use its default value for nodeSelector. +WARNING: Please note that this field will modify the default calico-node-windows DaemonSet nodeSelector. |
@@ -5476,24 +5235,25 @@ TopologySpreadConstraints defines how the Egress Gateway pods should be spread a
(Optional)
(Appears on: -EgressGatewaySpec) +CalicoNodeWindowsDaemonSetSpec)
-EgressGatewayDeploymentPodTemplateSpec is the EGW Deployment’s PodTemplateSpec +CalicoNodeWindowsDaemonSetPodTemplateSpec is the calico-node-windows DaemonSet’s PodTemplateSpec
(Appears on: -EgressGatewaySpec) +CalicoNodeWindowsDaemonSet)
-EgressGatewayFailureDetection defines the fields the needed for determining Egress Gateway -readiness. +CalicoNodeWindowsDaemonSetSpec defines configuration for the calico-node-windows DaemonSet.
-healthTimeoutDataStoreSeconds+ minReadySecondsint32 @@ -5582,32 +5341,10 @@ int32 (Optional) -HealthTimeoutDataStoreSeconds defines how long Egress Gateway can fail to connect -to the datastore before reporting not ready. -This value must be greater than 0. -Default: 90 - - - |
-|
-
-icmpProbe- - -ICMPProbe - - - - |
-
-
-(Optional)
- -ICMPProbe define outgoing ICMP probes that Egress Gateway will use to -verify its upstream connection. Egress Gateway will report not ready if all -fail. Timeout must be greater than interval. +MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should +be ready without any of its container crashing, for it to be considered available. +If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet. +If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds. |
@@ -5615,10 +5352,10 @@ fail. Timeout must be greater than interval.
-httpProbe+ template- -HTTPProbe + +CalicoNodeWindowsDaemonSetPodTemplateSpec @@ -5627,21 +5364,23 @@ HTTPProbe (Optional) -HTTPProbe define outgoing HTTP probes that Egress Gateway will use to -verify its upsteam connection. Egress Gateway will report not ready if all -fail. Timeout must be greater than interval. +Template describes the calico-node-windows DaemonSet pod that will be created. |
(Appears on: -EgressGatewaySpec) +InstallationSpec) +
++Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. +CalicoWindowsUpgradeDaemonSet is the configuration for the calico-windows-upgrade DaemonSet.
-name+ metadata-string + +Metadata + |
@@ -5664,7 +5405,7 @@ string
(Optional)
-cidr+ spec-string + +CalicoWindowsUpgradeDaemonSetSpec + |
@@ -5682,22 +5425,26 @@ string
(Optional)
(Appears on: -EgressGatewayDeploymentPodTemplateSpec) +CalicoWindowsUpgradeDaemonSetPodSpec)
-EgressGatewayMetadata contains the standard Kubernetes labels and annotations fields. +CalicoWindowsUpgradeDaemonSetContainer is a calico-windows-upgrade DaemonSet container.
-labels+ name-map[string]string +string |
-(Optional)
-Labels is a map of string keys and values that may match replica set and -service selectors. Each of these key/value pairs are added to the -object’s labels provided the key does not already exist in the object’s labels. -If not specified will default to projectcalico.org/egw:[name], where [name] is -the name of the Egress Gateway resource. +Name is an enum which identifies the calico-windows-upgrade DaemonSet container by name. |
@@ -5732,9 +5474,11 @@ the name of the Egress Gateway resource.
-annotations+ resources-map[string]string + +Kubernetes core/v1.ResourceRequirements + |
@@ -5742,24 +5486,24 @@ map[string]string
(Optional)
(Appears on: -EgressGateway) +CalicoWindowsUpgradeDaemonSetPodTemplateSpec)
-EgressGatewaySpec defines the desired state of EgressGateway +CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet’s PodSpec.
-replicas+ containers-int32 + +[]CalicoWindowsUpgradeDaemonSetContainer + |
@@ -5782,7 +5528,9 @@ int32
(Optional)
|
-ipPools+ affinity- -[]EgressGatewayIPPool + +Kubernetes core/v1.Affinity |
+(Optional)
-IPPools defines the IP Pools that the Egress Gateway pods should be using. -Either name or CIDR must be specified. -IPPools must match existing IPPools. +Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. +If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity. +WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity. |
@@ -5811,9 +5561,9 @@ IPPools must match existing IPPools.
-externalNetworks+ nodeSelector-[]string +map[string]string |
@@ -5821,9 +5571,11 @@ IPPools must match existing IPPools.
(Optional)
|
-logSeverity+ tolerations- -LogLevel + +[]Kubernetes core/v1.Toleration @@ -5843,39 +5595,41 @@ LogLevel (Optional) -LogSeverity defines the logging level of the Egress Gateway. -Default: Info +Tolerations is the calico-windows-upgrade pod’s tolerations. +If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations. +WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations. |
|
-
-template- - -EgressGatewayDeploymentPodTemplateSpec - - + + |
-
-Template describes the EGW Deployment pod that will be created. +CalicoWindowsUpgradeDaemonSetPodTemplateSpec is the calico-windows-upgrade DaemonSet’s PodTemplateSpec
- -| Field | +Description |
|---|---|
-egressGatewayFailureDetection+ metadata- -EgressGatewayFailureDetection + +Metadata @@ -5884,11 +5638,8 @@ EgressGatewayFailureDetection (Optional) -EgressGatewayFailureDetection is used to configure how Egress Gateway -determines readiness. If both ICMP, HTTP probes are defined, one ICMP probe and one -HTTP probe should succeed for Egress Gateways to become ready. -Otherwise one of ICMP or HTTP probe should succeed for Egress gateways to become -ready if configured. +Metadata is a subset of a Kubernetes object’s metadata that is added to +the pod’s metadata. |
@@ -5896,10 +5647,10 @@ ready if configured.
|
-aws+ spec- -AWSEgressGateway + +CalicoWindowsUpgradeDaemonSetPodSpec @@ -5908,22 +5659,26 @@ AWSEgressGateway (Optional) -AWS defines the additional configuration options for Egress Gateways on AWS. +Spec is the calico-windows-upgrade DaemonSet’s PodSpec. ++ + |
(Appears on: -EgressGateway) +CalicoWindowsUpgradeDaemonSet)
-EgressGatewayStatus defines the observed state of EgressGateway +CalicoWindowsUpgradeDaemonSetSpec defines configuration for the calico-windows-upgrade DaemonSet.
-state+ minReadySeconds-string +int32 |
+(Optional)
-State provides user-readable status. +MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should +be ready without any of its container crashing, for it to be considered available. +If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds. |
@@ -5953,10 +5712,10 @@ State provides user-readable status.
-conditions+ template- -[]Kubernetes meta/v1.Condition + +CalicoWindowsUpgradeDaemonSetPodTemplateSpec @@ -5965,42 +5724,24 @@ State provides user-readable status. (Optional) -Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. +Template describes the calico-windows-upgrade DaemonSet pod that will be created. |
string alias)(Appears on: -IPPool) +InstallationSpec)
-EncapsulationType is the type of encapsulation to use on an IP pool. -
--One of: IPIP, VXLAN, IPIPCrossSubnet, VXLANCrossSubnet, None -
-string alias)-EncryptionOption specifies the traffic encryption mode when connecting to a Syslog server. -
--One of: None, TLS -
-- -(Appears on: -ApplicationLayerSpec) - +CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order +to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise +pods will be stuck during initialization.
-xffNumTrustedHops+ caCert-int32 +[]byte |
-(Optional)
-The number of additional ingress proxy hops from the right side of the -x-forwarded-for HTTP header to trust when determining the origin client’s -IP address. 0 is permitted, but >=1 is the typical setting. +Certificate of the authority that signs the CertificateSigningRequests in PEM format. |
@@ -6033,75 +5771,87 @@ IP address. 0 is permitted, but >=1 is the typical setting.
-useRemoteAddress+ signerName-bool +string |
-(Optional)
-If set to true, the Envoy connection manager will use the real remote address
-of the client connection when determining internal versus external origin and
-manipulating various headers.
+When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters
+with multiple signers.
+Must be formatted as: |
string alias)- -(Appears on: -InstallationSpec) +
+keyAlgorithm
+
+string
+
-(Appears on:
-EgressGatewayFailureDetection)
+
-HTTPProbe defines the HTTP probe configuration for Egress Gateway. +Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. +Default: RSAWithSize2048
-| Field | -Description | + +
|---|---|
-urls+ signatureAlgorithm-[]string +string |
+(Optional)
-URLs define the list of HTTP probe URLs. Egress Gateway will probe each URL -periodically.If all probes fail, Egress Gateway will report non-ready. +Specify the algorithm used for the signature of the X.509 certificate request. +Default: SHA256WithRSA |
string alias)+ +(Appears on: +PrometheusSpec) + +
+| Field | +Description | +
|---|---|
-intervalSeconds+ containers-int32 + +[]PrometheusContainer + |
@@ -6109,8 +5859,9 @@ int32
(Optional)
|
-timeoutSeconds+ resources-int32 + +Kubernetes core/v1.ResourceRequirements + |
-(Optional)
-TimeoutSeconds defines the timeout value of HTTP probes. Used when URLs is non-empty. -Default: 30 +Define resources requests and limits for single Pods. |
string alias)(Appears on: -CalicoNetworkSpec) +ComponentResource)
-HostPortsType specifies host port support. +ComponentName represents a single component.
-One of: Enabled, Disabled +One of: Node, Typha, KubeControllers
-(Appears on: -EgressGatewayFailureDetection) +InstallationSpec)
-ICMPProbe defines the ICMP probe configuration for Egress Gateway. +Deprecated. Please use component resource config fields in Installation.Spec instead. +The ComponentResource struct associates a ResourceRequirements with a component by name
-ips+ componentName-[]string + +ComponentName + |
-IPs define the list of ICMP probe IPs. Egress Gateway will probe each IP -periodically. If all probes fail, Egress Gateway will report non-ready. +ComponentName is an enum which identifies the component |
@@ -6189,60 +5942,55 @@ periodically. If all probes fail, Egress Gateway will report non-ready.
-intervalSeconds+ resourceRequirements-int32 + +Kubernetes core/v1.ResourceRequirements + |
-(Optional)
-IntervalSeconds defines the interval of ICMP probes. Used when IPs is non-empty. -Default: 5 +ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory. |
-
-timeoutSeconds- -int32 - + + |
string alias)-
-TimeoutSeconds defines the timeout value of ICMP probes. Used when IPs is non-empty. -Default: 15 +ConditionStatus represents the status of a particular condition. A condition may be one of: True, False, Unknown.
- -string alias)(Appears on: -IPAMSpec) +CalicoNetworkSpec)
-+ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled. +
+(Appears on: -CNISpec) +TenantSpec)
-IPAMSpec contains configuration for pod IP address management. +DashboardsJob is the configuration for the Dashboards job.
-type+ spec- -IPAMPluginType + +DashboardsJobSpec |
+(Optional)
-Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation. -* For CNI Plugin Calico, this field defaults to Calico. -* For CNI Plugin GKE, this field defaults to HostLocal. -* For CNI Plugin AzureVNET, this field defaults to AzureVNET. -* For CNI Plugin AmazonVPC, this field defaults to AmazonVPC. - --The IPAM plugin is installed and configured only if the CNI plugin is set to Calico, -for all other values of the CNI plugin the plugin binaries and CNI config is a dependency -that is expected to be installed separately. - --Default: Calico +Spec is the specification of the dashboards job. ++ + |
(Appears on: -CalicoNetworkSpec) +DashboardsJobPodSpec) +
++DashboardsJobContainer is the Dashboards job container.
-cidr+ namestring @@ -6312,7 +6056,8 @@ string |
-CIDR contains the address range for the IP Pool in classless inter-domain routing format. +Name is an enum which identifies the Dashboard Job container by name. +Supported values are: dashboards-installer |
@@ -6320,10 +6065,10 @@ CIDR contains the address range for the IP Pool in classless inter-domain routin
-encapsulation+ resources- -EncapsulationType + +Kubernetes core/v1.ResourceRequirements @@ -6332,40 +6077,41 @@ EncapsulationType (Optional) -Encapsulation specifies the encapsulation type that will be used with -the IP Pool. -Default: IPIP +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Dashboard Job container’s resources. +If omitted, the Dashboard Job will use its default value for this container’s resources. |
|
-
-natOutgoing- - -NATOutgoingType - - + + |
- -
-NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic. -Default: Enabled +DashboardsJobPodSpec is the Dashboards job’s PodSpec.
- -| Field | +Description |
|---|---|
-nodeSelector+ containers-string + +[]DashboardsJobContainer + |
@@ -6373,38 +6119,41 @@ string
(Optional)
|
-
-blockSize- -int32 - + |
- -
-BlockSize specifies the CIDR prefix length to use when allocating per-node IP blocks from -the main IP pool CIDR. -Default: 26 (IPv4), 122 (IPv6) +DashboardsJobPodTemplateSpec is the Dashboards job’s PodTemplateSpec
- -| Field | +Description |
|---|---|
-disableBGPExport+ spec-bool + +DashboardsJobPodSpec + |
@@ -6412,20 +6161,26 @@ bool
(Optional)
(Appears on: -ImageSetSpec) +DashboardsJob) +
++DashboardsJobSpec defines configuration for the Dashboards job.
-image- -string - - - |
-
-
-
-Image is an image that the operator deploys and instead of using the built in tag
-the operator will use the Digest for the image identifier.
-The value should be the image name without registry or tag or digest.
-For the image |
-
-
-digest+ template-string + +DashboardsJobPodTemplateSpec + |
+(Optional)
-Digest is the image identifier that will be used for the Image.
-The field should not include a leading |
string alias)(Appears on: -ImageSet) +Index)
-ImageSetSpec defines the desired state of ImageSet. +DataType represent the type of data stored +
++DexDeployment is the configuration for the Dex Deployment.
-images+ spec- -[]Image + +DexDeploymentSpec |
+(Optional)
-Images is the list of images to use digests. All images that the operator will deploy -must be specified. +Spec is the specification of the Dex Deployment. ++ + |
(Appears on: -TenantSpec) +DexDeploymentPodSpec)
-Index defines how to store a tenant’s data +DexDeploymentContainer is a Dex Deployment container.
-baseIndexName+ namestring @@ -6545,9 +6291,8 @@ string |
-BaseIndexName defines the name of the index -that will be used to store data (this name -excludes the numerical identifier suffix) +Name is an enum which identifies the Dex Deployment container by name. +Supported values are: tigera-dex |
@@ -6555,34 +6300,36 @@ excludes the numerical identifier suffix)
-dataType+ resources- -DataType + +Kubernetes core/v1.ResourceRequirements |
+(Optional)
-DataType represents the type of data stored in the defined index +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Dex Deployment container’s resources. +If omitted, the Dex Deployment will use its default value for this container’s resources. |
(Appears on: -Installation, -InstallationStatus) +DexDeploymentPodSpec)
-InstallationSpec defines configuration for a Calico or Calico Enterprise installation. +DexDeploymentInitContainer is a Dex Deployment init container.
-variant+ name- -ProductVariant - +string |
-(Optional)
-Variant is the product to install - one of Calico or TigeraSecureEnterprise -Default: Calico +Name is an enum which identifies the Dex Deployment init container by name. +Supported values are: tigera-dex-tls-key-cert-provisioner |
@@ -6616,9 +6360,11 @@ Default: Calico
-registry+ resources-string + +Kubernetes core/v1.ResourceRequirements + |
@@ -6626,17 +6372,51 @@ string
(Optional)
+ +(Appears on: +DexDeploymentPodTemplateSpec) +
-This option allows configuring the <registry> portion of the above format.
+DexDeploymentPodSpec is the Dex Deployment’s PodSpec.
+
| Field | +Description | +
|---|---|
+
+initContainers+ + +[]DexDeploymentInitContainer + + + + |
+
+
+(Optional)
+ +InitContainers is a list of Dex init containers. +If specified, this overrides the specified Dex Deployment init containers. +If omitted, the Dex Deployment will use its default values for its init containers. |
@@ -6644,9 +6424,11 @@ This option allows configuring the
-imagePath+ containers-string + +[]DexDeploymentContainer + |
@@ -6654,28 +6436,85 @@ string
(Optional)
-Image format:
-<registry><imagePath>/<imagePrefix><imageName>:<image-tag>
+
+(Appears on:
+DexDeploymentSpec)
+
-This option allows configuring the <imagePath> portion of the above format.
+DexDeploymentPodTemplateSpec is the Dex Deployment’s PodTemplateSpec
+
| Field | +Description | +
|---|---|
+
+spec+ + +DexDeploymentPodSpec + + + + |
+
+
+(Optional)
+ +Spec is the Dex Deployment’s PodSpec. ++ + |
+ +(Appears on: +DexDeployment) + +
++DexDeploymentSpec defines configuration for the Dex Deployment. +
+| Field | +Description | +
|---|---|
-imagePrefix+ template-string + +DexDeploymentPodTemplateSpec + |
@@ -6683,18 +6522,83 @@ string
(Optional)
-Image format:
-<registry><imagePath>/<imagePrefix><imageName>:<image-tag>
+ECKOperatorStatefulSet is the configuration for the ECKOperator StatefulSet.
+
| Field | +Description | +
|---|---|
+
+spec+ + +ECKOperatorStatefulSetSpec + + + + |
+
+
+(Optional)
+ +Spec is the specification of the ECKOperator StatefulSet. ++ + |
+
-This option allows configuring the <imagePrefix> portion of the above format.
+
+(Appears on:
+ECKOperatorStatefulSetPodSpec)
+
+
+ECKOperatorStatefulSetContainer is a ECKOperator StatefulSet container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the ECKOperator StatefulSet container by name. +Supported values are: manager |
@@ -6702,10 +6606,10 @@ This option allows configuring the
-imagePullSecrets+ resources- -[]Kubernetes core/v1.LocalObjectReference + +Kubernetes core/v1.ResourceRequirements @@ -6714,8 +6618,46 @@ This option allows configuring the <imagePrefix> portion of t
(Optional)
-ImagePullSecrets is an array of references to container registry pull secrets to use. These are -applied to all images to be pulled. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named ECKOperator StatefulSet container’s resources. +If omitted, the ECKOperator StatefulSet will use its default value for this container’s resources. + + + |
+
+ +(Appears on: +ECKOperatorStatefulSetPodSpec) + +
++ECKOperatorStatefulSetInitContainer is a ECKOperator StatefulSet init container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the ECKOperator StatefulSet init container by name. |
@@ -6723,10 +6665,10 @@ applied to all images to be pulled.
-kubernetesProvider+ resources- -Provider + +Kubernetes core/v1.ResourceRequirements @@ -6735,21 +6677,40 @@ Provider (Optional) -KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. -If the specified value is empty, the Operator will attempt to automatically determine the current provider. -If the specified value is not empty, the Operator will still attempt auto-detection, but -will additionally compare the auto-detected value to the specified value to confirm they match. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named ECKOperator StatefulSet init container’s resources. +If omitted, the ECKOperator StatefulSet will use its default value for this init container’s resources. |
+ +(Appears on: +ECKOperatorStatefulSetPodTemplateSpec) + +
++ECKOperatorStatefulSetPodSpec is the ECKOperator StatefulSet’s PodSpec. +
+| Field | +Description | +
|---|---|
-cni+ initContainers- -CNISpec + +[]ECKOperatorStatefulSetInitContainer @@ -6758,7 +6719,9 @@ CNISpec (Optional) -CNI specifies the CNI that will be used by this installation. +InitContainers is a list of ECKOperator StatefulSet init containers. +If specified, this overrides the specified ECKOperator StatefulSet init containers. +If omitted, the ECKOperator StatefulSet will use its default values for its init containers. |
@@ -6766,19 +6729,5115 @@ CNI specifies the CNI that will be used by this installation.
|
-calicoNetwork+ containers- -CalicoNetworkSpec + +[]ECKOperatorStatefulSetContainer |
-(Optional)
+(Optional)
+ +Containers is a list of ECKOperator StatefulSet containers. +If specified, this overrides the specified ECKOperator StatefulSet containers. +If omitted, the ECKOperator StatefulSet will use its default values for its containers. + + + |
+
+ +(Appears on: +ECKOperatorStatefulSetSpec) + +
++ECKOperatorStatefulSetPodTemplateSpec is the ECKOperator StatefulSet’s PodTemplateSpec +
+| Field | +Description | +
|---|---|
+
+spec+ + +ECKOperatorStatefulSetPodSpec + + + + |
+
+
+(Optional)
+ +Spec is the ECKOperator StatefulSet’s PodSpec. + ++ + |
+
+ +(Appears on: +ECKOperatorStatefulSet) + +
++ECKOperatorStatefulSetSpec defines configuration for the ECKOperator StatefulSet. +
+| Field | +Description | +
|---|---|
+
+template+ + +ECKOperatorStatefulSetPodTemplateSpec + + + + |
+
+
+(Optional)
+ +Template describes the ECKOperator StatefulSet pod that will be created. + + + |
+
+ +(Appears on: +EgressGatewayDeploymentPodSpec) + +
++EGWDeploymentContainer is a Egress Gateway Deployment container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the EGW Deployment container by name. +Supported values are: calico-egw + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named EGW Deployment container’s resources. +If omitted, the EGW Deployment will use its default value for this container’s resources. +If used in conjunction with the deprecated ComponentResources, then this value takes precedence. + + + |
+
+ +(Appears on: +EgressGatewayDeploymentPodSpec) + +
++EGWDeploymentInitContainer is a Egress Gateway Deployment init container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the EGW Deployment init container by name. +Supported values are: egress-gateway-init + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named EGW Deployment init container’s resources. +If omitted, the EGW Deployment will use its default value for this init container’s resources. +If used in conjunction with the deprecated ComponentResources, then this value takes precedence. + + + |
+
+EKSLogForwarderDeployment is the configuration for the EKSLogForwarder Deployment. +
+| Field | +Description | +
|---|---|
+
+spec+ + +EKSLogForwarderDeploymentSpec + + + + |
+
+
+(Optional)
+ +Spec is the specification of the EKSLogForwarder Deployment. + ++ + |
+
+ +(Appears on: +EKSLogForwarderDeploymentPodSpec) + +
++EKSLogForwarderDeploymentContainer is a EKSLogForwarder Deployment container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the EKSLogForwarder Deployment container by name. +Supported values are: eks-log-forwarder + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named EKSLogForwarder Deployment container’s resources. +If omitted, the EKSLogForwarder Deployment will use its default value for this container’s resources. + + + |
+
+ +(Appears on: +EKSLogForwarderDeploymentPodSpec) + +
++EKSLogForwarderDeploymentInitContainer is a EKSLogForwarder Deployment init container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the EKSLogForwarder Deployment init container by name. +Supported values are: eks-log-forwarder-startup + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named EKSLogForwarder Deployment init container’s resources. +If omitted, the EKSLogForwarder Deployment will use its default value for this init container’s resources. + + + |
+
+ +(Appears on: +EKSLogForwarderDeploymentPodTemplateSpec) + +
++EKSLogForwarderDeploymentPodSpec is the EKSLogForwarder Deployment’s PodSpec. +
+| Field | +Description | +
|---|---|
+
+initContainers+ + +[]EKSLogForwarderDeploymentInitContainer + + + + |
+
+
+(Optional)
+ +InitContainers is a list of EKSLogForwarder init containers. +If specified, this overrides the specified EKSLogForwarder Deployment init containers. +If omitted, the EKSLogForwarder Deployment will use its default values for its init containers. + + + |
+
+
+containers+ + +[]EKSLogForwarderDeploymentContainer + + + + |
+
+
+(Optional)
+ +Containers is a list of EKSLogForwarder containers. +If specified, this overrides the specified EKSLogForwarder Deployment containers. +If omitted, the EKSLogForwarder Deployment will use its default values for its containers. + + + |
+
+ +(Appears on: +EKSLogForwarderDeploymentSpec) + +
++EKSLogForwarderDeploymentPodTemplateSpec is the EKSLogForwarder Deployment’s PodTemplateSpec +
+| Field | +Description | +
|---|---|
+
+spec+ + +EKSLogForwarderDeploymentPodSpec + + + + |
+
+
+(Optional)
+ +Spec is the EKSLogForwarder Deployment’s PodSpec. + ++ + |
+
+ +(Appears on: +EKSLogForwarderDeployment) + +
++EKSLogForwarderDeploymentSpec defines configuration for the EKSLogForwarder Deployment. +
+| Field | +Description | +
|---|---|
+
+template+ + +EKSLogForwarderDeploymentPodTemplateSpec + + + + |
+
+
+(Optional)
+ +Template describes the EKSLogForwarder Deployment pod that will be created. + + + |
+
+ +(Appears on: +EgressGatewayDeploymentPodTemplateSpec) + +
++EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment’s PodSpec. +
+| Field | +Description | +
|---|---|
+
+initContainers+ + +[]EGWDeploymentInitContainer + + + + |
+
+
+(Optional)
+ +InitContainers is a list of EGW init containers. +If specified, this overrides the specified EGW Deployment init containers. +If omitted, the EGW Deployment will use its default values for its init containers. + + + |
+
+
+containers+ + +[]EGWDeploymentContainer + + + + |
+
+
+(Optional)
+ +Containers is a list of EGW containers. +If specified, this overrides the specified EGW Deployment containers. +If omitted, the EGW Deployment will use its default values for its containers. + + + |
+
+
+affinity+ + +Kubernetes core/v1.Affinity + + + + |
+
+
+(Optional)
+ +Affinity is a group of affinity scheduling rules for the EGW pods. + + + |
+
+
+nodeSelector+ +map[string]string + + + |
+
+
+(Optional)
+ +NodeSelector gives more control over the nodes where the Egress Gateway pods will run on. + + + |
+
+
+terminationGracePeriodSeconds+ +int64 + + + |
+
+
+(Optional)
+ +TerminationGracePeriodSeconds defines the termination grace period of the Egress Gateway pods in seconds. + + + |
+
+
+topologySpreadConstraints+ + +[]Kubernetes core/v1.TopologySpreadConstraint + + + + |
+
+
+(Optional)
+ +TopologySpreadConstraints defines how the Egress Gateway pods should be spread across different AZs. + + + |
+
+
+tolerations+ + +[]Kubernetes core/v1.Toleration + + + + |
+
+
+(Optional)
+ +Tolerations is the egress gateway pod’s tolerations. +If specified, this overrides any tolerations that may be set on the EGW Deployment. +If omitted, the EGW Deployment will use its default value for tolerations. + + + |
+
+
+priorityClassName+ +string + + + |
+
+
+(Optional)
+ +PriorityClassName allows to specify a PriorityClass resource to be used. + + + |
+
+ +(Appears on: +EgressGatewaySpec) + +
++EgressGatewayDeploymentPodTemplateSpec is the EGW Deployment’s PodTemplateSpec +
+| Field | +Description | +
|---|---|
+
+metadata+ + +EgressGatewayMetadata + + + + |
+
+
+(Optional)
+ +Metadata is a subset of a Kubernetes object’s metadata that is added to +the pod’s metadata. + + + |
+
+
+spec+ + +EgressGatewayDeploymentPodSpec + + + + |
+
+
+(Optional)
+ +Spec is the EGW Deployment’s PodSpec. + ++ + |
+
+ +(Appears on: +EgressGatewaySpec) + +
++EgressGatewayFailureDetection defines the fields the needed for determining Egress Gateway +readiness. +
+| Field | +Description | +
|---|---|
+
+healthTimeoutDataStoreSeconds+ +int32 + + + |
+
+
+(Optional)
+ +HealthTimeoutDataStoreSeconds defines how long Egress Gateway can fail to connect +to the datastore before reporting not ready. +This value must be greater than 0. +Default: 90 + + + |
+
+
+icmpProbe+ + +ICMPProbe + + + + |
+
+
+(Optional)
+ +ICMPProbe define outgoing ICMP probes that Egress Gateway will use to +verify its upstream connection. Egress Gateway will report not ready if all +fail. Timeout must be greater than interval. + + + |
+
+
+httpProbe+ + +HTTPProbe + + + + |
+
+
+(Optional)
+ +HTTPProbe define outgoing HTTP probes that Egress Gateway will use to +verify its upsteam connection. Egress Gateway will report not ready if all +fail. Timeout must be greater than interval. + + + |
+
+ +(Appears on: +EgressGatewaySpec) + +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+(Optional)
+ +Name is the name of the IPPool that the Egress Gateways can use. + + + |
+
+
+cidr+ +string + + + |
+
+
+(Optional)
+ +CIDR is the IPPool CIDR that the Egress Gateways can use. + + + |
+
+ +(Appears on: +EgressGatewayDeploymentPodTemplateSpec) + +
++EgressGatewayMetadata contains the standard Kubernetes labels and annotations fields. +
+| Field | +Description | +
|---|---|
+
+labels+ +map[string]string + + + |
+
+
+(Optional)
+ +Labels is a map of string keys and values that may match replica set and +service selectors. Each of these key/value pairs are added to the +object’s labels provided the key does not already exist in the object’s labels. +If not specified will default to projectcalico.org/egw:[name], where [name] is +the name of the Egress Gateway resource. + + + |
+
+
+annotations+ +map[string]string + + + |
+
+
+(Optional)
+ +Annotations is a map of arbitrary non-identifying metadata. Each of these +key/value pairs are added to the object’s annotations provided the key does not +already exist in the object’s annotations. + + + |
+
+ +(Appears on: +EgressGateway) + +
++EgressGatewaySpec defines the desired state of EgressGateway +
+| Field | +Description | +
|---|---|
+
+replicas+ +int32 + + + |
+
+
+(Optional)
+ +Replicas defines how many instances of the Egress Gateway pod will run. + + + |
+
+
+ipPools+ + +[]EgressGatewayIPPool + + + + |
+
+
+ +IPPools defines the IP Pools that the Egress Gateway pods should be using. +Either name or CIDR must be specified. +IPPools must match existing IPPools. + + + |
+
+
+externalNetworks+ +[]string + + + |
+
+
+(Optional)
+ +ExternalNetworks defines the external network names this Egress Gateway is +associated with. +ExternalNetworks must match existing external networks. + + + |
+
+
+logSeverity+ + +LogLevel + + + + |
+
+
+(Optional)
+ +LogSeverity defines the logging level of the Egress Gateway. +Default: Info + + + |
+
+
+template+ + +EgressGatewayDeploymentPodTemplateSpec + + + + |
+
+
+(Optional)
+ +Template describes the EGW Deployment pod that will be created. + + + |
+
+
+egressGatewayFailureDetection+ + +EgressGatewayFailureDetection + + + + |
+
+
+(Optional)
+ +EgressGatewayFailureDetection is used to configure how Egress Gateway +determines readiness. If both ICMP, HTTP probes are defined, one ICMP probe and one +HTTP probe should succeed for Egress Gateways to become ready. +Otherwise one of ICMP or HTTP probe should succeed for Egress gateways to become +ready if configured. + + + |
+
+
+aws+ + +AWSEgressGateway + + + + |
+
+
+(Optional)
+ +AWS defines the additional configuration options for Egress Gateways on AWS. + + + |
+
+ +(Appears on: +EgressGateway) + +
++EgressGatewayStatus defines the observed state of EgressGateway +
+| Field | +Description | +
|---|---|
+
+state+ +string + + + |
+
+
+ +State provides user-readable status. + + + |
+
+
+conditions+ + +[]Kubernetes meta/v1.Condition + + + + |
+
+
+(Optional)
+ +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. + + + |
+
+ElasticsearchMetricsDeployment is the configuration for the tigera-elasticsearch-metric Deployment. +
+| Field | +Description | +
|---|---|
+
+spec+ + +ElasticsearchMetricsDeploymentSpec + + + + |
+
+
+(Optional)
+ +Spec is the specification of the ElasticsearchMetrics Deployment. + ++ + |
+
+ +(Appears on: +ElasticsearchMetricsDeploymentPodSpec) + +
++ElasticsearchMetricsDeploymentContainer is a ElasticsearchMetricsDeployment container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the ElasticsearchMetricsDeployment container by name. +Supported values are: tigera-elasticsearch-metrics + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named ElasticsearchMetricsDeployment container’s resources. +If omitted, the ElasticsearchMetrics Deployment will use its default value for this container’s resources. + + + |
+
+ +(Appears on: +ElasticsearchMetricsDeploymentPodSpec) + +
++ElasticsearchMetricsDeploymentInitContainer is a ElasticsearchMetricsDeployment init container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the ElasticsearchMetricsDeployment init container by name. +Supported values are: tigera-ee-elasticsearch-metrics-tls-key-cert-provisioner + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named ElasticsearchMetricsDeployment init container’s resources. +If omitted, the ElasticsearchMetrics Deployment will use its default value for this init container’s resources. + + + |
+
+ +(Appears on: +ElasticsearchMetricsDeploymentPodTemplateSpec) + +
++ElasticsearchMetricsDeploymentPodSpec is the tElasticsearchMetricsDeployment’s PodSpec. +
+| Field | +Description | +
|---|---|
+
+initContainers+ + +[]ElasticsearchMetricsDeploymentInitContainer + + + + |
+
+
+(Optional)
+ +InitContainers is a list of ElasticsearchMetricsDeployment init containers. +If specified, this overrides the specified ElasticsearchMetricsDeployment init containers. +If omitted, the ElasticsearchMetrics Deployment will use its default values for its init containers. + + + |
+
+
+containers+ + +[]ElasticsearchMetricsDeploymentContainer + + + + |
+
+
+(Optional)
+ +Containers is a list of ElasticsearchMetricsDeployment containers. +If specified, this overrides the specified ElasticsearchMetricsDeployment containers. +If omitted, the ElasticsearchMetrics Deployment will use its default values for its containers. + + + |
+
+ +(Appears on: +ElasticsearchMetricsDeploymentSpec) + +
++ElasticsearchMetricsDeploymentPodTemplateSpec is the ElasticsearchMetricsDeployment’s PodTemplateSpec +
+| Field | +Description | +
|---|---|
+
+spec+ + +ElasticsearchMetricsDeploymentPodSpec + + + + |
+
+
+(Optional)
+ +Spec is the ElasticsearchMetrics Deployment’s PodSpec. + ++ + |
+
+ +(Appears on: +ElasticsearchMetricsDeployment) + +
++ElasticsearchMetricsDeploymentSpec defines configuration for the ElasticsearchMetricsDeployment Deployment. +
+| Field | +Description | +
|---|---|
+
+template+ + +ElasticsearchMetricsDeploymentPodTemplateSpec + + + + |
+
+
+(Optional)
+ +Template describes the ElasticsearchMetrics Deployment pod that will be created. + + + |
+
string alias)+ +(Appears on: +IPPool) + +
++EncapsulationType is the type of encapsulation to use on an IP pool. +
++One of: IPIP, VXLAN, IPIPCrossSubnet, VXLANCrossSubnet, None +
+string alias)+EncryptionOption specifies the traffic encryption mode when connecting to a Syslog server. +
++One of: None, TLS +
++ +(Appears on: +ServiceMonitor) + +
++Endpoint contains a subset of relevant fields from the Prometheus Endpoint struct. +
+| Field | +Description | +
|---|---|
+
+params+ +map[string][]string + + + |
+
+
+ +Optional HTTP URL parameters +Default: scrape all metrics. + + + |
+
+
+bearerTokenSecret+ + +Kubernetes core/v1.SecretKeySelector + + + + |
+
+
+ +Secret to mount to read bearer token for scraping targets. +Recommended: when unset, the operator will create a Secret, a ClusterRole and a ClusterRoleBinding. + + + |
+
+
+interval+ +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.Duration + + + |
+
+
+ +Interval at which metrics should be scraped. +If not specified Prometheus’ global scrape interval is used. + + + |
+
+
+scrapeTimeout+ +github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.Duration + + + |
+
+
+
+Timeout after which the scrape is ended.
+If not specified, the Prometheus global scrape timeout is used unless it is less than |
+
+
+honorLabels+ +bool + + + |
+
+
+ +HonorLabels chooses the metric’s labels on collisions with target labels. + + + |
+
+
+honorTimestamps+ +bool + + + |
+
+
+ +HonorTimestamps controls whether Prometheus respects the timestamps present in scraped data. + + + |
+
+
+metricRelabelings+ +[]*github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig + + + |
+
+
+ +MetricRelabelConfigs to apply to samples before ingestion. + + + |
+
+
+relabelings+ +[]*github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig + + + |
+
+
+
+RelabelConfigs to apply to samples before scraping.
+Prometheus Operator automatically adds relabelings for a few standard Kubernetes fields.
+The original scrape job’s name is available via the |
+
+ +(Appears on: +ApplicationLayerSpec) + +
+| Field | +Description | +
|---|---|
+
+xffNumTrustedHops+ +int32 + + + |
+
+
+(Optional)
+ +The number of additional ingress proxy hops from the right side of the +x-forwarded-for HTTP header to trust when determining the origin client’s +IP address. 0 is permitted, but >=1 is the typical setting. + + + |
+
+
+useRemoteAddress+ +bool + + + |
+
+
+(Optional)
+ +If set to true, the Envoy connection manager will use the real remote address +of the client connection when determining internal versus external origin and +manipulating various headers. + + + |
+
+ +(Appears on: +MonitorSpec) + +
+| Field | +Description | +
|---|---|
+
+serviceMonitor+ + +ServiceMonitor + + + + |
+
+
+(Optional)
+ +ServiceMonitor when specified, the operator will create a ServiceMonitor object in the namespace. It is recommended +that you configure labels if you want your prometheus instance to pick up the configuration automatically. +The operator will configure 1 endpoint by default: +- Params to scrape all metrics available in Calico Enterprise. +- BearerTokenSecret (If not overridden, the operator will also create corresponding RBAC that allows authz to the metrics.) +- TLSConfig, containing the caFile and serverName. + + + |
+
+
+namespace+ +string + + + |
+
+
+ +Namespace is the namespace where the operator will create resources for your Prometheus instance. The namespace +must be created before the operator will create Prometheus resources. + + + |
+
string alias)+ +(Appears on: +InstallationSpec) + +
++FluentdDaemonSet is the configuration for the Fluentd DaemonSet. +
+| Field | +Description | +
|---|---|
+
+spec+ + +FluentdDaemonSetSpec + + + + |
+
+
+(Optional)
+ +Spec is the specification of the Fluentd DaemonSet. + ++ + |
+
+ +(Appears on: +FluentdDaemonSetPodSpec) + +
++FluentdDaemonSetContainer is a Fluentd DaemonSet container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the Fluentd DaemonSet container by name. +Supported values are: fluentd + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Fluentd DaemonSet container’s resources. +If omitted, the Fluentd DaemonSet will use its default value for this container’s resources. + + + |
+
+ +(Appears on: +FluentdDaemonSetPodSpec) + +
++FluentdDaemonSetInitContainer is a Fluentd DaemonSet init container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the Fluentd DaemonSet init container by name. +Supported values are: tigera-fluentd-prometheus-tls-key-cert-provisioner + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Fluentd DaemonSet init container’s resources. +If omitted, the Fluentd DaemonSet will use its default value for this init container’s resources. + + + |
+
+ +(Appears on: +FluentdDaemonSetPodTemplateSpec) + +
++FluentdDaemonSetPodSpec is the Fluentd DaemonSet’s PodSpec. +
+| Field | +Description | +
|---|---|
+
+initContainers+ + +[]FluentdDaemonSetInitContainer + + + + |
+
+
+(Optional)
+ +InitContainers is a list of Fluentd DaemonSet init containers. +If specified, this overrides the specified Fluentd DaemonSet init containers. +If omitted, the Fluentd DaemonSet will use its default values for its init containers. + + + |
+
+
+containers+ + +[]FluentdDaemonSetContainer + + + + |
+
+
+(Optional)
+ +Containers is a list of Fluentd DaemonSet containers. +If specified, this overrides the specified Fluentd DaemonSet containers. +If omitted, the Fluentd DaemonSet will use its default values for its containers. + + + |
+
+ +(Appears on: +FluentdDaemonSetSpec) + +
++FluentdDaemonSetPodTemplateSpec is the Fluentd DaemonSet’s PodTemplateSpec +
+| Field | +Description | +
|---|---|
+
+spec+ + +FluentdDaemonSetPodSpec + + + + |
+
+
+(Optional)
+ +Spec is the Fluentd DaemonSet’s PodSpec. + ++ + |
+
+ +(Appears on: +FluentdDaemonSet) + +
++FluentdDaemonSetSpec defines configuration for the Fluentd DaemonSet. +
+| Field | +Description | +
|---|---|
+
+template+ + +FluentdDaemonSetPodTemplateSpec + + + + |
+
+
+(Optional)
+ +Template describes the Fluentd DaemonSet pod that will be created. + + + |
+
+GuardianDeployment is the configuration for the guardian Deployment. +
+| Field | +Description | +
|---|---|
+
+spec+ + +GuardianDeploymentSpec + + + + |
+
+
+(Optional)
+ +Spec is the specification of the guardian Deployment. + ++ + |
+
+ +(Appears on: +GuardianDeploymentPodSpec) + +
++GuardianDeploymentContainer is a guardian Deployment container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the guardian Deployment container by name. +Supported values are: tigera-guardian + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named guardian Deployment container’s resources. +If omitted, the guardian Deployment will use its default value for this container’s resources. + + + |
+
+ +(Appears on: +GuardianDeploymentPodSpec) + +
++GuardianDeploymentInitContainer is a guardian Deployment init container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the guardian Deployment init container by name. + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named guardian Deployment init container’s resources. +If omitted, the guardian Deployment will use its default value for this init container’s resources. + + + |
+
+ +(Appears on: +GuardianDeploymentPodTemplateSpec) + +
++GuardianDeploymentPodSpec is the guardian Deployment’s PodSpec. +
+| Field | +Description | +
|---|---|
+
+initContainers+ + +[]GuardianDeploymentInitContainer + + + + |
+
+
+(Optional)
+ +InitContainers is a list of guardian init containers. +If specified, this overrides the specified guardian Deployment init containers. +If omitted, the guardian Deployment will use its default values for its init containers. + + + |
+
+
+containers+ + +[]GuardianDeploymentContainer + + + + |
+
+
+(Optional)
+ +Containers is a list of guardian containers. +If specified, this overrides the specified guardian Deployment containers. +If omitted, the guardian Deployment will use its default values for its containers. + + + |
+
+ +(Appears on: +GuardianDeploymentSpec) + +
++GuardianDeploymentPodTemplateSpec is the guardian Deployment’s PodTemplateSpec +
+| Field | +Description | +
|---|---|
+
+spec+ + +GuardianDeploymentPodSpec + + + + |
+
+
+(Optional)
+ +Spec is the guardian Deployment’s PodSpec. + ++ + |
+
+ +(Appears on: +GuardianDeployment) + +
++GuardianDeploymentSpec defines configuration for the guardian Deployment. +
+| Field | +Description | +
|---|---|
+
+template+ + +GuardianDeploymentPodTemplateSpec + + + + |
+
+
+(Optional)
+ +Template describes the guardian Deployment pod that will be created. + + + |
+
+ +(Appears on: +EgressGatewayFailureDetection) + +
++HTTPProbe defines the HTTP probe configuration for Egress Gateway. +
+| Field | +Description | +
|---|---|
+
+urls+ +[]string + + + |
+
+
+ +URLs define the list of HTTP probe URLs. Egress Gateway will probe each URL +periodically.If all probes fail, Egress Gateway will report non-ready. + + + |
+
+
+intervalSeconds+ +int32 + + + |
+
+
+(Optional)
+ +IntervalSeconds defines the interval of HTTP probes. Used when URLs is non-empty. +Default: 10 + + + |
+
+
+timeoutSeconds+ +int32 + + + |
+
+
+(Optional)
+ +TimeoutSeconds defines the timeout value of HTTP probes. Used when URLs is non-empty. +Default: 30 + + + |
+
string alias)+ +(Appears on: +CalicoNetworkSpec) + +
++HostPortsType specifies host port support. +
++One of: Enabled, Disabled +
++ +(Appears on: +EgressGatewayFailureDetection) + +
++ICMPProbe defines the ICMP probe configuration for Egress Gateway. +
+| Field | +Description | +
|---|---|
+
+ips+ +[]string + + + |
+
+
+ +IPs define the list of ICMP probe IPs. Egress Gateway will probe each IP +periodically. If all probes fail, Egress Gateway will report non-ready. + + + |
+
+
+intervalSeconds+ +int32 + + + |
+
+
+(Optional)
+ +IntervalSeconds defines the interval of ICMP probes. Used when IPs is non-empty. +Default: 5 + + + |
+
+
+timeoutSeconds+ +int32 + + + |
+
+
+(Optional)
+ +TimeoutSeconds defines the timeout value of ICMP probes. Used when IPs is non-empty. +Default: 15 + + + |
+
string alias)+ +(Appears on: +IPAMSpec) + +
++ +(Appears on: +CNISpec) + +
++IPAMSpec contains configuration for pod IP address management. +
+| Field | +Description | +
|---|---|
+
+type+ + +IPAMPluginType + + + + |
+
+
+ +Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation. +* For CNI Plugin Calico, this field defaults to Calico. +* For CNI Plugin GKE, this field defaults to HostLocal. +* For CNI Plugin AzureVNET, this field defaults to AzureVNET. +* For CNI Plugin AmazonVPC, this field defaults to AmazonVPC. + ++The IPAM plugin is installed and configured only if the CNI plugin is set to Calico, +for all other values of the CNI plugin the plugin binaries and CNI config is a dependency +that is expected to be installed separately. + ++Default: Calico + + + |
+
+ +(Appears on: +CalicoNetworkSpec) + +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is the name of the IP pool. If omitted, this will be generated. + + + |
+
+
+cidr+ +string + + + |
+
+
+ +CIDR contains the address range for the IP Pool in classless inter-domain routing format. + + + |
+
+
+encapsulation+ + +EncapsulationType + + + + |
+
+
+(Optional)
+ +Encapsulation specifies the encapsulation type that will be used with +the IP Pool. +Default: IPIP + + + |
+
+
+natOutgoing+ + +NATOutgoingType + + + + |
+
+
+(Optional)
+ +NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic. +Default: Enabled + + + |
+
+
+nodeSelector+ +string + + + |
+
+
+(Optional)
+ +NodeSelector specifies the node selector that will be set for the IP Pool. +Default: ‘all()’ + + + |
+
+
+blockSize+ +int32 + + + |
+
+
+(Optional)
+ +BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from +the main IP pool CIDR. +Default: 26 (IPv4), 122 (IPv6) + + + |
+
+
+disableBGPExport+ +bool + + + |
+
+
+(Optional)
+ +DisableBGPExport specifies whether routes from this IP pool’s CIDR are exported over BGP. +Default: false + + + |
+
+
+allowedUses+ + +[]IPPoolAllowedUse + + + + |
+
+
+ +AllowedUse controls what the IP pool will be used for. If not specified or empty, defaults to +[“Tunnel”, “Workload”] for back-compatibility + + + |
+
string alias)+ +(Appears on: +IPPool) + +
++ +(Appears on: +ImageSetSpec) + +
+| Field | +Description | +
|---|---|
+
+image+ +string + + + |
+
+
+
+Image is an image that the operator deploys and instead of using the built in tag
+the operator will use the Digest for the image identifier.
+The value should be the image name without registry or tag or digest.
+For the image |
+
+
+digest+ +string + + + |
+
+
+
+Digest is the image identifier that will be used for the Image.
+The field should not include a leading |
+
+ +(Appears on: +ImageSet) + +
++ImageSetSpec defines the desired state of ImageSet. +
+| Field | +Description | +
|---|---|
+
+images+ + +[]Image + + + + |
+
+
+ +Images is the list of images to use digests. All images that the operator will deploy +must be specified. + + + |
+
+ +(Appears on: +TenantSpec) + +
++Index defines how to store a tenant’s data +
+| Field | +Description | +
|---|---|
+
+baseIndexName+ +string + + + |
+
+
+ +BaseIndexName defines the name of the index +that will be used to store data (this name +excludes the numerical identifier suffix) + + + |
+
+
+dataType+ + +DataType + + + + |
+
+
+ +DataType represents the type of data stored in the defined index + + + |
+
+ +(Appears on: +Installation, +InstallationStatus) + +
++InstallationSpec defines configuration for a Calico or Calico Enterprise installation. +
+| Field | +Description | +
|---|---|
+
+variant+ + +ProductVariant + + + + |
+
+
+(Optional)
+ +Variant is the product to install - one of Calico or TigeraSecureEnterprise +Default: Calico + + + |
+
+
+registry+ +string + + + |
+
+
+(Optional)
+
+Registry is the default Docker registry used for component Docker images.
+If specified then the given value must end with a slash character (
+Image format:
+
+This option allows configuring the |
+
+
+imagePath+ +string + + + |
+
+
+(Optional)
+ +ImagePath allows for the path part of an image to be specified. If specified +then the specified value will be used as the image path for each image. If not specified +or empty, the default for each image will be used. +A special case value, UseDefault, is supported to explicitly specify the default +image path will be used for each image. + +
+Image format:
+
+This option allows configuring the |
+
+
+imagePrefix+ +string + + + |
+
+
+(Optional)
+ +ImagePrefix allows for the prefix part of an image to be specified. If specified +then the given value will be used as a prefix on each image. If not specified +or empty, no prefix will be used. +A special case value, UseDefault, is supported to explicitly specify the default +image prefix will be used for each image. + +
+Image format:
+
+This option allows configuring the |
+
+
+imagePullSecrets+ + +[]Kubernetes core/v1.LocalObjectReference + + + + |
+
+
+(Optional)
+ +ImagePullSecrets is an array of references to container registry pull secrets to use. These are +applied to all images to be pulled. + + + |
+
+
+kubernetesProvider+ + +Provider + + + + |
+
+
+(Optional)
+ +KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. +If the specified value is empty, the Operator will attempt to automatically determine the current provider. +If the specified value is not empty, the Operator will still attempt auto-detection, but +will additionally compare the auto-detected value to the specified value to confirm they match. + + + |
+
+
+cni+ + +CNISpec + + + + |
+
+
+(Optional)
+ +CNI specifies the CNI that will be used by this installation. + + + |
+
+
+calicoNetwork+ + +CalicoNetworkSpec + + + + |
+
+
+(Optional)
+ +CalicoNetwork specifies networking configuration options for Calico. + + + |
+
+
+typhaAffinity+ + +TyphaAffinity + + + + |
+
+
+(Optional)
+ +Deprecated. Please use Installation.Spec.TyphaDeployment instead. +TyphaAffinity allows configuration of node affinity characteristics for Typha pods. + + + |
+
+
+controlPlaneNodeSelector+ +map[string]string + + + |
+
+
+(Optional)
+ +ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico +components. This is globally applied to all resources created by the operator excluding daemonsets. + + + |
+
+
+controlPlaneTolerations+ + +[]Kubernetes core/v1.Toleration + + + + |
+
+
+(Optional)
+ +ControlPlaneTolerations specify tolerations which are then globally applied to all resources +created by the operator. + + + |
+
+
+controlPlaneReplicas+ +int32 + + + |
+
+
+(Optional)
+ +ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. +This field applies to all control plane components that support High Availability. Defaults to 2. + + + |
+
+
+nodeMetricsPort+ +int32 + + + |
+
+
+(Optional)
+ +NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. +If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then +prometheus metrics may still be configured through FelixConfiguration. + + + |
+
+
+typhaMetricsPort+ +int32 + + + |
+
+
+(Optional)
+ +TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. + + + |
+
+
+flexVolumePath+ +string + + + |
+
+
+(Optional)
+ +FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be +enabled by default. If set to ‘None’, FlexVolume will be disabled. The default is based on the +kubernetesProvider. + + + |
+
+
+kubeletVolumePluginPath+ +string + + + |
+
+
+(Optional)
+ +KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, +CSI will be enabled by default. If set to ‘None’, CSI will be disabled. +Default: /var/lib/kubelet + + + |
+
+
+nodeUpdateStrategy+ + +Kubernetes apps/v1.DaemonSetUpdateStrategy + + + + |
+
+
+(Optional)
+ +NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable +field. + + + |
+
+
+componentResources+ + +[]ComponentResource + + + + |
+
+
+(Optional)
+ +Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. +ComponentResources can be used to customize the resource requirements for each component. +Node, Typha, and KubeControllers are supported for installations. + + + |
+
+
+certificateManagement+ + +CertificateManagement + + + + |
+
+
+(Optional)
+ +CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order +to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise +pods will be stuck during initialization. + + + |
+
+
+nonPrivileged+ + +NonPrivilegedType + + + + |
+
+
+(Optional)
+ +NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible. + + + |
+
+
+calicoNodeDaemonSet+ + +CalicoNodeDaemonSet + + + + |
+
+
+ +CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in +conjunction with the deprecated ComponentResources, then these overrides take precedence. + + + |
+
+
+csiNodeDriverDaemonSet+ + +CSINodeDriverDaemonSet + + + + |
+
+
+ +CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet. + + + |
+
+
+calicoKubeControllersDeployment+ + +CalicoKubeControllersDeployment + + + + |
+
+
+ +CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in +conjunction with the deprecated ComponentResources, then these overrides take precedence. + + + |
+
+
+typhaDeployment+ + +TyphaDeployment + + + + |
+
+
+ +TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated +ComponentResources or TyphaAffinity, then these overrides take precedence. + + + |
+
+
+calicoWindowsUpgradeDaemonSet+ + +CalicoWindowsUpgradeDaemonSet + + + + |
+
+
+ +Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. +CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet. + + + |
+
+
+calicoNodeWindowsDaemonSet+ + +CalicoNodeWindowsDaemonSet + + + + |
+
+
+ +CalicoNodeWindowsDaemonSet configures the calico-node-windows DaemonSet. + + + |
+
+
+fipsMode+ + +FIPSMode + + + + |
+
+
+(Optional)
+ +FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. +Default: Disabled + + + |
+
+
+logging+ + +Logging + + + + |
+
+
+(Optional)
+ +Logging Configuration for Components + + + |
+
+
+windowsNodes+ + +WindowsNodeSpec + + + + |
+
+
+(Optional)
+ +Windows Configuration + + + |
+
+
+serviceCIDRs+ +[]string + + + |
+
+
+(Optional)
+ +Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows. + + + |
+
+ +(Appears on: +Installation) + +
++InstallationStatus defines the observed state of the Calico or Calico Enterprise installation. +
+| Field | +Description | +
|---|---|
+
+variant+ + +ProductVariant + + + + |
+
+
+ +Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise + + + |
+
+
+mtu+ +int32 + + + |
+
+
+ +MTU is the most recently observed value for pod network MTU. This may be an explicitly +configured value, or based on Calico’s native auto-detetion. + + + |
+
+
+imageSet+ +string + + + |
+
+
+(Optional)
+ +ImageSet is the name of the ImageSet being used, if there is an ImageSet +that is being used. If an ImageSet is not being used then this will not be set. + + + |
+
+
+computed+ + +InstallationSpec + + + + |
+
+
+(Optional)
+ +Computed is the final installation including overlaid resources. + + + |
+
+
+calicoVersion+ +string + + + |
+
+
+ +CalicoVersion shows the current running version of calico. +CalicoVersion along with Variant is needed to know the exact +version deployed. + + + |
+
+
+conditions+ + +[]Kubernetes meta/v1.Condition + + + + |
+
+
+(Optional)
+ +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. + + + |
+
+Kibana is the configuration for the Kibana. +
+| Field | +Description | +
|---|---|
+
+spec+ + +KibanaSpec + + + + |
+
+
+(Optional)
+ +Spec is the specification of the Kibana. + ++ + |
+
+ +(Appears on: +KibanaPodSpec) + +
++KibanaContainer is a Kibana container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the Kibana Deployment container by name. +Supported values are: kibana + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Kibana container’s resources. +If omitted, the Kibana will use its default value for this container’s resources. + + + |
+
+ +(Appears on: +KibanaPodSpec) + +
++KibanaInitContainer is a Kibana init container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the Kibana init container by name. +Supported values are: key-cert-provisioner + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Kibana Deployment init container’s resources. +If omitted, the Kibana Deployment will use its default value for this init container’s resources. +If used in conjunction with the deprecated ComponentResources, then this value takes precedence. + + + |
+
+ +(Appears on: +KibanaPodTemplateSpec) + +
++KibanaPodSpec is the Kibana Deployment’s PodSpec. +
+| Field | +Description | +
|---|---|
+
+initContainers+ + +[]KibanaInitContainer + + + + |
+
+
+(Optional)
+ +InitContainers is a list of Kibana init containers. +If specified, this overrides the specified Kibana Deployment init containers. +If omitted, the Kibana Deployment will use its default values for its init containers. + + + |
+
+
+containers+ + +[]KibanaContainer + + + + |
+
+
+(Optional)
+ +Containers is a list of Kibana containers. +If specified, this overrides the specified Kibana Deployment containers. +If omitted, the Kibana Deployment will use its default values for its containers. + + + |
+
+ +(Appears on: +KibanaSpec) + +
++KibanaPodTemplateSpec is the Kibana’s PodTemplateSpec +
+| Field | +Description | +
|---|---|
+
+spec+ + +KibanaPodSpec + + + + |
+
+
+(Optional)
+ +Spec is the Kibana’s PodSpec. + ++ + |
+
+ +(Appears on: +Kibana) + +
+| Field | +Description | +
|---|---|
+
+template+ + +KibanaPodTemplateSpec + + + + |
+
+
+(Optional)
+ +Template describes the Kibana pod that will be created. + + + |
+
string alias)+ +(Appears on: +NodeAddressAutodetection) + +
++KubernetesAutodetectionMethod is a method of detecting an IP address based on the Kubernetes API. +
++One of: NodeInternalIP +
++ +(Appears on: +TenantSpec) + +
++LinseedDeployment is the configuration for the linseed Deployment. +
+| Field | +Description | +
|---|---|
+
+spec+ + +LinseedDeploymentSpec + + + + |
+
+
+(Optional)
+ +Spec is the specification of the linseed Deployment. + ++ + |
+
+ +(Appears on: +LinseedDeploymentPodSpec) + +
++LinseedDeploymentContainer is a linseed Deployment container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the linseed Deployment container by name. +Supported values are: tigera-linseed + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named linseed Deployment container’s resources. +If omitted, the linseed Deployment will use its default value for this container’s resources. + + + |
+
+ +(Appears on: +LinseedDeploymentPodSpec) + +
++LinseedDeploymentInitContainer is a linseed Deployment init container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
+ +Name is an enum which identifies the linseed Deployment init container by name. +Supported values are: tigera-secure-linseed-token-tls-key-cert-provisioner,tigera-secure-linseed-cert-key-cert-provisioner + + + |
+
+
+resources+ + +Kubernetes core/v1.ResourceRequirements + + + + |
+
+
+(Optional)
+ +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named linseed Deployment init container’s resources. +If omitted, the linseed Deployment will use its default value for this init container’s resources. + + + |
+
+ +(Appears on: +LinseedDeploymentPodTemplateSpec) + +
++LinseedDeploymentPodSpec is the linseed Deployment’s PodSpec. +
+| Field | +Description | +
|---|---|
+
+initContainers+ + +[]LinseedDeploymentInitContainer + + + + |
+
+
+(Optional)
+ +InitContainers is a list of linseed init containers. +If specified, this overrides the specified linseed Deployment init containers. +If omitted, the linseed Deployment will use its default values for its init containers. + + + |
+
+
+containers+ + +[]LinseedDeploymentContainer + + + + |
+
+
+(Optional)
+ +Containers is a list of linseed containers. +If specified, this overrides the specified linseed Deployment containers. +If omitted, the linseed Deployment will use its default values for its containers. + + + |
+
+ +(Appears on: +LinseedDeploymentSpec) + +
++LinseedDeploymentPodTemplateSpec is the linseed Deployment’s PodTemplateSpec +
+| Field | +Description | +
|---|---|
+
+spec+ + +LinseedDeploymentPodSpec + + + + |
+
+
+(Optional)
+ +Spec is the linseed Deployment’s PodSpec. + ++ + |
+
+ +(Appears on: +LinseedDeployment) + +
++LinseedDeploymentSpec defines configuration for the linseed Deployment. +
+| Field | +Description | +
|---|---|
+
+template+ + +LinseedDeploymentPodTemplateSpec + + + + |
+
+
+(Optional)
+ +Template describes the linseed Deployment pod that will be created. + + + |
+
string alias)+ +(Appears on: +CalicoNetworkSpec) + +
++LinuxDataplaneOption controls which dataplane is to be used on Linux nodes. +
++One of: Iptables, BPF +
++ +(Appears on: +ApplicationLayerSpec) + +
+| Field | +Description | +
|---|---|
+
+collectLogs+ + +LogCollectionStatusType + + + + |
+
+
+(Optional)
+ +This setting enables or disable log collection. +Allowed values are Enabled or Disabled. + + + |
+
+
+logIntervalSeconds+ +int64 + + + |
+
+
+(Optional)
+ +Interval in seconds for sending L7 log information for processing. +Default: 5 sec + + + |
+
+
+logRequestsPerInterval+ +int64 + + + |
+
+
+(Optional)
+ +Maximum number of unique L7 logs that are sent LogIntervalSeconds. +Adjust this to limit the number of L7 logs sent per LogIntervalSeconds +to felix for further processing, use negative number to ignore limits. +Default: -1 + + + |
+
string alias)+ +(Appears on: +LogCollectionSpec) + +
+string alias)+ +(Appears on: +CNILogging, +EgressGatewaySpec) + +
++ +(Appears on: +InstallationSpec) + +
+| Field | +Description | +
|---|---|
+
+cni+ + +CNILogging + + + + |
+
+
+(Optional)
+ +Customized logging specification for calico-cni plugin + + + |
+
+ +(Appears on: +APIServerDeployment, +APIServerDeploymentPodTemplateSpec, +CSINodeDriverDaemonSet, +CSINodeDriverDaemonSetPodTemplateSpec, +CalicoKubeControllersDeployment, +CalicoKubeControllersDeploymentPodTemplateSpec, +CalicoNodeDaemonSet, +CalicoNodeDaemonSetPodTemplateSpec, +CalicoNodeWindowsDaemonSet, +CalicoNodeWindowsDaemonSetPodTemplateSpec, +CalicoWindowsUpgradeDaemonSet, +CalicoWindowsUpgradeDaemonSetPodTemplateSpec, +TyphaDeployment, +TyphaDeploymentPodTemplateSpec) + +
++Metadata contains the standard Kubernetes labels and annotations fields. +
+| Field | +Description | +
|---|---|
+
+labels+ +map[string]string + + + |
+
+
+(Optional)
+ +Labels is a map of string keys and values that may match replicaset and +service selectors. Each of these key/value pairs are added to the +object’s labels provided the key does not already exist in the object’s labels. + + + |
+
+
+annotations+ +map[string]string + + + |
+
+
+(Optional)
+ +Annotations is a map of arbitrary non-identifying metadata. Each of these +key/value pairs are added to the object’s annotations provided the key does not +already exist in the object’s annotations. + + + |
+
+ +(Appears on: +Monitor) + +
++MonitorSpec defines the desired state of Tigera monitor. +
+| Field | +Description | +
|---|---|
+
+externalPrometheus+ + +ExternalPrometheus + + + + |
+
+
+ +ExternalPrometheus optionally configures integration with an external Prometheus for scraping Calico metrics. When +specified, the operator will render resources in the defined namespace. This option can be useful for configuring +scraping from git-ops tools without the need of post-installation steps. + + + |
+
+
+prometheus+ + +Prometheus + + + + |
+
+
+(Optional)
+ +Prometheus is the configuration for the Prometheus. + + + |
+
+
+alertManager+ + +AlertManager + + + + |
+
+
+(Optional)
+ +AlertManager is the configuration for the AlertManager. + + + |
+
+ +(Appears on: +Monitor) + +
++MonitorStatus defines the observed state of Tigera monitor. +
+| Field | +Description | +
|---|---|
+
+state+ +string + + + |
+
+
+ +State provides user-readable status. + + + |
+
+
+conditions+ + +[]Kubernetes meta/v1.Condition + + + + |
+
+
+(Optional)
+ +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. + + + |
+
string alias)+ +(Appears on: +CalicoNetworkSpec) + +
++MultiInterfaceMode describes the method of providing multiple pod interfaces. +
++One of: None, Multus +
+string alias)+ +(Appears on: +IPPool) + +
++NATOutgoingType describe the type of outgoing NAT to use. +
++One of: Enabled, Disabled +
+string alias)+ +(Appears on: +AWSEgressGateway) + +
++NativeIP defines if Egress Gateway pods should have AWS IPs. +When NativeIP is enabled, the IPPools should be backed by AWS subnet. +
++ +(Appears on: +CalicoNetworkSpec) + +
++NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option +can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs +must be specified directly on the Node resource. +
+| Field | +Description | +
|---|---|
+
+firstFound+ +bool + + + |
+
+
+(Optional)
+ +FirstFound uses default interface matching parameters to select an interface, performing best-effort +filtering based on well-known interface names. + + + |
+
+
+kubernetes+ + +KubernetesAutodetectionMethod + + + + |
+
+
+(Optional)
+ +Kubernetes configures Calico to detect node addresses based on the Kubernetes API. + + + |
+
+
+interface+ +string + + + |
+
+
+(Optional)
+ +Interface enables IP auto-detection based on interfaces that match the given regex. + + + |
+
+
+skipInterface+ +string + + + |
+
+
+(Optional)
+ +SkipInterface enables IP auto-detection based on interfaces that do not match +the given regex. + + + |
+
+
+canReach+ +string + + + |
+
+
+(Optional)
+ +CanReach enables IP auto-detection based on which source address on the node is used to reach the +specified IP or domain. + + + |
+
+
+cidrs+ +[]string + + + |
+
+
+ +CIDRS enables IP auto-detection based on which addresses on the nodes are within +one of the provided CIDRs. + + + |
+
+ +(Appears on: +TyphaAffinity) + +
++NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available schedulers. +
+| Field | +Description | +
|---|---|
+
+preferredDuringSchedulingIgnoredDuringExecution+ + +[]Kubernetes core/v1.PreferredSchedulingTerm + + + + |
+
+
+(Optional)
+ +The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. + + + |
+
+
+requiredDuringSchedulingIgnoredDuringExecution+ + +Kubernetes core/v1.NodeSelector + + + + |
+
+
+(Optional)
+ +WARNING: Please note that if the affinity requirements specified by this field are not met at +scheduling time, the pod will NOT be scheduled onto the node. +There is no fallback to another affinity rules with this setting. +This may cause networking disruption or even catastrophic failure! +PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity +unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and +you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. +NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, +to avoid scheduling Typhas on virtual-nodes. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node. + + + |
+
string alias)+ +(Appears on: +InstallationSpec) + +
++NonPrivilegedType specifies whether Calico runs as permissioned or not +
++One of: Enabled, Disabled +
+string alias)+OIDCType defines how OIDC is configured for Tigera Enterprise. Dex should be the best option for most use-cases. +The Tigera option can help in specific use-cases, for instance, when you are unable to configure a client secret. +One of: Dex, Tigera +
++ +(Appears on: +PacketCaptureAPISpec) + +
++PacketCaptureAPIDeployment is the configuration for the PacketCaptureAPI Deployment. +
+| Field | +Description | +
|---|---|
+
+spec+ + +PacketCaptureAPIDeploymentSpec + + + + |
+
+
+(Optional)
+ +Spec is the specification of the PacketCaptureAPI Deployment. + ++ + |
+
+ +(Appears on: +PacketCaptureAPIDeploymentPodSpec) + +
++PacketCaptureAPIDeploymentContainer is a PacketCaptureAPI Deployment container. +
+| Field | +Description | +
|---|---|
+
+name+ +string + + + |
+
+
-CalicoNetwork specifies networking configuration options for Calico. +Name is an enum which identifies the PacketCaptureAPI Deployment container by name. +Supported values are: tigera-packetcapture-server |
@@ -6786,10 +11845,10 @@ CalicoNetwork specifies networking configuration options for Calico.
-typhaAffinity+ resources- -TyphaAffinity + +Kubernetes core/v1.ResourceRequirements @@ -6798,27 +11857,47 @@ TyphaAffinity (Optional) -Deprecated. Please use Installation.Spec.TyphaDeployment instead. -TyphaAffinity allows configuration of node affinity characteristics for Typha pods. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named PacketCaptureAPI Deployment container’s resources. +If omitted, the PacketCaptureAPI Deployment will use its default value for this container’s resources. |
+ +(Appears on: +PacketCaptureAPIDeploymentPodSpec) + +
++PacketCaptureAPIDeploymentInitContainer is a PacketCaptureAPI Deployment init container. +
+| Field | +Description | +
|---|---|
-controlPlaneNodeSelector+ name-map[string]string +string |
-(Optional)
-ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico -components. This is globally applied to all resources created by the operator excluding daemonsets. +Name is an enum which identifies the PacketCaptureAPI Deployment init container by name. +Supported values are: tigera-packetcapture-server-tls-key-cert-provisioner |
@@ -6826,10 +11905,10 @@ components. This is globally applied to all resources created by the operator ex
-controlPlaneTolerations+ resources- -[]Kubernetes core/v1.Toleration + +Kubernetes core/v1.ResourceRequirements @@ -6838,37 +11917,41 @@ components. This is globally applied to all resources created by the operator ex (Optional) -ControlPlaneTolerations specify tolerations which are then globally applied to all resources -created by the operator. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named PacketCaptureAPI Deployment init container’s resources. +If omitted, the PacketCaptureAPI Deployment will use its default value for this init container’s resources. |
|
-
-controlPlaneReplicas- -int32 - + |
- -
-ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. -This field applies to all control plane components that support High Availability. Defaults to 2. +PacketCaptureAPIDeploymentPodSpec is the PacketCaptureAPI Deployment’s PodSpec.
- -| Field | +Description |
|---|---|
-nodeMetricsPort+ initContainers-int32 + +[]PacketCaptureAPIDeploymentInitContainer + |
@@ -6876,9 +11959,9 @@ int32
(Optional)
|
-typhaMetricsPort+ containers-int32 + +[]PacketCaptureAPIDeploymentContainer + |
@@ -6896,37 +11981,41 @@ int32
(Optional)
|
-
-flexVolumePath- -string - + |
- -
-FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be -enabled by default. If set to ‘None’, FlexVolume will be disabled. The default is based on the -kubernetesProvider. +PacketCaptureAPIDeploymentPodTemplateSpec is the PacketCaptureAPI Deployment’s PodTemplateSpec
- -| Field | +Description |
|---|---|
-kubeletVolumePluginPath+ spec-string + +PacketCaptureAPIDeploymentPodSpec + |
@@ -6934,20 +12023,42 @@ string
(Optional)
+ +(Appears on: +PacketCaptureAPIDeployment) + +
++PacketCaptureAPIDeploymentSpec defines configuration for the PacketCaptureAPI Deployment. +
+| Field | +Description | +
|---|---|
-nodeUpdateStrategy+ template- -Kubernetes apps/v1.DaemonSetUpdateStrategy + +PacketCaptureAPIDeploymentPodTemplateSpec @@ -6956,19 +12067,38 @@ Kubernetes apps/v1.DaemonSetUpdateStrategy (Optional) -NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable -field. +Template describes the PacketCaptureAPI Deployment pod that will be created. |
+ +(Appears on: +PacketCaptureAPI) + +
++PacketCaptureAPISpec defines configuration for the Packet Capture API. +
+| Field | +Description | +
|---|---|
-componentResources+ packetCaptureAPIDeployment- -[]ComponentResource + +PacketCaptureAPIDeployment @@ -6977,31 +12107,44 @@ field. (Optional) -Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. -ComponentResources can be used to customize the resource requirements for each component. -Node, Typha, and KubeControllers are supported for installations. +PacketCaptureAPIDeployment configures the PacketCaptureAPI Deployment. |
+ +(Appears on: +PacketCaptureAPI) + +
++PacketCaptureAPIStatus defines the observed state of the Packet Capture API. +
+| Field | +Description | +
|---|---|
-certificateManagement+ state- -CertificateManagement - +string |
-(Optional)
-CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order -to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise -pods will be stuck during initialization. +State provides user-readable status. |
@@ -7009,10 +12152,10 @@ pods will be stuck during initialization.
-nonPrivileged+ conditions- -NonPrivilegedType + +[]Kubernetes meta/v1.Condition @@ -7021,27 +12164,42 @@ NonPrivilegedType (Optional) -NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible. +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. |
+ +(Appears on: +TLSTerminatedRouteSpec) + +
+| Field | +Description | +
|---|---|
-calicoNodeDaemonSet+ path- -CalicoNodeDaemonSet - +string |
-CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in -conjunction with the deprecated ComponentResources, then these overrides take precedence. +Path is the path portion of the URL based on which we proxy. |
@@ -7049,18 +12207,17 @@ conjunction with the deprecated ComponentResources, then these overrides take pr
-csiNodeDriverDaemonSet+ pathRegexp- -CSINodeDriverDaemonSet - +string |
+(Optional)
-CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet. +PathRegexp, if not nil, checks if Regexp matches the path. |
@@ -7068,59 +12225,99 @@ CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet.
-calicoKubeControllersDeployment+ pathReplace- -CalicoKubeControllersDeployment - +string |
+(Optional)
-CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in -conjunction with the deprecated ComponentResources, then these overrides take precedence. +PathReplace if not nil will be used to replace PathRegexp matches. |
+ +(Appears on: +PolicyRecommendationSpec) + +
++PolicyRecommendationDeployment is the configuration for the PolicyRecommendation Deployment. +
+| Field | +Description | +
|---|---|
-typhaDeployment+ spec- -TyphaDeployment + +PolicyRecommendationDeploymentSpec |
+(Optional)
-TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated -ComponentResources or TyphaAffinity, then these overrides take precedence. +Spec is the specification of the PolicyRecommendation Deployment. ++ + |
+ +(Appears on: +PolicyRecommendationDeploymentPodSpec) + +
++PolicyRecommendationDeploymentContainer is a PolicyRecommendation Deployment container. +
+| Field | +Description | +
|---|---|
-calicoWindowsUpgradeDaemonSet+ name- -CalicoWindowsUpgradeDaemonSet - +string |
-Deprecated. The CalicoWindowsUpgradeDaemonSet is deprecated and will be removed from the API in the future. -CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet. +Name is an enum which identifies the PolicyRecommendation Deployment container by name. +Supported values are: policy-recommendation-controller |
@@ -7128,39 +12325,58 @@ CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet.
-calicoNodeWindowsDaemonSet+ resources- -CalicoNodeWindowsDaemonSet + +Kubernetes core/v1.ResourceRequirements |
+(Optional)
-CalicoNodeWindowsDaemonSet configures the calico-node-windows DaemonSet. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named PolicyRecommendation Deployment container’s resources. +If omitted, the PolicyRecommendation Deployment will use its default value for this container’s resources. |
+ +(Appears on: +PolicyRecommendationDeploymentPodSpec) + +
++PolicyRecommendationDeploymentInitContainer is a PolicyRecommendation Deployment init container. +
+| Field | +Description | +
|---|---|
-fipsMode+ name- -FIPSMode - +string |
-(Optional)
-FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. -Default: Disabled +Name is an enum which identifies the PolicyRecommendation Deployment init container by name. |
@@ -7168,10 +12384,10 @@ Default: Disabled
-logging+ resources- -Logging + +Kubernetes core/v1.ResourceRequirements @@ -7180,18 +12396,40 @@ Logging (Optional) -Logging Configuration for Components +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named PolicyRecommendation Deployment init container’s resources. +If omitted, the PolicyRecommendation Deployment will use its default value for this init container’s resources. |
+ +(Appears on: +PolicyRecommendationDeploymentPodTemplateSpec) + +
++PolicyRecommendationDeploymentPodSpec is the PolicyRecommendation Deployment’s PodSpec. +
+| Field | +Description | +
|---|---|
-windowsNodes+ initContainers- -WindowsNodeSpec + +[]PolicyRecommendationDeploymentInitContainer @@ -7200,7 +12438,9 @@ WindowsNodeSpec (Optional) -Windows Configuration +InitContainers is a list of PolicyRecommendation init containers. +If specified, this overrides the specified PolicyRecommendation Deployment init containers. +If omitted, the PolicyRecommendation Deployment will use its default values for its init containers. |
@@ -7208,9 +12448,11 @@ Windows Configuration
|
-serviceCIDRs+ containers-[]string + +[]PolicyRecommendationDeploymentContainer + |
@@ -7218,22 +12460,24 @@ Windows Configuration
(Optional)
(Appears on: -Installation) +PolicyRecommendationDeploymentSpec)
-InstallationStatus defines the observed state of the Calico or Calico Enterprise installation. +PolicyRecommendationDeploymentPodTemplateSpec is the PolicyRecommendation Deployment’s PodTemplateSpec
-variant+ spec- -ProductVariant + +PolicyRecommendationDeploymentPodSpec |
+(Optional)
-Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise +Spec is the PolicyRecommendation Deployment’s PodSpec. ++ + |
-
-mtu- -int32 - + + |
- -
-MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detection. +PolicyRecommendationDeploymentSpec defines configuration for the PolicyRecommendation Deployment.
- -| Field | +Description |
|---|---|
-imageSet+ template-string + +PolicyRecommendationDeploymentPodTemplateSpec + |
@@ -7293,19 +12546,39 @@ string
(Optional)
+ +(Appears on: +PolicyRecommendation) + +
++PolicyRecommendationSpec defines configuration for the Calico Enterprise Policy Recommendation +service. +
+| Field | +Description | +
|---|---|
-computed+ policyRecommendationDeployment- -InstallationSpec + +PolicyRecommendationDeployment @@ -7314,87 +12587,115 @@ InstallationSpec (Optional) -Computed is the final installation including overlaid resources. +PolicyRecommendation configures the PolicyRecommendation Deployment. |
|
-
-calicoVersion- -string - + |
- -
-CalicoVersion shows the current running version of calico. -CalicoVersion along with Variant is needed to know the exact -version deployed. +PolicyRecommendationStatus defines the observed state of Tigera policy recommendation.
- -| Field | +Description |
|---|---|
-conditions+ state- -[]Kubernetes meta/v1.Condition - +string |
-(Optional)
-Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. +State provides user-readable status. |
string alias)(Appears on: -NodeAddressAutodetection) +InstallationSpec, +InstallationStatus)
-KubernetesAutodetectionMethod is a method of detecting an IP address based on the Kubernetes API. +ProductVariant represents the variant of the product.
-One of: NodeInternalIP +One of: Calico, TigeraSecureEnterprise
-string alias)(Appears on: -CalicoNetworkSpec) +MonitorSpec)
+| Field | +Description | +
|---|---|
+
+spec+ + +PrometheusSpec + + + + |
+
+
+(Optional)
-LinuxDataplaneOption controls which dataplane is to be used on Linux nodes. - --One of: Iptables, BPF +Spec is the specification of the Prometheus. -LogCollectionSpec++ + |
+
(Appears on: -ApplicationLayerSpec) +CommonPrometheusFields) +
++PrometheusContainer is a Prometheus container.
-collectLogs+ name- -LogCollectionStatusType - +string |
-(Optional)
-This setting enables or disable log collection. -Allowed values are Enabled or Disabled. +Name is an enum which identifies the Prometheus Deployment container by name. +Supported values are: authn-proxy |
@@ -7428,9 +12726,11 @@ Allowed values are Enabled or Disabled.
-logIntervalSeconds+ resources-int64 + +Kubernetes core/v1.ResourceRequirements + |
@@ -7438,57 +12738,75 @@ int64
(Optional)
+ +(Appears on: +Prometheus) + +
+| Field | +Description | +
|---|---|
-logRequestsPerInterval+ commonPrometheusFields-int64 + +CommonPrometheusFields + |
-(Optional)
-Maximum number of unique L7 logs that are sent LogIntervalSeconds. -Adjust this to limit the number of L7 logs sent per LogIntervalSeconds -to felix for further processing, use negative number to ignore limits. -Default: -1 +CommonPrometheusFields are the options available to both the Prometheus server and agent. |
string alias)- -(Appears on: -LogCollectionSpec) - +PromptType is a value that specifies whether the identity provider prompts the end user for re-authentication and +consent. +One of: None, Login, Consent, SelectAccount.
-string alias)(Appears on: -CNILogging, -EgressGatewaySpec) +InstallationSpec)
-+Provider represents a particular provider or flavor of Kubernetes. Valid options +are: EKS, GKE, AKS, RKE2, OpenShift, DockerEnterprise, TKG. +
+(Appears on: -InstallationSpec) +TLSPassThroughRouteSpec)
-cni+ serverName- -CNILogging - +string |
-(Optional)
-Customized logging specification for calico-cni plugin +ServerName is used to match the server name for the request. |
(Appears on: -APIServerDeployment, -APIServerDeploymentPodTemplateSpec, -CSINodeDriverDaemonSet, -CSINodeDriverDaemonSetPodTemplateSpec, -CalicoKubeControllersDeployment, -CalicoKubeControllersDeploymentPodTemplateSpec, -CalicoNodeDaemonSet, -CalicoNodeDaemonSetPodTemplateSpec, -CalicoNodeWindowsDaemonSet, -CalicoNodeWindowsDaemonSetPodTemplateSpec, -CalicoWindowsUpgradeDaemonSet, -CalicoWindowsUpgradeDaemonSetPodTemplateSpec, -TyphaDeployment, -TyphaDeploymentPodTemplateSpec) +ExternalPrometheus) -
--Metadata contains the standard Kubernetes labels and annotations fields.
|
-(Optional)
-Labels is a map of string keys and values that may match replicaset and -service selectors. Each of these key/value pairs are added to the -object’s labels provided the key does not already exist in the object’s labels. +Labels are the metadata.labels of the ServiceMonitor. When combined with spec.serviceMonitorSelector.matchLabels +on your prometheus instance, the service monitor will automatically be picked up. +Default: k8s-app=tigera-prometheus |
@@ -7575,44 +12873,42 @@ object’s labels provided the key does not already exist in the object&rsqu
|
-annotations+ endpoints-map[string]string + +[]Endpoint + |
-(Optional)
-Annotations is a map of arbitrary non-identifying metadata. Each of these -key/value pairs are added to the object’s annotations provided the key does not -already exist in the object’s annotations. +The endpoints to scrape. This struct contains a subset of the Endpoint as defined in the prometheus docs. Fields +related to connecting to our Prometheus server are automatically set by the operator. |
string alias)(Appears on: -Monitor) +TigeraStatusCondition)
-MonitorSpec defines the desired state of Tigera monitor. +StatusConditionType is a type of condition that may apply to a particular component.
-(Appears on: -Monitor) +CalicoNetworkSpec) -
--MonitorStatus defines the observed state of Tigera monitor.
-state+ keystring @@ -7633,86 +12929,149 @@ string |
- -State provides user-readable status. - |
-conditions+ value- -[]Kubernetes meta/v1.Condition - +string |
-(Optional)
- -Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. - |
string alias)+
| Field | +Description | +
|---|---|
-(Appears on:
-CalicoNetworkSpec)
+secretName+ +string + + + |
+
+(Optional)
+ +SecretName indicates the name of the secret in the tigera-operator namespace that contains the private key and certificate that the management cluster uses when it listens for incoming connections. -MultiInterfaceMode describes the method of providing multiple pod interfaces. +When set to tigera-management-cluster-connection voltron will use the same cert bundle which Guardian client certs are signed with. -One of: None, Multus +When set to manager-tls, voltron will use the same cert bundle which Manager UI is served with. +This cert bundle must be a publicly signed cert created by the user. +Note that Tigera Operator will generate a self-signed manager-tls cert if one does not exist, +and use of that cert will result in Guardian being unable to verify Voltron’s identity. -NATOutgoingType
-(
|
+
(Appears on: -AWSEgressGateway) +TLSPassThroughRoute) + +
+| Field | +Description | +
|---|---|
+
+target+ + +TargetType + + + + |
++ + + | +
+
+sniMatch+ + +SNIMatch + + + + |
+
+ +SNIMatch is used to match requests based on the server name for the intended destination server. Matching requests +will be proxied to the Destination. + + |
+
+
+destination+ +string + + + |
+
+
-NativeIP defines if Egress Gateway pods should have AWS IPs. -When NativeIP is enabled, the IPPools should be backed by AWS subnet. +Destination is the destination url to proxy the request to. -NodeAddressAutodetection+ + |
+
(Appears on: -CalicoNetworkSpec) +TLSTerminatedRoute) -
--NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option -can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs -must be specified directly on the Node resource.
| Field | Description | - - + + +
|---|---|
+
+target+ + +TargetType + + + + |
++ + + | +
-firstFound+ pathMatch-bool + +PathMatch + |
-(Optional)
-FirstFound uses default interface matching parameters to select an interface, performing best-effort -filtering based on well-known interface names. +PathMatch is used to match requests based on what’s in the path. Matching requests will be proxied to the Destination +defined in this structure. |
@@ -7744,19 +13120,16 @@ filtering based on well-known interface names.
-kubernetes+ destination- -KubernetesAutodetectionMethod - +string |
-(Optional)
-Kubernetes configures Calico to detect node addresses based on the Kubernetes API. +Destination is the destination URL where matching traffic is routed to. |
@@ -7764,17 +13137,19 @@ Kubernetes configures Calico to detect node addresses based on the Kubernetes AP
-interface+ caBundle-string + +Kubernetes core/v1.ConfigMapKeySelector + |
-(Optional)
-Interface enables IP auto-detection based on interfaces that match the given regex. +CABundle is where we read the CA bundle from to authenticate the +destination (if non-empty) |
@@ -7782,9 +13157,11 @@ Interface enables IP auto-detection based on interfaces that match the given reg
-skipInterface+ mtlsCert-string + +Kubernetes core/v1.SecretKeySelector + |
@@ -7792,8 +13169,8 @@ string
(Optional)
|
-canReach+ mtlsKey-string + +Kubernetes core/v1.SecretKeySelector + |
@@ -7811,8 +13190,8 @@ string
(Optional)
|
-cidrs+ unauthenticated-[]string +bool |
+(Optional)
-CIDRS enables IP auto-detection based on which addresses on the nodes are within -one of the provided CIDRs. +Unauthenticated says whether the request should go through authentication. This is only applicable if the Target +is UI. |
string alias)(Appears on: -TyphaAffinity) +TLSPassThroughRouteSpec, +TLSTerminatedRouteSpec)
+-NodeAffinity is similar to *v1.NodeAffinity, but allows us to limit available schedulers. + +(Appears on: +TenantSpec) +
-preferredDuringSchedulingIgnoredDuringExecution+ url- -[]Kubernetes core/v1.PreferredSchedulingTerm - +string |
-(Optional)
- -The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. - |
-requiredDuringSchedulingIgnoredDuringExecution+ kibanaURL- -Kubernetes core/v1.NodeSelector - +string |
-(Optional)
- -WARNING: Please note that if the affinity requirements specified by this field are not met at -scheduling time, the pod will NOT be scheduled onto the node. -There is no fallback to another affinity rules with this setting. -This may cause networking disruption or even catastrophic failure! -PreferredDuringSchedulingIgnoredDuringExecution should be used for affinity -unless there is a specific well understood reason to use RequiredDuringSchedulingIgnoredDuringExecution and -you can guarantee that the RequiredDuringSchedulingIgnoredDuringExecution will always have sufficient nodes to satisfy the requirement. -NOTE: RequiredDuringSchedulingIgnoredDuringExecution is set by default for AKS nodes, -to avoid scheduling Typhas on virtual-nodes. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node. - |
string alias)+
mutualTLS-NonPrivilegedType specifies whether Calico runs as permissioned or not -
--One of: Enabled, Disabled -
-string alias)-OIDCType defines how OIDC is configured for Tigera Enterprise. Dex should be the best option for most use-cases. -The Tigera option can help in specific use-cases, for instance, when you are unable to configure a client secret. -One of: Dex, Tigera -
-+
-PolicyRecommendationSpec defines configuration for the Calico Enterprise Policy Recommendation -service. -
-(Appears on: -PolicyRecommendation) +Tenant) -
--PolicyRecommendationStatus defines the observed state of Tigera policy recommendation.
-state+ idstring @@ -7972,134 +13312,101 @@ string |
-State provides user-readable status. +ID is the unique identifier for this tenant. |
string alias)+
name-ProductVariant represents the variant of the product. -
--One of: Calico, TigeraSecureEnterprise -
-string alias)-PromptType is a value that specifies whether the identity provider prompts the end user for re-authentication and -consent. -One of: None, Login, Consent, SelectAccount. +Name is a human readable name for this tenant.
-string alias)-(Appears on: -InstallationSpec) +
-Provider represents a particular provider or flavor of Kubernetes. Valid options -are: EKS, GKE, AKS, RKE2, OpenShift, DockerEnterprise. -
-string alias)
+indices
+
+
+[]Index
+
+
-(Appears on:
-TigeraStatusCondition)
+
-StatusConditionType is a type of condition that may apply to a particular component. +Indices defines the how to store a tenant’s data
-| Field | -Description | + +
|---|---|
-secretName+ elastic-string + +TenantElasticSpec + |
-(Optional)
- -SecretName indicates the name of the secret in the tigera-operator namespace that contains the private key and certificate that the management cluster uses when it listens for incoming connections. - --When set to tigera-management-cluster-connection voltron will use the same cert bundle which Guardian client certs are signed with. - -When set to manager-tls, voltron will use the same cert bundle which Manager UI is served with. -This cert bundle must be a publicly signed cert created by the user. -Note that Tigera Operator will generate a self-signed manager-tls cert if one does not exist, -and use of that cert will result in Guardian being unable to verify Voltron’s identity. - --If changed on a running cluster with connected managed clusters, all managed clusters will disconnect as they will no longer be able to verify Voltron’s identity. -To reconnect existing managed clusters, change the tls.ca of the managed clusters’ ManagementClusterConnection resource. - --One of: tigera-management-cluster-connection, manager-tls - --Default: tigera-management-cluster-connection +Elastic configures per-tenant ElasticSearch and Kibana parameters. +This field is required for clusters using external ES. |
+
controlPlaneReplicas+ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed +in the Tenant’s namespace. Defaults to the controlPlaneReplicas in Installation CR
-| Field | -Description | + +
|---|---|
-id+ linseedDeployment-string + +LinseedDeployment + |
-ID is the unique identifier for this tenant. +LinseedDeployment configures the linseed Deployment. |
@@ -8107,10 +13414,10 @@ ID is the unique identifier for this tenant.
-indices+ dashboardsJob- -[]Index + +DashboardsJob @@ -8118,7 +13425,7 @@ ID is the unique identifier for this tenant. |
-Indices defines the how to store a tenant’s data +DashboardsJob configures the Dashboards job |
@@ -8454,6 +13761,7 @@ string