Reference
APIs, CLI, architecture and design, and FAQ.
API and installation references
Tigera Client library
Calico Cloud Go client library reference for working with cluster resources programmatically against the Calico Cloud API in connected clusters.
Installation reference
Installation API reference for Calico Cloud listing the operator-managed custom resources used to configure connected cluster installation.
Image Assurance Installation reference
Image Assurance installation API reference for Calico Cloud listing operator-managed custom resources that configure the Image Assurance subsystem.
REST API Reference
REST API reference index for Calico Cloud covering the SaaS management plane endpoints used by the Calico Cloud web console.
Resource definitions
Resource definitions
Reference overview of the Calico Cloud API resources, including the manifest format and how kubectl manages them in connected clusters.
BFD configuration
Reference for the BFD configuration resource in Calico Cloud connected clusters that tunes Bidirectional Forwarding Detection on BGP-peered nodes.
BGP configuration
Reference for the BGPConfiguration resource in Calico Cloud connected clusters that sets cluster-wide BGP options including route reflectors and AS number.
BGP peer
Reference for the BGPPeer resource in Calico Cloud connected clusters that defines BGP neighbor relationships with external routers or other Calico nodes.
BGP Filter
Reference for the BGPFilter resource in Calico Cloud connected clusters that filters routes imported from or exported to BGP peers.
Block affinity
Reference for the BlockAffinity resource in Calico Cloud connected clusters that records which node owns each IP address management block.
Calico node status
Reference for the CalicoNodeStatus resource in Calico Cloud connected clusters that exposes per-node agent, BGP, and routing state.
Container admission policy
Reference for the ContainerAdmissionPolicy resource in Calico Cloud that admits or rejects pod creation based on container image scan results.
Compliance reports (deprecated)
Reference overview of compliance reporting in Calico Cloud connected clusters covering schedules, report scope, and the GlobalReport resource.
Inventory report
Reference for the inventory compliance report in Calico Cloud connected clusters that catalogs endpoints, namespaces, and policies in scope at report time.
Network Access report
Reference for the network access compliance report in Calico Cloud connected clusters that summarizes which endpoints could communicate based on policy.
Policy audit report
Reference for the policy audit compliance report in Calico Cloud connected clusters that records changes to network policies during the report period.
CIS benchmark report
Reference for the CIS benchmark compliance report in Calico Cloud connected clusters that audits Kubernetes nodes against CIS recommendations.
Deep packet inspection
Reference for the DeepPacketInspection resource in Calico Cloud connected clusters that defines workloads to scan with the Snort-based IDS engine.
Felix configuration
Reference for the FelixConfiguration resource in Calico Cloud connected clusters that controls Felix data plane behavior cluster-wide.
Egress gateway policy
Reference for the EgressGatewayPolicy resource in Calico Cloud connected clusters that selects which pods route through which egress gateways.
Global Alert
Reference for the GlobalAlert resource in Calico Cloud connected clusters that defines an alerting query against flow, audit, or DNS logs.
Global network policy
Reference for the GlobalNetworkPolicy resource in Calico Cloud, a cluster-scoped tiered policy that selects endpoints across all namespaces in a connected cluster.
Global network set
Reference for the GlobalNetworkSet resource in Calico Cloud connected clusters that defines a cluster-scoped set of CIDRs referenced by tiered network policy.
Global report
Reference for the GlobalReport resource in Calico Cloud connected clusters that schedules compliance reports against cluster network and policy state.
Global threat feed
Reference for the GlobalThreatFeed resource in Calico Cloud connected clusters that pulls indicators of compromise into Calico-managed network sets.
Host endpoint
Reference for the HostEndpoint resource in Calico Cloud connected clusters that represents a host network interface for tiered policy enforcement.
IP pool
Reference for the IPPool resource in Calico Cloud connected clusters that defines CIDRs available for pod IP address allocation.
IP reservation
Reference for the IPReservation resource in Calico Cloud connected clusters that excludes specific addresses or ranges from automatic allocation.
IPAM configuration
Reference for the IP address management configuration resource in Calico Cloud connected clusters that sets cluster-wide IPAM options.
License key
Reference for the LicenseKey resource in Calico Cloud connected clusters that activates entitled features.
Kubernetes controllers configuration
Reference for the KubeControllersConfiguration resource in Calico Cloud connected clusters that controls behavior of the kube-controllers component.
Managed Cluster
Reference for the ManagedCluster resource in Calico Cloud that registers a workload cluster with the Calico Cloud management plane.
Network policy
Reference for the NetworkPolicy resource in Calico Cloud, a namespaced tiered policy that selects pods within a single namespace in a connected cluster.
Network set
Reference for the NetworkSet resource in Calico Cloud connected clusters that defines a namespaced set of CIDRs referenced by tiered network policy.
Node
Reference for the Node resource in Calico Cloud connected clusters that represents a host running the cnx-node agent.
PacketCapture
Reference for the PacketCapture resource in Calico Cloud connected clusters that captures pcap files from selected workloads for offline analysis.
Remote cluster configuration
Reference for the RemoteClusterConfiguration resource in Calico Cloud that federates resources between connected clusters for shared identity.
RuntimeSecurity
Reference for the RuntimeSecurity resource in Calico Cloud that configures Container Threat Detection in a connected cluster.
Security event webhook
Reference for the SecurityEventWebhook resource in Calico Cloud connected clusters that forwards security events to external systems such as Slack or Jira.
Staged global network policy
Reference for the StagedGlobalNetworkPolicy resource in Calico Cloud connected clusters that previews cluster-scoped tiered policy without enforcing it.
Staged Kubernetes network policy
Reference for the StagedKubernetesNetworkPolicy resource in Calico Cloud connected clusters that previews Kubernetes network policy without enforcing it.
Staged network policy
Reference for the StagedNetworkPolicy resource in Calico Cloud connected clusters that previews namespaced tiered policy without enforcing it.
Tier
Reference for the Tier resource in Calico Cloud connected clusters that groups tiered policies into ordered evaluation buckets.
Workload endpoint
Reference for the WorkloadEndpoint resource in Calico Cloud connected clusters that represents a pod or VM interface for policy and IPAM.
Component resources
Configuring the Calico Cloud CNI plugins
Reference for configuring the CNI plugin in Calico Cloud connected clusters covering operator-managed and manifest-mode CNI options.
Configure resource requests and limits
Reference for setting Kubernetes resource requests and limits on Calico Cloud components managed by the Tigera Operator in connected clusters.
Configuring the Calico Cloud Kubernetes controllers
Reference for kube-controllers configuration in Calico Cloud connected clusters covering environment variables and KubeControllersConfiguration options.
Monitoring kube-controllers with Prometheus
Prometheus metrics reference for the kube-controllers component in Calico Cloud connected clusters covering reconcile latency and queue depth.
Configuring cnx-node
Reference for configuring the cnx-node container in Calico Cloud connected clusters through environment variables that control Felix, BIRD, and confd.
Configuring Felix
Reference for Felix configuration parameters in Calico Cloud connected clusters covering environment variables, FelixConfiguration fields, and per-node overrides.
Monitoring Felix with Prometheus
Prometheus metrics reference for Felix in Calico Cloud connected clusters covering counters and gauges exposed for data plane health and policy evaluation.
Configuration on public clouds
Amazon Web Services
Reference for connecting Calico Cloud clusters running on Amazon Web Services covering supported networking modes and AWS platform notes.
Azure
Reference for connecting Calico Cloud clusters running on Microsoft Azure covering supported networking modes and Azure platform notes.
Google Compute Engine
Reference for connecting Calico Cloud clusters running on Google Compute Engine covering supported networking modes and platform-specific routing.
Host endpoints
Host endpoints
Reference overview of host endpoint protection in Calico Cloud covering the model for securing host network interfaces with policy across connected clusters.
Creating policy for basic connectivity
Reference for the Calico Cloud failsafe policy that protects host endpoints in connected clusters from being cut off by misconfigured host policy.
Creating host endpoint objects
Reference for the HostEndpoint object in Calico Cloud describing how to model a host network interface in a connected cluster so policy can select it.
Selector-based policies
Reference for ordered host endpoint policies in Calico Cloud connected clusters that match interfaces using label selectors.
Failsafe rules
Reference for the Calico Cloud failsafe inbound and outbound port lists that prevent host network policy from cutting off control-plane connectivity.
Pre-DNAT policy
Reference for pre-DNAT host endpoint policy in Calico Cloud connected clusters that applies rules to ingress traffic before destination NAT rewrites the address.
Apply on forwarded traffic
Reference for the applyOnForward field on Calico Cloud host endpoint policy that controls how rules apply to forwarded traffic in connected clusters.
Summary of host endpoint policies
Reference summary describing how the different Calico Cloud host endpoint policy types interact and affect packet flows in connected clusters.
Connection tracking
Reference covering Linux conntrack workarounds for Calico Cloud host endpoint policy when stateful tracking interferes with packet flow in connected clusters.
Architecture
'The Calico Cloud data path: IP routing and iptables'
Reference covering the Calico Cloud data path explaining how packets flow between workloads and to external destinations in connected clusters.
Calico over Ethernet fabrics
Reference for using Calico Cloud over a layer-2 Ethernet interconnect fabric covering BGP peering and broadcast domain considerations.
Calico over IP fabrics
Reference for using Calico Cloud over a layer-3 IP interconnect fabric covering BGP topology choices and route propagation.