/
defaults.go
213 lines (156 loc) · 7.68 KB
/
defaults.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
// Copyright 2016-2019 Authors of Cilium
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package defaults
import (
"time"
)
const (
// IPv6ClusterAllocCIDR is the default value for option.IPv6ClusterAllocCIDR
IPv6ClusterAllocCIDR = IPv6ClusterAllocCIDRBase + "/64"
// IPv6ClusterAllocCIDRBase is the default base for IPv6ClusterAllocCIDR
IPv6ClusterAllocCIDRBase = "f00d::"
// RuntimePath is the default path to the runtime directory
RuntimePath = "/var/run/cilium"
// RuntimePathRights are the default access rights of the RuntimePath directory
RuntimePathRights = 0775
// StateDirRights are the default access rights of the state directory
StateDirRights = 0770
//StateDir is the default path for the state directory relative to RuntimePath
StateDir = "state"
// TemplatesDir is the default path for the compiled template objects relative to StateDir
TemplatesDir = "templates"
// TemplatePath is the default path for a symlink to a template relative to StateDir/<EPID>
TemplatePath = "template.o"
// BpfDir is the default path for template files relative to LibDir
BpfDir = "bpf"
// LibraryPath is the default path to the cilium libraries directory
LibraryPath = "/var/lib/cilium"
// SockPath is the path to the UNIX domain socket exposing the API to clients locally
SockPath = RuntimePath + "/cilium.sock"
// SockPathEnv is the environment variable to overwrite SockPath
SockPathEnv = "CILIUM_SOCK"
// MonitorSockPath1_0 is the path to the UNIX domain socket used to
// distribute BPF and agent events to listeners.
// This is the 1.0 protocol version.
MonitorSockPath1_0 = RuntimePath + "/monitor.sock"
// MonitorSockPath1_2 is the path to the UNIX domain socket used to
// distribute BPF and agent events to listeners.
// This is the 1.2 protocol version.
MonitorSockPath1_2 = RuntimePath + "/monitor1_2.sock"
// PidFilePath is the path to the pid file for the agent.
PidFilePath = RuntimePath + "/cilium.pid"
// EventsPipe is the name of the named pipe for agent <=> monitor events
EventsPipe = "events.sock"
// EnableHostIPRestore controls whether the host IP should be restored
// from previous state automatically
EnableHostIPRestore = true
// DefaultMapRoot is the default path where BPFFS should be mounted
DefaultMapRoot = "/sys/fs/bpf"
// DefaultCgroupRoot is the default path where cilium cgroup2 should be mounted
DefaultCgroupRoot = "/var/run/cilium/cgroupv2"
// SockopsEnable controsl whether sockmap should be used
SockopsEnable = false
// DefaultMapRootFallback is the path which is used when /sys/fs/bpf has
// a mount, but with the other filesystem than BPFFS.
DefaultMapRootFallback = "/run/cilium/bpffs"
// DefaultMapPrefix is the default prefix for all BPF maps.
DefaultMapPrefix = "tc/globals"
// ToFQDNsMinTTL is the default lower bound for TTLs used with ToFQDNs rules.
// This or ToFQDNsMinTTLPoller is used in DaemonConfig.Populate
ToFQDNsMinTTL = 604800 // 1 week in seconds
// ToFQDNsMinTTLPoller is the default lower bound for TTLs used with ToFQDNs
// rules when the poller is enabled.
// This or ToFQDNsMinTTL is used in DaemonConfig.Populate
ToFQDNsMinTTLPoller = 3600 // 1 hour in seconds
// ToFQDNsMaxIPsPerHost defines the maximum number of IPs to maintain
// for each FQDN name in an endpoint's FQDN cache
ToFQDNsMaxIPsPerHost = 50
// ToFQDNsPreCache is a path to a file with DNS cache data to insert into the
// global cache on startup.
// The file is not re-read after agent start.
ToFQDNsPreCache = ""
// IdentityChangeGracePeriod is the default value for
// option.IdentityChangeGracePeriod
IdentityChangeGracePeriod = 5 * time.Second
// ExecTimeout is a timeout for executing commands.
ExecTimeout = 300 * time.Second
// StatusCollectorInterval is the interval between a probe invocations
StatusCollectorInterval = 5 * time.Second
// StatusCollectorWarningThreshold is the duration after which a probe
// is declared as stale
StatusCollectorWarningThreshold = 15 * time.Second
// StatusCollectorFailureThreshold is the duration after which a probe
// is considered failed
StatusCollectorFailureThreshold = 1 * time.Minute
// EnableIPv4 is the default value for IPv4 enablement
EnableIPv4 = true
// EnableIPv6 is the default value for IPv6 enablement
EnableIPv6 = true
// PreAllocateMaps is the default value for BPF map preallocation
PreAllocateMaps = true
// EnableIPSec is the default value for IPSec enablement
EnableIPSec = false
// MonitorQueueSize is the default value for the monitor queue size
MonitorQueueSize = 32768
// NodeInitTimeout is the time the agent is waiting until giving up to
// initialize the local node with the kvstore
NodeInitTimeout = 15 * time.Minute
// ClientConnectTimeout is the time the cilium-agent client is
// (optionally) waiting before returning an error.
ClientConnectTimeout = 30 * time.Second
// DatapathMode is the default value for the datapath mode.
DatapathMode = "veth"
// EnableAutoDirectRouting is the default value for EnableAutoDirectRouting
EnableAutoDirectRouting = false
// EnableHealthChecking is the default value for EnableHealthChecking
EnableHealthChecking = true
// AlignCheckerName is the BPF object name for the alignchecker.
AlignCheckerName = "bpf_alignchecker.o"
// KVstorePeriodicSync is the default kvstore periodic sync interval
KVstorePeriodicSync = 5 * time.Minute
// PolicyQueueSize is the default queue size for policy-related events.
PolicyQueueSize = 100
// KVstoreQPS is default rate limit for kv store operations
KVstoreQPS = 20
// EndpointQueueSize is the default queue size for an endpoint.
EndpointQueueSize = 25
// SelectiveRegeneration specifies whether regeneration of endpoints will be
// invoked only for endpoints which are selected by policy changes.
SelectiveRegeneration = true
// K8sWatcherEndpointSelector specifies the k8s endpoints that Cilium
// should watch for.
K8sWatcherEndpointSelector = "metadata.name!=kube-scheduler,metadata.name!=kube-controller-manager,metadata.name!=etcd-operator,metadata.name!=gcp-controller-manager"
// ConntrackGCMaxLRUInterval is the maximum conntrack GC interval when using LRU maps
ConntrackGCMaxLRUInterval = 12 * time.Hour
// ConntrackGCMaxInterval is the maximum conntrack GC interval for non-LRU maps
ConntrackGCMaxInterval = 30 * time.Minute
// ConntrackGCMinInterval is the minimum conntrack GC interval
ConntrackGCMinInterval = 10 * time.Second
// ConntrackGCStartingInterval is the default starting interval for
// connection tracking garbage collection
ConntrackGCStartingInterval = 5 * time.Minute
// PolicyMapEntries is the default number of entries allowed in an
// endpoint's policymap, ie the maximum number of peer identities that
// the endpoint could send/receive traffic to/from.
PolicyMapEntries = 16384 // Cilium 1.5 and earlier value
// K8sEventHandover enables use of the kvstore to optimize Kubernetes
// event handling by listening for k8s events in the operator and
// mirroring it into the kvstore for reduced overhead in large
// clusters.
K8sEventHandover = false
// NodeDeleteDelay is the delay before an unreliable node delete is
// handled. During this delay, the node can re-appear and the delete
// event is ignored.
NodeDeleteDelay = 30 * time.Second
)