-
Notifications
You must be signed in to change notification settings - Fork 2.8k
/
runtime_options.go
85 lines (72 loc) · 2.3 KB
/
runtime_options.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
// SPDX-License-Identifier: Apache-2.0
// Copyright Authors of Cilium
package option
const (
PolicyTracing = "PolicyTracing"
ConntrackAccounting = "ConntrackAccounting"
ConntrackLocal = "ConntrackLocal"
Debug = "Debug"
DebugLB = "DebugLB"
DebugPolicy = "DebugPolicy"
DropNotify = "DropNotification"
TraceNotify = "TraceNotification"
TraceSockNotify = "TraceSockNotification"
PolicyVerdictNotify = "PolicyVerdictNotification"
PolicyAuditMode = "PolicyAuditMode"
MonitorAggregation = "MonitorAggregationLevel"
SourceIPVerification = "SourceIPVerification"
AlwaysEnforce = "always"
NeverEnforce = "never"
DefaultEnforcement = "default"
)
var (
specConntrackAccounting = Option{
Define: "CONNTRACK_ACCOUNTING",
Description: "Enable per flow (conntrack) statistics",
Requires: nil,
}
specConntrackLocal = Option{
Define: "CONNTRACK_LOCAL",
Description: "Use endpoint dedicated tracking table instead of global one",
Requires: nil,
}
specDebug = Option{
Define: "DEBUG",
Description: "Enable debugging trace statements",
}
specDebugLB = Option{
Define: "LB_DEBUG",
Description: "Enable debugging trace statements for load balancer",
}
specDebugPolicy = Option{
Define: "POLICY_DEBUG",
Description: "Enable debugging trace statements for policy enforcement",
}
specDropNotify = Option{
Define: "DROP_NOTIFY",
Description: "Enable drop notifications",
}
specTraceNotify = Option{
Define: "TRACE_NOTIFY",
Description: "Enable trace notifications",
}
specPolicyVerdictNotify = Option{
Define: "POLICY_VERDICT_NOTIFY",
Description: "Enable policy verdict notifications",
}
specPolicyAuditMode = Option{
Define: "POLICY_AUDIT_MODE",
Description: "Enable audit mode for policies",
}
specMonitorAggregation = Option{
Define: "MONITOR_AGGREGATION",
Description: "Set the level of aggregation for monitor events in the datapath",
Verify: VerifyMonitorAggregationLevel,
Parse: ParseMonitorAggregationLevel,
Format: FormatMonitorAggregationLevel,
}
specSourceIPVerification = Option{
Define: "ENABLE_SIP_VERIFICATION",
Description: "Enable the check of the source IP on pod egress",
}
)