Installation reference
Packages:
operator.tigera.io/v1
API Schema definitions for configuring the installation of Calico and Calico Enterprise
Resource Types:ImageSet
ImageSet is used to specify image digests for the images that the operator deploys.
The name of the ImageSet is expected to be in the format <variang>-<release>
.
The variant
used is enterprise
if the InstallationSpec Variant is
TigeraSecureEnterprise
otherwise it is calico
.
The release
must match the version of the variant that the operator is built to deploy,
this version can be obtained by passing the --version
flag to the operator binary.
Field | Description | ||
---|---|---|---|
apiVersion string |
operator.tigera.io/v1
|
||
kind string |
ImageSet |
||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec ImageSetSpec |
|
Installation
Installation configures an installation of Calico or Calico Enterprise. At most one instance of this resource is supported. It must be named “default”. The Installation API installs core networking and network policy components, and provides general install-time configuration.
Field | Description | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion string |
operator.tigera.io/v1
|
||||||||||||||||||||||||||||||||||
kind string |
Installation |
||||||||||||||||||||||||||||||||||
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||
spec InstallationSpec |
Specification of the desired state for the Calico or Calico Enterprise installation.
|
||||||||||||||||||||||||||||||||||
status InstallationStatus |
Most recently observed state for the Calico or Calico Enterprise installation. |
TigeraStatus
TigeraStatus represents the most recently observed status for Calico or a Calico Enterprise functional area.
Field | Description |
---|---|
apiVersion string |
operator.tigera.io/v1
|
kind string |
TigeraStatus |
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
spec TigeraStatusSpec |
|
status TigeraStatusStatus |
BGPOption
(string
alias)
(Appears on: CalicoNetworkSpec)
BGPOption describes the mode of BGP to use.
One of: Enabled, Disabled
CNIPluginType
(string
alias)
(Appears on: CNISpec)
CNIPluginType describes the type of CNI plugin used.
One of: Calico, GKE, AmazonVPC, AzureVNET
CNISpec
(Appears on: InstallationSpec)
CNISpec contains configuration for the CNI plugin.
Field | Description |
---|---|
type CNIPluginType |
Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation. * For KubernetesProvider GKE, this field defaults to GKE. * For KubernetesProvider AKS, this field defaults to AzureVNET. * For KubernetesProvider EKS, this field defaults to AmazonVPC. * If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC. * For all other cases this field defaults to Calico. For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment, for all other values the CNI plugin binaries and CNI config is a dependency that is expected to be installed separately. Default: Calico |
ipam IPAMSpec |
(Optional)
IPAM specifies the pod IP address management that will be used in the Calico or Calico Enterprise installation. |
CalicoNetworkSpec
(Appears on: InstallationSpec)
CalicoNetworkSpec specifies configuration options for Calico provided pod networking.
Field | Description |
---|---|
linuxDataplane LinuxDataplaneOption |
(Optional)
LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, iptables mode is used. Default: Iptables |
bgp BGPOption |
(Optional)
BGP configures whether or not to enable Calico’s BGP capabilities. |
ipPools []IPPool |
(Optional)
IPPools contains a list of IP pools to create if none exist. At most one IP pool of each address family may be specified. If omitted, a single pool will be configured if needed. |
mtu int32 |
(Optional)
MTU specifies the maximum transmission unit to use on the pod network. If not specified, Calico will perform MTU auto-detection based on the cluster network. |
nodeAddressAutodetectionV4 NodeAddressAutodetection |
(Optional)
NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified, will use default auto-detection settings to acquire an IPv4 address for each node. |
nodeAddressAutodetectionV6 NodeAddressAutodetection |
(Optional)
NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified, IPv6 addresses will not be auto-detected. |
hostPorts HostPortsType |
(Optional)
HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin. Default: Enabled |
multiInterfaceMode MultiInterfaceMode |
(Optional)
MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations using the Calico CNI plugin. Default: None |
containerIPForwarding ContainerIPForwardingType |
(Optional)
ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration. Default: Disabled |
CertificateManagement
(Appears on: InstallationSpec)
CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization.
Field | Description |
---|---|
caCert []byte |
Certificate of the authority that signs the CertificateSigningRequests in PEM format. |
signerName string |
When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters
with multiple signers.
Must be formatted as: |
keyAlgorithm string |
(Optional)
Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. Default: RSAWithSize2048 |
signatureAlgorithm string |
(Optional)
Specify the algorithm used for the signature of the X.509 certificate request. Default: SHA256WithRSA |
ComponentName
(string
alias)
(Appears on: ComponentResource)
ComponentName represents a single component.
One of: Node, Typha, KubeControllers
ComponentResource
(Appears on: InstallationSpec)
The ComponentResource struct associates a ResourceRequirements with a component by name
Field | Description |
---|---|
componentName ComponentName |
ComponentName is an enum which identifies the component |
resourceRequirements Kubernetes core/v1.ResourceRequirements |
ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory. |
ConditionStatus
(string
alias)
(Appears on: TigeraStatusCondition)
ConditionStatus represents the status of a particular condition. A condition may be one of: True, False, Unknown.
ContainerIPForwardingType
(string
alias)
(Appears on: CalicoNetworkSpec)
ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled.
EncapsulationType
(string
alias)
(Appears on: IPPool)
EncapsulationType is the type of encapsulation to use on an IP pool.
One of: IPIP, VXLAN, IPIPCrossSubnet, VXLANCrossSubnet, None
HostPortsType
(string
alias)
(Appears on: CalicoNetworkSpec)
HostPortsType specifies host port support.
One of: Enabled, Disabled
IPAMPluginType
(string
alias)
(Appears on: IPAMSpec)
IPAMSpec
(Appears on: CNISpec)
IPAMSpec contains configuration for pod IP address management.
Field | Description |
---|---|
type IPAMPluginType |
Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation. * For CNI Plugin Calico, this field defaults to Calico. * For CNI Plugin GKE, this field defaults to HostLocal. * For CNI Plugin AzureVNET, this field defaults to AzureVNET. * For CNI Plugin AmazonVPC, this field defaults to AmazonVPC. The IPAM plugin is installed and configured only if the CNI plugin is set to Calico, for all other values of the CNI plugin the plugin binaries and CNI config is a dependency that is expected to be installed separately. Default: Calico |
IPPool
(Appears on: CalicoNetworkSpec)
Field | Description |
---|---|
cidr string |
CIDR contains the address range for the IP Pool in classless inter-domain routing format. |
encapsulation EncapsulationType |
(Optional)
Encapsulation specifies the encapsulation type that will be used with the IP Pool. Default: IPIP |
natOutgoing NATOutgoingType |
(Optional)
NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic. Default: Enabled |
nodeSelector string |
(Optional)
NodeSelector specifies the node selector that will be set for the IP Pool. Default: ‘all()’ |
blockSize int32 |
(Optional)
BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6) |
Image
(Appears on: ImageSetSpec)
Field | Description |
---|---|
image string |
Image is an image that the operator deploys and instead of using the built in tag
the operator will use the Digest for the image identifier.
The value should be the image name without registry or tag or digest.
For the image |
digest string |
Digest is the image identifier that will be used for the Image.
The field should not include a leading |
ImageSetSpec
(Appears on: ImageSet)
ImageSetSpec defines the desired state of ImageSet.
Field | Description |
---|---|
images []Image |
Images is the list of images to use digests. All images that the operator will deploy must be specified. |
InstallationSpec
(Appears on: Installation, InstallationStatus)
InstallationSpec defines configuration for a Calico or Calico Enterprise installation.
Field | Description |
---|---|
variant ProductVariant |
(Optional)
Variant is the product to install - one of Calico or TigeraSecureEnterprise Default: Calico |
registry string |
(Optional)
Registry is the default Docker registry used for component Docker images. If specified, all images will be pulled from this registry. If not specified then the default registries will be used. A special case value, UseDefault, is supported to explicitly specify the default registries will be used. Image format:
This option allows configuring the |
imagePath string |
(Optional)
ImagePath allows for the path part of an image to be specified. If specified then the specified value will be used as the image path for each image. If not specified or empty, the default for each image will be used. A special case value, UseDefault, is supported to explicitly specify the default image path will be used for each image. Image format:
This option allows configuring the |
imagePrefix string |
(Optional)
ImagePrefix allows for the prefix part of an image to be specified. If specified then the given value will be used as a prefix on each image. If not specified or empty, no prefix will be used. A special case value, UseDefault, is supported to explicitly specify the default image prefix will be used for each image. Image format:
This option allows configuring the |
imagePullSecrets []Kubernetes core/v1.LocalObjectReference |
(Optional)
ImagePullSecrets is an array of references to container registry pull secrets to use. These are applied to all images to be pulled. |
kubernetesProvider Provider |
(Optional)
KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. If the specified value is empty, the Operator will attempt to automatically determine the current provider. If the specified value is not empty, the Operator will still attempt auto-detection, but will additionally compare the auto-detected value to the specified value to confirm they match. |
cni CNISpec |
(Optional)
CNI specifies the CNI that will be used by this installation. |
calicoNetwork CalicoNetworkSpec |
(Optional)
CalicoNetwork specifies networking configuration options for Calico. |
typhaAffinity TyphaAffinity |
(Optional)
TyphaAffinity allows configuration of node affinity characteristics for Typha pods. |
controlPlaneNodeSelector map[string]string |
(Optional)
ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico components. This is globally applied to all resources created by the operator excluding daemonsets. |
controlPlaneTolerations []Kubernetes core/v1.Toleration |
(Optional)
ControlPlaneTolerations specify tolerations which are then globally applied to all resources created by the operator. |
nodeMetricsPort int32 |
(Optional)
NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then prometheus metrics may still be configured through FelixConfiguration. |
typhaMetricsPort int32 |
(Optional)
TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. |
flexVolumePath string |
(Optional)
FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled by default. If set to ‘None’, FlexVolume will be disabled. The default is based on the kubernetesProvider. |
nodeUpdateStrategy Kubernetes apps/v1.DaemonSetUpdateStrategy |
(Optional)
NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable field. |
componentResources []ComponentResource |
(Optional)
ComponentResources can be used to customize the resource requirements for each component. Node, Typha, and KubeControllers are supported for installations. |
certificateManagement CertificateManagement |
(Optional)
CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization. |
InstallationStatus
(Appears on: Installation)
InstallationStatus defines the observed state of the Calico or Calico Enterprise installation.
Field | Description |
---|---|
variant ProductVariant |
Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise |
mtu int32 |
MTU is the most recently observed value for pod network MTU. This may be an explicitly configured value, or based on Calico’s native auto-detetion. |
imageSet string |
(Optional)
ImageSet is the name of the ImageSet being used, if there is an ImageSet that is being used. If an ImageSet is not being used then this will not be set. |
computed InstallationSpec |
(Optional)
Computed is the final installation including overlaid resources. |
LinuxDataplaneOption
(string
alias)
(Appears on: CalicoNetworkSpec)
LinuxDataplaneOption controls which dataplane is to be used on Linux nodes.
One of: Iptables, BPF
MultiInterfaceMode
(string
alias)
(Appears on: CalicoNetworkSpec)
MultiInterfaceMode describes the method of providing multiple pod interfaces.
One of: None, Multus
NATOutgoingType
(string
alias)
(Appears on: IPPool)
NATOutgoingType describe the type of outgoing NAT to use.
One of: Enabled, Disabled
NodeAddressAutodetection
(Appears on: CalicoNetworkSpec)
NodeAddressAutodetection provides configuration options for auto-detecting node addresses. At most one option can be used. If no detection option is specified, then IP auto detection will be disabled for this address family and IPs must be specified directly on the Node resource.
Field | Description |
---|---|
firstFound bool |
(Optional)
FirstFound uses default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names. |
interface string |
(Optional)
Interface enables IP auto-detection based on interfaces that match the given regex. |
skipInterface string |
(Optional)
SkipInterface enables IP auto-detection based on interfaces that do not match the given regex. |
canReach string |
(Optional)
CanReach enables IP auto-detection based on which source address on the node is used to reach the specified IP or domain. |
cidrs []string |
CIDRS enables IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs. |
PreferredNodeAffinity
(Appears on: TyphaAffinity)
PreferredNodeAffinity is similar to an affinity except it only exposes the Preferred scheduling option, which ensures a pod will still be scheduled even when all the nodes it matches are unschedulable.
Field | Description |
---|---|
preferredDuringSchedulingIgnoredDuringExecution []Kubernetes core/v1.PreferredSchedulingTerm |
(Optional)
The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. |
ProductVariant
(string
alias)
(Appears on: InstallationSpec, InstallationStatus)
ProductVariant represents the variant of the product.
One of: Calico, TigeraSecureEnterprise
PromptType
(string
alias)
PromptType is a value that specifies whether the identity provider prompts the end user for re-authentication and consent. One of: None, Login, Consent, SelectAccount.
Provider
(string
alias)
(Appears on: InstallationSpec)
Provider represents a particular provider or flavor of Kubernetes. Valid options are: EKS, GKE, AKS, OpenShift, DockerEnterprise.
StatusConditionType
(string
alias)
(Appears on: TigeraStatusCondition)
StatusConditionType is a type of condition that may apply to a particular component.
TigeraStatusCondition
(Appears on: TigeraStatusStatus)
TigeraStatusCondition represents a condition attached to a particular component.
Field | Description |
---|---|
type StatusConditionType |
The type of condition. May be Available, Progressing, or Degraded. |
status ConditionStatus |
The status of the condition. May be True, False, or Unknown. |
lastTransitionTime Kubernetes meta/v1.Time |
The timestamp representing the start time for the current status. |
reason string |
A brief reason explaining the condition. |
message string |
Optionally, a detailed message providing additional context. |
TigeraStatusSpec
(Appears on: TigeraStatus)
TigeraStatusSpec defines the desired state of TigeraStatus
TigeraStatusStatus
(Appears on: TigeraStatus)
TigeraStatusStatus defines the observed state of TigeraStatus
Field | Description |
---|---|
conditions []TigeraStatusCondition |
Conditions represents the latest observed set of conditions for this component. A component may be one or more of Available, Progressing, or Degraded. |
TyphaAffinity
(Appears on: InstallationSpec)
TyphaAffinity allows configuration of node affinitiy characteristics for Typha pods.
Field | Description |
---|---|
nodeAffinity PreferredNodeAffinity |
(Optional)
NodeAffinity describes node affinity scheduling rules for typha. |
- operator.tigera.io/v1
- ImageSet
- Installation
- TigeraStatus
- BGPOption
(
string
alias) - CNIPluginType
(
string
alias) - CNISpec
- CalicoNetworkSpec
- CertificateManagement
- ComponentName
(
string
alias) - ComponentResource
- ConditionStatus
(
string
alias) - ContainerIPForwardingType
(
string
alias) - EncapsulationType
(
string
alias) - HostPortsType
(
string
alias) - IPAMPluginType
(
string
alias) - IPAMSpec
- IPPool
- Image
- ImageSetSpec
- InstallationSpec
- InstallationStatus
- LinuxDataplaneOption
(
string
alias) - MultiInterfaceMode
(
string
alias) - NATOutgoingType
(
string
alias) - NodeAddressAutodetection
- PreferredNodeAffinity
- ProductVariant
(
string
alias) - PromptType
(
string
alias) - Provider
(
string
alias) - StatusConditionType
(
string
alias) - TigeraStatusCondition
- TigeraStatusSpec
- TigeraStatusStatus
- TyphaAffinity