From 5cbbbe5d384a5b9b4a082681b7ec7f08aa916d06 Mon Sep 17 00:00:00 2001 From: Nell Jerram Date: Fri, 13 Dec 2024 17:44:21 +0000 Subject: [PATCH 01/10] Docs for Gateway API --- calico-enterprise/networking/gateway-api.mdx | 325 +++++++++++++++++++ sidebars-calico-enterprise.js | 1 + 2 files changed, 326 insertions(+) create mode 100644 calico-enterprise/networking/gateway-api.mdx diff --git a/calico-enterprise/networking/gateway-api.mdx b/calico-enterprise/networking/gateway-api.mdx new file mode 100644 index 0000000000..21b6a45307 --- /dev/null +++ b/calico-enterprise/networking/gateway-api.mdx @@ -0,0 +1,325 @@ +--- +description: Enable support for the Kubernetes Gateway API. +--- + +# Gateway API + +## Big picture + +Enable support for the Kubernetes Gateway API. + +## Value + +{{prodname}} includes support for the Kubernetes Gateway API, which allows advanced routing to services in a cluster, including weighted or blue-green load balancing. + +## Concepts + +### Gateway API + +The Gateway API is an official Kubernetes API for advanced routing to services in a cluster. To read about its use cases, structure and design, please see [the official docs](https://gateway-api.sigs.k8s.io/). + +### Envoy Gateway + +Several implementations of the Gateway API are available, one of which is the [Envoy Gateway](https://gateway.envoyproxy.io/). {{prodname}} integrates the Envoy Gateway implementation in order to provide support for the Gateway API. + +### Access into a cluster from outside + +The Gateway API only provides access into a cluster from outside when the cluster is _also_ provisioned to support Kubernetes Services with `type: LoadBalancer`. When a Gateway is configured, {{prodname}} creates a Deployment that does the actual work of routing and load balancing, etc., and a Service with `type: LoadBalancer` that fronts that Deployment. If the cluster has a `type: LoadBalancer` provider, it will then allocate an IP outside the cluster and arrange for requests to that IP to be forwarded to the Gateway Service. + +Managed Kubernetes services like AKS, EKS and GKE include a `type: LoadBalancer` provider that automatically integrates with Azure, AWS and GCP respectively. On-prem clusters and non-managed clusters in the cloud need to set up their own `type: LoadBalancer` support. + +## Before you begin + +**Unsupported** + +- Windows + +## How to + +- [Enable Gateway API support](#enable-gateway-api-support) +- [Use the Gateway API](#use-the-gateway-api) +- [Disable Gateway API support](#disable-gateway-api-support) + +### Enable Gateway API support + +To enable Gateway API support, create a `GatewayAPI` resource with name `tigera-secure`: + +```bash +kubectl apply -f - </ns1/subpath?query=demo | jq +``` + +- The output confirms that the request was handled by the echo server in namespace `ns1`: + +``` +``` + +- Curl from the test client pod to a URL that should be handled by the echo server in namespace `ns2`, via the Gateway: + +```bash +curl http:///ns2/subpath?query=demo | jq +``` + +- The output confirms that the request was handled by the echo server in namespace `ns2`: + +``` +``` + +### Disable Gateway API support + +To disable Gateway API support, delete the `GatewayAPI` resource with name `tigera-secure`: + +```bash +kubectl delete -f - < Date: Mon, 16 Dec 2024 11:06:46 +0000 Subject: [PATCH 02/10] List exact Gateway API resources and versions that we provide --- calico-enterprise/networking/gateway-api.mdx | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/calico-enterprise/networking/gateway-api.mdx b/calico-enterprise/networking/gateway-api.mdx index 21b6a45307..2b4bb4f371 100644 --- a/calico-enterprise/networking/gateway-api.mdx +++ b/calico-enterprise/networking/gateway-api.mdx @@ -16,7 +16,20 @@ Enable support for the Kubernetes Gateway API. ### Gateway API -The Gateway API is an official Kubernetes API for advanced routing to services in a cluster. To read about its use cases, structure and design, please see [the official docs](https://gateway-api.sigs.k8s.io/). +The Gateway API is an official Kubernetes API for advanced routing to services in a cluster. To read about its use cases, structure and design, please see [the official docs](https://gateway-api.sigs.k8s.io/). Specifically {{prodname}} provides the following resources and versions of the Gateway API. + +| Resource | Versions | +| ---------------- | ----------------- | +| BackendLBPolicy | v1alpha2 | +| BackendTLSPolicy | v1alpha3 | +| GatewayClass | v1, v1beta1 | +| Gateway | v1, v1beta1 | +| GRPCRoute | v1, v1alpha2 | +| HTTPRoute | v1, v1beta1 | +| ReferenceGrant | v1beta1, v1alpha2 | +| TCPRoute | v1alpha2 | +| TLSRoute | v1alpha2 | +| UDPRoute | v1alpha2 | ### Envoy Gateway From 13d812bb64bc60a83dd338daee031cdc529c885b Mon Sep 17 00:00:00 2001 From: Nell Jerram Date: Mon, 16 Dec 2024 14:34:26 +0000 Subject: [PATCH 03/10] Be less verbose --- calico-enterprise/networking/gateway-api.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/calico-enterprise/networking/gateway-api.mdx b/calico-enterprise/networking/gateway-api.mdx index 2b4bb4f371..9e52e8350b 100644 --- a/calico-enterprise/networking/gateway-api.mdx +++ b/calico-enterprise/networking/gateway-api.mdx @@ -16,7 +16,7 @@ Enable support for the Kubernetes Gateway API. ### Gateway API -The Gateway API is an official Kubernetes API for advanced routing to services in a cluster. To read about its use cases, structure and design, please see [the official docs](https://gateway-api.sigs.k8s.io/). Specifically {{prodname}} provides the following resources and versions of the Gateway API. +The Gateway API is an official Kubernetes API for advanced routing to services in a cluster. To read about its use cases, structure and design, please see [the official docs](https://gateway-api.sigs.k8s.io/). {{prodname}} provides the following resources and versions of the Gateway API. | Resource | Versions | | ---------------- | ----------------- | From 9c6e6d1e1f7d220e1e3c735560e460e60fbeec80 Mon Sep 17 00:00:00 2001 From: Nell Jerram Date: Mon, 16 Dec 2024 16:23:26 +0000 Subject: [PATCH 04/10] Add more detail into the sample scenario --- calico-enterprise/networking/gateway-api.mdx | 26 +++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/calico-enterprise/networking/gateway-api.mdx b/calico-enterprise/networking/gateway-api.mdx index 9e52e8350b..1ea49c080a 100644 --- a/calico-enterprise/networking/gateway-api.mdx +++ b/calico-enterprise/networking/gateway-api.mdx @@ -72,10 +72,34 @@ Shortly after this you will see that Gateway API resources are now available: kubectl api-resources | grep gateway.networking.k8s.io ``` +Which gives: +``` +backendlbpolicies blbpolicy gateway.networking.k8s.io/v1alpha2 true BackendLBPolicy +backendtlspolicies btlspolicy gateway.networking.k8s.io/v1alpha3 true BackendTLSPolicy +gatewayclasses gc gateway.networking.k8s.io/v1 false GatewayClass +gateways gtw gateway.networking.k8s.io/v1 true Gateway +grpcroutes gateway.networking.k8s.io/v1 true GRPCRoute +httproutes gateway.networking.k8s.io/v1 true HTTPRoute +referencegrants refgrant gateway.networking.k8s.io/v1beta1 true ReferenceGrant +tcproutes gateway.networking.k8s.io/v1alpha2 true TCPRoute +tlsroutes gateway.networking.k8s.io/v1alpha2 true TLSRoute +udproutes gateway.networking.k8s.io/v1alpha2 true UDPRoute +``` + And also that there is a GatewayClass resource corresponding to the Envoy Gateway implementation included in {{prodname}}: ```bash -kubectl get gatewayclass -o yaml +kubectl get gatewayclass -o yaml | yq r - 'items[0].spec' +``` + +Which gives: +``` +controllerName: gateway.envoyproxy.io/gatewayclass-controller +parametersRef: + group: gateway.envoyproxy.io + kind: EnvoyProxy + name: envoy-proxy-config + namespace: tigera-gateway ``` ### Use the Gateway API From a88dc7721c6d2ea935b1f60a8d0683e3deac1140 Mon Sep 17 00:00:00 2001 From: Nell Jerram Date: Tue, 17 Dec 2024 10:29:52 +0000 Subject: [PATCH 05/10] Add "tech preview" note and remove "Which gives" --- calico-enterprise/networking/gateway-api.mdx | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/calico-enterprise/networking/gateway-api.mdx b/calico-enterprise/networking/gateway-api.mdx index 1ea49c080a..f8e0c26594 100644 --- a/calico-enterprise/networking/gateway-api.mdx +++ b/calico-enterprise/networking/gateway-api.mdx @@ -8,6 +8,12 @@ description: Enable support for the Kubernetes Gateway API. Enable support for the Kubernetes Gateway API. +:::note + +This feature is tech preview. Tech preview features may be subject to significant changes before they become GA. + +::: + ## Value {{prodname}} includes support for the Kubernetes Gateway API, which allows advanced routing to services in a cluster, including weighted or blue-green load balancing. @@ -72,7 +78,6 @@ Shortly after this you will see that Gateway API resources are now available: kubectl api-resources | grep gateway.networking.k8s.io ``` -Which gives: ``` backendlbpolicies blbpolicy gateway.networking.k8s.io/v1alpha2 true BackendLBPolicy backendtlspolicies btlspolicy gateway.networking.k8s.io/v1alpha3 true BackendTLSPolicy @@ -92,7 +97,6 @@ And also that there is a GatewayClass resource corresponding to the Envoy Gatewa kubectl get gatewayclass -o yaml | yq r - 'items[0].spec' ``` -Which gives: ``` controllerName: gateway.envoyproxy.io/gatewayclass-controller parametersRef: From 6b567bb6fc6d4495cf315129294c9e807e58e504 Mon Sep 17 00:00:00 2001 From: Nell Jerram Date: Tue, 17 Dec 2024 11:29:12 +0000 Subject: [PATCH 06/10] More detail, checking if I can indent code blocks --- calico-enterprise/networking/gateway-api.mdx | 144 +++++++++++++++++-- 1 file changed, 131 insertions(+), 13 deletions(-) diff --git a/calico-enterprise/networking/gateway-api.mdx b/calico-enterprise/networking/gateway-api.mdx index f8e0c26594..1fdce9a006 100644 --- a/calico-enterprise/networking/gateway-api.mdx +++ b/calico-enterprise/networking/gateway-api.mdx @@ -324,31 +324,149 @@ EOF - Find the cluster IP of the Gateway Service: -```bash -kubectl get services -n tigera-gateway-system -o wide -``` + ```bash + kubectl get services -n tigera-gateway + ``` + + ``` + NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE + envoy-default-eg-e41e7b31 LoadBalancer 10.0.20.19 135.232.51.10 80:32636/TCP 9m3s + envoy-gateway ClusterIP 10.0.24.12 18000/TCP,18001/TCP,18002/TCP,19001/TCP 36m + ``` + + The Service for the Gateway is the one beginning with `envoy-default-`, followed by the name of the Gateway resource. So the correct cluster IP in this case is 10.0.20.19. (The `envoy-gateway` Service represents the gateway controller, which is the component that monitors for Gateway API resources and creates corresponding components to implement those.) - Curl from the test client pod to a URL that should be handled by the echo server in namespace `ns1`, via the Gateway: -```bash -curl http:///ns1/subpath?query=demo | jq -``` + ```bash + kubectl exec -it test-client -- curl http://10.0.20.19/ns1/subpath?query=demo | jq + ``` - The output confirms that the request was handled by the echo server in namespace `ns1`: -``` -``` + ``` + { + "host": { + "hostname": "10.0.20.19", + "ip": "::ffff:10.224.0.10", + "ips": [] + }, + "http": { + "method": "GET", + "baseUrl": "", + "originalUrl": "/ns1/subpath?query=demo", + "protocol": "http" + }, + "request": { + "params": { + "0": "/ns1/subpath" + }, + "query": { + "query": "demo" + }, + "cookies": {}, + "body": {}, + "headers": { + "host": "10.0.20.19", + "user-agent": "curl/8.5.0", + "accept": "*/*", + "x-forwarded-for": "10.224.0.18", + "x-forwarded-proto": "http", + "x-envoy-internal": "true", + "x-request-id": "f648ec0a-650c-4f10-b8ce-218f4940f2e2" + } + }, + "environment": { + "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "HOSTNAME": "echoserver-79974b75cd-9s6zl", + "NODE_VERSION": "20.11.0", + "YARN_VERSION": "1.22.19", + "PORT": "80", + "KUBERNETES_PORT_443_TCP": "tcp://10.0.0.1:443", + "KUBERNETES_SERVICE_PORT_HTTPS": "443", + "KUBERNETES_PORT_443_TCP_ADDR": "10.0.0.1", + "ECHOSERVER_SERVICE_PORT": "80", + "KUBERNETES_SERVICE_HOST": "10.0.0.1", + "KUBERNETES_PORT": "tcp://10.0.0.1:443", + "KUBERNETES_PORT_443_TCP_PROTO": "tcp", + "KUBERNETES_PORT_443_TCP_PORT": "443", + "ECHOSERVER_PORT_80_TCP": "tcp://10.0.111.210:80", + "ECHOSERVER_PORT_80_TCP_PROTO": "tcp", + "KUBERNETES_SERVICE_PORT": "443", + "ECHOSERVER_SERVICE_HOST": "10.0.111.210", + "ECHOSERVER_PORT": "tcp://10.0.111.210:80", + "ECHOSERVER_PORT_80_TCP_PORT": "80", + "ECHOSERVER_PORT_80_TCP_ADDR": "10.0.111.210", + "HOME": "/root" + } + } + ``` - Curl from the test client pod to a URL that should be handled by the echo server in namespace `ns2`, via the Gateway: -```bash -curl http:///ns2/subpath?query=demo | jq -``` + ```bash + curl http:///ns2/subpath?query=demo | jq + ``` - The output confirms that the request was handled by the echo server in namespace `ns2`: -``` -``` + ``` + { + "host": { + "hostname": "10.0.20.19", + "ip": "::ffff:10.224.0.10", + "ips": [] + }, + "http": { + "method": "GET", + "baseUrl": "", + "originalUrl": "/ns1/subpath?query=demo", + "protocol": "http" + }, + "request": { + "params": { + "0": "/ns1/subpath" + }, + "query": { + "query": "demo" + }, + "cookies": {}, + "body": {}, + "headers": { + "host": "10.0.20.19", + "user-agent": "curl/8.5.0", + "accept": "*/*", + "x-forwarded-for": "10.224.0.18", + "x-forwarded-proto": "http", + "x-envoy-internal": "true", + "x-request-id": "f648ec0a-650c-4f10-b8ce-218f4940f2e2" + } + }, + "environment": { + "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "HOSTNAME": "echoserver-79974b75cd-9s6zl", + "NODE_VERSION": "20.11.0", + "YARN_VERSION": "1.22.19", + "PORT": "80", + "KUBERNETES_PORT_443_TCP": "tcp://10.0.0.1:443", + "KUBERNETES_SERVICE_PORT_HTTPS": "443", + "KUBERNETES_PORT_443_TCP_ADDR": "10.0.0.1", + "ECHOSERVER_SERVICE_PORT": "80", + "KUBERNETES_SERVICE_HOST": "10.0.0.1", + "KUBERNETES_PORT": "tcp://10.0.0.1:443", + "KUBERNETES_PORT_443_TCP_PROTO": "tcp", + "KUBERNETES_PORT_443_TCP_PORT": "443", + "ECHOSERVER_PORT_80_TCP": "tcp://10.0.111.210:80", + "ECHOSERVER_PORT_80_TCP_PROTO": "tcp", + "KUBERNETES_SERVICE_PORT": "443", + "ECHOSERVER_SERVICE_HOST": "10.0.111.210", + "ECHOSERVER_PORT": "tcp://10.0.111.210:80", + "ECHOSERVER_PORT_80_TCP_PORT": "80", + "ECHOSERVER_PORT_80_TCP_ADDR": "10.0.111.210", + "HOME": "/root" + } + } + ``` ### Disable Gateway API support From 0a2776228b7a8f3b22ca9c8df28c0cb2651f169d Mon Sep 17 00:00:00 2001 From: Nell Jerram Date: Tue, 17 Dec 2024 11:38:11 +0000 Subject: [PATCH 07/10] Indenting works, so apply it everywhere --- calico-enterprise/networking/gateway-api.mdx | 366 +++++++++---------- 1 file changed, 176 insertions(+), 190 deletions(-) diff --git a/calico-enterprise/networking/gateway-api.mdx b/calico-enterprise/networking/gateway-api.mdx index 1fdce9a006..3a84aab5b1 100644 --- a/calico-enterprise/networking/gateway-api.mdx +++ b/calico-enterprise/networking/gateway-api.mdx @@ -114,213 +114,199 @@ By way of a simple example: - Create echo servers in namespaces `ns1` and `ns2`: -```bash -kubectl apply -f - < Date: Tue, 17 Dec 2024 11:46:29 +0000 Subject: [PATCH 08/10] Complete and refine per testing --- calico-enterprise/networking/gateway-api.mdx | 90 +++++--------------- 1 file changed, 19 insertions(+), 71 deletions(-) diff --git a/calico-enterprise/networking/gateway-api.mdx b/calico-enterprise/networking/gateway-api.mdx index 3a84aab5b1..d40de8a3f4 100644 --- a/calico-enterprise/networking/gateway-api.mdx +++ b/calico-enterprise/networking/gateway-api.mdx @@ -328,7 +328,7 @@ By way of a simple example: kubectl exec -it test-client -- curl http://10.0.20.19/ns1/subpath?query=demo | jq ``` -- The output confirms that the request was handled by the echo server in namespace `ns1`: +- The output confirms - see the `"HOSTNAME"` line - that the request was handled by the echo server in namespace `ns1`: ``` { @@ -359,30 +359,30 @@ By way of a simple example: "x-forwarded-for": "10.224.0.18", "x-forwarded-proto": "http", "x-envoy-internal": "true", - "x-request-id": "f648ec0a-650c-4f10-b8ce-218f4940f2e2" + "x-request-id": "375a5b78-60fc-4a87-89b0-b4c6501115ca" } }, "environment": { "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "HOSTNAME": "echoserver-79974b75cd-9s6zl", + "HOSTNAME": "echoserver-ns1", "NODE_VERSION": "20.11.0", "YARN_VERSION": "1.22.19", "PORT": "80", - "KUBERNETES_PORT_443_TCP": "tcp://10.0.0.1:443", - "KUBERNETES_SERVICE_PORT_HTTPS": "443", - "KUBERNETES_PORT_443_TCP_ADDR": "10.0.0.1", - "ECHOSERVER_SERVICE_PORT": "80", + "ECHOSERVER_SERVICE_HOST": "10.0.111.210", + "ECHOSERVER_PORT": "tcp://10.0.111.210:80", + "ECHOSERVER_PORT_80_TCP": "tcp://10.0.111.210:80", "KUBERNETES_SERVICE_HOST": "10.0.0.1", + "KUBERNETES_SERVICE_PORT": "443", + "KUBERNETES_SERVICE_PORT_HTTPS": "443", + "ECHOSERVER_PORT_80_TCP_ADDR": "10.0.111.210", "KUBERNETES_PORT": "tcp://10.0.0.1:443", - "KUBERNETES_PORT_443_TCP_PROTO": "tcp", + "ECHOSERVER_SERVICE_PORT": "80", + "ECHOSERVER_PORT_80_TCP_PORT": "80", "KUBERNETES_PORT_443_TCP_PORT": "443", - "ECHOSERVER_PORT_80_TCP": "tcp://10.0.111.210:80", "ECHOSERVER_PORT_80_TCP_PROTO": "tcp", - "KUBERNETES_SERVICE_PORT": "443", - "ECHOSERVER_SERVICE_HOST": "10.0.111.210", - "ECHOSERVER_PORT": "tcp://10.0.111.210:80", - "ECHOSERVER_PORT_80_TCP_PORT": "80", - "ECHOSERVER_PORT_80_TCP_ADDR": "10.0.111.210", + "KUBERNETES_PORT_443_TCP": "tcp://10.0.0.1:443", + "KUBERNETES_PORT_443_TCP_PROTO": "tcp", + "KUBERNETES_PORT_443_TCP_ADDR": "10.0.0.1", "HOME": "/root" } } @@ -391,72 +391,20 @@ By way of a simple example: - Curl from the test client pod to a URL that should be handled by the echo server in namespace `ns2`, via the Gateway: ```bash - curl http:///ns2/subpath?query=demo | jq + kubectl exec -it test-client -- curl http://10.0.20.19/ns2/subpath?query=demo | jq ``` - The output confirms that the request was handled by the echo server in namespace `ns2`: ``` - { - "host": { - "hostname": "10.0.20.19", - "ip": "::ffff:10.224.0.10", - "ips": [] - }, - "http": { - "method": "GET", - "baseUrl": "", - "originalUrl": "/ns1/subpath?query=demo", - "protocol": "http" - }, - "request": { - "params": { - "0": "/ns1/subpath" - }, - "query": { - "query": "demo" - }, - "cookies": {}, - "body": {}, - "headers": { - "host": "10.0.20.19", - "user-agent": "curl/8.5.0", - "accept": "*/*", - "x-forwarded-for": "10.224.0.18", - "x-forwarded-proto": "http", - "x-envoy-internal": "true", - "x-request-id": "f648ec0a-650c-4f10-b8ce-218f4940f2e2" - } - }, - "environment": { - "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "HOSTNAME": "echoserver-79974b75cd-9s6zl", - "NODE_VERSION": "20.11.0", - "YARN_VERSION": "1.22.19", - "PORT": "80", - "KUBERNETES_PORT_443_TCP": "tcp://10.0.0.1:443", - "KUBERNETES_SERVICE_PORT_HTTPS": "443", - "KUBERNETES_PORT_443_TCP_ADDR": "10.0.0.1", - "ECHOSERVER_SERVICE_PORT": "80", - "KUBERNETES_SERVICE_HOST": "10.0.0.1", - "KUBERNETES_PORT": "tcp://10.0.0.1:443", - "KUBERNETES_PORT_443_TCP_PROTO": "tcp", - "KUBERNETES_PORT_443_TCP_PORT": "443", - "ECHOSERVER_PORT_80_TCP": "tcp://10.0.111.210:80", - "ECHOSERVER_PORT_80_TCP_PROTO": "tcp", - "KUBERNETES_SERVICE_PORT": "443", - "ECHOSERVER_SERVICE_HOST": "10.0.111.210", - "ECHOSERVER_PORT": "tcp://10.0.111.210:80", - "ECHOSERVER_PORT_80_TCP_PORT": "80", - "ECHOSERVER_PORT_80_TCP_ADDR": "10.0.111.210", - "HOME": "/root" - } - } + ... + "HOSTNAME": "echoserver-ns2", + ... ``` ### Disable Gateway API support -To disable Gateway API support, delete the `GatewayAPI` resource with name `tigera-secure`: +To disable Gateway API support, first delete all the Gateway API resources that you have configured yourself. In the example above, that would be the ReferenceGrants, the HTTPRoutes and the Gateway. Then delete the `GatewayAPI` resource with name `tigera-secure`: ```bash kubectl delete -f - < Date: Wed, 18 Dec 2024 11:59:34 +0000 Subject: [PATCH 09/10] Regenerate operator API docs --- .../reference/installation/_api.mdx | 2633 ++++++++++++++--- 1 file changed, 2263 insertions(+), 370 deletions(-) diff --git a/calico-enterprise/reference/installation/_api.mdx b/calico-enterprise/reference/installation/_api.mdx index bc26bb563f..508c389b62 100644 --- a/calico-enterprise/reference/installation/_api.mdx +++ b/calico-enterprise/reference/installation/_api.mdx @@ -22,6 +22,8 @@ Resource Types:
  • EgressGateway
  • +GatewayAPI +
  • ImageSet
  • Installation @@ -1043,6 +1045,135 @@ EgressGatewayStatus + + + + +

    GatewayAPI

    + + + + + + + + + + + + + + + + + + + + + + + @@ -1790,6 +1921,7 @@ FIPSMode (Optional)

    FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. +Only supported for Variant=Calico. Default: Disabled

    @@ -1851,6 +1983,48 @@ Windows Configuration Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows.

    + + + + + + + + +
    FieldDescription
    + +apiVersion
    +string +    		 + + +operator.tigera.io/v1 + + +
    + +kind
    +string + +    		 +GatewayAPI +
    + +metadata
    + + +Kubernetes meta/v1.ObjectMeta + + + +    		 + +Refer to the Kubernetes API documentation for the fields of the +metadata field. + +
    + +spec
    + + +GatewayAPISpec + + + +    		 + +
    +
    + + + + + + + + + + + + + +
    +gatewayControllerDeployment
    + + +GatewayControllerDeployment + + + +    		 + +

    +Allow optional customization of the gateway controller deployment. +

    + +
    + +gatewayCertgenJob
    + + +GatewayCertgenJob + + + +    		 + +

    +Allow optional customization of the gateway certgen job. +

    + +
    + +gatewayDeployment
    + + +GatewayDeployment + + + +    		 + +

    +Allow optional customization of gateway deployments. +

    + +
    + +azure
    + + +Azure + + + +    		 + +(Optional) +

    +Azure is used to configure azure provider specific options. +

    + +
    + +proxy
    + + +Proxy + + + +    		 + +(Optional) +

    +Proxy is used to configure the HTTP(S) proxy settings that will be applied to Tigera containers that connect +to destinations outside the cluster. It is expected that NO_PROXY is configured such that destinations within +the cluster (including the API server) are exempt from proxying. +

    +
    @@ -2549,6 +2723,25 @@ ElasticsearchMetricsDeployment ElasticsearchMetricsDeployment configures the tigera-elasticsearch-metric Deployment.

    + + + + + +esGatewayDeployment
    + + +ESGatewayDeployment + + + + + + +

    +ESGatewayDeployment configures the es-gateway Deployment. +

    + @@ -5145,6 +5338,25 @@ State provides user-readable status. +sidecarWebhook
    + + +SidecarWebhookStateType + + + + + + +

    +SidecarWebhook provides the state of sidecar injection mutatinwebhookconfiguration +

    + + + + + + conditions
    @@ -5704,6 +5916,46 @@ Conditions represents the latest observed set of conditions for the component. A Ready, Progressing, Degraded or other customer types.

    + + + + +

    Azure

    +

    + +(Appears on: +InstallationSpec) + +

    + + + + + + + + + + + @@ -6737,8 +6989,10 @@ BGP configures whether or not to enable Calico’s BGP capabilities. (Optional)

    -IPPools contains a list of IP pools to create if none exist. At most one IP pool of each -address family may be specified. If omitted, a single pool will be configured if needed. +IPPools contains a list of IP pools to manage. If nil, a single IPv4 IP pool +will be created by the operator. If an empty list is provided, the operator will not create any IP pools and will instead +wait for IP pools to be created out-of-band. +IP pools in this list will be reconciled by the operator and should not be modified out-of-band.

    @@ -11645,15 +11899,15 @@ Template describes the EKSLogForwarder Deployment pod that will be created.
    FieldDescription
    + +policyMode
    + + +PolicyMode + + + +    		 + +(Optional) +

    +PolicyMode determines whether the “control-plane” label is applied to namespaces. It offers two options: Default and Manual. +The Default option adds the “control-plane” label to the required namespaces. +The Manual option does not apply the “control-plane” label to any namespace. +Default: Default +

    +
    -

    EgressGatewayDeploymentPodSpec

    +

    ESGatewayDeployment

    (Appears on: -EgressGatewayDeploymentPodTemplateSpec) +LogStorageSpec)

    -EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment’s PodSpec. +ESGatewayDeployment is the configuration for the es-gateway Deployment.

    @@ -11666,10 +11920,10 @@ EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment’s PodSpec. + +
    -initContainers
    +spec
    - -[]EGWDeploymentInitContainer + +ESGatewayDeploymentSpec @@ -11678,31 +11932,49 @@ EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment’s PodSpec. (Optional)

    -InitContainers is a list of EGW init containers. -If specified, this overrides the specified EGW Deployment init containers. -If omitted, the EGW Deployment will use its default values for its init containers. +Spec is the specification of the es-gateway Deployment.

    +
    +
    + +
    +

    ESGatewayDeploymentContainer

    +

    + +(Appears on: +ESGatewayDeploymentPodSpec) + +

    +

    +ESGatewayDeploymentContainer is a es-gateway Deployment container. +

    + + + + + + + + @@ -11710,10 +11982,10 @@ If omitted, the EGW Deployment will use its default values for its containers. - - +
    FieldDescription
    -containers
    +name
    - -[]EGWDeploymentContainer - +string     		-(Optional)

    -Containers is a list of EGW containers. -If specified, this overrides the specified EGW Deployment containers. -If omitted, the EGW Deployment will use its default values for its containers. +Name is an enum which identifies the es-gateway Deployment container by name. +Supported values are: tigera-secure-es-gateway

    -affinity
    +resources
    - -Kubernetes core/v1.Affinity + +Kubernetes core/v1.ResourceRequirements @@ -11722,43 +11994,47 @@ Kubernetes core/v1.Affinity (Optional)

    -Affinity is a group of affinity scheduling rules for the EGW pods. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named es-gateway Deployment container’s resources. +If omitted, the es-gateway Deployment will use its default value for this container’s resources.

    - -nodeSelector
    - -map[string]string - +
    +

    ESGatewayDeploymentInitContainer

    +

    - - +(Appears on: +ESGatewayDeploymentPodSpec) -(Optional) +

    -NodeSelector gives more control over the nodes where the Egress Gateway pods will run on. +ESGatewayDeploymentInitContainer is a es-gateway Deployment init container.

    - - + + + + + + + @@ -11766,10 +12042,10 @@ TerminationGracePeriodSeconds defines the termination grace period of the Egress + +
    FieldDescription
    -terminationGracePeriodSeconds
    +name
    -int64 +string     		-(Optional)

    -TerminationGracePeriodSeconds defines the termination grace period of the Egress Gateway pods in seconds. +Name is an enum which identifies the es-gateway Deployment init container by name. +Supported values are: tigera-secure-elasticsearch-cert-key-cert-provisioner

    -topologySpreadConstraints
    +resources
    - -[]Kubernetes core/v1.TopologySpreadConstraint + +Kubernetes core/v1.ResourceRequirements @@ -11778,18 +12054,40 @@ TerminationGracePeriodSeconds defines the termination grace period of the Egress (Optional)

    -TopologySpreadConstraints defines how the Egress Gateway pods should be spread across different AZs. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named es-gateway Deployment init container’s resources. +If omitted, the es-gateway Deployment will use its default value for this init container’s resources.

    +

    ESGatewayDeploymentPodSpec

    +

    + +(Appears on: +ESGatewayDeploymentPodTemplateSpec) + +

    +

    +ESGatewayDeploymentPodSpec is the es-gateway Deployment’s PodSpec. +

    + + + + + + + + @@ -11808,9 +12106,11 @@ If omitted, the EGW Deployment will use its default value for tolerations. @@ -11818,22 +12118,24 @@ string (Optional)

    -PriorityClassName allows to specify a PriorityClass resource to be used. +Containers is a list of es-gateway containers. +If specified, this overrides the specified es-gateway Deployment containers. +If omitted, the es-gateway Deployment will use its default values for its containers.

    FieldDescription
    -tolerations
    +initContainers
    - -[]Kubernetes core/v1.Toleration + +[]ESGatewayDeploymentInitContainer @@ -11798,9 +12096,9 @@ TopologySpreadConstraints defines how the Egress Gateway pods should be spread a (Optional)

    -Tolerations is the egress gateway pod’s tolerations. -If specified, this overrides any tolerations that may be set on the EGW Deployment. -If omitted, the EGW Deployment will use its default value for tolerations. +InitContainers is a list of es-gateway init containers. +If specified, this overrides the specified es-gateway Deployment init containers. +If omitted, the es-gateway Deployment will use its default values for its init containers.

    -priorityClassName
    +containers
    -string + +[]ESGatewayDeploymentContainer +
    -

    EgressGatewayDeploymentPodTemplateSpec

    +

    ESGatewayDeploymentPodTemplateSpec

    (Appears on: -EgressGatewaySpec) +ESGatewayDeploymentSpec)

    -EgressGatewayDeploymentPodTemplateSpec is the EGW Deployment’s PodTemplateSpec +ESGatewayDeploymentPodTemplateSpec is the es-gateway Deployment’s PodTemplateSpec

    @@ -11846,10 +12148,10 @@ EgressGatewayDeploymentPodTemplateSpec is the EGW Deployment’s PodTemplate + +
    -metadata
    +spec
    - -EgressGatewayMetadata + +ESGatewayDeploymentPodSpec @@ -11858,19 +12160,42 @@ EgressGatewayMetadata (Optional)

    -Metadata is a subset of a Kubernetes object’s metadata that is added to -the pod’s metadata. +Spec is the es-gateway Deployment’s PodSpec.

    +
    +
    + +
    +

    ESGatewayDeploymentSpec

    +

    + +(Appears on: +ESGatewayDeployment) + +

    +

    +ESGatewayDeploymentSpec defines configuration for the es-gateway Deployment. +

    + + + + + + + +
    FieldDescription
    -spec
    +template
    - -EgressGatewayDeploymentPodSpec + +ESGatewayDeploymentPodTemplateSpec @@ -11879,27 +12204,22 @@ EgressGatewayDeploymentPodSpec (Optional)

    -Spec is the EGW Deployment’s PodSpec. +Template describes the es-gateway Deployment pod that will be created.

    -
    -
    - -
    -

    EgressGatewayFailureDetection

    +

    EgressGatewayDeploymentPodSpec

    (Appears on: -EgressGatewaySpec) +EgressGatewayDeploymentPodTemplateSpec)

    -EgressGatewayFailureDetection defines the fields the needed for determining Egress Gateway -readiness. +EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment’s PodSpec.

    @@ -11912,9 +12232,11 @@ readiness. @@ -11922,10 +12244,9 @@ int32 (Optional)

    -HealthTimeoutDataStoreSeconds defines how long Egress Gateway can fail to connect -to the datastore before reporting not ready. -This value must be greater than 0. -Default: 90 +InitContainers is a list of EGW init containers. +If specified, this overrides the specified EGW Deployment init containers. +If omitted, the EGW Deployment will use its default values for its init containers.

    @@ -11933,10 +12254,10 @@ Default: 90 @@ -11955,10 +12276,10 @@ fail. Timeout must be greater than interval. - -
    -healthTimeoutDataStoreSeconds
    +initContainers
    -int32 + +[]EGWDeploymentInitContainer +
    -icmpProbe
    +containers
    - -ICMPProbe + +[]EGWDeploymentContainer @@ -11945,9 +12266,9 @@ ICMPProbe (Optional)

    -ICMPProbe define outgoing ICMP probes that Egress Gateway will use to -verify its upstream connection. Egress Gateway will report not ready if all -fail. Timeout must be greater than interval. +Containers is a list of EGW containers. +If specified, this overrides the specified EGW Deployment containers. +If omitted, the EGW Deployment will use its default values for its containers.

    -httpProbe
    +affinity
    - -HTTPProbe + +Kubernetes core/v1.Affinity @@ -11967,36 +12288,17 @@ HTTPProbe (Optional)

    -HTTPProbe define outgoing HTTP probes that Egress Gateway will use to -verify its upsteam connection. Egress Gateway will report not ready if all -fail. Timeout must be greater than interval. +Affinity is a group of affinity scheduling rules for the EGW pods.

    -

    EgressGatewayIPPool

    -

    - -(Appears on: -EgressGatewaySpec) - -

    - - - - - - - - @@ -12004,7 +12306,7 @@ string (Optional)

    -Name is the name of the IPPool that the Egress Gateways can use. +NodeSelector gives more control over the nodes where the Egress Gateway pods will run on.

    @@ -12012,9 +12314,9 @@ Name is the name of the IPPool that the Egress Gateways can use. @@ -12022,37 +12324,39 @@ string (Optional)

    -CIDR is the IPPool CIDR that the Egress Gateways can use. +TerminationGracePeriodSeconds defines the termination grace period of the Egress Gateway pods in seconds.

    - -
    FieldDescription
    -name
    +nodeSelector
    -string +map[string]string
    -cidr
    +terminationGracePeriodSeconds
    -string +int64
    -

    EgressGatewayMetadata

    -

    + + -(Appears on: -EgressGatewayDeploymentPodTemplateSpec) +topologySpreadConstraints
    + + +[]Kubernetes core/v1.TopologySpreadConstraint + + -

    + + + +(Optional)

    -EgressGatewayMetadata contains the standard Kubernetes labels and annotations fields. +TopologySpreadConstraints defines how the Egress Gateway pods should be spread across different AZs.

    - - - - - + + - - @@ -12060,11 +12364,9 @@ map[string]string (Optional)

    -Labels is a map of string keys and values that may match replica set and -service selectors. Each of these key/value pairs are added to the -object’s labels provided the key does not already exist in the object’s labels. -If not specified will default to projectcalico.org/egw:[name], where [name] is -the name of the Egress Gateway resource. +Tolerations is the egress gateway pod’s tolerations. +If specified, this overrides any tolerations that may be set on the EGW Deployment. +If omitted, the EGW Deployment will use its default value for tolerations.

    @@ -12072,9 +12374,9 @@ the name of the Egress Gateway resource. @@ -12082,24 +12384,22 @@ map[string]string (Optional)

    -Annotations is a map of arbitrary non-identifying metadata. Each of these -key/value pairs are added to the object’s annotations provided the key does not -already exist in the object’s annotations. +PriorityClassName allows to specify a PriorityClass resource to be used.

    FieldDescription
    -labels
    +tolerations
    -map[string]string + +[]Kubernetes core/v1.Toleration +
    -annotations
    +priorityClassName
    -map[string]string +string
    -

    EgressGatewaySpec

    +

    EgressGatewayDeploymentPodTemplateSpec

    (Appears on: -EgressGateway) +EgressGatewaySpec)

    -EgressGatewaySpec defines the desired state of EgressGateway +EgressGatewayDeploymentPodTemplateSpec is the EGW Deployment’s PodTemplateSpec

    @@ -12112,9 +12412,11 @@ EgressGatewaySpec defines the desired state of EgressGateway @@ -12122,7 +12424,8 @@ int32 (Optional)

    -Replicas defines how many instances of the Egress Gateway pod will run. +Metadata is a subset of a Kubernetes object’s metadata that is added to +the pod’s metadata.

    @@ -12130,30 +12433,54 @@ Replicas defines how many instances of the Egress Gateway pod will run. + +
    -replicas
    +metadata
    -int32 + +EgressGatewayMetadata +
    -ipPools
    +spec
    - -[]EgressGatewayIPPool + +EgressGatewayDeploymentPodSpec     		+(Optional)

    -IPPools defines the IP Pools that the Egress Gateway pods should be using. -Either name or CIDR must be specified. -IPPools must match existing IPPools. +Spec is the EGW Deployment’s PodSpec.

    +
    +
    + +
    +

    EgressGatewayFailureDetection

    +

    + +(Appears on: +EgressGatewaySpec) + +

    +

    +EgressGatewayFailureDetection defines the fields the needed for determining Egress Gateway +readiness. +

    + + + + + + + + @@ -12161,9 +12488,10 @@ IPPools must match existing IPPools. (Optional)

    -ExternalNetworks defines the external network names this Egress Gateway is -associated with. -ExternalNetworks must match existing external networks. +HealthTimeoutDataStoreSeconds defines how long Egress Gateway can fail to connect +to the datastore before reporting not ready. +This value must be greater than 0. +Default: 90

    @@ -12171,10 +12499,10 @@ ExternalNetworks must match existing external networks. @@ -12192,10 +12521,10 @@ Default: Info + +
    FieldDescription
    -externalNetworks
    +healthTimeoutDataStoreSeconds
    -[]string +int32
    -logSeverity
    +icmpProbe
    - -LogLevel + +ICMPProbe @@ -12183,8 +12511,9 @@ LogLevel (Optional)

    -LogSeverity defines the logging level of the Egress Gateway. -Default: Info +ICMPProbe define outgoing ICMP probes that Egress Gateway will use to +verify its upstream connection. Egress Gateway will report not ready if all +fail. Timeout must be greater than interval.

    -template
    +httpProbe
    - -EgressGatewayDeploymentPodTemplateSpec + +HTTPProbe @@ -12204,19 +12533,36 @@ EgressGatewayDeploymentPodTemplateSpec (Optional)

    -Template describes the EGW Deployment pod that will be created. +HTTPProbe define outgoing HTTP probes that Egress Gateway will use to +verify its upsteam connection. Egress Gateway will report not ready if all +fail. Timeout must be greater than interval.

    +

    EgressGatewayIPPool

    +

    + +(Appears on: +EgressGatewaySpec) + +

    + + + + + + + + @@ -12224,11 +12570,7 @@ EgressGatewayFailureDetection (Optional)

    -EgressGatewayFailureDetection is used to configure how Egress Gateway -determines readiness. If both ICMP, HTTP probes are defined, one ICMP probe and one -HTTP probe should succeed for Egress Gateways to become ready. -Otherwise one of ICMP or HTTP probe should succeed for Egress gateways to become -ready if configured. +Name is the name of the IPPool that the Egress Gateways can use.

    @@ -12236,11 +12578,9 @@ ready if configured. @@ -12248,22 +12588,22 @@ AWSEgressGateway (Optional)

    -AWS defines the additional configuration options for Egress Gateways on AWS. +CIDR is the IPPool CIDR that the Egress Gateways can use.

    FieldDescription
    -egressGatewayFailureDetection
    +name
    - -EgressGatewayFailureDetection - +string
    -aws
    +cidr
    - -AWSEgressGateway - +string
    -

    EgressGatewayStatus

    +

    EgressGatewayMetadata

    (Appears on: -EgressGateway) +EgressGatewayDeploymentPodTemplateSpec)

    -EgressGatewayStatus defines the observed state of EgressGateway +EgressGatewayMetadata contains the standard Kubernetes labels and annotations fields.

    @@ -12276,16 +12616,21 @@ EgressGatewayStatus defines the observed state of EgressGateway @@ -12293,11 +12638,9 @@ State provides user-readable status. @@ -12305,23 +12648,24 @@ State provides user-readable status. (Optional)

    -Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. +Annotations is a map of arbitrary non-identifying metadata. Each of these +key/value pairs are added to the object’s annotations provided the key does not +already exist in the object’s annotations.

    -state
    +labels
    -string +map[string]string     		+(Optional)

    -State provides user-readable status. +Labels is a map of string keys and values that may match replica set and +service selectors. Each of these key/value pairs are added to the +object’s labels provided the key does not already exist in the object’s labels. +If not specified will default to projectcalico.org/egw:[name], where [name] is +the name of the Egress Gateway resource.

    -conditions
    +annotations
    - -[]Kubernetes meta/v1.Condition - +map[string]string
    -

    EksCloudwatchLogsSpec

    +

    EgressGatewaySpec

    (Appears on: -AdditionalLogSourceSpec) +EgressGateway)

    -EksConfigSpec defines configuration for fetching EKS audit logs. +EgressGatewaySpec defines the desired state of EgressGateway

    @@ -12334,16 +12678,17 @@ EksConfigSpec defines configuration for fetching EKS audit logs. @@ -12351,16 +12696,20 @@ AWS Region EKS cluster is hosted in. @@ -12368,9 +12717,9 @@ Cloudwatch log-group name containing EKS audit logs. @@ -12378,8 +12727,9 @@ string (Optional)

    -Prefix of Cloudwatch log stream containing EKS audit logs in the log-group. -Default: kube-apiserver-audit- +ExternalNetworks defines the external network names this Egress Gateway is +associated with. +ExternalNetworks must match existing external networks.

    @@ -12387,9 +12737,11 @@ Default: kube-apiserver-audit- @@ -12397,39 +12749,19 @@ int32 (Optional)

    -Cloudwatch audit logs fetching interval in seconds. -Default: 60 +LogSeverity defines the logging level of the Egress Gateway. +Default: Info

    - -
    -region
    +replicas
    -string +int32     		+(Optional)

    -AWS Region EKS cluster is hosted in. +Replicas defines how many instances of the Egress Gateway pod will run.

    -groupName
    +ipPools
    -string + +[]EgressGatewayIPPool +

    -Cloudwatch log-group name containing EKS audit logs. +IPPools defines the IP Pools that the Egress Gateway pods should be using. +Either name or CIDR must be specified. +IPPools must match existing IPPools.

    -streamPrefix
    +externalNetworks
    -string +[]string
    -fetchInterval
    +logSeverity
    -int32 + +LogLevel +
    -

    ElasticsearchMetricsDeployment

    -

    - -(Appears on: -LogStorageSpec) - -

    -

    -ElasticsearchMetricsDeployment is the configuration for the tigera-elasticsearch-metric Deployment. -

    - - - - - - - - - -
    FieldDescription
    -spec
    +template
    - -ElasticsearchMetricsDeploymentSpec + +EgressGatewayDeploymentPodTemplateSpec @@ -12438,49 +12770,31 @@ ElasticsearchMetricsDeploymentSpec (Optional)

    -Spec is the specification of the ElasticsearchMetrics Deployment. +Template describes the EGW Deployment pod that will be created.

    -
    -
    - -
    -

    ElasticsearchMetricsDeploymentContainer

    -

    - -(Appears on: -ElasticsearchMetricsDeploymentPodSpec) - -

    -

    -ElasticsearchMetricsDeploymentContainer is a ElasticsearchMetricsDeployment container. -

    - - - - - - - - @@ -12488,10 +12802,10 @@ Supported values are: tigera-elasticsearch-metrics
    FieldDescription
    -name
    +egressGatewayFailureDetection
    -string + +EgressGatewayFailureDetection +     		+(Optional)

    -Name is an enum which identifies the ElasticsearchMetricsDeployment container by name. -Supported values are: tigera-elasticsearch-metrics +EgressGatewayFailureDetection is used to configure how Egress Gateway +determines readiness. If both ICMP, HTTP probes are defined, one ICMP probe and one +HTTP probe should succeed for Egress Gateways to become ready. +Otherwise one of ICMP or HTTP probe should succeed for Egress gateways to become +ready if configured.

    -resources
    +aws
    - -Kubernetes core/v1.ResourceRequirements + +AWSEgressGateway @@ -12500,24 +12814,22 @@ Kubernetes core/v1.ResourceRequirements (Optional)

    -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named ElasticsearchMetricsDeployment container’s resources. -If omitted, the ElasticsearchMetrics Deployment will use its default value for this container’s resources. +AWS defines the additional configuration options for Egress Gateways on AWS.

    -

    ElasticsearchMetricsDeploymentInitContainer

    +

    EgressGatewayStatus

    (Appears on: -ElasticsearchMetricsDeploymentPodSpec) +EgressGateway)

    -ElasticsearchMetricsDeploymentInitContainer is a ElasticsearchMetricsDeployment init container. +EgressGatewayStatus defines the observed state of EgressGateway

    @@ -12530,7 +12842,7 @@ ElasticsearchMetricsDeploymentInitContainer is a ElasticsearchMetricsDeployment @@ -12548,9 +12859,264 @@ Supported values are: tigera-ee-elasticsearch-metrics-tls-key-cert-provisioner + + + +
    -name
    +state
    string @@ -12539,8 +12851,7 @@ string

    -Name is an enum which identifies the ElasticsearchMetricsDeployment init container by name. -Supported values are: tigera-ee-elasticsearch-metrics-tls-key-cert-provisioner +State provides user-readable status.

    -resources
    +conditions
    - + +[]Kubernetes meta/v1.Condition + + + +    		 + +(Optional) +

    +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. +

    + +
    +

    EksCloudwatchLogsSpec

    +

    + +(Appears on: +AdditionalLogSourceSpec) + +

    +

    +EksConfigSpec defines configuration for fetching EKS audit logs. +

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +region
    + +string + + +    		 + +

    +AWS Region EKS cluster is hosted in. +

    + +
    + +groupName
    + +string + + +    		 + +

    +Cloudwatch log-group name containing EKS audit logs. +

    + +
    + +streamPrefix
    + +string + + +    		 + +(Optional) +

    +Prefix of Cloudwatch log stream containing EKS audit logs in the log-group. +Default: kube-apiserver-audit- +

    + +
    + +fetchInterval
    + +int32 + + +    		 + +(Optional) +

    +Cloudwatch audit logs fetching interval in seconds. +Default: 60 +

    + +
    +

    ElasticsearchMetricsDeployment

    +

    + +(Appears on: +LogStorageSpec) + +

    +

    +ElasticsearchMetricsDeployment is the configuration for the tigera-elasticsearch-metric Deployment. +

    + + + + + + + + + + + + + +
    FieldDescription
    + +spec
    + + +ElasticsearchMetricsDeploymentSpec + + + +    		 + +(Optional) +

    +Spec is the specification of the ElasticsearchMetrics Deployment. +

    +
    +
    + +
    + +
    +

    ElasticsearchMetricsDeploymentContainer

    +

    + +(Appears on: +ElasticsearchMetricsDeploymentPodSpec) + +

    +

    +ElasticsearchMetricsDeploymentContainer is a ElasticsearchMetricsDeployment container. +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +name
    + +string + + +    		 + +

    +Name is an enum which identifies the ElasticsearchMetricsDeployment container by name. +Supported values are: tigera-elasticsearch-metrics +

    + +
    + +resources
    + + +Kubernetes core/v1.ResourceRequirements + + + +    		 + +(Optional) +

    +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named ElasticsearchMetricsDeployment container’s resources. +If omitted, the ElasticsearchMetrics Deployment will use its default value for this container’s resources. +

    + +
    +

    ElasticsearchMetricsDeploymentInitContainer

    +

    + +(Appears on: +ElasticsearchMetricsDeploymentPodSpec) + +

    +

    +ElasticsearchMetricsDeploymentInitContainer is a ElasticsearchMetricsDeployment init container. +

    + + + + + + + + + + + + + + @@ -12901,7 +13467,7 @@ MetricRelabelConfigs to apply to samples before ingestion. relabelings
    -[]*github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig +[]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig @@ -13126,10 +13692,1202 @@ Supported values are: fluentd + + + +
    FieldDescription
    + +name
    + +string + + +    		 + +

    +Name is an enum which identifies the ElasticsearchMetricsDeployment init container by name. +Supported values are: tigera-ee-elasticsearch-metrics-tls-key-cert-provisioner +

    + +
    + +resources
    + + Kubernetes core/v1.ResourceRequirements @@ -12884,7 +13450,7 @@ HonorTimestamps controls whether Prometheus respects the timestamps present in s metricRelabelings
    -[]*github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig +[]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig
    -resources
    +resources
    + + +Kubernetes core/v1.ResourceRequirements + + + +    		 + +(Optional) +

    +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Fluentd DaemonSet container’s resources. +If omitted, the Fluentd DaemonSet will use its default value for this container’s resources. +

    + +
    +

    FluentdDaemonSetInitContainer

    +

    + +(Appears on: +FluentdDaemonSetPodSpec) + +

    +

    +FluentdDaemonSetInitContainer is a Fluentd DaemonSet init container. +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +name
    + +string + + +    		 + +

    +Name is an enum which identifies the Fluentd DaemonSet init container by name. +Supported values are: tigera-fluentd-prometheus-tls-key-cert-provisioner +

    + +
    + +resources
    + + +Kubernetes core/v1.ResourceRequirements + + + +    		 + +(Optional) +

    +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Fluentd DaemonSet init container’s resources. +If omitted, the Fluentd DaemonSet will use its default value for this init container’s resources. +

    + +
    +

    FluentdDaemonSetPodSpec

    +

    + +(Appears on: +FluentdDaemonSetPodTemplateSpec) + +

    +

    +FluentdDaemonSetPodSpec is the Fluentd DaemonSet’s PodSpec. +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +initContainers
    + + +[]FluentdDaemonSetInitContainer + + + +    		 + +(Optional) +

    +InitContainers is a list of Fluentd DaemonSet init containers. +If specified, this overrides the specified Fluentd DaemonSet init containers. +If omitted, the Fluentd DaemonSet will use its default values for its init containers. +

    + +
    + +containers
    + + +[]FluentdDaemonSetContainer + + + +    		 + +(Optional) +

    +Containers is a list of Fluentd DaemonSet containers. +If specified, this overrides the specified Fluentd DaemonSet containers. +If omitted, the Fluentd DaemonSet will use its default values for its containers. +

    + +
    +

    FluentdDaemonSetPodTemplateSpec

    +

    + +(Appears on: +FluentdDaemonSetSpec) + +

    +

    +FluentdDaemonSetPodTemplateSpec is the Fluentd DaemonSet’s PodTemplateSpec +

    + + + + + + + + + + + + + +
    FieldDescription
    + +spec
    + + +FluentdDaemonSetPodSpec + + + +    		 + +(Optional) +

    +Spec is the Fluentd DaemonSet’s PodSpec. +

    +
    +
    + +
    + +
    +

    FluentdDaemonSetSpec

    +

    + +(Appears on: +FluentdDaemonSet) + +

    +

    +FluentdDaemonSetSpec defines configuration for the Fluentd DaemonSet. +

    + + + + + + + + + + + + + +
    FieldDescription
    + +template
    + + +FluentdDaemonSetPodTemplateSpec + + + +    		 + +(Optional) +

    +Template describes the Fluentd DaemonSet pod that will be created. +

    + +
    +

    GatewayAPISpec

    +

    + +(Appears on: +GatewayAPI) + +

    +

    +GatewayAPISpec has fields that can be used to customize our GatewayAPI support. +

    + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +gatewayControllerDeployment
    + + +GatewayControllerDeployment + + + +    		 + +

    +Allow optional customization of the gateway controller deployment. +

    + +
    + +gatewayCertgenJob
    + + +GatewayCertgenJob + + + +    		 + +

    +Allow optional customization of the gateway certgen job. +

    + +
    + +gatewayDeployment
    + + +GatewayDeployment + + + +    		 + +

    +Allow optional customization of gateway deployments. +

    + +
    +

    GatewayCertgenJob

    +

    + +(Appears on: +GatewayAPISpec) + +

    +

    +GatewayCertgenJob allows customization of the gateway certgen job. +

    +

    +If GatewayCertgenJob.Metadata is non-nil, non-clashing labels and annotations from that metadata +are added into the job’s top-level metadata. +

    +

    +For customization of the job spec see GatewayCertgenJobSpec. +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +metadata
    + + +Metadata + + + +    		 + +(Optional) + +
    + +spec
    + + +GatewayCertgenJobSpec + + + +    		 + +(Optional) +
    +
    + +
    + +
    +

    GatewayCertgenJobContainer

    +

    + +(Appears on: +GatewayCertgenJobPodSpec) + +

    +

    +GatewayCertgenJobContainer allows customization of the gateway certgen job’s resource +requirements. +

    +

    +If GatewayCertgenJob.Spec.Template.Spec.Containers[“envoy-gateway-certgen”].Resources is non-nil, +it overrides the ResourceRequirements of the job’s “envoy-gateway-certgen” container. +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +name
    + +string + + +    		 + + +
    + +resources
    + + +Kubernetes core/v1.ResourceRequirements + + + +    		 + +(Optional) + +
    +

    GatewayCertgenJobPodSpec

    +

    + +(Appears on: +GatewayCertgenJobPodTemplate) + +

    +

    +GatewayCertgenJobPodSpec allows customization of the gateway certgen job’s pod spec. +

    +

    +If GatewayCertgenJob.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of the +job’s pod template. +

    +

    +If GatewayCertgenJob.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for +where job pods may be scheduled. +

    +

    +If GatewayCertgenJob.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of +the job’s pod template. +

    +

    +For customization of job container resources see GatewayCertgenJobContainer. +

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +affinity
    + + +Kubernetes core/v1.Affinity + + + +    		 + +(Optional) + +
    + +containers
    + + +[]GatewayCertgenJobContainer + + + +    		 + +(Optional) + +
    + +nodeSelector
    + +map[string]string + + +    		 + +(Optional) + +
    + +tolerations
    + + +[]Kubernetes core/v1.Toleration + + + +    		 + +(Optional) + +
    +

    GatewayCertgenJobPodTemplate

    +

    + +(Appears on: +GatewayCertgenJobSpec) + +

    +

    +GatewayCertgenJobPodTemplate allows customization of the gateway certgen job’s pod template. +

    +

    +If GatewayCertgenJob.Spec.Template.Metadata is non-nil, non-clashing labels and +annotations from that metadata are added into the job’s pod template. +

    +

    +For customization of the pod template spec see GatewayCertgenJobPodSpec. +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +metadata
    + + +Metadata + + + +    		 + +(Optional) + +
    + +spec
    + + +GatewayCertgenJobPodSpec + + + +    		 + +(Optional) +
    +
    + +
    + +
    +

    GatewayCertgenJobSpec

    +

    + +(Appears on: +GatewayCertgenJob) + +

    +

    +GatewayCertgenJobSpec allows customization of the gateway certgen job spec. +

    +

    +For customization of the job template see GatewayCertgenJobPodTemplate. +

    + + + + + + + + + + + + + +
    FieldDescription
    + +template
    + + +GatewayCertgenJobPodTemplate + + + +    		 + +(Optional) + +
    +

    GatewayControllerDeployment

    +

    + +(Appears on: +GatewayAPISpec) + +

    +

    +GatewayControllerDeployment allows customization of the gateway controller deployment. +

    +

    +If GatewayControllerDeployment.Metadata is non-nil, non-clashing labels and annotations from that +metadata are added into the deployment’s top-level metadata. +

    +

    +For customization of the deployment spec see GatewayControllerDeploymentSpec. +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +metadata
    + + +Metadata + + + +    		 + +(Optional) + +
    + +spec
    + + +GatewayControllerDeploymentSpec + + + +    		 + +(Optional) +
    +
    + +
    + +
    +

    GatewayControllerDeploymentContainer

    +

    + +(Appears on: +GatewayControllerDeploymentPodSpec) + +

    +

    +GatewayControllerDeploymentContainer allows customization of the gateway controller’s resource +requirements. +

    +

    +If GatewayControllerDeployment.Spec.Template.Spec.Containers[“envoy-gateway”].Resources is +non-nil, it overrides the ResourceRequirements of the controller’s “envoy-gateway” container. +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +name
    + +string + + +    		 + + +
    + +resources
    + + +Kubernetes core/v1.ResourceRequirements + + + +    		 + +(Optional) + +
    +

    GatewayControllerDeploymentPodSpec

    +

    + +(Appears on: +GatewayControllerDeploymentPodTemplate) + +

    +

    +GatewayControllerDeploymentPodSpec allows customization of the gateway controller deployment pod +spec. +

    +

    +If GatewayControllerDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field +of the deployment’s pod template. +

    +

    +If GatewayControllerDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node +selector for where controller pods may be scheduled. +

    +

    +If GatewayControllerDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations +field of the deployment’s pod template. +

    +

    +For customization of container resources see GatewayControllerDeploymentContainer. +

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +affinity
    + + +Kubernetes core/v1.Affinity + + + +    		 + +(Optional) + +
    + +containers
    + + +[]GatewayControllerDeploymentContainer + + + +    		 + +(Optional) + +
    + +nodeSelector
    + +map[string]string + + +    		 + +(Optional) + +
    + +tolerations
    + + +[]Kubernetes core/v1.Toleration + + + +    		 + +(Optional) + +
    +

    GatewayControllerDeploymentPodTemplate

    +

    + +(Appears on: +GatewayControllerDeploymentSpec) + +

    +

    +GatewayControllerDeploymentPodTemplate allows customization of the gateway controller deployment +pod template. +

    +

    +If GatewayControllerDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and +annotations from that metadata are added into the deployment’s pod template. +

    +

    +For customization of the pod template spec see GatewayControllerDeploymentPodSpec. +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +metadata
    + + +Metadata + + + +    		 + +(Optional) + +
    + +spec
    + + +GatewayControllerDeploymentPodSpec + + + +    		 + +(Optional) +
    +
    + +
    + +
    +

    GatewayControllerDeploymentSpec

    +

    + +(Appears on: +GatewayControllerDeployment) + +

    +

    +GatewayControllerDeploymentSpec allows customization of the gateway controller deployment spec. +

    +

    +If GatewayControllerDeployment.Spec.MinReadySeconds is non-nil, it sets the minReadySeconds field +for the deployment. +

    +

    +For customization of the pod template see GatewayControllerDeploymentPodTemplate. +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +minReadySeconds
    + +int32 + + +    		 + +(Optional) + +
    + +template
    + + +GatewayControllerDeploymentPodTemplate + + + +    		 + +(Optional) + +
    +

    GatewayDeployment

    +

    + +(Appears on: +GatewayAPISpec) + +

    +

    +GatewayDeployment allows customization of gateway deployments. +

    +

    +For detail see GatewayDeploymentSpec. +

    + + + + + + + + + + + + + +
    FieldDescription
    + +spec
    + + +GatewayDeploymentSpec + + + +    		 + +(Optional) +
    +
    + +
    + +
    +

    GatewayDeploymentContainer

    +

    + +(Appears on: +GatewayDeploymentPodSpec) + +

    +

    +GatewayDeploymentContainer allows customization of the resource requirements of gateway +deployments. +

    +

    +If GatewayDeployment.Spec.Template.Spec.Containers[“envoy”].Resources is non-nil, it overrides +the ResourceRequirements of the “envoy” container in each gateway deployment. +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +name
    + +string + + +    		 + + +
    + +resources
    + + +Kubernetes core/v1.ResourceRequirements + + + +    		 + +(Optional) + +
    +

    GatewayDeploymentPodSpec

    +

    + +(Appears on: +GatewayDeploymentPodTemplate) + +

    +

    +GatewayDeploymentPodSpec allows customization of the pod spec of gateway deployments. +

    +

    +If GatewayDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of each +deployment’s pod template. +

    +

    +If GatewayDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for +where gateway pods may be scheduled. +

    +

    +If GatewayDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of +each deployment’s pod template. +

    +

    +If GatewayDeployment.Spec.Template.Spec.TopologySpreadConstraints is non-nil, it sets the +topology spread constraints of each deployment’s pod template. +

    +

    +For customization of container resources see GatewayControllerDeploymentContainer. +

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +affinity
    + + +Kubernetes core/v1.Affinity + + + +    		 + +(Optional) + +
    + +containers
    + + +[]GatewayDeploymentContainer + + + +    		 + +(Optional) + +
    + +nodeSelector
    + +map[string]string + + +    		 + +(Optional) + +
    + +topologySpreadConstraints
    + + +[]Kubernetes core/v1.TopologySpreadConstraint + + + +    		 + +(Optional) +

    +TopologySpreadConstraints describes how a group of pods ought to spread across topology +domains. Scheduler will schedule pods in a way which abides by the constraints. +All topologySpreadConstraints are ANDed. +

    + +
    + +tolerations
    - -Kubernetes core/v1.ResourceRequirements + +[]Kubernetes core/v1.Toleration @@ -13137,25 +14895,27 @@ Kubernetes core/v1.ResourceRequirements     		(Optional) -

    -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named Fluentd DaemonSet container’s resources. -If omitted, the Fluentd DaemonSet will use its default value for this container’s resources. -
    -

    FluentdDaemonSetInitContainer

    +

    GatewayDeploymentPodTemplate

    (Appears on: -FluentdDaemonSetPodSpec) +GatewayDeploymentSpec)

    -FluentdDaemonSetInitContainer is a Fluentd DaemonSet init container. +GatewayDeploymentPodTemplate allows customization of the pod template of gateway deployments. +

    +

    +If GatewayDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from +that metadata are added into each deployment’s pod template. +

    +

    +For customization of the pod template spec see GatewayDeploymentPodSpec.

    @@ -13168,28 +14928,27 @@ FluentdDaemonSetInitContainer is a Fluentd DaemonSet init container.
    -name
    +metadata
    -string + +Metadata +     		-

    -Name is an enum which identifies the Fluentd DaemonSet init container by name. -Supported values are: tigera-fluentd-prometheus-tls-key-cert-provisioner -

    +(Optional)
    -resources
    +spec
    - -Kubernetes core/v1.ResourceRequirements + +GatewayDeploymentPodSpec @@ -13197,25 +14956,30 @@ Kubernetes core/v1.ResourceRequirements     		(Optional) -

    -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named Fluentd DaemonSet init container’s resources. -If omitted, the Fluentd DaemonSet will use its default value for this init container’s resources. -

    +
    +
    + +
    -

    FluentdDaemonSetPodSpec

    +

    GatewayDeploymentSpec

    (Appears on: -FluentdDaemonSetPodTemplateSpec) +GatewayDeployment)

    -FluentdDaemonSetPodSpec is the Fluentd DaemonSet’s PodSpec. +GatewayDeploymentSpec allows customization of the spec of gateway deployments. +

    +

    +For customization of the pod template see GatewayDeploymentPodTemplate. +

    +

    +For customization of the deployment strategy see GatewayDeploymentStrategy.

    @@ -13228,10 +14992,10 @@ FluentdDaemonSetPodSpec is the Fluentd DaemonSet’s PodSpec.
    -initContainers
    +template
    - -[]FluentdDaemonSetInitContainer + +GatewayDeploymentPodTemplate @@ -13239,21 +15003,16 @@ FluentdDaemonSetPodSpec is the Fluentd DaemonSet’s PodSpec.     		(Optional) -

    -InitContainers is a list of Fluentd DaemonSet init containers. -If specified, this overrides the specified Fluentd DaemonSet init containers. -If omitted, the Fluentd DaemonSet will use its default values for its init containers. -
    -containers
    +strategy
    - -[]FluentdDaemonSetContainer + +GatewayDeploymentStrategy @@ -13262,68 +15021,30 @@ If omitted, the Fluentd DaemonSet will use its default values for its init conta (Optional)

    -Containers is a list of Fluentd DaemonSet containers. -If specified, this overrides the specified Fluentd DaemonSet containers. -If omitted, the Fluentd DaemonSet will use its default values for its containers. +The deployment strategy to use to replace existing pods with new ones.

    -

    FluentdDaemonSetPodTemplateSpec

    +

    GatewayDeploymentStrategy

    (Appears on: -FluentdDaemonSetSpec) +GatewayDeploymentSpec)

    -FluentdDaemonSetPodTemplateSpec is the Fluentd DaemonSet’s PodTemplateSpec -

    - - - - - - - - - - - - - -
    FieldDescription
    - -spec
    - - -FluentdDaemonSetPodSpec - - - -    		 - -(Optional) -

    -Spec is the Fluentd DaemonSet’s PodSpec. +GatewayDeploymentStrategy allows customization of the deployment strategy for gateway +deployments.

    -
    -
    - -
    - -
    -

    FluentdDaemonSetSpec

    - -(Appears on: -FluentdDaemonSet) - +If GatewayDeployment.Spec.Strategy is non-nil, gateway deployments are set to use a rolling +update strategy, with the parameters specified in GatewayDeployment.Spec.Strategy.

    -FluentdDaemonSetSpec defines configuration for the Fluentd DaemonSet. +Only RollingUpdate is supported at this time so the Type field is not exposed.

    @@ -13336,10 +15057,10 @@ FluentdDaemonSetSpec defines configuration for the Fluentd DaemonSet. @@ -14172,6 +15890,23 @@ AllowedUse controls what the IP pool will be used for. If not specified or empt [“Tunnel”, “Workload”] for back-compatibility

    + + + + + @@ -14962,6 +16697,7 @@ FIPSMode (Optional)

    FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. +Only supported for Variant=Calico. Default: Disabled

    @@ -15023,6 +16759,48 @@ Windows Configuration Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows.

    + + + + + + + + + @@ -17242,6 +19020,25 @@ ElasticsearchMetricsDeployment ElasticsearchMetricsDeployment configures the tigera-elasticsearch-metric Deployment.

    + + + + + @@ -17677,7 +19474,7 @@ string

    Name is an enum which identifies the Manager Deployment container by name. -Supported values are: tigera-voltron, tigera-manager, tigera-es-proxy +Supported values are: tigera-voltron, tigera-manager, tigera-ui-apis, and tigera-es-proxy (deprecated).

    @@ -18029,6 +19826,11 @@ Ready, Progressing, Degraded or other customer types. CalicoNodeWindowsDaemonSetPodTemplateSpec, CalicoWindowsUpgradeDaemonSet, CalicoWindowsUpgradeDaemonSetPodTemplateSpec, +GatewayCertgenJob, +GatewayCertgenJobPodTemplate, +GatewayControllerDeployment, +GatewayControllerDeploymentPodTemplate, +GatewayDeploymentPodTemplate, TyphaDeployment, TyphaDeploymentPodTemplateSpec) @@ -19199,6 +21001,14 @@ PathReplace if not nil will be used to replace PathRegexp matches.
    -template
    +rollingUpdate
    - -FluentdDaemonSetPodTemplateSpec + +Kubernetes apps/v1.RollingUpdateDeployment @@ -13347,9 +15068,6 @@ FluentdDaemonSetPodTemplateSpec     		(Optional) -

    -Template describes the Fluentd DaemonSet pod that will be created. -
    + +assignmentMode
    + +github.com/tigera/operator/pkg/apis/crd.projectcalico.org/v1.AssignmentMode + + +    		 + +

    +AssignmentMode determines if IP addresses from this pool should be assigned automatically or on request only +

    +
    + +azure
    + + +Azure + + + +    		 + +(Optional) +

    +Azure is used to configure azure provider specific options. +

    + +
    + +proxy
    + + +Proxy + + + +    		 + +(Optional) +

    +Proxy is used to configure the HTTP(S) proxy settings that will be applied to Tigera containers that connect +to destinations outside the cluster. It is expected that NO_PROXY is configured such that destinations within +the cluster (including the API server) are exempt from proxying. +

    +
    + +esGatewayDeployment
    + + +ESGatewayDeployment + + + +    		 + +

    +ESGatewayDeployment configures the es-gateway Deployment. +

    +
    +

    PolicyMode +(string alias)

    +

    + +(Appears on: +Azure) + +

    PolicyRecommendationDeployment

    @@ -19765,6 +21575,81 @@ One of: None, Login, Consent, SelectAccount. Provider represents a particular provider or flavor of Kubernetes. Valid options are: EKS, GKE, AKS, RKE2, OpenShift, DockerEnterprise, TKG.

    +

    Proxy

    +

    + +(Appears on: +InstallationSpec) + +

    + + + + + + + + + + + + + + + + + + + + + +
    FieldDescription
    + +httpProxy
    + +string + + +    		 + +(Optional) +

    +HTTPProxy defines the value of the HTTP_PROXY environment variable that will be set on Tigera containers that connect to +destinations outside the cluster. +

    + +
    + +httpsProxy
    + +string + + +    		 + +(Optional) +

    +HTTPSProxy defines the value of the HTTPS_PROXY environment variable that will be set on Tigera containers that connect to +destinations outside the cluster. +

    + +
    + +noProxy
    + +string + + +    		 + +(Optional) +

    +NoProxy defines the value of the NO_PROXY environment variable that will be set on Tigera containers that connect to +destinations outside the cluster. This value must be set such that destinations within the scope of the cluster, including +the Kubernetes API server, are exempt from being proxied. +

    + +

    Retention

    @@ -20079,6 +21964,14 @@ related to connecting to our Prometheus server are automatically set by the oper (Appears on: ApplicationLayerSpec) +

    +

    SidecarWebhookStateType +(string alias)

    +

    + +(Appears on: +ApplicationLayerStatus) +

    SplunkStoreSpec

    From e057c7f154198b9df83c557c52e93d6f04fe6fb6 Mon Sep 17 00:00:00 2001 From: Nell Jerram Date: Wed, 18 Dec 2024 17:26:25 +0000 Subject: [PATCH 10/10] Revert "Regenerate operator API docs" Because I now realize that this is intentionally a release time process, not dev time. This reverts commit 1b9c8be7e41ecd09b788305aef2c4b77b9182713. --- .../reference/installation/_api.mdx | 2633 +++-------------- 1 file changed, 370 insertions(+), 2263 deletions(-) diff --git a/calico-enterprise/reference/installation/_api.mdx b/calico-enterprise/reference/installation/_api.mdx index 508c389b62..bc26bb563f 100644 --- a/calico-enterprise/reference/installation/_api.mdx +++ b/calico-enterprise/reference/installation/_api.mdx @@ -22,8 +22,6 @@ Resource Types:

  • EgressGateway
  • -GatewayAPI -
  • ImageSet
  • Installation @@ -1045,135 +1043,6 @@ EgressGatewayStatus - - - - -

    GatewayAPI

    - - - - - - - - - - - - - - - - - - - - - - - @@ -1921,7 +1790,6 @@ FIPSMode (Optional)

    FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. -Only supported for Variant=Calico. Default: Disabled

    @@ -1983,48 +1851,6 @@ Windows Configuration Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows.

    - - - - - - - - -
    FieldDescription
    - -apiVersion
    -string -    		 - - -operator.tigera.io/v1 - - -
    - -kind
    -string - -    		 -GatewayAPI -
    - -metadata
    - - -Kubernetes meta/v1.ObjectMeta - - - -    		 - -Refer to the Kubernetes API documentation for the fields of the -metadata field. - -
    - -spec
    - - -GatewayAPISpec - - - -    		 - -
    -
    - - - - - - - - - - - - - -
    -gatewayControllerDeployment
    - - -GatewayControllerDeployment - - - -    		 - -

    -Allow optional customization of the gateway controller deployment. -

    - -
    - -gatewayCertgenJob
    - - -GatewayCertgenJob - - - -    		 - -

    -Allow optional customization of the gateway certgen job. -

    - -
    - -gatewayDeployment
    - - -GatewayDeployment - - - -    		 - -

    -Allow optional customization of gateway deployments. -

    - -
    - -azure
    - - -Azure - - - -    		 - -(Optional) -

    -Azure is used to configure azure provider specific options. -

    - -
    - -proxy
    - - -Proxy - - - -    		 - -(Optional) -

    -Proxy is used to configure the HTTP(S) proxy settings that will be applied to Tigera containers that connect -to destinations outside the cluster. It is expected that NO_PROXY is configured such that destinations within -the cluster (including the API server) are exempt from proxying. -

    -
    @@ -2723,25 +2549,6 @@ ElasticsearchMetricsDeployment ElasticsearchMetricsDeployment configures the tigera-elasticsearch-metric Deployment.

    - - - - - -esGatewayDeployment
    - - -ESGatewayDeployment - - - - - - -

    -ESGatewayDeployment configures the es-gateway Deployment. -

    - @@ -5338,25 +5145,6 @@ State provides user-readable status. -sidecarWebhook
    - - -SidecarWebhookStateType - - - - - - -

    -SidecarWebhook provides the state of sidecar injection mutatinwebhookconfiguration -

    - - - - - - conditions
    @@ -5916,46 +5704,6 @@ Conditions represents the latest observed set of conditions for the component. A Ready, Progressing, Degraded or other customer types.

    - - - - -

    Azure

    -

    - -(Appears on: -InstallationSpec) - -

    - - - - - - - - - - - @@ -6989,10 +6737,8 @@ BGP configures whether or not to enable Calico’s BGP capabilities. (Optional)

    -IPPools contains a list of IP pools to manage. If nil, a single IPv4 IP pool -will be created by the operator. If an empty list is provided, the operator will not create any IP pools and will instead -wait for IP pools to be created out-of-band. -IP pools in this list will be reconciled by the operator and should not be modified out-of-band. +IPPools contains a list of IP pools to create if none exist. At most one IP pool of each +address family may be specified. If omitted, a single pool will be configured if needed.

    @@ -11899,15 +11645,15 @@ Template describes the EKSLogForwarder Deployment pod that will be created.
    FieldDescription
    - -policyMode
    - - -PolicyMode - - - -    		 - -(Optional) -

    -PolicyMode determines whether the “control-plane” label is applied to namespaces. It offers two options: Default and Manual. -The Default option adds the “control-plane” label to the required namespaces. -The Manual option does not apply the “control-plane” label to any namespace. -Default: Default -

    -
    -

    ESGatewayDeployment

    +

    EgressGatewayDeploymentPodSpec

    (Appears on: -LogStorageSpec) +EgressGatewayDeploymentPodTemplateSpec)

    -ESGatewayDeployment is the configuration for the es-gateway Deployment. +EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment’s PodSpec.

    @@ -11920,10 +11666,10 @@ ESGatewayDeployment is the configuration for the es-gateway Deployment. - -
    -spec
    +initContainers
    - -ESGatewayDeploymentSpec + +[]EGWDeploymentInitContainer @@ -11932,49 +11678,31 @@ ESGatewayDeploymentSpec (Optional)

    -Spec is the specification of the es-gateway Deployment. +InitContainers is a list of EGW init containers. +If specified, this overrides the specified EGW Deployment init containers. +If omitted, the EGW Deployment will use its default values for its init containers.

    -
    -
    - -
    -

    ESGatewayDeploymentContainer

    -

    - -(Appears on: -ESGatewayDeploymentPodSpec) - -

    -

    -ESGatewayDeploymentContainer is a es-gateway Deployment container. -

    - - - - - - - - @@ -11982,10 +11710,10 @@ Supported values are: tigera-secure-es-gateway - -
    FieldDescription
    -name
    +containers
    -string + +[]EGWDeploymentContainer +     		+(Optional)

    -Name is an enum which identifies the es-gateway Deployment container by name. -Supported values are: tigera-secure-es-gateway +Containers is a list of EGW containers. +If specified, this overrides the specified EGW Deployment containers. +If omitted, the EGW Deployment will use its default values for its containers.

    -resources
    +affinity
    - -Kubernetes core/v1.ResourceRequirements + +Kubernetes core/v1.Affinity @@ -11994,47 +11722,43 @@ Kubernetes core/v1.ResourceRequirements (Optional)

    -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named es-gateway Deployment container’s resources. -If omitted, the es-gateway Deployment will use its default value for this container’s resources. +Affinity is a group of affinity scheduling rules for the EGW pods.

    -

    ESGatewayDeploymentInitContainer

    -

    + + -(Appears on: -ESGatewayDeploymentPodSpec) +nodeSelector
    + +map[string]string + -

    + + + +(Optional)

    -ESGatewayDeploymentInitContainer is a es-gateway Deployment init container. +NodeSelector gives more control over the nodes where the Egress Gateway pods will run on.

    - - - - - + + - - @@ -12042,10 +11766,10 @@ Supported values are: tigera-secure-elasticsearch-cert-key-cert-provisioner - -
    FieldDescription
    -name
    +terminationGracePeriodSeconds
    -string +int64     		+(Optional)

    -Name is an enum which identifies the es-gateway Deployment init container by name. -Supported values are: tigera-secure-elasticsearch-cert-key-cert-provisioner +TerminationGracePeriodSeconds defines the termination grace period of the Egress Gateway pods in seconds.

    -resources
    +topologySpreadConstraints
    - -Kubernetes core/v1.ResourceRequirements + +[]Kubernetes core/v1.TopologySpreadConstraint @@ -12054,40 +11778,18 @@ Kubernetes core/v1.ResourceRequirements (Optional)

    -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named es-gateway Deployment init container’s resources. -If omitted, the es-gateway Deployment will use its default value for this init container’s resources. +TopologySpreadConstraints defines how the Egress Gateway pods should be spread across different AZs.

    -

    ESGatewayDeploymentPodSpec

    -

    - -(Appears on: -ESGatewayDeploymentPodTemplateSpec) - -

    -

    -ESGatewayDeploymentPodSpec is the es-gateway Deployment’s PodSpec. -

    - - - - - - - - @@ -12106,11 +11808,9 @@ If omitted, the es-gateway Deployment will use its default values for its init c @@ -12118,24 +11818,22 @@ If omitted, the es-gateway Deployment will use its default values for its init c (Optional)

    -Containers is a list of es-gateway containers. -If specified, this overrides the specified es-gateway Deployment containers. -If omitted, the es-gateway Deployment will use its default values for its containers. +PriorityClassName allows to specify a PriorityClass resource to be used.

    FieldDescription
    -initContainers
    +tolerations
    - -[]ESGatewayDeploymentInitContainer + +[]Kubernetes core/v1.Toleration @@ -12096,9 +11798,9 @@ ESGatewayDeploymentPodSpec is the es-gateway Deployment’s PodSpec. (Optional)

    -InitContainers is a list of es-gateway init containers. -If specified, this overrides the specified es-gateway Deployment init containers. -If omitted, the es-gateway Deployment will use its default values for its init containers. +Tolerations is the egress gateway pod’s tolerations. +If specified, this overrides any tolerations that may be set on the EGW Deployment. +If omitted, the EGW Deployment will use its default value for tolerations.

    -containers
    +priorityClassName
    - -[]ESGatewayDeploymentContainer - +string
    -

    ESGatewayDeploymentPodTemplateSpec

    +

    EgressGatewayDeploymentPodTemplateSpec

    (Appears on: -ESGatewayDeploymentSpec) +EgressGatewaySpec)

    -ESGatewayDeploymentPodTemplateSpec is the es-gateway Deployment’s PodTemplateSpec +EgressGatewayDeploymentPodTemplateSpec is the EGW Deployment’s PodTemplateSpec

    @@ -12148,10 +11846,10 @@ ESGatewayDeploymentPodTemplateSpec is the es-gateway Deployment’s PodTempl - -
    -spec
    +metadata
    - -ESGatewayDeploymentPodSpec + +EgressGatewayMetadata @@ -12160,42 +11858,19 @@ ESGatewayDeploymentPodSpec (Optional)

    -Spec is the es-gateway Deployment’s PodSpec. +Metadata is a subset of a Kubernetes object’s metadata that is added to +the pod’s metadata.

    -
    -
    - -
    -

    ESGatewayDeploymentSpec

    -

    - -(Appears on: -ESGatewayDeployment) - -

    -

    -ESGatewayDeploymentSpec defines configuration for the es-gateway Deployment. -

    - - - - - - - -
    FieldDescription
    -template
    +spec
    - -ESGatewayDeploymentPodTemplateSpec + +EgressGatewayDeploymentPodSpec @@ -12204,22 +11879,27 @@ ESGatewayDeploymentPodTemplateSpec (Optional)

    -Template describes the es-gateway Deployment pod that will be created. +Spec is the EGW Deployment’s PodSpec.

    +
    +
    + +
    -

    EgressGatewayDeploymentPodSpec

    +

    EgressGatewayFailureDetection

    (Appears on: -EgressGatewayDeploymentPodTemplateSpec) +EgressGatewaySpec)

    -EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment’s PodSpec. +EgressGatewayFailureDetection defines the fields the needed for determining Egress Gateway +readiness.

    @@ -12232,11 +11912,9 @@ EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment’s PodSpec. @@ -12244,9 +11922,10 @@ EgressGatewayDeploymentPodSpec is the Egress Gateway Deployment’s PodSpec. (Optional)

    -InitContainers is a list of EGW init containers. -If specified, this overrides the specified EGW Deployment init containers. -If omitted, the EGW Deployment will use its default values for its init containers. +HealthTimeoutDataStoreSeconds defines how long Egress Gateway can fail to connect +to the datastore before reporting not ready. +This value must be greater than 0. +Default: 90

    @@ -12254,10 +11933,10 @@ If omitted, the EGW Deployment will use its default values for its init containe @@ -12276,10 +11955,10 @@ If omitted, the EGW Deployment will use its default values for its containers. + +
    -initContainers
    +healthTimeoutDataStoreSeconds
    - -[]EGWDeploymentInitContainer - +int32
    -containers
    +icmpProbe
    - -[]EGWDeploymentContainer + +ICMPProbe @@ -12266,9 +11945,9 @@ If omitted, the EGW Deployment will use its default values for its init containe (Optional)

    -Containers is a list of EGW containers. -If specified, this overrides the specified EGW Deployment containers. -If omitted, the EGW Deployment will use its default values for its containers. +ICMPProbe define outgoing ICMP probes that Egress Gateway will use to +verify its upstream connection. Egress Gateway will report not ready if all +fail. Timeout must be greater than interval.

    -affinity
    +httpProbe
    - -Kubernetes core/v1.Affinity + +HTTPProbe @@ -12288,17 +11967,36 @@ Kubernetes core/v1.Affinity (Optional)

    -Affinity is a group of affinity scheduling rules for the EGW pods. +HTTPProbe define outgoing HTTP probes that Egress Gateway will use to +verify its upsteam connection. Egress Gateway will report not ready if all +fail. Timeout must be greater than interval.

    +

    EgressGatewayIPPool

    +

    + +(Appears on: +EgressGatewaySpec) + +

    + + + + + + + + @@ -12306,7 +12004,7 @@ map[string]string (Optional)

    -NodeSelector gives more control over the nodes where the Egress Gateway pods will run on. +Name is the name of the IPPool that the Egress Gateways can use.

    @@ -12314,9 +12012,9 @@ NodeSelector gives more control over the nodes where the Egress Gateway pods wil @@ -12324,39 +12022,37 @@ int64 (Optional)

    -TerminationGracePeriodSeconds defines the termination grace period of the Egress Gateway pods in seconds. +CIDR is the IPPool CIDR that the Egress Gateways can use.

    - - +
    FieldDescription
    -nodeSelector
    +name
    -map[string]string +string
    -terminationGracePeriodSeconds
    +cidr
    -int64 +string
    - -topologySpreadConstraints
    - - -[]Kubernetes core/v1.TopologySpreadConstraint - - +
    +

    EgressGatewayMetadata

    +

    - - +(Appears on: +EgressGatewayDeploymentPodTemplateSpec) -(Optional) +

    -TopologySpreadConstraints defines how the Egress Gateway pods should be spread across different AZs. +EgressGatewayMetadata contains the standard Kubernetes labels and annotations fields.

    - - + + + + + + + @@ -12364,9 +12060,11 @@ TopologySpreadConstraints defines how the Egress Gateway pods should be spread a (Optional)

    -Tolerations is the egress gateway pod’s tolerations. -If specified, this overrides any tolerations that may be set on the EGW Deployment. -If omitted, the EGW Deployment will use its default value for tolerations. +Labels is a map of string keys and values that may match replica set and +service selectors. Each of these key/value pairs are added to the +object’s labels provided the key does not already exist in the object’s labels. +If not specified will default to projectcalico.org/egw:[name], where [name] is +the name of the Egress Gateway resource.

    @@ -12374,9 +12072,9 @@ If omitted, the EGW Deployment will use its default value for tolerations. @@ -12384,22 +12082,24 @@ string (Optional)

    -PriorityClassName allows to specify a PriorityClass resource to be used. +Annotations is a map of arbitrary non-identifying metadata. Each of these +key/value pairs are added to the object’s annotations provided the key does not +already exist in the object’s annotations.

    FieldDescription
    -tolerations
    +labels
    - -[]Kubernetes core/v1.Toleration - +map[string]string
    -priorityClassName
    +annotations
    -string +map[string]string
    -

    EgressGatewayDeploymentPodTemplateSpec

    +

    EgressGatewaySpec

    (Appears on: -EgressGatewaySpec) +EgressGateway)

    -EgressGatewayDeploymentPodTemplateSpec is the EGW Deployment’s PodTemplateSpec +EgressGatewaySpec defines the desired state of EgressGateway

    @@ -12412,11 +12112,9 @@ EgressGatewayDeploymentPodTemplateSpec is the EGW Deployment’s PodTemplate @@ -12424,8 +12122,7 @@ EgressGatewayMetadata (Optional)

    -Metadata is a subset of a Kubernetes object’s metadata that is added to -the pod’s metadata. +Replicas defines how many instances of the Egress Gateway pod will run.

    @@ -12433,54 +12130,30 @@ the pod’s metadata. - -
    -metadata
    +replicas
    - -EgressGatewayMetadata - +int32
    -spec
    +ipPools
    - -EgressGatewayDeploymentPodSpec + +[]EgressGatewayIPPool     		-(Optional)

    -Spec is the EGW Deployment’s PodSpec. -

    -
    -
    - -
    +IPPools defines the IP Pools that the Egress Gateway pods should be using. +Either name or CIDR must be specified. +IPPools must match existing IPPools. +
    -

    EgressGatewayFailureDetection

    -

    - -(Appears on: -EgressGatewaySpec) - -

    -

    -EgressGatewayFailureDetection defines the fields the needed for determining Egress Gateway -readiness. -

    - - - - - - - - @@ -12488,10 +12161,9 @@ int32 (Optional)

    -HealthTimeoutDataStoreSeconds defines how long Egress Gateway can fail to connect -to the datastore before reporting not ready. -This value must be greater than 0. -Default: 90 +ExternalNetworks defines the external network names this Egress Gateway is +associated with. +ExternalNetworks must match existing external networks.

    @@ -12499,10 +12171,10 @@ Default: 90 @@ -12521,10 +12192,10 @@ fail. Timeout must be greater than interval. - -
    FieldDescription
    -healthTimeoutDataStoreSeconds
    +externalNetworks
    -int32 +[]string
    -icmpProbe
    +logSeverity
    - -ICMPProbe + +LogLevel @@ -12511,9 +12183,8 @@ ICMPProbe (Optional)

    -ICMPProbe define outgoing ICMP probes that Egress Gateway will use to -verify its upstream connection. Egress Gateway will report not ready if all -fail. Timeout must be greater than interval. +LogSeverity defines the logging level of the Egress Gateway. +Default: Info

    -httpProbe
    +template
    - -HTTPProbe + +EgressGatewayDeploymentPodTemplateSpec @@ -12533,36 +12204,19 @@ HTTPProbe (Optional)

    -HTTPProbe define outgoing HTTP probes that Egress Gateway will use to -verify its upsteam connection. Egress Gateway will report not ready if all -fail. Timeout must be greater than interval. +Template describes the EGW Deployment pod that will be created.

    -

    EgressGatewayIPPool

    -

    - -(Appears on: -EgressGatewaySpec) - -

    - - - - - - - - @@ -12570,7 +12224,11 @@ string (Optional)

    -Name is the name of the IPPool that the Egress Gateways can use. +EgressGatewayFailureDetection is used to configure how Egress Gateway +determines readiness. If both ICMP, HTTP probes are defined, one ICMP probe and one +HTTP probe should succeed for Egress Gateways to become ready. +Otherwise one of ICMP or HTTP probe should succeed for Egress gateways to become +ready if configured.

    @@ -12578,9 +12236,11 @@ Name is the name of the IPPool that the Egress Gateways can use. @@ -12588,22 +12248,22 @@ string (Optional)

    -CIDR is the IPPool CIDR that the Egress Gateways can use. +AWS defines the additional configuration options for Egress Gateways on AWS.

    FieldDescription
    -name
    +egressGatewayFailureDetection
    -string + +EgressGatewayFailureDetection +
    -cidr
    +aws
    -string + +AWSEgressGateway +
    -

    EgressGatewayMetadata

    +

    EgressGatewayStatus

    (Appears on: -EgressGatewayDeploymentPodTemplateSpec) +EgressGateway)

    -EgressGatewayMetadata contains the standard Kubernetes labels and annotations fields. +EgressGatewayStatus defines the observed state of EgressGateway

    @@ -12616,21 +12276,16 @@ EgressGatewayMetadata contains the standard Kubernetes labels and annotations fi @@ -12638,9 +12293,11 @@ the name of the Egress Gateway resource. @@ -12648,24 +12305,23 @@ map[string]string (Optional)

    -Annotations is a map of arbitrary non-identifying metadata. Each of these -key/value pairs are added to the object’s annotations provided the key does not -already exist in the object’s annotations. +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types.

    -labels
    +state
    -map[string]string +string     		-(Optional)

    -Labels is a map of string keys and values that may match replica set and -service selectors. Each of these key/value pairs are added to the -object’s labels provided the key does not already exist in the object’s labels. -If not specified will default to projectcalico.org/egw:[name], where [name] is -the name of the Egress Gateway resource. +State provides user-readable status.

    -annotations
    +conditions
    -map[string]string + +[]Kubernetes meta/v1.Condition +
    -

    EgressGatewaySpec

    +

    EksCloudwatchLogsSpec

    (Appears on: -EgressGateway) +AdditionalLogSourceSpec)

    -EgressGatewaySpec defines the desired state of EgressGateway +EksConfigSpec defines configuration for fetching EKS audit logs.

    @@ -12678,17 +12334,16 @@ EgressGatewaySpec defines the desired state of EgressGateway @@ -12696,20 +12351,16 @@ Replicas defines how many instances of the Egress Gateway pod will run. @@ -12717,9 +12368,9 @@ IPPools must match existing IPPools. @@ -12727,9 +12378,8 @@ IPPools must match existing IPPools. (Optional)

    -ExternalNetworks defines the external network names this Egress Gateway is -associated with. -ExternalNetworks must match existing external networks. +Prefix of Cloudwatch log stream containing EKS audit logs in the log-group. +Default: kube-apiserver-audit-

    @@ -12737,11 +12387,9 @@ ExternalNetworks must match existing external networks. @@ -12749,19 +12397,39 @@ LogLevel (Optional)

    -LogSeverity defines the logging level of the Egress Gateway. -Default: Info +Cloudwatch audit logs fetching interval in seconds. +Default: 60

    + +
    -replicas
    +region
    -int32 +string     		-(Optional)

    -Replicas defines how many instances of the Egress Gateway pod will run. +AWS Region EKS cluster is hosted in.

    -ipPools
    +groupName
    - -[]EgressGatewayIPPool - +string

    -IPPools defines the IP Pools that the Egress Gateway pods should be using. -Either name or CIDR must be specified. -IPPools must match existing IPPools. +Cloudwatch log-group name containing EKS audit logs.

    -externalNetworks
    +streamPrefix
    -[]string +string
    -logSeverity
    +fetchInterval
    - -LogLevel - +int32
    +

    ElasticsearchMetricsDeployment

    +

    + +(Appears on: +LogStorageSpec) + +

    +

    +ElasticsearchMetricsDeployment is the configuration for the tigera-elasticsearch-metric Deployment. +

    + + + + + + + + + +
    FieldDescription
    -template
    +spec
    - -EgressGatewayDeploymentPodTemplateSpec + +ElasticsearchMetricsDeploymentSpec @@ -12770,31 +12438,49 @@ EgressGatewayDeploymentPodTemplateSpec (Optional)

    -Template describes the EGW Deployment pod that will be created. +Spec is the specification of the ElasticsearchMetrics Deployment.

    +
    +
    + +
    +

    ElasticsearchMetricsDeploymentContainer

    +

    + +(Appears on: +ElasticsearchMetricsDeploymentPodSpec) + +

    +

    +ElasticsearchMetricsDeploymentContainer is a ElasticsearchMetricsDeployment container. +

    + + + + + + + + @@ -12802,10 +12488,10 @@ ready if configured.
    FieldDescription
    -egressGatewayFailureDetection
    +name
    - -EgressGatewayFailureDetection - +string     		-(Optional)

    -EgressGatewayFailureDetection is used to configure how Egress Gateway -determines readiness. If both ICMP, HTTP probes are defined, one ICMP probe and one -HTTP probe should succeed for Egress Gateways to become ready. -Otherwise one of ICMP or HTTP probe should succeed for Egress gateways to become -ready if configured. +Name is an enum which identifies the ElasticsearchMetricsDeployment container by name. +Supported values are: tigera-elasticsearch-metrics

    -aws
    +resources
    - -AWSEgressGateway + +Kubernetes core/v1.ResourceRequirements @@ -12814,22 +12500,24 @@ AWSEgressGateway (Optional)

    -AWS defines the additional configuration options for Egress Gateways on AWS. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named ElasticsearchMetricsDeployment container’s resources. +If omitted, the ElasticsearchMetrics Deployment will use its default value for this container’s resources.

    -

    EgressGatewayStatus

    +

    ElasticsearchMetricsDeploymentInitContainer

    (Appears on: -EgressGateway) +ElasticsearchMetricsDeploymentPodSpec)

    -EgressGatewayStatus defines the observed state of EgressGateway +ElasticsearchMetricsDeploymentInitContainer is a ElasticsearchMetricsDeployment init container.

    @@ -12842,7 +12530,7 @@ EgressGatewayStatus defines the observed state of EgressGateway - - - - - - -
    -state
    +name
    string @@ -12851,262 +12539,8 @@ string

    -State provides user-readable status. -

    - -
    - -conditions
    - - -[]Kubernetes meta/v1.Condition - - - -    		 - -(Optional) -

    -Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. -

    - -
    -

    EksCloudwatchLogsSpec

    -

    - -(Appears on: -AdditionalLogSourceSpec) - -

    -

    -EksConfigSpec defines configuration for fetching EKS audit logs. -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -region
    - -string - - -    		 - -

    -AWS Region EKS cluster is hosted in. -

    - -
    - -groupName
    - -string - - -    		 - -

    -Cloudwatch log-group name containing EKS audit logs. -

    - -
    - -streamPrefix
    - -string - - -    		 - -(Optional) -

    -Prefix of Cloudwatch log stream containing EKS audit logs in the log-group. -Default: kube-apiserver-audit- -

    - -
    - -fetchInterval
    - -int32 - - -    		 - -(Optional) -

    -Cloudwatch audit logs fetching interval in seconds. -Default: 60 -

    - -
    -

    ElasticsearchMetricsDeployment

    -

    - -(Appears on: -LogStorageSpec) - -

    -

    -ElasticsearchMetricsDeployment is the configuration for the tigera-elasticsearch-metric Deployment. -

    - - - - - - - - - - - - - -
    FieldDescription
    - -spec
    - - -ElasticsearchMetricsDeploymentSpec - - - -    		 - -(Optional) -

    -Spec is the specification of the ElasticsearchMetrics Deployment. -

    -
    -
    - -
    - -
    -

    ElasticsearchMetricsDeploymentContainer

    -

    - -(Appears on: -ElasticsearchMetricsDeploymentPodSpec) - -

    -

    -ElasticsearchMetricsDeploymentContainer is a ElasticsearchMetricsDeployment container. -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -name
    - -string - - -    		 - -

    -Name is an enum which identifies the ElasticsearchMetricsDeployment container by name. -Supported values are: tigera-elasticsearch-metrics -

    - -
    - -resources
    - - -Kubernetes core/v1.ResourceRequirements - - - -    		 - -(Optional) -

    -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named ElasticsearchMetricsDeployment container’s resources. -If omitted, the ElasticsearchMetrics Deployment will use its default value for this container’s resources. -

    - -
    -

    ElasticsearchMetricsDeploymentInitContainer

    -

    - -(Appears on: -ElasticsearchMetricsDeploymentPodSpec) - -

    -

    -ElasticsearchMetricsDeploymentInitContainer is a ElasticsearchMetricsDeployment init container. -

    - - - - - - - - - - - @@ -13450,7 +12884,7 @@ HonorTimestamps controls whether Prometheus respects the timestamps present in s metricRelabelings
    -[]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig +[]*github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig @@ -13467,7 +12901,7 @@ MetricRelabelConfigs to apply to samples before ingestion. relabelings
    -[]github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig +[]*github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1.RelabelConfig @@ -13684,1199 +13118,7 @@ string

    Name is an enum which identifies the Fluentd DaemonSet container by name. -Supported values are: fluentd -

    - - - - - - - - -
    FieldDescription
    - -name
    - -string - - -    		 - -

    -Name is an enum which identifies the ElasticsearchMetricsDeployment init container by name. -Supported values are: tigera-ee-elasticsearch-metrics-tls-key-cert-provisioner +Name is an enum which identifies the ElasticsearchMetricsDeployment init container by name. +Supported values are: tigera-ee-elasticsearch-metrics-tls-key-cert-provisioner

    - -resources
    - - -Kubernetes core/v1.ResourceRequirements - - - -    		 - -(Optional) -

    -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named Fluentd DaemonSet container’s resources. -If omitted, the Fluentd DaemonSet will use its default value for this container’s resources. -

    - -
    -

    FluentdDaemonSetInitContainer

    -

    - -(Appears on: -FluentdDaemonSetPodSpec) - -

    -

    -FluentdDaemonSetInitContainer is a Fluentd DaemonSet init container. -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -name
    - -string - - -    		 - -

    -Name is an enum which identifies the Fluentd DaemonSet init container by name. -Supported values are: tigera-fluentd-prometheus-tls-key-cert-provisioner -

    - -
    - -resources
    - - -Kubernetes core/v1.ResourceRequirements - - - -    		 - -(Optional) -

    -Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named Fluentd DaemonSet init container’s resources. -If omitted, the Fluentd DaemonSet will use its default value for this init container’s resources. -

    - -
    -

    FluentdDaemonSetPodSpec

    -

    - -(Appears on: -FluentdDaemonSetPodTemplateSpec) - -

    -

    -FluentdDaemonSetPodSpec is the Fluentd DaemonSet’s PodSpec. -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -initContainers
    - - -[]FluentdDaemonSetInitContainer - - - -    		 - -(Optional) -

    -InitContainers is a list of Fluentd DaemonSet init containers. -If specified, this overrides the specified Fluentd DaemonSet init containers. -If omitted, the Fluentd DaemonSet will use its default values for its init containers. -

    - -
    - -containers
    - - -[]FluentdDaemonSetContainer - - - -    		 - -(Optional) -

    -Containers is a list of Fluentd DaemonSet containers. -If specified, this overrides the specified Fluentd DaemonSet containers. -If omitted, the Fluentd DaemonSet will use its default values for its containers. -

    - -
    -

    FluentdDaemonSetPodTemplateSpec

    -

    - -(Appears on: -FluentdDaemonSetSpec) - -

    -

    -FluentdDaemonSetPodTemplateSpec is the Fluentd DaemonSet’s PodTemplateSpec -

    - - - - - - - - - - - - - -
    FieldDescription
    - -spec
    - - -FluentdDaemonSetPodSpec - - - -    		 - -(Optional) -

    -Spec is the Fluentd DaemonSet’s PodSpec. -

    -
    -
    - -
    - -
    -

    FluentdDaemonSetSpec

    -

    - -(Appears on: -FluentdDaemonSet) - -

    -

    -FluentdDaemonSetSpec defines configuration for the Fluentd DaemonSet. -

    - - - - - - - - - - - - - -
    FieldDescription
    - -template
    - - -FluentdDaemonSetPodTemplateSpec - - - -    		 - -(Optional) -

    -Template describes the Fluentd DaemonSet pod that will be created. -

    - -
    -

    GatewayAPISpec

    -

    - -(Appears on: -GatewayAPI) - -

    -

    -GatewayAPISpec has fields that can be used to customize our GatewayAPI support. -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -gatewayControllerDeployment
    - - -GatewayControllerDeployment - - - -    		 - -

    -Allow optional customization of the gateway controller deployment. -

    - -
    - -gatewayCertgenJob
    - - -GatewayCertgenJob - - - -    		 - -

    -Allow optional customization of the gateway certgen job. -

    - -
    - -gatewayDeployment
    - - -GatewayDeployment - - - -    		 - -

    -Allow optional customization of gateway deployments. -

    - -
    -

    GatewayCertgenJob

    -

    - -(Appears on: -GatewayAPISpec) - -

    -

    -GatewayCertgenJob allows customization of the gateway certgen job. -

    -

    -If GatewayCertgenJob.Metadata is non-nil, non-clashing labels and annotations from that metadata -are added into the job’s top-level metadata. -

    -

    -For customization of the job spec see GatewayCertgenJobSpec. -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -metadata
    - - -Metadata - - - -    		 - -(Optional) - -
    - -spec
    - - -GatewayCertgenJobSpec - - - -    		 - -(Optional) -
    -
    - -
    - -
    -

    GatewayCertgenJobContainer

    -

    - -(Appears on: -GatewayCertgenJobPodSpec) - -

    -

    -GatewayCertgenJobContainer allows customization of the gateway certgen job’s resource -requirements. -

    -

    -If GatewayCertgenJob.Spec.Template.Spec.Containers[“envoy-gateway-certgen”].Resources is non-nil, -it overrides the ResourceRequirements of the job’s “envoy-gateway-certgen” container. -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -name
    - -string - - -    		 - - -
    - -resources
    - - -Kubernetes core/v1.ResourceRequirements - - - -    		 - -(Optional) - -
    -

    GatewayCertgenJobPodSpec

    -

    - -(Appears on: -GatewayCertgenJobPodTemplate) - -

    -

    -GatewayCertgenJobPodSpec allows customization of the gateway certgen job’s pod spec. -

    -

    -If GatewayCertgenJob.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of the -job’s pod template. -

    -

    -If GatewayCertgenJob.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for -where job pods may be scheduled. -

    -

    -If GatewayCertgenJob.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of -the job’s pod template. -

    -

    -For customization of job container resources see GatewayCertgenJobContainer. -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -affinity
    - - -Kubernetes core/v1.Affinity - - - -    		 - -(Optional) - -
    - -containers
    - - -[]GatewayCertgenJobContainer - - - -    		 - -(Optional) - -
    - -nodeSelector
    - -map[string]string - - -    		 - -(Optional) - -
    - -tolerations
    - - -[]Kubernetes core/v1.Toleration - - - -    		 - -(Optional) - -
    -

    GatewayCertgenJobPodTemplate

    -

    - -(Appears on: -GatewayCertgenJobSpec) - -

    -

    -GatewayCertgenJobPodTemplate allows customization of the gateway certgen job’s pod template. -

    -

    -If GatewayCertgenJob.Spec.Template.Metadata is non-nil, non-clashing labels and -annotations from that metadata are added into the job’s pod template. -

    -

    -For customization of the pod template spec see GatewayCertgenJobPodSpec. -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -metadata
    - - -Metadata - - - -    		 - -(Optional) - -
    - -spec
    - - -GatewayCertgenJobPodSpec - - - -    		 - -(Optional) -
    -
    - -
    - -
    -

    GatewayCertgenJobSpec

    -

    - -(Appears on: -GatewayCertgenJob) - -

    -

    -GatewayCertgenJobSpec allows customization of the gateway certgen job spec. -

    -

    -For customization of the job template see GatewayCertgenJobPodTemplate. -

    - - - - - - - - - - - - - -
    FieldDescription
    - -template
    - - -GatewayCertgenJobPodTemplate - - - -    		 - -(Optional) - -
    -

    GatewayControllerDeployment

    -

    - -(Appears on: -GatewayAPISpec) - -

    -

    -GatewayControllerDeployment allows customization of the gateway controller deployment. -

    -

    -If GatewayControllerDeployment.Metadata is non-nil, non-clashing labels and annotations from that -metadata are added into the deployment’s top-level metadata. -

    -

    -For customization of the deployment spec see GatewayControllerDeploymentSpec. -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -metadata
    - - -Metadata - - - -    		 - -(Optional) - -
    - -spec
    - - -GatewayControllerDeploymentSpec - - - -    		 - -(Optional) -
    -
    - -
    - -
    -

    GatewayControllerDeploymentContainer

    -

    - -(Appears on: -GatewayControllerDeploymentPodSpec) - -

    -

    -GatewayControllerDeploymentContainer allows customization of the gateway controller’s resource -requirements. -

    -

    -If GatewayControllerDeployment.Spec.Template.Spec.Containers[“envoy-gateway”].Resources is -non-nil, it overrides the ResourceRequirements of the controller’s “envoy-gateway” container. -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -name
    - -string - - -    		 - - -
    - -resources
    - - -Kubernetes core/v1.ResourceRequirements - - - -    		 - -(Optional) - -
    -

    GatewayControllerDeploymentPodSpec

    -

    - -(Appears on: -GatewayControllerDeploymentPodTemplate) - -

    -

    -GatewayControllerDeploymentPodSpec allows customization of the gateway controller deployment pod -spec. -

    -

    -If GatewayControllerDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field -of the deployment’s pod template. -

    -

    -If GatewayControllerDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node -selector for where controller pods may be scheduled. -

    -

    -If GatewayControllerDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations -field of the deployment’s pod template. -

    -

    -For customization of container resources see GatewayControllerDeploymentContainer. -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -affinity
    - - -Kubernetes core/v1.Affinity - - - -    		 - -(Optional) - -
    - -containers
    - - -[]GatewayControllerDeploymentContainer - - - -    		 - -(Optional) - -
    - -nodeSelector
    - -map[string]string - - -    		 - -(Optional) - -
    - -tolerations
    - - -[]Kubernetes core/v1.Toleration - - - -    		 - -(Optional) - -
    -

    GatewayControllerDeploymentPodTemplate

    -

    - -(Appears on: -GatewayControllerDeploymentSpec) - -

    -

    -GatewayControllerDeploymentPodTemplate allows customization of the gateway controller deployment -pod template. -

    -

    -If GatewayControllerDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and -annotations from that metadata are added into the deployment’s pod template. -

    -

    -For customization of the pod template spec see GatewayControllerDeploymentPodSpec. -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -metadata
    - - -Metadata - - - -    		 - -(Optional) - -
    - -spec
    - - -GatewayControllerDeploymentPodSpec - - - -    		 - -(Optional) -
    -
    - -
    - -
    -

    GatewayControllerDeploymentSpec

    -

    - -(Appears on: -GatewayControllerDeployment) - -

    -

    -GatewayControllerDeploymentSpec allows customization of the gateway controller deployment spec. -

    -

    -If GatewayControllerDeployment.Spec.MinReadySeconds is non-nil, it sets the minReadySeconds field -for the deployment. -

    -

    -For customization of the pod template see GatewayControllerDeploymentPodTemplate. -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -minReadySeconds
    - -int32 - - -    		 - -(Optional) - -
    - -template
    - - -GatewayControllerDeploymentPodTemplate - - - -    		 - -(Optional) - -
    -

    GatewayDeployment

    -

    - -(Appears on: -GatewayAPISpec) - -

    -

    -GatewayDeployment allows customization of gateway deployments. -

    -

    -For detail see GatewayDeploymentSpec. -

    - - - - - - - - - - - - - -
    FieldDescription
    - -spec
    - - -GatewayDeploymentSpec - - - -    		 - -(Optional) -
    -
    - -
    - -
    -

    GatewayDeploymentContainer

    -

    - -(Appears on: -GatewayDeploymentPodSpec) - -

    -

    -GatewayDeploymentContainer allows customization of the resource requirements of gateway -deployments. -

    -

    -If GatewayDeployment.Spec.Template.Spec.Containers[“envoy”].Resources is non-nil, it overrides -the ResourceRequirements of the “envoy” container in each gateway deployment. -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -name
    - -string - - -    		 - - -
    - -resources
    - - -Kubernetes core/v1.ResourceRequirements - - - -    		 - -(Optional) - -
    -

    GatewayDeploymentPodSpec

    -

    - -(Appears on: -GatewayDeploymentPodTemplate) - -

    -

    -GatewayDeploymentPodSpec allows customization of the pod spec of gateway deployments. -

    -

    -If GatewayDeployment.Spec.Template.Spec.Affinity is non-nil, it sets the affinity field of each -deployment’s pod template. -

    -

    -If GatewayDeployment.Spec.Template.Spec.NodeSelector is non-nil, it sets a node selector for -where gateway pods may be scheduled. -

    -

    -If GatewayDeployment.Spec.Template.Spec.Tolerations is non-nil, it sets the tolerations field of -each deployment’s pod template. -

    -

    -If GatewayDeployment.Spec.Template.Spec.TopologySpreadConstraints is non-nil, it sets the -topology spread constraints of each deployment’s pod template. -

    -

    -For customization of container resources see GatewayControllerDeploymentContainer. -

    - - - - - - - - - - - - - - - - - - - - - - - @@ -14884,10 +13126,10 @@ All topologySpreadConstraints are ANDed.
    FieldDescription
    - -affinity
    - - -Kubernetes core/v1.Affinity - - - -    		 - -(Optional) - -
    - -containers
    - - -[]GatewayDeploymentContainer - - - -    		 - -(Optional) - -
    - -nodeSelector
    - -map[string]string - - -    		 - -(Optional) - -
    - -topologySpreadConstraints
    - - -[]Kubernetes core/v1.TopologySpreadConstraint - - - -    		 - -(Optional) -

    -TopologySpreadConstraints describes how a group of pods ought to spread across topology -domains. Scheduler will schedule pods in a way which abides by the constraints. -All topologySpreadConstraints are ANDed. +Supported values are: fluentd

    -tolerations
    +resources
    - -[]Kubernetes core/v1.Toleration + +Kubernetes core/v1.ResourceRequirements @@ -14895,27 +13137,25 @@ All topologySpreadConstraints are ANDed.     		(Optional) +

    +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Fluentd DaemonSet container’s resources. +If omitted, the Fluentd DaemonSet will use its default value for this container’s resources. +
    -

    GatewayDeploymentPodTemplate

    +

    FluentdDaemonSetInitContainer

    (Appears on: -GatewayDeploymentSpec) +FluentdDaemonSetPodSpec)

    -GatewayDeploymentPodTemplate allows customization of the pod template of gateway deployments. -

    -

    -If GatewayDeployment.Spec.Template.Metadata is non-nil, non-clashing labels and annotations from -that metadata are added into each deployment’s pod template. -

    -

    -For customization of the pod template spec see GatewayDeploymentPodSpec. +FluentdDaemonSetInitContainer is a Fluentd DaemonSet init container.

    @@ -14928,27 +13168,28 @@ For customization of the pod template spec see GatewayDeploymentPodSpec.
    -metadata
    +name
    - -Metadata - +string     		-(Optional) +

    +Name is an enum which identifies the Fluentd DaemonSet init container by name. +Supported values are: tigera-fluentd-prometheus-tls-key-cert-provisioner +
    -spec
    +resources
    - -GatewayDeploymentPodSpec + +Kubernetes core/v1.ResourceRequirements @@ -14956,30 +13197,25 @@ GatewayDeploymentPodSpec     		(Optional) -
    -
    - -
    +

    +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Fluentd DaemonSet init container’s resources. +If omitted, the Fluentd DaemonSet will use its default value for this init container’s resources. +
    -

    GatewayDeploymentSpec

    +

    FluentdDaemonSetPodSpec

    (Appears on: -GatewayDeployment) +FluentdDaemonSetPodTemplateSpec)

    -GatewayDeploymentSpec allows customization of the spec of gateway deployments. -

    -

    -For customization of the pod template see GatewayDeploymentPodTemplate. -

    -

    -For customization of the deployment strategy see GatewayDeploymentStrategy. +FluentdDaemonSetPodSpec is the Fluentd DaemonSet’s PodSpec.

    @@ -14992,10 +13228,10 @@ For customization of the deployment strategy see GatewayDeploymentStrategy.
    -template
    +initContainers
    - -GatewayDeploymentPodTemplate + +[]FluentdDaemonSetInitContainer @@ -15003,16 +13239,21 @@ GatewayDeploymentPodTemplate     		(Optional) +

    +InitContainers is a list of Fluentd DaemonSet init containers. +If specified, this overrides the specified Fluentd DaemonSet init containers. +If omitted, the Fluentd DaemonSet will use its default values for its init containers. +
    -strategy
    +containers
    - -GatewayDeploymentStrategy + +[]FluentdDaemonSetContainer @@ -15021,30 +13262,68 @@ GatewayDeploymentStrategy (Optional)

    -The deployment strategy to use to replace existing pods with new ones. +Containers is a list of Fluentd DaemonSet containers. +If specified, this overrides the specified Fluentd DaemonSet containers. +If omitted, the Fluentd DaemonSet will use its default values for its containers.

    -

    GatewayDeploymentStrategy

    +

    FluentdDaemonSetPodTemplateSpec

    (Appears on: -GatewayDeploymentSpec) +FluentdDaemonSetSpec)

    -GatewayDeploymentStrategy allows customization of the deployment strategy for gateway -deployments. +FluentdDaemonSetPodTemplateSpec is the Fluentd DaemonSet’s PodTemplateSpec +

    + + + + + + + + + + + + + +
    FieldDescription
    + +spec
    + + +FluentdDaemonSetPodSpec + + + +    		 + +(Optional) +

    +Spec is the Fluentd DaemonSet’s PodSpec.

    +
    +
    + +
    + +
    +

    FluentdDaemonSetSpec

    -If GatewayDeployment.Spec.Strategy is non-nil, gateway deployments are set to use a rolling -update strategy, with the parameters specified in GatewayDeployment.Spec.Strategy. + +(Appears on: +FluentdDaemonSet) +

    -Only RollingUpdate is supported at this time so the Type field is not exposed. +FluentdDaemonSetSpec defines configuration for the Fluentd DaemonSet.

    @@ -15057,10 +13336,10 @@ Only RollingUpdate is supported at this time so the Type field is not exposed. @@ -15890,23 +14172,6 @@ AllowedUse controls what the IP pool will be used for. If not specified or empt [“Tunnel”, “Workload”] for back-compatibility

    - - - - - @@ -16697,7 +14962,6 @@ FIPSMode (Optional)

    FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. -Only supported for Variant=Calico. Default: Disabled

    @@ -16759,48 +15023,6 @@ Windows Configuration Kubernetes Service CIDRs. Specifying this is required when using Calico for Windows.

    - - - - - - - - - @@ -19020,25 +17242,6 @@ ElasticsearchMetricsDeployment ElasticsearchMetricsDeployment configures the tigera-elasticsearch-metric Deployment.

    - - - - - @@ -19474,7 +17677,7 @@ string

    Name is an enum which identifies the Manager Deployment container by name. -Supported values are: tigera-voltron, tigera-manager, tigera-ui-apis, and tigera-es-proxy (deprecated). +Supported values are: tigera-voltron, tigera-manager, tigera-es-proxy

    @@ -19826,11 +18029,6 @@ Ready, Progressing, Degraded or other customer types. CalicoNodeWindowsDaemonSetPodTemplateSpec, CalicoWindowsUpgradeDaemonSet, CalicoWindowsUpgradeDaemonSetPodTemplateSpec, -GatewayCertgenJob, -GatewayCertgenJobPodTemplate, -GatewayControllerDeployment, -GatewayControllerDeploymentPodTemplate, -GatewayDeploymentPodTemplate, TyphaDeployment, TyphaDeploymentPodTemplateSpec) @@ -21001,14 +19199,6 @@ PathReplace if not nil will be used to replace PathRegexp matches.
    -rollingUpdate
    +template
    - -Kubernetes apps/v1.RollingUpdateDeployment + +FluentdDaemonSetPodTemplateSpec @@ -15068,6 +13347,9 @@ Kubernetes apps/v1.RollingUpdateDeployment     		(Optional) +

    +Template describes the Fluentd DaemonSet pod that will be created. +
    - -assignmentMode
    - -github.com/tigera/operator/pkg/apis/crd.projectcalico.org/v1.AssignmentMode - - -    		 - -

    -AssignmentMode determines if IP addresses from this pool should be assigned automatically or on request only -

    -
    - -azure
    - - -Azure - - - -    		 - -(Optional) -

    -Azure is used to configure azure provider specific options. -

    - -
    - -proxy
    - - -Proxy - - - -    		 - -(Optional) -

    -Proxy is used to configure the HTTP(S) proxy settings that will be applied to Tigera containers that connect -to destinations outside the cluster. It is expected that NO_PROXY is configured such that destinations within -the cluster (including the API server) are exempt from proxying. -

    -
    - -esGatewayDeployment
    - - -ESGatewayDeployment - - - -    		 - -

    -ESGatewayDeployment configures the es-gateway Deployment. -

    -
    -

    PolicyMode -(string alias)

    -

    - -(Appears on: -Azure) - -

    PolicyRecommendationDeployment

    @@ -21575,81 +19765,6 @@ One of: None, Login, Consent, SelectAccount. Provider represents a particular provider or flavor of Kubernetes. Valid options are: EKS, GKE, AKS, RKE2, OpenShift, DockerEnterprise, TKG.

    -

    Proxy

    -

    - -(Appears on: -InstallationSpec) - -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    - -httpProxy
    - -string - - -    		 - -(Optional) -

    -HTTPProxy defines the value of the HTTP_PROXY environment variable that will be set on Tigera containers that connect to -destinations outside the cluster. -

    - -
    - -httpsProxy
    - -string - - -    		 - -(Optional) -

    -HTTPSProxy defines the value of the HTTPS_PROXY environment variable that will be set on Tigera containers that connect to -destinations outside the cluster. -

    - -
    - -noProxy
    - -string - - -    		 - -(Optional) -

    -NoProxy defines the value of the NO_PROXY environment variable that will be set on Tigera containers that connect to -destinations outside the cluster. This value must be set such that destinations within the scope of the cluster, including -the Kubernetes API server, are exempt from being proxied. -

    - -

    Retention

    @@ -21964,14 +20079,6 @@ related to connecting to our Prometheus server are automatically set by the oper (Appears on: ApplicationLayerSpec) -

    -

    SidecarWebhookStateType -(string alias)

    -

    - -(Appears on: -ApplicationLayerStatus) -

    SplunkStoreSpec