Installation reference

Specification of the desired state for the Calico or Calico Enterprise installation.

Most recently observed state for the Calico or Calico Enterprise installation.

Specifies the CNI plugin that will be used in the Calico or Calico Enterprise installation. * For KubernetesProvider GKE, this field defaults to GKE. * For KubernetesProvider AKS, this field defaults to AzureVNET. * For KubernetesProvider EKS, this field defaults to AmazonVPC. * If aws-node daemonset exists in kube-system when the Installation resource is created, this field defaults to AmazonVPC. * For all other cases this field defaults to Calico.

For the value Calico, the CNI plugin binaries and CNI config will be installed as part of deployment, for all other values the CNI plugin binaries and CNI config is a dependency that is expected to be installed separately.

Default: Calico

IPAM specifies the pod IP address management that will be used in the Calico or Calico Enterprise installation.

LinuxDataplane is used to select the dataplane used for Linux nodes. In particular, it causes the operator to add required mounts and environment variables for the particular dataplane. If not specified, iptables mode is used. Default: Iptables

BGP configures whether or not to enable Calico’s BGP capabilities.

IPPools contains a list of IP pools to create if none exist. At most one IP pool of each address family may be specified. If omitted, a single pool will be configured if needed.

MTU specifies the maximum transmission unit to use on the pod network. If not specified, Calico will perform MTU auto-detection based on the cluster network.

NodeAddressAutodetectionV4 specifies an approach to automatically detect node IPv4 addresses. If not specified, will use default auto-detection settings to acquire an IPv4 address for each node.

NodeAddressAutodetectionV6 specifies an approach to automatically detect node IPv6 addresses. If not specified, IPv6 addresses will not be auto-detected.

HostPorts configures whether or not Calico will support Kubernetes HostPorts. Valid only when using the Calico CNI plugin. Default: Enabled

MultiInterfaceMode configures what will configure multiple interface per pod. Only valid for Calico Enterprise installations using the Calico CNI plugin. Default: None

ContainerIPForwarding configures whether ip forwarding will be enabled for containers in the CNI configuration. Default: Disabled

Certificate of the authority that signs the CertificateSigningRequests in PEM format.

When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters with multiple signers. Must be formatted as: <my-domain>/<my-signername>.

Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. Default: RSAWithSize2048

Specify the algorithm used for the signature of the X.509 certificate request. Default: SHA256WithRSA

ComponentName is an enum which identifies the component

ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory.

Specifies the IPAM plugin that will be used in the Calico or Calico Enterprise installation. * For CNI Plugin Calico, this field defaults to Calico. * For CNI Plugin GKE, this field defaults to HostLocal. * For CNI Plugin AzureVNET, this field defaults to AzureVNET. * For CNI Plugin AmazonVPC, this field defaults to AmazonVPC.

The IPAM plugin is installed and configured only if the CNI plugin is set to Calico, for all other values of the CNI plugin the plugin binaries and CNI config is a dependency that is expected to be installed separately.

Default: Calico

CIDR contains the address range for the IP Pool in classless inter-domain routing format.

Encapsulation specifies the encapsulation type that will be used with the IP Pool. Default: IPIP

NATOutgoing specifies if NAT will be enabled or disabled for outgoing traffic. Default: Enabled

NodeSelector specifies the node selector that will be set for the IP Pool. Default: ‘all()’

BlockSize specifies the CIDR prefex length to use when allocating per-node IP blocks from the main IP pool CIDR. Default: 26 (IPv4), 122 (IPv6)

Image is an image that the operator deploys and instead of using the built in tag the operator will use the Digest for the image identifier. The value should be the image name without registry or tag or digest. For the image docker.io/calico/node:v3.17.1 it should be represented as calico/node

Digest is the image identifier that will be used for the Image. The field should not include a leading @ and must be prefixed with sha256:.

Images is the list of images to use digests. All images that the operator will deploy must be specified.

Variant is the product to install - one of Calico or TigeraSecureEnterprise Default: Calico

Registry is the default Docker registry used for component Docker images. If specified, all images will be pulled from this registry. If not specified then the default registries will be used. A special case value, UseDefault, is supported to explicitly specify the default registries will be used.

Image format: <registry>/<imagePath>/<imagePrefix><imageName>:<image-tag>

This option allows configuring the <registry> portion of the above format.

ImagePath allows for the path part of an image to be specified. If specified then the specified value will be used as the image path for each image. If not specified or empty, the default for each image will be used. A special case value, UseDefault, is supported to explicitly specify the default image path will be used for each image.

Image format: <registry>/<imagePath>/<imagePrefix><imageName>:<image-tag>

This option allows configuring the <imagePath> portion of the above format.

ImagePrefix allows for the prefix part of an image to be specified. If specified then the given value will be used as a prefix on each image. If not specified or empty, no prefix will be used. A special case value, UseDefault, is supported to explicitly specify the default image prefix will be used for each image.

Image format: <registry>/<imagePath>/<imagePrefix><imageName>:<image-tag>

This option allows configuring the <imagePrefix> portion of the above format.

ImagePullSecrets is an array of references to container registry pull secrets to use. These are applied to all images to be pulled.

KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. If the specified value is empty, the Operator will attempt to automatically determine the current provider. If the specified value is not empty, the Operator will still attempt auto-detection, but will additionally compare the auto-detected value to the specified value to confirm they match.

CNI specifies the CNI that will be used by this installation.

CalicoNetwork specifies networking configuration options for Calico.

TyphaAffinity allows configuration of node affinity characteristics for Typha pods.

ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico components. This is globally applied to all resources created by the operator excluding daemonsets.

ControlPlaneTolerations specify tolerations which are then globally applied to all resources created by the operator.

NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then prometheus metrics may still be configured through FelixConfiguration.

TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled.

FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled by default. If set to ‘None’, FlexVolume will be disabled. The default is based on the kubernetesProvider.

NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable field.

ComponentResources can be used to customize the resource requirements for each component. Node, Typha, and KubeControllers are supported for installations.

CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise pods will be stuck during initialization.

Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise

MTU is the most recently observed value for pod network MTU. This may be an explicitly configured value, or based on Calico’s native auto-detetion.

ImageSet is the name of the ImageSet being used, if there is an ImageSet that is being used. If an ImageSet is not being used then this will not be set.

Computed is the final installation including overlaid resources.

FirstFound uses default interface matching parameters to select an interface, performing best-effort filtering based on well-known interface names.

Interface enables IP auto-detection based on interfaces that match the given regex.

SkipInterface enables IP auto-detection based on interfaces that do not match the given regex.

CanReach enables IP auto-detection based on which source address on the node is used to reach the specified IP or domain.

CIDRS enables IP auto-detection based on which addresses on the nodes are within one of the provided CIDRs.

The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions.

The type of condition. May be Available, Progressing, or Degraded.

The status of the condition. May be True, False, or Unknown.

The timestamp representing the start time for the current status.

A brief reason explaining the condition.

Optionally, a detailed message providing additional context.

Conditions represents the latest observed set of conditions for this component. A component may be one or more of Available, Progressing, or Degraded.

NodeAffinity describes node affinity scheduling rules for typha.