The Tigera Operator is a Kubernetes operator which manages the lifecycle of a Calico or Calico Enterprise installation on Kubernetes. Its goal is to make installation, upgrades, and ongoing lifecycle management of Calico and Calico Enterprise as simple and reliable as possible.
It is possible to use the Tigera Operator for other use-cases by installing additional CRDs and adding custom RBAC rules via rbac.customRules
.
Homepage: https://www.tigera.io/
Name | Url | |
---|---|---|
stevehipwell | steve.hipwell@gmail.com |
- https://github.com/tigera/operator
- https://github.com/projectcalico/calico
- https://github.com/stevehipwell/helm-charts/
To install the chart using the recommended OCI method you can use the following command.
helm upgrade --install tigera-operator oci://ghcr.io/stevehipwell/helm-charts/tigera-operator --version 2.11.3
As the OCI chart release is signed by Cosign you can verify the chart before installing it by running the following command.
cosign verify --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-identity-regexp 'https://github\.com/action-stars/helm-workflows/\.github/workflows/release\.yaml@.+' --certificate-github-workflow-repository stevehipwell/helm-charts --certificate-github-workflow-name Release ghcr.io/stevehipwell/helm-charts/tigera-operator:2.11.3
Alternatively you can use the legacy non-OCI method via the following commands.
helm repo add stevehipwell https://stevehipwell.github.io/helm-charts/
helm upgrade --install tigera-operator stevehipwell/tigera-operator --version 2.11.3
Key | Type | Default | Description |
---|---|---|---|
affinity | object | {} |
Affinity settings for scheduling. If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. |
apiServer.enabled | bool | false |
If true , install an APIServer control plane according to the apiServer.spec . |
apiServer.spec | object | {} |
APIServer Spec to enable kubectl to manage Calico APIs. |
args | list | [] |
Extra args for the default container. |
commonLabels | object | {} |
Labels to add to all chart resources. |
dnsPolicy | string | "ClusterFirstWithHostNet" |
Pod DNS policy. |
env | list | [] |
Environment variables for the default container. |
envFrom | list | [] |
DEPRECATED - Environment variables from a config map or secret for the default container. |
fullnameOverride | string | nil |
Override the full name of the chart. |
hostNetwork | bool | true |
If true , the pod will use the host network namespace. This can be set to false if Calico is not the CNI. |
image.pullPolicy | string | "IfNotPresent" |
Image pull policy for the default container. |
image.repository | string | "quay.io/tigera/operator" |
Image repository for the default container. |
image.tag | string | nil |
Image tag for the default container, this will default to printf "v%s" .Chart.AppVersion if not set. |
imagePullSecrets | list | [] |
Image pull secrets. |
installation.enabled | bool | false |
If true , install a Calico control plane according to the installation.spec value. |
installation.spec | object | {"registry":"quay.io/","variant":"Calico"} |
Tigera Operator Spec to deploy Calico with. |
nameOverride | string | nil |
Override the name of the chart. |
nodeSelector | object | {"kubernetes.io/os":"linux"} |
Node selector labels for scheduling. |
podAnnotations | object | {} |
Annotations to add to the pod. |
podLabels | object | {} |
Labels to add to the pod. |
podSecurityContext | object | See values.yaml | Security context for the pod. |
priorityClassName | string | nil |
Priority class name for the pod. |
rbac.create | bool | true |
If true , create a ClusterRole & ClusterRoleBinding with access to the Kubernetes API. |
rbac.customRules | string | nil |
Additional rules to add to the ClusterRole . |
resources | object | {} |
Resources for the default container. |
securityContext | object | See values.yaml | Security context for the default container. |
serviceAccount.annotations | object | {} |
Annotations to add to the service account. |
serviceAccount.create | bool | true |
If true , create a new ServiceAccount . |
serviceAccount.labels | object | {} |
Labels to add to the service account. |
serviceAccount.name | string | nil |
If this is set and serviceAccount.create is true this will be used for the created service account name, if set and serviceAccount.create is false then this will define an existing service account to use. |
serviceMonitor.additionalLabels | object | {} |
Additional labels for the service monitor. |
serviceMonitor.enabled | bool | false |
If true , create a ServiceMonitor resource to support collecting metrics via the Prometheus Operator. |
serviceMonitor.endpointConfig | object | {} |
Additional endpoint configuration for the service monitor endpoint. |
serviceMonitor.interval | int | nil |
DEPRECATED - Prometheus scrape interval for the service monitor endpoint. |
terminationGracePeriodSeconds | int | nil |
Termination grace period for the pod in seconds. |
tolerations | list | [] |
Node taints that will be tolerated for scheduling. |
topologySpreadConstraints | list | [] |
Topology spread constraints for scheduling. If an explicit label selector is not provided one will be created from the pod selector labels. |
uninstall.enabled | bool | true |
If true , run a Job as a pre-delete Helm hook to make sure that Tigera Operator can be uninstalled. |
Autogenerated from chart metadata using helm-docs.