Skip to main content

Image Assurance Installation reference

Image Assurance installation reference

The Kubernetes resources below configure Calico Cloud Image Assurance installation when using the operator. Each resource is responsible for installing and configuring a different subsystem of Calico Cloud Image Assurance during installation. Most options can be modified on a running cluster using kubectl.

Packages:

image-assurance.operator.tigera.io/v1

API Schema definitions for configuring the installation of Image Assurance

Resource Types:

ImageAssurance

ImageAssurance is the Schema for the imageassurances API

FieldDescription
apiVersion
string		image-assurance.operator.tigera.io/v1
kind
string		ImageAssurance
metadata
Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the

metadata field.
spec
ImageAssuranceSpec

criSocketPath
string

CRISocketPath is the path to the CRI socket on the nodes. Defaults to /run/containerd/containerd.sock.

containerdVolumeMountPath
string		(Optional)

ContainerdVolumeMountPath is the path to the root of containerd file system. Defaults to /var/lib/containerd/.

clusterScanner
ClusterScannerStatusType		(Optional)

This setting enables or disables the cluster scanner. Allowed values are Enabled or Disabled. Defaults to Disabled.

crawdadDaemonset
CrawdadDaemonSet		(Optional)

CrawdadDaemonSet is the specification of the Crawdad Daemonset.

status
ImageAssuranceStatus

ImageAssuranceCentral

ImageAssuranceCentral is the Schema for the imageassurancecentrals API.

FieldDescription
apiVersion
string		image-assurance.operator.tigera.io/v1
kind
string		ImageAssuranceCentral
metadata
Kubernetes meta/v1.ObjectMeta

Refer to the Kubernetes API documentation for the fields of the

metadata field.
spec
ImageAssuranceCentralSpec

apiProxyURL
string

APIProxyURL is the url the api proxy should proxy to.

apiProxyDeployment
APIProxyDeployment

APIProxyDeployment configures the api proxy Deployment.

scannerWorkerDeployment
ScannerWorkerDeployment		(Optional)

ScannerWorkerDeployment is the specification of the Scanner Worker Deployment.

runtimeCleanerDeployment
RuntimeCleanerDeployment		(Optional)

RuntimeCleanerDeployment is the specification of the Runtime Cleaner Deployment.

status
ImageAssuranceCentralStatus

APIProxyDeployment

(Appears on:

ImageAssuranceCentralSpec)

FieldDescription
metadata
github.com/tigera/operator/api/v1.Metadata		(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment.

spec
APIProxyDeploymentSpec		(Optional)

Spec is the specification of the api-proxy Deployment.



APIProxyDeploymentContainer

(Appears on:

APIProxyDeploymentPodSpec)

APIProxyDeploymentContainer is a api-proxy Deployment container.

FieldDescription
name
string

Name is an enum which identifies the api-proxy Deployment container by name.

resources
Kubernetes core/v1.ResourceRequirements		(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named api-proxy Deployment container’s resources. If omitted, the api-proxy Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

APIProxyDeploymentPodSpec

(Appears on:

APIProxyDeploymentPodTemplateSpec)

APIProxyDeploymentPodSpec is the api-proxy Deployment’s PodSpec.

FieldDescription
containers
[]APIProxyDeploymentContainer		(Optional)

Containers is a list of api-proxy containers. If specified, this overrides the specified api-proxy Deployment containers. If omitted, the api-proxy Deployment will use its default values for its containers.

affinity
Kubernetes core/v1.Affinity		(Optional)

Affinity is a group of affinity scheduling rules for the api-proxy pods. If specified, this overrides any affinity that may be set on the api-proxy Deployment. If omitted, the api-proxy Deployment will use its default value for affinity. WARNING: Please note that this field will override the default api-proxy Deployment affinity.

nodeSelector
map[string]string

NodeSelector is the api-proxy pod’s scheduling constraints. If specified, each of the key/value pairs are added to the api-proxy Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the api-proxy Deployment and each of this field’s key/value pairs are added to the api-proxy Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the api-proxy Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default api-proxy Deployment nodeSelector.

tolerations
[]Kubernetes core/v1.Toleration		(Optional)

Tolerations is the api-proxy pod’s tolerations. If specified, this overrides any tolerations that may be set on the api-proxy Deployment. If omitted, the api-proxy Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default api-proxy Deployment tolerations.

APIProxyDeploymentPodTemplateSpec

(Appears on:

APIProxyDeploymentSpec)

APIProxyDeploymentPodTemplateSpec is the api-proxy Deployment’s PodTemplateSpec

FieldDescription
metadata
github.com/tigera/operator/api/v1.Metadata		(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec
APIProxyDeploymentPodSpec		(Optional)

Spec is the api-proxy Deployment’s PodSpec.



APIProxyDeploymentSpec

(Appears on:

APIProxyDeployment)

APIProxyDeploymentSpec defines configuration for the api-proxy Deployment.

FieldDescription
minReadySeconds
int32		(Optional)

MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the api-proxy Deployment. If omitted, the api-proxy Deployment will use its default value for minReadySeconds.

template
APIProxyDeploymentPodTemplateSpec		(Optional)

Template describes the api-proxy Deployment pod that will be created.

ClusterScannerStatusType (string alias)

(Appears on:

ImageAssuranceSpec)

CrawdadDaemonSet

(Appears on:

ImageAssuranceSpec)

FieldDescription
metadata
github.com/tigera/operator/api/v1.Metadata		(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the DaemonSet.

spec
CrawdadDaemonSetSpec		(Optional)

Spec is the specification of the crawdad DaemonSet.



CrawdadDaemonSetContainer

(Appears on:

CrawdadDaemonSetPodSpec)

CrawdadDaemonSetContainer is a crawdad DaemonSet container.

FieldDescription
name
string

Name is an enum which identifies the crawdad DaemonSet container by name.

resources
Kubernetes core/v1.ResourceRequirements		(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named crawdad DaemonSet container’s resources. If omitted, the crawdad DaemonSet will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

CrawdadDaemonSetPodSpec

(Appears on:

CrawdadDaemonSetPodTemplateSpec)

CrawdadDaemonSetPodSpec is the crawdad DaemonSet’s PodSpec.

FieldDescription
containers
[]CrawdadDaemonSetContainer		(Optional)

Containers is a list of crawdad containers. If specified, this overrides the specified crawdad DaemonSet cluster-scanner containers. If omitted, the crawdad DaemonSet will use its default values for its containers.

affinity
Kubernetes core/v1.Affinity		(Optional)

Affinity is a group of affinity scheduling rules for the crawdad pods. If specified, this overrides any affinity that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for affinity. WARNING: Please note that this field will override the default crawdad DaemonSet affinity.

nodeSelector
map[string]string

NodeSelector is the crawdad pod’s scheduling constraints. If specified, each of the key/value pairs are added to the crawdad DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the crawdad DaemonSet and each of this field’s key/value pairs are added to the crawdad DaemonSet nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the crawdad DaemonSet will use its default value for nodeSelector. WARNING: Please note that this field will modify the default crawdad DaemonSet nodeSelector.

tolerations
[]Kubernetes core/v1.Toleration		(Optional)

Tolerations is the crawdad pod’s tolerations. If specified, this overrides any tolerations that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for tolerations. WARNING: Please note that this field will override the default crawdad DaemonSet tolerations.

CrawdadDaemonSetPodTemplateSpec

(Appears on:

CrawdadDaemonSetSpec)

CrawdadDaemonSetPodTemplateSpec is the crawdad DaemonSet’s PodTemplateSpec

FieldDescription
metadata
github.com/tigera/operator/api/v1.Metadata		(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec
CrawdadDaemonSetPodSpec		(Optional)

Spec is the crawdad DaemonSet’s PodSpec.



CrawdadDaemonSetSpec

(Appears on:

CrawdadDaemonSet)

CrawdadDaemonSetSpec defines configuration for the crawdad DaemonSet.

FieldDescription
minReadySeconds
int32		(Optional)

MinReadySeconds is the minimum number of seconds for which a newly created DaemonSet pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the crawdad DaemonSet. If omitted, the crawdad DaemonSet will use its default value for minReadySeconds.

template
CrawdadDaemonSetPodTemplateSpec		(Optional)

Template describes the crawdad DaemonSet pod that will be created.

ImageAssuranceCentralSpec

(Appears on:

ImageAssuranceCentral)

ImageAssuranceCentralSpec defines the desired state of ImageAssuranceCentral.

FieldDescription
apiProxyURL
string

APIProxyURL is the url the api proxy should proxy to.

apiProxyDeployment
APIProxyDeployment

APIProxyDeployment configures the api proxy Deployment.

scannerWorkerDeployment
ScannerWorkerDeployment		(Optional)

ScannerWorkerDeployment is the specification of the Scanner Worker Deployment.

runtimeCleanerDeployment
RuntimeCleanerDeployment		(Optional)

RuntimeCleanerDeployment is the specification of the Runtime Cleaner Deployment.

ImageAssuranceCentralStatus

(Appears on:

ImageAssuranceCentral)

ImageAssuranceCentralStatus defines the observed state of ImageAssuranceCentral.

FieldDescription
state
string

State provides user-readable status.

ImageAssuranceSpec

(Appears on:

ImageAssurance)

ImageAssuranceSpec configures Image Assurance monitoring and tooling in a kubernetes cluster.

FieldDescription
criSocketPath
string

CRISocketPath is the path to the CRI socket on the nodes. Defaults to /run/containerd/containerd.sock.

containerdVolumeMountPath
string		(Optional)

ContainerdVolumeMountPath is the path to the root of containerd file system. Defaults to /var/lib/containerd/.

clusterScanner
ClusterScannerStatusType		(Optional)

This setting enables or disables the cluster scanner. Allowed values are Enabled or Disabled. Defaults to Disabled.

crawdadDaemonset
CrawdadDaemonSet		(Optional)

CrawdadDaemonSet is the specification of the Crawdad Daemonset.

ImageAssuranceStatus

(Appears on:

ImageAssurance)

ImageAssuranceStatus defines the observed state of ImageAssurance

RuntimeCleanerDeployment

(Appears on:

ImageAssuranceCentralSpec)

FieldDescription
metadata
github.com/tigera/operator/api/v1.Metadata		(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment.

spec
RuntimeCleanerDeploymentSpec		(Optional)

Spec is the specification of the runtime-cleaner Deployment.



RuntimeCleanerDeploymentContainer

(Appears on:

RuntimeCleanerDeploymentPodSpec)

RuntimeCleanerDeploymentContainer is a runtime-cleaner Deployment container.

FieldDescription
name
string

Name is an enum which identifies the runtime-cleaner Deployment container by name.

resources
Kubernetes core/v1.ResourceRequirements		(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named runtime-cleaner Deployment container’s resources. If omitted, the runtime-cleaner Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

RuntimeCleanerDeploymentPodSpec

(Appears on:

RuntimeCleanerDeploymentPodTemplateSpec)

RuntimeCleanerDeploymentPodSpec is the runtime-cleaner Deployment’s PodSpec.

FieldDescription
containers
[]RuntimeCleanerDeploymentContainer		(Optional)

Containers is a list of runtime-cleaner containers. If specified, this overrides the specified runtime-cleaner Deployment containers. If omitted, the runtime-cleaner Deployment will use its default values for its containers.

affinity
Kubernetes core/v1.Affinity		(Optional)

Affinity is a group of affinity scheduling rules for the runtime-cleaner pods. If specified, this overrides any affinity that may be set on the runtime-cleaner Deployment. If omitted, the runtime-cleaner Deployment will use its default value for affinity. WARNING: Please note that this field will override the default runtime-cleaner Deployment affinity.

nodeSelector
map[string]string

NodeSelector is the runtime-cleaner pod’s scheduling constraints. If specified, each of the key/value pairs are added to the runtime-cleaner Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the runtime-cleaner Deployment and each of this field’s key/value pairs are added to the runtime-cleaner Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the runtime-cleaner Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default runtime-cleaner Deployment nodeSelector.

tolerations
[]Kubernetes core/v1.Toleration		(Optional)

Tolerations is the runtime-cleaner pod’s tolerations. If specified, this overrides any tolerations that may be set on the runtime-cleaner Deployment. If omitted, the runtime-cleaner Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default runtime-cleaner Deployment tolerations.

RuntimeCleanerDeploymentPodTemplateSpec

(Appears on:

RuntimeCleanerDeploymentSpec)

RuntimeCleanerDeploymentPodTemplateSpec is the runtime-cleaner Deployment’s PodTemplateSpec

FieldDescription
metadata
github.com/tigera/operator/api/v1.Metadata		(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec
RuntimeCleanerDeploymentPodSpec		(Optional)

Spec is the runtime-cleaner Deployment’s PodSpec.



RuntimeCleanerDeploymentSpec

(Appears on:

RuntimeCleanerDeployment)

RuntimeCleanerDeploymentSpec defines configuration for the runtime-cleaner Deployment.

FieldDescription
minReadySeconds
int32		(Optional)

MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the runtime-cleaner Deployment. If omitted, the runtime-cleaner Deployment will use its default value for minReadySeconds.

template
RuntimeCleanerDeploymentPodTemplateSpec		(Optional)

Template describes the runtime-cleaner Deployment pod that will be created.

ScannerWorkerDeployment

(Appears on:

ImageAssuranceCentralSpec)

FieldDescription
metadata
github.com/tigera/operator/api/v1.Metadata		(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the Deployment.

spec
ScannerWorkerDeploymentSpec		(Optional)

Spec is the specification of the scanner worker Deployment.



ScannerWorkerDeploymentContainer

(Appears on:

ScannerWorkerDeploymentPodSpec)

ScannerWorkerDeploymentContainer is a scanner worker Deployment container.

FieldDescription
name
string

Name is an enum which identifies the scanner worker Deployment container by name.

resources
Kubernetes core/v1.ResourceRequirements		(Optional)

Resources allows customization of limits and requests for compute resources such as cpu and memory. If specified, this overrides the named scanner worker Deployment container’s resources. If omitted, the scanner worker Deployment will use its default value for this container’s resources. If used in conjunction with the deprecated ComponentResources, then this value takes precedence.

ScannerWorkerDeploymentPodSpec

(Appears on:

ScannerWorkerDeploymentPodTemplateSpec)

ScannerWorkerDeploymentPodSpec is the scanner worker Deployment’s PodSpec.

FieldDescription
containers
[]ScannerWorkerDeploymentContainer		(Optional)

Containers is a list of scanner worker containers. If specified, this overrides the specified scanner worker Deployment containers. If omitted, the scanner worker Deployment will use its default values for its containers.

affinity
Kubernetes core/v1.Affinity		(Optional)

Affinity is a group of affinity scheduling rules for the scanner worker pods. If specified, this overrides any affinity that may be set on the scanner worker Deployment. If omitted, the scanner worker Deployment will use its default value for affinity. WARNING: Please note that this field will override the default scanner worker Deployment affinity.

nodeSelector
map[string]string

NodeSelector is the scanner worker pod’s scheduling constraints. If specified, each of the key/value pairs are added to the scanner worker Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If used in conjunction with ControlPlaneNodeSelector, that nodeSelector is set on the scanner worker Deployment and each of this field’s key/value pairs are added to the scanner worker Deployment nodeSelector provided the key does not already exist in the object’s nodeSelector. If omitted, the scanner worker Deployment will use its default value for nodeSelector. WARNING: Please note that this field will modify the default scanner worker Deployment nodeSelector.

tolerations
[]Kubernetes core/v1.Toleration		(Optional)

Tolerations is the scanner worker pod’s tolerations. If specified, this overrides any tolerations that may be set on the scanner worker Deployment. If omitted, the scanner worker Deployment will use its default value for tolerations. WARNING: Please note that this field will override the default scanner worker Deployment tolerations.

ScannerWorkerDeploymentPodTemplateSpec

(Appears on:

ScannerWorkerDeploymentSpec)

ScannerWorkerDeploymentPodTemplateSpec is the scanner worker Deployment’s PodTemplateSpec

FieldDescription
metadata
github.com/tigera/operator/api/v1.Metadata		(Optional)

Metadata is a subset of a Kubernetes object’s metadata that is added to the pod’s metadata.

spec
ScannerWorkerDeploymentPodSpec		(Optional)

Spec is the scanner worker Deployment’s PodSpec.



ScannerWorkerDeploymentSpec

(Appears on:

ScannerWorkerDeployment)

ScannerWorkerDeploymentSpec defines configuration for the scanner worker Deployment.

FieldDescription
minReadySeconds
int32		(Optional)

MinReadySeconds is the minimum number of seconds for which a newly created Deployment pod should be ready without any of its container crashing, for it to be considered available. If specified, this overrides any minReadySeconds value that may be set on the scanner worker Deployment. If omitted, the scanner worker Deployment will use its default value for minReadySeconds.

template
ScannerWorkerDeploymentPodTemplateSpec		(Optional)

Template describes the scanner worker Deployment pod that will be created.