Image Overview: calico
Overview: calico Chainguard Image
Installation
There are several ways to install Calico. This document follows the upstream recommended way with the tigera-operator (ref).
There are two CRDs involved that work together to use the correct Chainguard Images:
---
# ImageSet
apiVersion: operator.tigera.io/v1
kind: ImageSet
metadata:
name: calico-v3.26.1
spec:
images:
- image: calico/node
# crane digest cgr.dev/chainguard/calico-node:latest
digest: $node_digest
- image: calico/cni
# crane digest cgr.dev/chainguard/calico-cni:latest
digest: $cni_digest
- image: calico/kube-controllers
# crane digest cgr.dev/chainguard/calico-kube-controllers:latest
digest: $calico-kube-controllers
- image: calico/pod2daemon-flexvol
# crane digest cgr.dev/chainguard/calico-pod2daemon-flexvol:latest
digest: $calico-pod2daemon-flexvol
- image: calico/csi
# crane digest cgr.dev/chainguard/calico-csi:latest
digest: $calico-csi
- image: calico/typha
# crane digest cgr.dev/chainguard/calico-typha:latest
digest: $calico-typha
- image: calico/node-driver-registrar
# crane digest cgr.dev/chainguard/calico-node-driver-registrar:latest
digest: $calico-node-driver-registrar
# This isn't used on Linux, it just needs to have a value.
- image: calico/windows-upgrade
digest: sha256:0000000000000000000000000000000000000000000000000000000000000000
---
# Installation
apiVersion: operator.tigera.io/v1
kind: Installation
metadata:
name: default
spec:
variant: Calico
registry: cgr.dev
imagePath: chainguard
imagePrefix: calico-
The above combination of ImageSet and Installation can be used as a drop in replacement for the upstream documentation step 2 (custom-resources.yaml) to correctly rename the Calico images to their cgr.dev variants.
Last updated: 2022-11-01 11:07