Kubernetes controllers configuration
A Calico Cloud Kubernetes controllers configuration resource (KubeControllersConfiguration) represents configuration options for the Calico Cloud Kubernetes controllers.
Sample YAML​
apiVersion: projectcalico.org/v3
kind: KubeControllersConfiguration
metadata:
name: default
spec:
logSeverityScreen: Info
healthChecks: Enabled
prometheusMetricsPort: 9094
controllers:
node:
reconcilerPeriod: 5m
leakGracePeriod: 15m
syncLabels: Enabled
hostEndpoint:
autoCreate: Disabled
createDefaultHostEndpoint: Enabled
templates:
- generateName: custom-host-endpoint
interfaceCIDRs:
- 1.2.3.0/24
nodeSelector: "has(my-label)"
labels:
key: value
loadbalancer:
assignIPs: AllServices
Kubernetes controllers configuration definition​
Metadata​
| Field | Description | Accepted Values | Schema |
|---|---|---|---|
| name | Unique name to describe this resource instance. Required. | Must be default | string |
- Calico Cloud automatically creates a resource named
defaultcontaining the configuration settings, only the namedefaultis used and only one object of this type is allowed.
Spec​
| Field | Description | Accepted Values | Schema | Default |
|---|---|---|---|---|
| logSeverityScreen | The log severity above which logs are sent to the stdout. | Debug, Info, Warning, Error, Fatal | string | Info |
| healthChecks | Enable support for health checks | Enabled, Disabled | string | Enabled |
| prometheusMetricsPort | Port on which to serve prometheus metrics. | Set to 0 to disable, > 0 to enable. | TCP port | 9094 |
| controllers | Enabled controllers and their settings | Controllers |
Controllers​
| Field | Description | Schema |
|---|---|---|
| node | Enable and configure the node controller | omit to disable, or NodeController |
| federatedservices | Enable and configure the federated services controller | omit to disable, or FederatedServicesController |
NodeController​
The node controller automatically cleans up configuration for nodes that no longer exist. Optionally, it can create host endpoints for all Kubernetes nodes.
| Field | Description | Accepted Values | Schema | Default |
|---|---|---|---|---|
| reconcilerPeriod | Period to perform reconciliation with the Calico Cloud datastore | Duration string | 5m | |
| syncLabels | When enabled, Kubernetes node labels will be copied to Calico Cloud node objects. | Enabled, Disabled | string | Enabled |
| hostEndpoint | Configures the host endpoint controller | HostEndpoint | ||
| leakGracePeriod | Grace period to use when garbage collecting suspected leaked IP addresses. | Duration string | 15m |
HostEndpoint​
| Field | Description | Accepted Values | Schema | Default |
|---|---|---|---|---|
| autoCreate | When enabled, automatically create host endpoints | Enabled, Disabled | string | Disabled |
| createDefaultHostEndpoint | When enabled, default host endpoint will be created | Enabled, Disabled | string | Enabled |
| templates | Controls creation of custom host endpoints | Template |
Template​
| Field | Description | Accepted Values | Schema | Default |
|---|---|---|---|---|
| generateName | Unique name used as suffix for host endpoints created based on this template | Alphanumeric string | string | |
| nodeSelector | Selects the nodes for which this template should create host endpoints | Selector | all() | |
| interfaceCIDRs | List of networks specified in CIDR notation | List of valid CIDRs | List string | |
| labels | Labels to be added to generated host endpoints matching this template | map of string key to string values |
Selectors​
A label selector is an expression which either matches or does not match a resource based on its labels.
Calico Cloud label selectors support a number of operators, which can be combined into larger expressions using the boolean operators and parentheses.
| Expression | Meaning |
|---|---|
| Logical operators | |
( <expression> ) | Matches if and only if <expression> matches. (Parentheses are used for grouping expressions.) |
! <expression> | Matches if and only if <expression> does not match. Tip: ! is a special character at the start of a YAML string, if you need to use ! at the start of a YAML string, enclose the string in quotes. |
<expression 1> && <expression 2> | "And": matches if and only if both <expression 1>, and, <expression 2> matches |
<expression 1> || <expression 2> | "Or": matches if and only if either <expression 1>, or, <expression 2> matches. |
| Match operators | |
all() | Match all in-scope resources. To match no resources, combine this operator with ! to form !all(). |
global() | Match all non-namespaced resources. Useful in a namespaceSelector to select global resources such as global network sets. |
k == 'v' | Matches resources with the label 'k' and value 'v'. |
k != 'v' | Matches resources without label 'k' or with label 'k' and value not equal to v |
has(k) | Matches resources with label 'k', independent of value. To match pods that do not have label k, combine this operator with ! to form !has(k) |
k in { 'v1', 'v2' } | Matches resources with label 'k' and value in the given set |
k not in { 'v1', 'v2' } | Matches resources without label 'k' or with label 'k' and value not in the given set |
k contains 's' | Matches resources with label 'k' and value containing the substring 's' |
k starts with 's' | Matches resources with label 'k' and value starting with the substring 's' |
k ends with 's' | Matches resources with label 'k' and value ending with the substring 's' |
Operators have the following precedence:
- Highest: all the match operators
- Parentheses
( ... ) - Negation with
! - Conjunction with
&& - Lowest: Disjunction with
||
For example, the expression
! has(my-label) || my-label starts with 'prod' && role in {'frontend','business'}
Would be "bracketed" like this:
((!(has(my-label)) || ((my-label starts with 'prod') && (role in {'frontend','business'}))
It would match:
- Any resource that did not have label "my-label".
- Any resource that both:
- Has a value for
my-labelthat starts with "prod", and, - Has a role label with value either "frontend", or "business".
- Has a value for
FederatedServicesController​
The federated services controller syncs Kubernetes services from remote clusters defined through RemoteClusterConfigurations.
| Field | Description | Schema | Default |
|---|---|---|---|
| reconcilerPeriod | Period to perform reconciliation with the Calico Cloud datastore | Duration string | 5m |
LoadBalancerController​
The load balancer controller manages IPAM for Services of type LoadBalancer.
| Field | Description | Accepted Values | Schema | Default |
|---|---|---|---|---|
| assignIPs | Mode in which LoadBalancer controller operates | AllServices, RequestedServicesOnly | String | AllServices |
Supported operations​
| Datastore type | Create | Delete (Global default) | Update | Get/List | Notes |
|---|---|---|---|---|---|
| Kubernetes API server | Yes | Yes | Yes | Yes |