Profile

Profiles provide a way to group multiple endpoints so that they inherit a shared set of labels. For historic reasons, Profiles can also include policy rules, but that feature is deprecated in favor of the much more flexible NetworkPolicy and GlobalNetworkPolicy resources.

Each Calico endpoint or host endpoint can be assigned to zero or more profiles.

Sample YAML

The following sample profile applies the label stage: development to any endpoint that includes dev-apps in its list of profiles.

  1. apiVersion: projectcalico.org/v3
  2. kind: Profile
  3. metadata:
  4. name: dev-apps
  5. spec:
  6. labelsToApply:
  7. stage: development

Definition

Metadata

FieldDescriptionAccepted ValuesSchemaDefault
nameThe name of the profile. Required.Alphanumeric string with optional ., _, or -.string
labelsA set of labels for this profile.map of string key to string values

Spec

FieldDescriptionAccepted ValuesSchemaDefault
ingress (deprecated)The ingress rules belonging to this profile.List of Rule
egress (deprecated)The egress rules belonging to this profile.List of Rule
labelsToApplyAn optional set of labels to apply to each endpoint in this profile (in addition to the endpoint’s own labels)map

For Rule details please see the NetworkPolicy or GlobalNetworkPolicy resource.

Supported operations

Datastore typeCreate/DeleteUpdateGet/ListNotes
etcdv3YesYesYes
Kubernetes API serverNoNoYesCalico profiles are pre-assigned for each Namespace and Service Account.