kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Document all the fields in the Cilium spec

This commit is contained in:
Ole Markus With 2020-02-14 10:12:51 +01:00
parent 116ec23d47
commit 73fb299a8e
1 changed files with 211 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

278
pkg/apis/kops/networking.go
View File

@ -195,80 +195,224 @@ const CiliumIpamEni = "eni"
// CiliumNetworkingSpec declares that we want Cilium networking // CiliumNetworkingSpec declares that we want Cilium networking
type CiliumNetworkingSpec struct { type CiliumNetworkingSpec struct {
// Version is the version of the Cilium agent and the Cilium Operator.
Version string `json:"version,omitempty"` Version string `json:"version,omitempty"`
AccessLog string `json:"accessLog,omitempty"` // AccessLog has not been implemented in the new templates and may be removed in the future.
AgentLabels []string `json:"agentLabels,omitempty"` // Setting this has currently no effect.
AgentPrometheusPort int `json:"agentPrometheusPort,omitempty"` AccessLog string `json:"accessLog,omitempty"`
AllowLocalhost string `json:"allowLocalhost,omitempty"` // AgentLabels has not been implemented in the new templates and may be removed in the future.
AutoIpv6NodeRoutes bool `json:"autoIpv6NodeRoutes,omitempty"` // Setting this has currently no effect.
BPFRoot string `json:"bpfRoot,omitempty"` AgentLabels []string `json:"agentLabels,omitempty"`
ContainerRuntime []string `json:"containerRuntime,omitempty"` // AgentPrometheusPort is the port to listen to for Prometheus metrics.
// Defaults to 9090.
AgentPrometheusPort int `json:"agentPrometheusPort,omitempty"`
// AllowLocalhost has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
AllowLocalhost string `json:"allowLocalhost,omitempty"`
// AutoIpv6NodeRoutes has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
AutoIpv6NodeRoutes bool `json:"autoIpv6NodeRoutes,omitempty"`
// BPFRoot has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
BPFRoot string `json:"bpfRoot,omitempty"`
// ContainerRuntime has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
ContainerRuntime []string `json:"containerRuntime,omitempty"`
// ContainerRuntimeEndpoint has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
ContainerRuntimeEndpoint map[string]string `json:"containerRuntimeEndpoint,omitempty"` ContainerRuntimeEndpoint map[string]string `json:"containerRuntimeEndpoint,omitempty"`
Debug bool `json:"debug,omitempty"` // Debug runs Cilium in debug mode.
DebugVerbose []string `json:"debugVerbose,omitempty"` Debug bool `json:"debug,omitempty"`
Device string `json:"device,omitempty"` // DebugVerbose has not been implemented in the new templates and may be removed in the future.
DisableConntrack bool `json:"disableConntrack,omitempty"` // Setting this has currently no effect.
DisableIpv4 bool `json:"disableIpv4,omitempty"` DebugVerbose []string `json:"debugVerbose,omitempty"`
DisableK8sServices bool `json:"disableK8sServices,omitempty"` // Device has not been implemented in the new templates and may be removed in the future.
EnablePolicy string `json:"enablePolicy,omitempty"` // Setting this has currently no effect.
EnableTracing bool `json:"enableTracing,omitempty"` Device string `json:"device,omitempty"`
EnablePrometheusMetrics bool `json:"enablePrometheusMetrics,omitempty"` // DisableConntrack has not been implemented in the new templates and may be removed in the future.
EnvoyLog string `json:"envoyLog,omitempty"` // Setting this has currently no effect.
Ipv4ClusterCIDRMaskSize int `json:"ipv4ClusterCidrMaskSize,omitempty"` DisableConntrack bool `json:"disableConntrack,omitempty"`
Ipv4Node string `json:"ipv4Node,omitempty"` // DisableIpv4 is deprecated: Use EnableIpv4 instead.
Ipv4Range string `json:"ipv4Range,omitempty"` // Setting this flag has no effect.
Ipv4ServiceRange string `json:"ipv4ServiceRange,omitempty"` DisableIpv4 bool `json:"disableIpv4,omitempty"`
Ipv6ClusterAllocCidr string `json:"ipv6ClusterAllocCidr,omitempty"` // DisableK8sServices has not been implemented in the new templates and may be removed in the future.
Ipv6Node string `json:"ipv6Node,omitempty"` // Setting this has currently no effect.
Ipv6Range string `json:"ipv6Range,omitempty"` DisableK8sServices bool `json:"disableK8sServices,omitempty"`
Ipv6ServiceRange string `json:"ipv6ServiceRange,omitempty"` // EnablePolicy determines the policy enforcement mode.
K8sAPIServer string `json:"k8sApiServer,omitempty"` // "default": Follows Kubernetes policy enforcement.
K8sKubeconfigPath string `json:"k8sKubeconfigPath,omitempty"` // "always": Cilium restricts all traffic if no policy is in place.
KeepBPFTemplates bool `json:"keepBpfTemplates,omitempty"` // "never": Cilium allows all traffic regardless of policies in place.
KeepConfig bool `json:"keepConfig,omitempty"` EnablePolicy string `json:"enablePolicy,omitempty"`
LabelPrefixFile string `json:"labelPrefixFile,omitempty"` // EnableTracing has not been implemented in the new templates and may be removed in the future.
Labels []string `json:"labels,omitempty"` // Setting this has currently no effect.
LB string `json:"lb,omitempty"` EnableTracing bool `json:"enableTracing,omitempty"`
LibDir string `json:"libDir,omitempty"` // EnablePrometheusMetrics enables the Cilium /metrics endpoint for both the agent and the operator.
LogDrivers []string `json:"logDriver,omitempty"` EnablePrometheusMetrics bool `json:"enablePrometheusMetrics,omitempty"`
LogOpt map[string]string `json:"logOpt,omitempty"` // EnvoyLog has not been implemented in the new templates and may be removed in the future.
Logstash bool `json:"logstash,omitempty"` // Setting this has currently no effect.
LogstashAgent string `json:"logstashAgent,omitempty"` EnvoyLog string `json:"envoyLog,omitempty"`
LogstashProbeTimer uint32 `json:"logstashProbeTimer,omitempty"` // Ipv4ClusterCIDRMaskSize has not been implemented in the new templates and may be removed in the future.
DisableMasquerade bool `json:"disableMasquerade,omitempty"` // Setting this has currently no effect.
Nat46Range string `json:"nat46Range,omitempty"` Ipv4ClusterCIDRMaskSize int `json:"ipv4ClusterCidrMaskSize,omitempty"`
Pprof bool `json:"pprof,omitempty"` // Ipv4Node has not been implemented in the new templates and may be removed in the future.
PrefilterDevice string `json:"prefilterDevice,omitempty"` // Setting this has currently no effect.
PrometheusServeAddr string `json:"prometheusServeAddr,omitempty"` Ipv4Node string `json:"ipv4Node,omitempty"`
Restore bool `json:"restore,omitempty"` // Ipv4Range has not been implemented in the new templates and may be removed in the future.
SingleClusterRoute bool `json:"singleClusterRoute,omitempty"` // Setting this has currently no effect.
SocketPath string `json:"socketPath,omitempty"` Ipv4Range string `json:"ipv4Range,omitempty"`
StateDir string `json:"stateDir,omitempty"` // Ipv4ServiceRange has not been implemented in the new templates and may be removed in the future.
TracePayloadLen int `json:"tracePayloadlen,omitempty"` // Setting this has currently no effect.
Tunnel string `json:"tunnel,omitempty"` Ipv4ServiceRange string `json:"ipv4ServiceRange,omitempty"`
// Ipv6ClusterAllocCidr has not been implemented in the new templates and may be removed in the future.
EnableIpv6 bool `json:"enableipv6"` // Setting this has currently no effect.
EnableIpv4 bool `json:"enableipv4"` Ipv6ClusterAllocCidr string `json:"ipv6ClusterAllocCidr,omitempty"`
MonitorAggregation string `json:"monitorAggregation"` // Ipv6Node has not been implemented in the new templates and may be removed in the future.
BPFCTGlobalTCPMax int `json:"bpfCTGlobalTCPMax"` // Setting this has currently no effect.
BPFCTGlobalAnyMax int `json:"bpfCTGlobalAnyMax"` Ipv6Node string `json:"ipv6Node,omitempty"`
PreallocateBPFMaps bool `json:"preallocateBPFMaps"` // Ipv6Range has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Ipv6Range string `json:"ipv6Range,omitempty"`
// Ipv6ServiceRange has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Ipv6ServiceRange string `json:"ipv6ServiceRange,omitempty"`
// K8sAPIServer has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
K8sAPIServer string `json:"k8sApiServer,omitempty"`
// K8sKubeconfigPath has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
K8sKubeconfigPath string `json:"k8sKubeconfigPath,omitempty"`
// KeepBPFTemplates has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
KeepBPFTemplates bool `json:"keepBpfTemplates,omitempty"`
// KeepConfig has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
KeepConfig bool `json:"keepConfig,omitempty"`
// LabelPrefixFile has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect
LabelPrefixFile string `json:"labelPrefixFile,omitempty"`
// Labels has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Labels []string `json:"labels,omitempty"`
// LB has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LB string `json:"lb,omitempty"`
// LibDir has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LibDir string `json:"libDir,omitempty"`
// LogDrivers has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LogDrivers []string `json:"logDriver,omitempty"`
// LogOpt has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LogOpt map[string]string `json:"logOpt,omitempty"`
// Logstash has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Logstash bool `json:"logstash,omitempty"`
// LogstashAgent has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LogstashAgent string `json:"logstashAgent,omitempty"`
// LogstashProbeTimer has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LogstashProbeTimer uint32 `json:"logstashProbeTimer,omitempty"`
// DisableMasquerade determines if external traffic should be masqued behind the node IP.
DisableMasquerade bool `json:"disableMasquerade,omitempty"`
// Nat6Range has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Nat46Range string `json:"nat46Range,omitempty"`
// Pprof has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Pprof bool `json:"pprof,omitempty"`
// PrefilterDevice has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
PrefilterDevice string `json:"prefilterDevice,omitempty"`
// PrometheusServeAddr is deprecated. Use EnablePrometheusMetrics and AgentPrometheusPort instead.
// Setting this has currently no effect.
PrometheusServeAddr string `json:"prometheusServeAddr,omitempty"`
// Restore has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Restore bool `json:"restore,omitempty"`
// SingleClusterRoute has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
SingleClusterRoute bool `json:"singleClusterRoute,omitempty"`
// SocketPath has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
SocketPath string `json:"socketPath,omitempty"`
// StateDir has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
StateDir string `json:"stateDir,omitempty"`
// TracePayloadLen has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
TracePayloadLen int `json:"tracePayloadlen,omitempty"`
// Tunnel determines the cilium tunelling mode. Possible values are "vxlan", "geneve", or "disabled".
// Default: vxlan
Tunnel string `json:"tunnel,omitempty"`
// EnableIpv6 enables cluster ipv6 traffic. Note that if both EnableIpv6 and EnableIpv4 are set to false.
// Ipv4 will be enabled.
// Default: false
EnableIpv6 bool `json:"enableipv6"`
// EnableIpv4 enables cluster ipv4 traffic. Note that if both EnableIpv6 and EnableIpv4 are set to false.
// Ipv4 will be enabled.
// Default: false
EnableIpv4 bool `json:"enableipv4"`
// MonitorAggregation sets the level of packet monitoring. Can be set to either "low", "medium", or "maximum".
// Default: medium
MonitorAggregation string `json:"monitorAggregation"`
// BPFCTGlobalTCPMax is the maximum number of entries in TCP CT table.
// Default: 524288
BPFCTGlobalTCPMax int `json:"bpfCTGlobalTCPMax"`
// BPFCTGlobalAnyMax is the maximum number of entries in non-TCP CT table.
// Default: 262144
BPFCTGlobalAnyMax int `json:"bpfCTGlobalAnyMax"`
// PreallocateBPFMaps reduce the per-packet latency at the expense of up-front memory allocation.
// Default: true
PreallocateBPFMaps bool `json:"preallocateBPFMaps"`
// SidecarIstioProxyImage is the regular expression matching compatible Istio sidecar istio-proxy.
// container image names.
// Default: cilium/istio_proxy
SidecarIstioProxyImage string `json:"sidecarIstioProxyImage"` SidecarIstioProxyImage string `json:"sidecarIstioProxyImage"`
ClusterName string `json:"clusterName"` // ClusterName is the of the cluster and is only relevant when building a mesh of clusters.
ToFqdnsEnablePoller bool `json:"toFqdnsEnablePoller"` ClusterName string `json:"clusterName"`
// ToFqdnsEnablePoller is disabled by default starting from version 1.4.x in favor
// of a more powerful DNS proxy-based implementation.
// Enable this option if you want to use FQDN policies but do not want to use
// the DNS proxy.
// To ease upgrade, users may opt to set this option to "true".
// Default: true
ToFqdnsEnablePoller bool `json:"toFqdnsEnablePoller"`
// ContainerRuntimeLabels determines the container runtime(s) used by Cilium
// Supported values are: "none", "containerd", "crio", "docker", "auto"
// Default: none
ContainerRuntimeLabels string `json:"containerRuntimeLabels,omitempty"` ContainerRuntimeLabels string `json:"containerRuntimeLabels,omitempty"`
IPTablesRulesNoinstall bool `json:"IPTablesRulesNoinstall"` // Ipam determines which IP address allocation mode to use.
AutoDirectNodeRoutes bool `json:"autoDirectNodeRoutes"` // "eni" will use AWS native networking for pods
EnableNodePort bool `json:"enableNodePort"` Ipam string `json:"ipam,omitempty"`
Ipam string `json:"ipam,omitempty"` // IPTablesRulesNoinstall determins if the base iptables rules for cilium to mainly interact with kube-proxy (and masquerading)
// Default: false
IPTablesRulesNoinstall bool `json:"IPTablesRulesNoinstall"`
// AutoDirectNodeRoutes adds automatic L2 routing between nodes
// Default: false
AutoDirectNodeRoutes bool `json:"autoDirectNodeRoutes"`
// EnableNodePort replaces kube-proxy with Cilium's BPF implementation
// Requires masquerading to be disabled
// Default: false
EnableNodePort bool `json:"enableNodePort"`
//node init options // RemoveCbrBridge has not been implemented in the new templates and may be removed in the future.
RemoveCbrBridge bool `json:"removeCbrBridge"` // Setting this has currently no effect.
RestartPods bool `json:"restartPods"` RemoveCbrBridge bool `json:"removeCbrBridge"`
ReconfigureKubelet bool `json:"reconfigureKubelet"` // RestartPods has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
RestartPods bool `json:"restartPods"`
// ReconfigureKubelet has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
ReconfigureKubelet bool `json:"reconfigureKubelet"`
// NodeInitBootstrapFile has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
NodeInitBootstrapFile string `json:"nodeInitBootstrapFile"` NodeInitBootstrapFile string `json:"nodeInitBootstrapFile"`
CniBinPath string `json:"cniBinPath"` // CniBinPath has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
CniBinPath string `json:"cniBinPath"`
} }
// LyftVPCNetworkingSpec declares that we want to use the cni-ipvlan-vpc-k8s CNI networking. // LyftVPCNetworkingSpec declares that we want to use the cni-ipvlan-vpc-k8s CNI networking.