From 238d7c92c95232ce90008f213c2530863f414c3f Mon Sep 17 00:00:00 2001 From: Christopher Tauchen Date: Tue, 12 Mar 2024 14:51:11 +0000 Subject: [PATCH 01/10] DOCS-2128: Initial changes for patch CE 3.17.4 --- .../release-notes/_v3.17.4-release-notes.mdx | 9 + .../version-3.17/releases.json | 267 ++++++++++++++++++ .../version-3.17/variables.js | 6 +- 3 files changed, 279 insertions(+), 3 deletions(-) create mode 100644 calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx diff --git a/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx b/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx new file mode 100644 index 0000000000..e22c954da7 --- /dev/null +++ b/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx @@ -0,0 +1,9 @@ +DD March 2024 + +### Improvements +- + +### Bug fixes +- + +### Known issues {#known-issues-3.17.4} \ No newline at end of file diff --git a/calico-enterprise_versioned_docs/version-3.17/releases.json b/calico-enterprise_versioned_docs/version-3.17/releases.json index f7bbdebcd4..2b7c787fd4 100644 --- a/calico-enterprise_versioned_docs/version-3.17/releases.json +++ b/calico-enterprise_versioned_docs/version-3.17/releases.json @@ -1,4 +1,271 @@ [ + { + "title": "v3.17.4", + "tigera-operator": { + "image": "tigera/operator", + "version": "v1.30.8", + "registry": "quay.io" + }, + "calico": { + "minor_version": "v3.25", + "archive_path": "archive" + }, + "components": { + "cnx-manager": { + "image": "tigera/cnx-manager", + "version": "v3.17.4" + }, + "voltron": { + "image": "tigera/voltron", + "version": "v3.17.4" + }, + "guardian": { + "image": "tigera/guardian", + "version": "v3.17.4" + }, + "cnx-apiserver": { + "image": "tigera/cnx-apiserver", + "version": "v3.17.4" + }, + "cnx-queryserver": { + "image": "tigera/cnx-queryserver", + "version": "v3.17.4" + }, + "cnx-kube-controllers": { + "image": "tigera/kube-controllers", + "version": "v3.17.4" + }, + "calicoq": { + "image": "tigera/calicoq", + "version": "v3.17.4" + }, + "typha": { + "image": "tigera/typha", + "version": "v3.17.4" + }, + "calicoctl": { + "image": "tigera/calicoctl", + "version": "v3.17.4" + }, + "cnx-node": { + "image": "tigera/cnx-node", + "version": "v3.17.4" + }, + "dikastes": { + "image": "tigera/dikastes", + "version": "v3.17.4" + }, + "dex": { + "image": "tigera/dex", + "version": "v3.17.4" + }, + "fluentd": { + "image": "tigera/fluentd", + "version": "v3.17.4" + }, + "fluentd-windows": { + "image": "tigera/fluentd-windows", + "version": "v3.17.4" + }, + "es-proxy": { + "image": "tigera/es-proxy", + "version": "v3.17.4" + }, + "eck-kibana": { + "version": "7.17.14" + }, + "kibana": { + "image": "tigera/kibana", + "version": "v3.17.4" + }, + "eck-elasticsearch": { + "version": "7.17.14" + }, + "elasticsearch": { + "image": "tigera/elasticsearch", + "version": "v3.17.4" + }, + "cloud-controllers": { + "image": "tigera/cloud-controllers", + "version": "v3.17.4" + }, + "elastic-tsee-installer": { + "image": "tigera/intrusion-detection-job-installer", + "version": "v3.17.4" + }, + "es-curator": { + "image": "tigera/es-curator", + "version": "v3.17.4" + }, + "intrusion-detection-controller": { + "image": "tigera/intrusion-detection-controller", + "version": "v3.17.4" + }, + "compliance-controller": { + "image": "tigera/compliance-controller", + "version": "v3.17.4" + }, + "compliance-reporter": { + "image": "tigera/compliance-reporter", + "version": "v3.17.4" + }, + "compliance-snapshotter": { + "image": "tigera/compliance-snapshotter", + "version": "v3.17.4" + }, + "compliance-server": { + "image": "tigera/compliance-server", + "version": "v3.17.4" + }, + "compliance-benchmarker": { + "image": "tigera/compliance-benchmarker", + "version": "v3.17.4" + }, + "ingress-collector": { + "image": "tigera/ingress-collector", + "version": "v3.17.4" + }, + "l7-collector": { + "image": "tigera/l7-collector", + "version": "v3.17.4" + }, + "license-agent": { + "image": "tigera/license-agent", + "version": "v3.17.4" + }, + "linseed": { + "image": "tigera/linseed", + "version": "v3.17.4" + }, + "tigera-cni": { + "image": "tigera/cni", + "version": "v3.17.4" + }, + "firewall-integration": { + "image": "tigera/firewall-integration", + "version": "v3.17.4" + }, + "egress-gateway": { + "image": "tigera/egress-gateway", + "version": "v3.17.4" + }, + "honeypod": { + "image": "tigera/honeypod", + "version": "v3.17.4" + }, + "honeypod-exp-service": { + "image": "tigera/honeypod-exp-service", + "version": "v3.17.4" + }, + "honeypod-controller": { + "image": "tigera/honeypod-controller", + "version": "v3.17.4" + }, + "key-cert-provisioner": { + "image": "tigera/key-cert-provisioner", + "version": "v1.1.14", + "registry": "quay.io" + }, + "anomaly_detection_jobs": { + "image": "tigera/anomaly_detection_jobs", + "version": "v3.17.4" + }, + "anomaly-detection-api": { + "image": "tigera/anomaly-detection-api", + "version": "v3.17.4" + }, + "elasticsearch-metrics": { + "image": "tigera/elasticsearch-metrics", + "version": "v3.17.4" + }, + "packetcapture": { + "image": "tigera/packetcapture", + "version": "v3.17.4" + }, + "prometheus": { + "image": "tigera/prometheus", + "version": "v3.17.4" + }, + "coreos-prometheus": { + "version": "v2.47.0" + }, + "coreos-prometheus-operator": { + "version": "v0.62.0" + }, + "coreos-config-reloader": { + "version": "v0.62.0" + }, + "prometheus-operator": { + "image": "tigera/prometheus-operator", + "version": "v3.17.4" + }, + "prometheus-config-reloader": { + "image": "tigera/prometheus-config-reloader", + "version": "v3.17.4" + }, + "tigera-prometheus-service": { + "image": "tigera/prometheus-service", + "version": "v3.17.4" + }, + "es-gateway": { + "image": "tigera/es-gateway", + "version": "v3.17.4" + }, + "deep-packet-inspection": { + "image": "tigera/deep-packet-inspection", + "version": "v3.17.4" + }, + "eck-elasticsearch-operator": { + "version": "2.6.1" + }, + "elasticsearch-operator": { + "image": "tigera/eck-operator", + "version": "v3.17.4" + }, + "coreos-alertmanager": { + "version": "v0.25.1" + }, + "alertmanager": { + "image": "tigera/alertmanager", + "version": "v3.17.4" + }, + "envoy": { + "image": "tigera/envoy", + "version": "v3.17.4" + }, + "envoy-init": { + "image": "tigera/envoy-init", + "version": "v3.17.4" + }, + "windows": { + "image": "tigera/calico-windows", + "version": "v3.17.4" + }, + "windows-upgrade": { + "image": "tigera/calico-windows-upgrade", + "version": "v3.17.4" + }, + "policy-recommendation": { + "image": "tigera/policy-recommendation", + "version": "v3.17.4" + }, + "flexvol": { + "image": "tigera/pod2daemon-flexvol", + "version": "v3.17.4", + "registry": "quay.io" + }, + "csi-driver": { + "image": "tigera/csi", + "version": "v3.17.4", + "registry": "quay.io" + }, + "csi-node-driver-registrar": { + "image": "tigera/node-driver-registrar", + "version": "v3.17.4", + "registry": "quay.io" + } + } + }, { "title": "v3.17.3", "tigera-operator": { diff --git a/calico-enterprise_versioned_docs/version-3.17/variables.js b/calico-enterprise_versioned_docs/version-3.17/variables.js index 16b494e8d8..4e553e80c6 100644 --- a/calico-enterprise_versioned_docs/version-3.17/variables.js +++ b/calico-enterprise_versioned_docs/version-3.17/variables.js @@ -1,12 +1,12 @@ const releases = require('./releases.json'); const variables = { - releaseTitle: 'v3.17.3', + releaseTitle: 'v3.17.4', prodname: 'Calico Enterprise', prodnamedash: 'calico-enterprise', version: 'v3.17', baseUrl: '/calico-enterprise/3.17', - filesUrl: 'https://downloads.tigera.io/ee/v3.17.3', + filesUrl: 'https://downloads.tigera.io/ee/v3.17.4', tutorialFilesURL: 'https://docs.tigera.io/files', tmpScriptsURL: 'https://docs.tigera.io/calico-enterprise/3.17', prodnameWindows: 'Calico Enterprise for Windows', @@ -15,7 +15,7 @@ const variables = { noderunning: 'calico-node', rootDirWindows: 'C:\\TigeraCalico', registry: 'quay.io/', - chart_version_name: 'v3.17.3-0', + chart_version_name: 'v3.17.4-0', tigeraOperator: releases[0]['tigera-operator'], releases, imageNames: { From d59a734647d1bda15207b9f2377a617cb73994a8 Mon Sep 17 00:00:00 2001 From: Christopher Tauchen Date: Wed, 13 Mar 2024 23:47:53 +0000 Subject: [PATCH 02/10] RN and releases.json updates for 3.17.4 --- .../release-notes/_v3.17.4-release-notes.mdx | 11 +++++++---- .../version-3.17/releases.json | 8 ++++---- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx b/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx index e22c954da7..0d26ad179c 100644 --- a/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx +++ b/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx @@ -1,9 +1,12 @@ -DD March 2024 +13 March 2024 ### Improvements -- + +* Reduced the validity of JWTs issued by Dex to 15 minutes (down from 24 hours). +* Added a configurable option for `priorityClassName` to the egress gateway CRD. +* Policy recommendation excludes Openshift namespaces by default. ### Bug fixes -- -### Known issues {#known-issues-3.17.4} \ No newline at end of file +* Fixed a bug introduced in v3.17.3 that stopped the `eks-log-forwarder` deployment from starting. +* If kube-controllers metric port is set to 0, no ingress rule will be created. diff --git a/calico-enterprise_versioned_docs/version-3.17/releases.json b/calico-enterprise_versioned_docs/version-3.17/releases.json index 2b7c787fd4..7f72179972 100644 --- a/calico-enterprise_versioned_docs/version-3.17/releases.json +++ b/calico-enterprise_versioned_docs/version-3.17/releases.json @@ -3,7 +3,7 @@ "title": "v3.17.4", "tigera-operator": { "image": "tigera/operator", - "version": "v1.30.8", + "version": "v1.30.10", "registry": "quay.io" }, "calico": { @@ -163,7 +163,7 @@ }, "key-cert-provisioner": { "image": "tigera/key-cert-provisioner", - "version": "v1.1.14", + "version": "v1.1.19", "registry": "quay.io" }, "anomaly_detection_jobs": { @@ -339,14 +339,14 @@ "version": "v3.17.3" }, "eck-kibana": { - "version": "7.17.14" + "version": "7.17.18" }, "kibana": { "image": "tigera/kibana", "version": "v3.17.3" }, "eck-elasticsearch": { - "version": "7.17.14" + "version": "7.17.18" }, "elasticsearch": { "image": "tigera/elasticsearch", From c4c208f40de222bdd3fb853d7ac9e08715d1845d Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Thu, 14 Mar 2024 09:50:02 -0700 Subject: [PATCH 03/10] Update es/kibana versions for v3.17.4 --- calico-enterprise_versioned_docs/version-3.17/releases.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/calico-enterprise_versioned_docs/version-3.17/releases.json b/calico-enterprise_versioned_docs/version-3.17/releases.json index 7f72179972..73758b0148 100644 --- a/calico-enterprise_versioned_docs/version-3.17/releases.json +++ b/calico-enterprise_versioned_docs/version-3.17/releases.json @@ -72,14 +72,14 @@ "version": "v3.17.4" }, "eck-kibana": { - "version": "7.17.14" + "version": "7.17.18" }, "kibana": { "image": "tigera/kibana", "version": "v3.17.4" }, "eck-elasticsearch": { - "version": "7.17.14" + "version": "7.17.18" }, "elasticsearch": { "image": "tigera/elasticsearch", From 602b369570eb5fa3fd0ee44531c05482bdde976b Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Thu, 14 Mar 2024 09:50:16 -0700 Subject: [PATCH 04/10] Revert es/kibana versions for v3.17.3 --- calico-enterprise_versioned_docs/version-3.17/releases.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/calico-enterprise_versioned_docs/version-3.17/releases.json b/calico-enterprise_versioned_docs/version-3.17/releases.json index 73758b0148..f781191c82 100644 --- a/calico-enterprise_versioned_docs/version-3.17/releases.json +++ b/calico-enterprise_versioned_docs/version-3.17/releases.json @@ -339,14 +339,14 @@ "version": "v3.17.3" }, "eck-kibana": { - "version": "7.17.18" + "version": "7.17.14" }, "kibana": { "image": "tigera/kibana", "version": "v3.17.3" }, "eck-elasticsearch": { - "version": "7.17.18" + "version": "7.17.14" }, "elasticsearch": { "image": "tigera/elasticsearch", From 3babc0078cc1846851ba47885aa8050a927c2507 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Thu, 14 Mar 2024 09:51:49 -0700 Subject: [PATCH 05/10] Update operator API docs for v3.17.4/v1.30.10 --- .../reference/installation/_api.mdx | 1713 +++++++++++++---- 1 file changed, 1348 insertions(+), 365 deletions(-) diff --git a/calico-enterprise_versioned_docs/version-3.17/reference/installation/_api.mdx b/calico-enterprise_versioned_docs/version-3.17/reference/installation/_api.mdx index aec96ca68a..5871c5c14b 100644 --- a/calico-enterprise_versioned_docs/version-3.17/reference/installation/_api.mdx +++ b/calico-enterprise_versioned_docs/version-3.17/reference/installation/_api.mdx @@ -712,7 +712,7 @@ AuthenticationOIDC (Optional)

-OIDC contains the configuration needed to set up OIDC authentication. +OIDC contains the configuration needed to setup OIDC authentication.

@@ -732,7 +732,7 @@ AuthenticationOpenshift (Optional)

-Openshift contains the configuration needed to set up Openshift OAuth authentication. +Openshift contains the configuration needed to setup Openshift OAuth authentication.

@@ -752,7 +752,7 @@ AuthenticationLDAP (Optional)

-LDAP contains the configuration needed to set up LDAP authentication. +LDAP contains the configuration needed to setup LDAP authentication.

@@ -2157,7 +2157,7 @@ CollectProcessPathOption (Optional)

Configuration for enabling/disabling process path collection in flowlogs. -If Enabled, this feature sets hostPID to true to read process cmdline. +If Enabled, this feature sets hostPID to true in order to read process cmdline. Default: Enabled

@@ -4320,7 +4320,7 @@ options are: Token, Basic, OIDC, OAuth

-AuthenticationLDAP is the configuration needed to set up LDAP. +AuthenticationLDAP is the configuration needed to setup LDAP.

@@ -4416,7 +4416,7 @@ Group search configuration to find the groups that a user is in.

-AuthenticationOIDC is the configuration needed to set up OIDC. +AuthenticationOIDC is the configuration needed to setup OIDC.

@@ -4609,7 +4609,7 @@ Default: “Dex”

-AuthenticationOpenshift is the configuration needed to set up Openshift. +AuthenticationOpenshift is the configuration needed to setup Openshift.

@@ -4728,7 +4728,7 @@ AuthenticationOIDC (Optional)

-OIDC contains the configuration needed to set up OIDC authentication. +OIDC contains the configuration needed to setup OIDC authentication.

@@ -4748,7 +4748,7 @@ AuthenticationOpenshift (Optional)

-Openshift contains the configuration needed to set up Openshift OAuth authentication. +Openshift contains the configuration needed to setup Openshift OAuth authentication.

@@ -4768,7 +4768,7 @@ AuthenticationLDAP (Optional)

-LDAP contains the configuration needed to set up LDAP authentication. +LDAP contains the configuration needed to setup LDAP authentication.

@@ -6411,15 +6411,9 @@ Template describes the calico-node DaemonSet pod that will be created.
-

CalicoWindowsUpgradeDaemonSet

-

- -(Appears on: -InstallationSpec) - -

+

CalicoNodeWindowsDaemonSet

-CalicoWindowsUpgradeDaemonSet is the configuration for the calico-windows-upgrade DaemonSet. +CalicoNodeWindowsDaemonSet is the configuration for the calico-node-windows DaemonSet.

@@ -6444,7 +6438,7 @@ Metadata (Optional)

-Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment. +Metadata is a subset of a Kubernetes object’s metadata that is added to the DaemonSet.

@@ -6454,8 +6448,8 @@ Metadata is a subset of a Kubernetes object’s metadata that is added to th spec
- -CalicoWindowsUpgradeDaemonSetSpec + +CalicoNodeWindowsDaemonSetSpec @@ -6464,7 +6458,7 @@ CalicoWindowsUpgradeDaemonSetSpec (Optional)

-Spec is the specification of the calico-windows-upgrade DaemonSet. +Spec is the specification of the calico-node-windows DaemonSet.



@@ -6475,15 +6469,15 @@ Spec is the specification of the calico-windows-upgrade DaemonSet.
-

CalicoWindowsUpgradeDaemonSetContainer

+

CalicoNodeWindowsDaemonSetContainer

(Appears on: -CalicoWindowsUpgradeDaemonSetPodSpec) +CalicoNodeWindowsDaemonSetPodSpec)

-CalicoWindowsUpgradeDaemonSetContainer is a calico-windows-upgrade DaemonSet container. +CalicoNodeWindowsDaemonSetContainer is a calico-node-windows DaemonSet container.

@@ -6505,7 +6499,7 @@ string @@ -6526,23 +6520,84 @@ Kubernetes core/v1.ResourceRequirements (Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. -If specified, this overrides the named calico-windows-upgrade DaemonSet container’s resources. -If omitted, the calico-windows-upgrade DaemonSet will use its default value for this container’s resources. +If specified, this overrides the named calico-node-windows DaemonSet container’s resources. +If omitted, the calico-node-windows DaemonSet will use its default value for this container’s resources. +If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

-Name is an enum which identifies the calico-windows-upgrade DaemonSet container by name. +Name is an enum which identifies the calico-node-windows DaemonSet container by name.

-

CalicoWindowsUpgradeDaemonSetPodSpec

+

CalicoNodeWindowsDaemonSetInitContainer

(Appears on: -CalicoWindowsUpgradeDaemonSetPodTemplateSpec) +CalicoNodeWindowsDaemonSetPodSpec)

-CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet’s PodSpec. +CalicoNodeWindowsDaemonSetInitContainer is a calico-node-windows DaemonSet init container. +

+ + + + + + + + + + + + + + + + + +
FieldDescription
+ +name
+ +string + + +
+ +

+Name is an enum which identifies the calico-node-windows DaemonSet init container by name. +

+ +
+ +resources
+ + +Kubernetes core/v1.ResourceRequirements + + + +
+ +(Optional) +

+Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named calico-node-windows DaemonSet init container’s resources. +If omitted, the calico-node-windows DaemonSet will use its default value for this container’s resources. +If used in conjunction with the deprecated ComponentResources, then this value takes precedence. +

+ +
+

CalicoNodeWindowsDaemonSetPodSpec

+

+ +(Appears on: +CalicoNodeWindowsDaemonSetPodTemplateSpec) + +

+

+CalicoNodeWindowsDaemonSetPodSpec is the calico-node-windows DaemonSet’s PodSpec.

@@ -6555,10 +6610,32 @@ CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet&rsq + + + + @@ -6589,10 +6666,10 @@ Kubernetes core/v1.Affinity (Optional)

-Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. -If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. -If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity. -WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity. +Affinity is a group of affinity scheduling rules for the calico-node-windows pods. +If specified, this overrides any affinity that may be set on the calico-node-windows DaemonSet. +If omitted, the calico-node-windows DaemonSet will use its default value for affinity. +WARNING: Please note that this field will override the default calico-node-windows DaemonSet affinity.

@@ -6610,11 +6687,11 @@ map[string]string (Optional)

-NodeSelector is the calico-windows-upgrade pod’s scheduling constraints. -If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided +NodeSelector is the calico-node-windows pod’s scheduling constraints. +If specified, each of the key/value pairs are added to the calico-node-windows DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. -If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector. -WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector. +If omitted, the calico-node-windows DaemonSet will use its default value for nodeSelector. +WARNING: Please note that this field will modify the default calico-node-windows DaemonSet nodeSelector.

@@ -6634,25 +6711,25 @@ WARNING: Please note that this field will modify the default calico-windows-upgr (Optional)

-Tolerations is the calico-windows-upgrade pod’s tolerations. -If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet. -If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations. -WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations. +Tolerations is the calico-node-windows pod’s tolerations. +If specified, this overrides any tolerations that may be set on the calico-node-windows DaemonSet. +If omitted, the calico-node-windows DaemonSet will use its default value for tolerations. +WARNING: Please note that this field will override the default calico-node-windows DaemonSet tolerations.

+initContainers
+ + +[]CalicoNodeWindowsDaemonSetInitContainer + + + +
+ +(Optional) +

+InitContainers is a list of calico-node-windows init containers. +If specified, this overrides the specified calico-node-windows DaemonSet init containers. +If omitted, the calico-node-windows DaemonSet will use its default values for its init containers. +

+ +
+ containers
- -[]CalicoWindowsUpgradeDaemonSetContainer + +[]CalicoNodeWindowsDaemonSetContainer @@ -6567,9 +6644,9 @@ CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet&rsq (Optional)

-Containers is a list of calico-windows-upgrade containers. -If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. -If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers. +Containers is a list of calico-node-windows containers. +If specified, this overrides the specified calico-node-windows DaemonSet containers. +If omitted, the calico-node-windows DaemonSet will use its default values for its containers.

-

CalicoWindowsUpgradeDaemonSetPodTemplateSpec

+

CalicoNodeWindowsDaemonSetPodTemplateSpec

(Appears on: -CalicoWindowsUpgradeDaemonSetSpec) +CalicoNodeWindowsDaemonSetSpec)

-CalicoWindowsUpgradeDaemonSetPodTemplateSpec is the calico-windows-upgrade DaemonSet’s PodTemplateSpec +CalicoNodeWindowsDaemonSetPodTemplateSpec is the calico-node-windows DaemonSet’s PodTemplateSpec

@@ -6688,8 +6765,8 @@ the pod’s metadata. spec
- -CalicoWindowsUpgradeDaemonSetPodSpec + +CalicoNodeWindowsDaemonSetPodSpec @@ -6698,7 +6775,7 @@ CalicoWindowsUpgradeDaemonSetPodSpec (Optional)

-Spec is the calico-windows-upgrade DaemonSet’s PodSpec. +Spec is the calico-node-windows DaemonSet’s PodSpec.



@@ -6709,15 +6786,15 @@ Spec is the calico-windows-upgrade DaemonSet’s PodSpec.
-

CalicoWindowsUpgradeDaemonSetSpec

+

CalicoNodeWindowsDaemonSetSpec

(Appears on: -CalicoWindowsUpgradeDaemonSet) +CalicoNodeWindowsDaemonSet)

-CalicoWindowsUpgradeDaemonSetSpec defines configuration for the calico-windows-upgrade DaemonSet. +CalicoNodeWindowsDaemonSetSpec defines configuration for the calico-node-windows DaemonSet.

@@ -6740,10 +6817,10 @@ int32 (Optional)

-MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should +MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. -If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet. -If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds. +If specified, this overrides any minReadySeconds value that may be set on the calico-node-windows DaemonSet. +If omitted, the calico-node-windows DaemonSet will use its default value for minReadySeconds.

@@ -6753,8 +6830,8 @@ If omitted, the calico-windows-upgrade DaemonSet will use its default value for template
- -CalicoWindowsUpgradeDaemonSetPodTemplateSpec + +CalicoNodeWindowsDaemonSetPodTemplateSpec @@ -6763,14 +6840,14 @@ CalicoWindowsUpgradeDaemonSetPodTemplateSpec (Optional)

-Template describes the calico-windows-upgrade DaemonSet pod that will be created. +Template describes the calico-node-windows DaemonSet pod that will be created.

-

CertificateManagement

+

CalicoWindowsUpgradeDaemonSet

(Appears on: @@ -6778,9 +6855,7 @@ Template describes the calico-windows-upgrade DaemonSet pod that will be created

-CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order -to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise -pods will be stuck during initialization. +CalicoWindowsUpgradeDaemonSet is the configuration for the calico-windows-upgrade DaemonSet.

@@ -6793,16 +6868,19 @@ pods will be stuck during initialization. @@ -6810,26 +6888,51 @@ Certificate of the authority that signs the CertificateSigningRequests in PEM fo + +
-caCert
+metadata
-[]byte + +Metadata +
+(Optional)

-Certificate of the authority that signs the CertificateSigningRequests in PEM format. +Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment.

-signerName
+spec
-string + +CalicoWindowsUpgradeDaemonSetSpec +
+(Optional)

-When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request to accommodate for clusters -with multiple signers. -Must be formatted as: <my-domain>/<my-signername>. +Spec is the specification of the calico-windows-upgrade DaemonSet.

+
+
+ +
+

CalicoWindowsUpgradeDaemonSetContainer

+

+ +(Appears on: +CalicoWindowsUpgradeDaemonSetPodSpec) + +

+

+CalicoWindowsUpgradeDaemonSetContainer is a calico-windows-upgrade DaemonSet container. +

+ + + + + + + + @@ -6848,9 +6949,11 @@ Default: RSAWithSize2048 @@ -6858,41 +6961,24 @@ string (Optional)

-Specify the algorithm used for the signature of the X.509 certificate request. -Default: SHA256WithRSA +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named calico-windows-upgrade DaemonSet container’s resources. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for this container’s resources.

FieldDescription
-keyAlgorithm
+name
string @@ -6837,10 +6940,8 @@ string
-(Optional)

-Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. -Default: RSAWithSize2048 +Name is an enum which identifies the calico-windows-upgrade DaemonSet container by name.

-signatureAlgorithm
+resources
-string + +Kubernetes core/v1.ResourceRequirements +
-

CollectProcessPathOption -(string alias)

-

- -(Appears on: -LogCollectorSpec) - -

-

ComplianceSpec

-

- -(Appears on: -Compliance) - -

-

-ComplianceSpec defines the desired state of Tigera compliance reporting capabilities. -

-

ComplianceStatus

+

CalicoWindowsUpgradeDaemonSetPodSpec

(Appears on: -Compliance) +CalicoWindowsUpgradeDaemonSetPodTemplateSpec)

-ComplianceStatus defines the observed state of Tigera compliance reporting capabilities. +CalicoWindowsUpgradeDaemonSetPodSpec is the calico-windows-upgrade DaemonSet’s PodSpec.

@@ -6905,16 +6991,21 @@ ComplianceStatus defines the observed state of Tigera compliance reporting capab @@ -6922,10 +7013,10 @@ State provides user-readable status. - -
-state
+containers
-string + +[]CalicoWindowsUpgradeDaemonSetContainer +
+(Optional)

-State provides user-readable status. +Containers is a list of calico-windows-upgrade containers. +If specified, this overrides the specified calico-windows-upgrade DaemonSet containers. +If omitted, the calico-windows-upgrade DaemonSet will use its default values for its containers.

-conditions
+affinity
- -[]Kubernetes meta/v1.Condition + +Kubernetes core/v1.Affinity @@ -6934,24 +7025,369 @@ State provides user-readable status. (Optional)

-Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. +Affinity is a group of affinity scheduling rules for the calico-windows-upgrade pods. +If specified, this overrides any affinity that may be set on the calico-windows-upgrade DaemonSet. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for affinity. +WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet affinity.

-

ComponentName -(string alias)

-

+ + -(Appears on: -ComponentResource) +nodeSelector
+ +map[string]string + -

-

-ComponentName represents a single component. + + + +(Optional) +

+NodeSelector is the calico-windows-upgrade pod’s scheduling constraints. +If specified, each of the key/value pairs are added to the calico-windows-upgrade DaemonSet nodeSelector provided +the key does not already exist in the object’s nodeSelector. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for nodeSelector. +WARNING: Please note that this field will modify the default calico-windows-upgrade DaemonSet nodeSelector. +

+ + + + + + +tolerations
+ + +[]Kubernetes core/v1.Toleration + + + + + + +(Optional) +

+Tolerations is the calico-windows-upgrade pod’s tolerations. +If specified, this overrides any tolerations that may be set on the calico-windows-upgrade DaemonSet. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for tolerations. +WARNING: Please note that this field will override the default calico-windows-upgrade DaemonSet tolerations. +

+ + + + + +

CalicoWindowsUpgradeDaemonSetPodTemplateSpec

+

+ +(Appears on: +CalicoWindowsUpgradeDaemonSetSpec) + +

+

+CalicoWindowsUpgradeDaemonSetPodTemplateSpec is the calico-windows-upgrade DaemonSet’s PodTemplateSpec +

+ + + + + + + + + + + + + + + + + +
FieldDescription
+ +metadata
+ + +Metadata + + + +
+ +(Optional) +

+Metadata is a subset of a Kubernetes object’s metadata that is added to +the pod’s metadata. +

+ +
+ +spec
+ + +CalicoWindowsUpgradeDaemonSetPodSpec + + + +
+ +(Optional) +

+Spec is the calico-windows-upgrade DaemonSet’s PodSpec. +

+
+
+ +
+ +
+

CalicoWindowsUpgradeDaemonSetSpec

+

+ +(Appears on: +CalicoWindowsUpgradeDaemonSet) + +

+

+CalicoWindowsUpgradeDaemonSetSpec defines configuration for the calico-windows-upgrade DaemonSet. +

+ + + + + + + + + + + + + + + + + +
FieldDescription
+ +minReadySeconds
+ +int32 + + +
+ +(Optional) +

+MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should +be ready without any of its container crashing, for it to be considered available. +If specified, this overrides any minReadySeconds value that may be set on the calico-windows-upgrade DaemonSet. +If omitted, the calico-windows-upgrade DaemonSet will use its default value for minReadySeconds. +

+ +
+ +template
+ + +CalicoWindowsUpgradeDaemonSetPodTemplateSpec + + + +
+ +(Optional) +

+Template describes the calico-windows-upgrade DaemonSet pod that will be created. +

+ +
+

CertificateManagement

+

+ +(Appears on: +InstallationSpec) + +

+

+CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order +to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise +pods will be stuck during initialization. +

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+ +caCert
+ +[]byte + + +
+ +

+Certificate of the authority that signs the CertificateSigningRequests in PEM format. +

+ +
+ +signerName
+ +string + + +
+ +

+When a CSR is issued to the certificates.k8s.io API, the signerName is added to the request in order to accommodate for clusters +with multiple signers. +Must be formatted as: <my-domain>/<my-signername>. +

+ +
+ +keyAlgorithm
+ +string + + +
+ +(Optional) +

+Specify the algorithm used by pods to generate a key pair that is associated with the X.509 certificate request. +Default: RSAWithSize2048 +

+ +
+ +signatureAlgorithm
+ +string + + +
+ +(Optional) +

+Specify the algorithm used for the signature of the X.509 certificate request. +Default: SHA256WithRSA +

+ +
+

CollectProcessPathOption +(string alias)

+

+ +(Appears on: +LogCollectorSpec) + +

+

ComplianceSpec

+

+ +(Appears on: +Compliance) + +

+

+ComplianceSpec defines the desired state of Tigera compliance reporting capabilities. +

+

ComplianceStatus

+

+ +(Appears on: +Compliance) + +

+

+ComplianceStatus defines the observed state of Tigera compliance reporting capabilities. +

+ + + + + + + + + + + + + + + + + +
FieldDescription
+ +state
+ +string + + +
+ +

+State provides user-readable status. +

+ +
+ +conditions
+ + +[]Kubernetes meta/v1.Condition + + + +
+ +(Optional) +

+Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types. +

+ +
+

ComponentName +(string alias)

+

+ +(Appears on: +ComponentResource) + +

+

+ComponentName represents a single component.

One of: Node, Typha, KubeControllers @@ -7033,10 +7469,233 @@ ConditionStatus represents the status of a particular condition. A condition may (Appears on: CalicoNetworkSpec) -

+

+

+ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled. +

+

DashboardsJob

+

+DashboardsJob is the configuration for the Dashboards job. +

+ + + + + + + + + + + + + +
FieldDescription
+ +spec
+ + +DashboardsJobSpec + + + +
+ +(Optional) +

+Spec is the specification of the dashboards job. +

+
+
+ +
+ +
+

DashboardsJobContainer

+

+ +(Appears on: +DashboardsJobPodSpec) + +

+

+DashboardsJobContainer is the Dashboards job container. +

+ + + + + + + + + + + + + + + + + +
FieldDescription
+ +name
+ +string + + +
+ +

+Name is an enum which identifies the Dashboard Job container by name. +

+ +
+ +resources
+ + +Kubernetes core/v1.ResourceRequirements + + + +
+ +(Optional) +

+Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named Dashboard Job container’s resources. +If omitted, the Dashboard Job will use its default value for this container’s resources. +

+ +
+

DashboardsJobPodSpec

+

+ +(Appears on: +DashboardsJobPodTemplateSpec) + +

+

+DashboardsJobPodSpec is the Dashboards job’s PodSpec. +

+ + + + + + + + + + + + + +
FieldDescription
+ +containers
+ + +[]DashboardsJobContainer + + + +
+ +(Optional) +

+Containers is a list of dashboards job containers. +If specified, this overrides the specified Dashboard job containers. +If omitted, the Dashboard job will use its default values for its containers. +

+ +
+

DashboardsJobPodTemplateSpec

+

+ +(Appears on: +DashboardsJobSpec) + +

+

+DashboardsJobPodTemplateSpec is the Dashboards job’s PodTemplateSpec +

+ + + + + + + + + + + + + +
FieldDescription
+ +spec
+ + +DashboardsJobPodSpec + + + +
+ +(Optional) +

+Spec is the Dashboard job’s PodSpec. +

+
+
+ +
+ +
+

DashboardsJobSpec

+

+ +(Appears on: +DashboardsJob) + +

+

+DashboardsJobSpec defines configuration for the Dashboards job. +

+ + + + + + + + + + + + + +
FieldDescription
+ +template
+ + +DashboardsJobPodTemplateSpec + + + +
+ +(Optional)

-ContainerIPForwardingType specifies whether the CNI config for container ip forwarding is enabled. +Template describes the Dashboards job pod that will be created.

+ +

EGWDeploymentContainer

@@ -7315,6 +7974,24 @@ If specified, this overrides any tolerations that may be set on the EGW Deployme If omitted, the EGW Deployment will use its default value for tolerations.

+ + + + + +priorityClassName
+ +string + + + + + +(Optional) +

+PriorityClassName allows to specify a PriorityClass resource to be used. +

+ @@ -8679,7 +9356,238 @@ Image format: <registry><imagePath>/<imagePrefix><imageName>:<image-tag>

-This option allows configuring the <imagePath> portion of the above format. +This option allows configuring the <imagePath> portion of the above format. +

+ + + + + + +imagePrefix
+ +string + + + + + +(Optional) +

+ImagePrefix allows for the prefix part of an image to be specified. If specified +then the given value will be used as a prefix on each image. If not specified +or empty, no prefix will be used. +A special case value, UseDefault, is supported to explicitly specify the default +image prefix will be used for each image. +

+

+Image format: +<registry><imagePath>/<imagePrefix><imageName>:<image-tag> +

+

+This option allows configuring the <imagePrefix> portion of the above format. +

+ + + + + + +imagePullSecrets
+ + +[]Kubernetes core/v1.LocalObjectReference + + + + + + +(Optional) +

+ImagePullSecrets is an array of references to container registry pull secrets to use. These are +applied to all images to be pulled. +

+ + + + + + +kubernetesProvider
+ + +Provider + + + + + + +(Optional) +

+KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. +If the specified value is empty, the Operator will attempt to automatically determine the current provider. +If the specified value is not empty, the Operator will still attempt auto-detection, but +will additionally compare the auto-detected value to the specified value to confirm they match. +

+ + + + + + +cni
+ + +CNISpec + + + + + + +(Optional) +

+CNI specifies the CNI that will be used by this installation. +

+ + + + + + +calicoNetwork
+ + +CalicoNetworkSpec + + + + + + +(Optional) +

+CalicoNetwork specifies networking configuration options for Calico. +

+ + + + + + +typhaAffinity
+ + +TyphaAffinity + + + + + + +(Optional) +

+Deprecated. Please use Installation.Spec.TyphaDeployment instead. +TyphaAffinity allows configuration of node affinity characteristics for Typha pods. +

+ + + + + + +controlPlaneNodeSelector
+ +map[string]string + + + + + +(Optional) +

+ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico +components. This is globally applied to all resources created by the operator excluding daemonsets. +

+ + + + + + +controlPlaneTolerations
+ + +[]Kubernetes core/v1.Toleration + + + + + + +(Optional) +

+ControlPlaneTolerations specify tolerations which are then globally applied to all resources +created by the operator. +

+ + + + + + +controlPlaneReplicas
+ +int32 + + + + + +(Optional) +

+ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. +This field applies to all control plane components that support High Availability. Defaults to 2. +

+ + + + + + +nodeMetricsPort
+ +int32 + + + + + +(Optional) +

+NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. +If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then +prometheus metrics may still be configured through FelixConfiguration. +

+ + + + + + +typhaMetricsPort
+ +int32 + + + + + +(Optional) +

+TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled.

@@ -8687,7 +9595,7 @@ This option allows configuring the <imagePath> portion of the -imagePrefix
+flexVolumePath
string @@ -8697,18 +9605,9 @@ string (Optional)

-ImagePrefix allows for the prefix part of an image to be specified. If specified -then the given value will be used as a prefix on each image. If not specified -or empty, no prefix will be used. -A special case value, UseDefault, is supported to explicitly specify the default -image prefix will be used for each image. -

-

-Image format: -<registry><imagePath>/<imagePrefix><imageName>:<image-tag> -

-

-This option allows configuring the <imagePrefix> portion of the above format. +FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be +enabled by default. If set to ‘None’, FlexVolume will be disabled. The default is based on the +kubernetesProvider.

@@ -8716,11 +9615,9 @@ This option allows configuring the <imagePrefix> portion of t -imagePullSecrets
+kubeletVolumePluginPath
- -[]Kubernetes core/v1.LocalObjectReference - +string @@ -8728,8 +9625,9 @@ This option allows configuring the <imagePrefix> portion of t (Optional)

-ImagePullSecrets is an array of references to container registry pull secrets to use. These are -applied to all images to be pulled. +KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, +CSI will be enabled by default. If set to ‘None’, CSI will be disabled. +Default: /var/lib/kubelet

@@ -8737,10 +9635,10 @@ applied to all images to be pulled. -kubernetesProvider
+nodeUpdateStrategy
- -Provider + +Kubernetes apps/v1.DaemonSetUpdateStrategy @@ -8749,10 +9647,8 @@ Provider (Optional)

-KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. -If the specified value is empty, the Operator will attempt to automatically determine the current provider. -If the specified value is not empty, the Operator will still attempt auto-detection, but -will additionally compare the auto-detected value to the specified value to confirm they match. +NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable +field.

@@ -8760,10 +9656,10 @@ will additionally compare the auto-detected value to the specified value to conf -cni
+componentResources
- -CNISpec + +[]ComponentResource @@ -8772,7 +9668,9 @@ CNISpec (Optional)

-CNI specifies the CNI that will be used by this installation. +Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. +ComponentResources can be used to customize the resource requirements for each component. +Node, Typha, and KubeControllers are supported for installations.

@@ -8780,10 +9678,10 @@ CNI specifies the CNI that will be used by this installation. -calicoNetwork
+certificateManagement
- -CalicoNetworkSpec + +CertificateManagement @@ -8792,7 +9690,9 @@ CalicoNetworkSpec (Optional)

-CalicoNetwork specifies networking configuration options for Calico. +CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order +to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise +pods will be stuck during initialization.

@@ -8800,10 +9700,10 @@ CalicoNetwork specifies networking configuration options for Calico. -typhaAffinity
+nonPrivileged
- -TyphaAffinity + +NonPrivilegedType @@ -8812,8 +9712,7 @@ TyphaAffinity (Optional)

-Deprecated. Please use Installation.Spec.TyphaDeployment instead. -TyphaAffinity allows configuration of node affinity characteristics for Typha pods. +NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible.

@@ -8821,18 +9720,19 @@ TyphaAffinity allows configuration of node affinity characteristics for Typha po -controlPlaneNodeSelector
+calicoNodeDaemonSet
-map[string]string + +CalicoNodeDaemonSet + -(Optional)

-ControlPlaneNodeSelector is used to select control plane nodes on which to run Calico -components. This is globally applied to all resources created by the operator excluding daemonsets. +CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in +conjunction with the deprecated ComponentResources, then these overrides take precedence.

@@ -8840,20 +9740,18 @@ components. This is globally applied to all resources created by the operator ex -controlPlaneTolerations
+csiNodeDriverDaemonSet
- -[]Kubernetes core/v1.Toleration + +CSINodeDriverDaemonSet -(Optional)

-ControlPlaneTolerations specify tolerations which are then globally applied to all resources -created by the operator. +CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet.

@@ -8861,18 +9759,19 @@ created by the operator. -controlPlaneReplicas
+calicoKubeControllersDeployment
-int32 + +CalicoKubeControllersDeployment + -(Optional)

-ControlPlaneReplicas defines how many replicas of the control plane core components will be deployed. -This field applies to all control plane components that support High Availability. Defaults to 2. +CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in +conjunction with the deprecated ComponentResources, then these overrides take precedence.

@@ -8880,19 +9779,19 @@ This field applies to all control plane components that support High Availabilit -nodeMetricsPort
+typhaDeployment
-int32 + +TyphaDeployment + -(Optional)

-NodeMetricsPort specifies which port calico/node serves prometheus metrics on. By default, metrics are not enabled. -If specified, this overrides any FelixConfiguration resources which may exist. If omitted, then -prometheus metrics may still be configured through FelixConfiguration. +TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated +ComponentResources or TyphaAffinity, then these overrides take precedence.

@@ -8900,17 +9799,18 @@ prometheus metrics may still be configured through FelixConfiguration. -typhaMetricsPort
+calicoWindowsUpgradeDaemonSet
-int32 + +CalicoWindowsUpgradeDaemonSet + -(Optional)

-TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. +CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet.

@@ -8918,9 +9818,11 @@ TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. -flexVolumePath
+fipsMode
-string + +FIPSMode + @@ -8928,9 +9830,8 @@ string (Optional)

-FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be -enabled by default. If set to ‘None’, FlexVolume will be disabled. The default is based on the -kubernetesProvider. +FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. +Default: Disabled

@@ -8938,9 +9839,11 @@ kubernetesProvider. -kubeletVolumePluginPath
+logging
-string + +Logging + @@ -8948,30 +9851,46 @@ string (Optional)

-KubeletVolumePluginPath optionally specifies enablement of Calico CSI plugin. If not specified, -CSI will be enabled by default. If set to ‘None’, CSI will be disabled. -Default: /var/lib/kubelet +Logging Configuration for Components

+ + +

InstallationStatus

+

+ +(Appears on: +Installation) + +

+

+InstallationStatus defines the observed state of the Calico or Calico Enterprise installation. +

+ + + + + + + + @@ -8979,21 +9898,17 @@ field. @@ -9001,11 +9916,9 @@ Node, Typha, and KubeControllers are supported for installations. @@ -9013,9 +9926,8 @@ CertificateManagement (Optional)

-CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order -to obtain TLS certificates. This feature requires that you bring your own CSR signing and approval process, otherwise -pods will be stuck during initialization. +ImageSet is the name of the ImageSet being used, if there is an ImageSet +that is being used. If an ImageSet is not being used then this will not be set.

@@ -9023,10 +9935,10 @@ pods will be stuck during initialization. @@ -9043,19 +9955,18 @@ NonPrivileged configures Calico to be run in non-privileged containers as non-ro @@ -9063,29 +9974,59 @@ conjunction with the deprecated ComponentResources, then these overrides take pr + +
FieldDescription
-nodeUpdateStrategy
+variant
- -Kubernetes apps/v1.DaemonSetUpdateStrategy + +ProductVariant
-(Optional)

-NodeUpdateStrategy can be used to customize the desired update strategy, such as the MaxUnavailable -field. +Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise

-componentResources
+mtu
- -[]ComponentResource - +int32
-(Optional)

-Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, and KubeControllersDeployment. -ComponentResources can be used to customize the resource requirements for each component. -Node, Typha, and KubeControllers are supported for installations. +MTU is the most recently observed value for pod network MTU. This may be an explicitly +configured value, or based on Calico’s native auto-detetion.

-certificateManagement
+imageSet
- -CertificateManagement - +string
-nonPrivileged
+computed
- -NonPrivilegedType + +InstallationSpec @@ -9035,7 +9947,7 @@ NonPrivilegedType (Optional)

-NonPrivileged configures Calico to be run in non-privileged containers as non-root users where possible. +Computed is the final installation including overlaid resources.

-calicoNodeDaemonSet
+calicoVersion
- -CalicoNodeDaemonSet - +string

-CalicoNodeDaemonSet configures the calico-node DaemonSet. If used in -conjunction with the deprecated ComponentResources, then these overrides take precedence. +CalicoVersion shows the current running version of calico. +CalicoVersion along with Variant is needed to know the exact +version deployed.

-csiNodeDriverDaemonSet
+conditions
- -CSINodeDriverDaemonSet + +[]Kubernetes meta/v1.Condition
+(Optional)

-CSINodeDriverDaemonSet configures the csi-node-driver DaemonSet. +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types.

+

IntrusionDetectionComponentName +(string alias)

+

+ +(Appears on: +IntrusionDetectionComponentResource) + +

+

IntrusionDetectionComponentResource

+

+ +(Appears on: +IntrusionDetectionSpec) + +

+

+The ComponentResource struct associates a ResourceRequirements with a component by name +

+ + + + + + + + @@ -9102,10 +10042,10 @@ conjunction with the deprecated ComponentResources, then these overrides take pr - - +
FieldDescription
-calicoKubeControllersDeployment
+componentName
- -CalicoKubeControllersDeployment + +IntrusionDetectionComponentName @@ -9093,8 +10034,7 @@ CalicoKubeControllersDeployment

-CalicoKubeControllersDeployment configures the calico-kube-controllers Deployment. If used in -conjunction with the deprecated ComponentResources, then these overrides take precedence. +ComponentName is an enum which identifies the component

-typhaDeployment
+resourceRequirements
- -TyphaDeployment + +Kubernetes core/v1.ResourceRequirements @@ -9113,38 +10053,38 @@ TyphaDeployment

-TyphaDeployment configures the typha Deployment. If used in conjunction with the deprecated -ComponentResources or TyphaAffinity, then these overrides take precedence. +ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory.

- -calicoWindowsUpgradeDaemonSet
- - -CalicoWindowsUpgradeDaemonSet - - +
+

IntrusionDetectionSpec

+

- - +(Appears on: +IntrusionDetection) +

-CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade DaemonSet. +IntrusionDetectionSpec defines the desired state of Tigera intrusion detection capabilities.

- - + + + + + + + @@ -9162,10 +10102,10 @@ Default: Disabled
FieldDescription
-fipsMode
+componentResources
- -FIPSMode + +[]IntrusionDetectionComponentResource @@ -9153,8 +10093,8 @@ FIPSMode (Optional)

-FIPSMode uses images and features only that are using FIPS 140-2 validated cryptographic modules and standards. -Default: Disabled +ComponentResources can be used to customize the resource requirements for each component. +Only DeepPacketInspection is supported for this spec.

-logging
+anomalyDetection
- -Logging + +AnomalyDetectionSpec @@ -9174,22 +10114,24 @@ Logging (Optional)

-Logging Configuration for Components +AnomalyDetection provides configuration for running AnomalyDetection Component within +IntrusionDetection. Anomaly Detection configuration will only be applied to standalone and +management clusters.

-

InstallationStatus

+

IntrusionDetectionStatus

(Appears on: -Installation) +IntrusionDetection)

-InstallationStatus defines the observed state of the Calico or Calico Enterprise installation. +IntrusionDetectionStatus defines the observed state of Tigera intrusion detection capabilities.

@@ -9202,18 +10144,16 @@ InstallationStatus defines the observed state of the Calico or Calico Enterprise @@ -9221,47 +10161,59 @@ Variant is the most recently observed installed variant - one of Calico or Tiger - -
-variant
+state
- -ProductVariant - +string

-Variant is the most recently observed installed variant - one of Calico or TigeraSecureEnterprise +State provides user-readable status.

-mtu
+conditions
-int32 + +[]Kubernetes meta/v1.Condition +
+(Optional)

-MTU is the most recently observed value for pod network MTU. This may be an explicitly -configured value, or based on Calico’s native auto-detetion. +Conditions represents the latest observed set of conditions for the component. A component may be one or more of +Ready, Progressing, Degraded or other customer types.

- -imageSet
- -string - + +
+

KubernetesAutodetectionMethod +(string alias)

+

- - +(Appears on: +NodeAddressAutodetection) -(Optional) +

-ImageSet is the name of the ImageSet being used, if there is an ImageSet -that is being used. If an ImageSet is not being used then this will not be set. +KubernetesAutodetectionMethod is a method of detecting an IP address based on the Kubernetes API.

- - +

+One of: NodeInternalIP +

+

LinseedDeployment

+

+LinseedDeployment is the configuration for the linseed Deployment. +

+ + + + + + + + +
FieldDescription
-computed
+spec
- -InstallationSpec + +LinseedDeploymentSpec @@ -9270,15 +10222,39 @@ InstallationSpec (Optional)

-Computed is the final installation including overlaid resources. +Spec is the specification of the linseed Deployment.

+
+
+ +
+

LinseedDeploymentContainer

+

+ +(Appears on: +LinseedDeploymentPodSpec) + +

+

+LinseedDeploymentContainer is a linseed Deployment container. +

+ + + + + + + + @@ -9297,10 +10271,10 @@ version deployed.
FieldDescription
-calicoVersion
+name
string @@ -9287,9 +10263,7 @@ string

-CalicoVersion shows the current running version of calico. -CalicoVersion along with Variant is needed to know the exact -version deployed. +Name is an enum which identifies the linseed Deployment container by name.

-conditions
+resources
- -[]Kubernetes meta/v1.Condition + +Kubernetes core/v1.ResourceRequirements @@ -9309,31 +10283,24 @@ version deployed. (Optional)

-Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named linseed Deployment container’s resources. +If omitted, the linseed Deployment will use its default value for this container’s resources.

-

IntrusionDetectionComponentName -(string alias)

-

- -(Appears on: -IntrusionDetectionComponentResource) - -

-

IntrusionDetectionComponentResource

+

LinseedDeploymentInitContainer

(Appears on: -IntrusionDetectionSpec) +LinseedDeploymentPodSpec)

-The ComponentResource struct associates a ResourceRequirements with a component by name +LinseedDeploymentInitContainer is a linseed Deployment init container.

@@ -9346,18 +10313,16 @@ The ComponentResource struct associates a ResourceRequirements with a component @@ -9365,7 +10330,7 @@ ComponentName is an enum which identifies the component
-componentName
+name
- -IntrusionDetectionComponentName - +string

-ComponentName is an enum which identifies the component +Name is an enum which identifies the linseed Deployment init container by name.

-resourceRequirements
+resources
Kubernetes core/v1.ResourceRequirements @@ -9375,23 +10340,26 @@ Kubernetes core/v1.ResourceRequirements
+(Optional)

-ResourceRequirements allows customization of limits and requests for compute resources such as cpu and memory. +Resources allows customization of limits and requests for compute resources such as cpu and memory. +If specified, this overrides the named linseed Deployment init container’s resources. +If omitted, the linseed Deployment will use its default value for this init container’s resources.

-

IntrusionDetectionSpec

+

LinseedDeploymentPodSpec

(Appears on: -IntrusionDetection) +LinseedDeploymentPodTemplateSpec)

-IntrusionDetectionSpec defines the desired state of Tigera intrusion detection capabilities. +LinseedDeploymentPodSpec is the linseed Deployment’s PodSpec.

@@ -9404,10 +10372,10 @@ IntrusionDetectionSpec defines the desired state of Tigera intrusion detection c @@ -9425,10 +10394,10 @@ Only DeepPacketInspection is supported for this spec.
-componentResources
+initContainers
- -[]IntrusionDetectionComponentResource + +[]LinseedDeploymentInitContainer @@ -9416,8 +10384,9 @@ IntrusionDetectionSpec defines the desired state of Tigera intrusion detection c (Optional)

-ComponentResources can be used to customize the resource requirements for each component. -Only DeepPacketInspection is supported for this spec. +InitContainers is a list of linseed init containers. +If specified, this overrides the specified linseed Deployment init containers. +If omitted, the linseed Deployment will use its default values for its init containers.

-anomalyDetection
+containers
- -AnomalyDetectionSpec + +[]LinseedDeploymentContainer @@ -9437,24 +10406,24 @@ AnomalyDetectionSpec (Optional)

-AnomalyDetection provides configuration for running AnomalyDetection Component within -IntrusionDetection. Anomaly Detection configuration will only be applied to standalone and -management clusters. +Containers is a list of linseed containers. +If specified, this overrides the specified linseed Deployment containers. +If omitted, the linseed Deployment will use its default values for its containers.

-

IntrusionDetectionStatus

+

LinseedDeploymentPodTemplateSpec

(Appears on: -IntrusionDetection) +LinseedDeploymentSpec)

-IntrusionDetectionStatus defines the observed state of Tigera intrusion detection capabilities. +LinseedDeploymentPodTemplateSpec is the linseed Deployment’s PodTemplateSpec

@@ -9467,27 +10436,54 @@ IntrusionDetectionStatus defines the observed state of Tigera intrusion detectio + +
-state
+spec
-string + +LinseedDeploymentPodSpec +
+(Optional)

-State provides user-readable status. +Spec is the linseed Deployment’s PodSpec.

+
+
+ +
+

LinseedDeploymentSpec

+

+ +(Appears on: +LinseedDeployment) + +

+

+LinseedDeploymentSpec defines configuration for the linseed Deployment. +

+ + + + + + + +
FieldDescription
-conditions
+template
- -[]Kubernetes meta/v1.Condition + +LinseedDeploymentPodTemplateSpec @@ -9496,28 +10492,13 @@ State provides user-readable status. (Optional)

-Conditions represents the latest observed set of conditions for the component. A component may be one or more of -Ready, Progressing, Degraded or other customer types. +Template describes the linseed Deployment pod that will be created.

-

KubernetesAutodetectionMethod -(string alias)

-

- -(Appears on: -NodeAddressAutodetection) - -

-

-KubernetesAutodetectionMethod is a method of detecting an IP address based on the Kubernetes API. -

-

-One of: NodeInternalIP -

LinuxDataplaneOption (string alias)

@@ -9692,7 +10673,7 @@ CollectProcessPathOption (Optional)

Configuration for enabling/disabling process path collection in flowlogs. -If Enabled, this feature sets hostPID to true to read process cmdline. +If Enabled, this feature sets hostPID to true in order to read process cmdline. Default: Enabled

@@ -10445,6 +11426,8 @@ Ready, Progressing, Degraded or other customer types. CalicoKubeControllersDeploymentPodTemplateSpec, CalicoNodeDaemonSet, CalicoNodeDaemonSetPodTemplateSpec, +CalicoNodeWindowsDaemonSet, +CalicoNodeWindowsDaemonSetPodTemplateSpec, CalicoWindowsUpgradeDaemonSet, CalicoWindowsUpgradeDaemonSetPodTemplateSpec, TyphaDeployment, From d22326bb9b6f08cfcc2d0c6455f63aabd57846a8 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Thu, 14 Mar 2024 10:08:03 -0700 Subject: [PATCH 06/10] Add [dD]ex to vale vocabulary --- .github/styles/config/vocabularies/CalicoDocs/accept.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/styles/config/vocabularies/CalicoDocs/accept.txt b/.github/styles/config/vocabularies/CalicoDocs/accept.txt index 85b828d7ed..ae04e367a6 100644 --- a/.github/styles/config/vocabularies/CalicoDocs/accept.txt +++ b/.github/styles/config/vocabularies/CalicoDocs/accept.txt @@ -14,6 +14,7 @@ VNet YAML Wordpress [aA]nonymiz[ing|ation] +[dD]ex [hH]oneypod [nN]amespace [oO]nboard From 4644523f12e671144b184dc388b7647710e37544 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Thu, 14 Mar 2024 10:08:33 -0700 Subject: [PATCH 07/10] Fix spelling/capitalization/terminology in RN --- .../_includes/release-notes/_v3.17.4-release-notes.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx b/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx index 0d26ad179c..72b0023564 100644 --- a/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx +++ b/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx @@ -2,9 +2,9 @@ ### Improvements -* Reduced the validity of JWTs issued by Dex to 15 minutes (down from 24 hours). +* Reduced the validity of JSON web tokens issued by Dex to 15 minutes (down from 24 hours). * Added a configurable option for `priorityClassName` to the egress gateway CRD. -* Policy recommendation excludes Openshift namespaces by default. +* Policy recommendation excludes OpenShift namespaces by default. ### Bug fixes From 8d8b77d376aad5edc4f35627a2b5ecccc8556638 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Thu, 14 Mar 2024 10:12:01 -0700 Subject: [PATCH 08/10] Remove capitalization for `dex` in vale vocabulary --- .github/styles/config/vocabularies/CalicoDocs/accept.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/styles/config/vocabularies/CalicoDocs/accept.txt b/.github/styles/config/vocabularies/CalicoDocs/accept.txt index ae04e367a6..256fc62a07 100644 --- a/.github/styles/config/vocabularies/CalicoDocs/accept.txt +++ b/.github/styles/config/vocabularies/CalicoDocs/accept.txt @@ -14,7 +14,6 @@ VNet YAML Wordpress [aA]nonymiz[ing|ation] -[dD]ex [hH]oneypod [nN]amespace [oO]nboard @@ -23,6 +22,7 @@ Wordpress [sS]ubnet [sS]yslog calicoctl +dex etcd iptables kubeadm From 35e6c596494e5655f78283e0668552d6c19378d3 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Thu, 14 Mar 2024 10:12:23 -0700 Subject: [PATCH 09/10] Re-capitalize JSON Web Token; de-capitalize dex --- .../_includes/release-notes/_v3.17.4-release-notes.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx b/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx index 72b0023564..a17d225f30 100644 --- a/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx +++ b/calico-enterprise_versioned_docs/version-3.17/_includes/release-notes/_v3.17.4-release-notes.mdx @@ -2,7 +2,7 @@ ### Improvements -* Reduced the validity of JSON web tokens issued by Dex to 15 minutes (down from 24 hours). +* Reduced the validity of JSON Web Tokens issued by dex to 15 minutes (down from 24 hours). * Added a configurable option for `priorityClassName` to the egress gateway CRD. * Policy recommendation excludes OpenShift namespaces by default. From c8a1404fa2630ee404f927dd0fdaa2cc1af3ecd5 Mon Sep 17 00:00:00 2001 From: Daniel Fox Date: Thu, 14 Mar 2024 16:39:00 -0700 Subject: [PATCH 10/10] Empty commit to re-trigger netlify