Skip to content

Commit

Permalink
Document all the fields in the Cilium spec
Browse files Browse the repository at this point in the history
  • Loading branch information
Ole Markus With committed Feb 14, 2020
1 parent 721ed47 commit a169697
Showing 1 changed file with 206 additions and 66 deletions.
272 changes: 206 additions & 66 deletions pkg/apis/kops/networking.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -197,77 +197,217 @@ const CiliumDefaultVersion = "v1.6.6"
type CiliumNetworkingSpec struct {
Version string `json:"version,omitempty"`

AccessLog string `json:"accessLog,omitempty"`
AgentLabels []string `json:"agentLabels,omitempty"`
AgentPrometheusPort int `json:"agentPrometheusPort,omitempty"`
AllowLocalhost string `json:"allowLocalhost,omitempty"`
AutoIpv6NodeRoutes bool `json:"autoIpv6NodeRoutes,omitempty"`
BPFRoot string `json:"bpfRoot,omitempty"`
ContainerRuntime []string `json:"containerRuntime,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
AccessLog string `json:"accessLog,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
AgentLabels []string `json:"agentLabels,omitempty"`
// The port to listen to for Prometheus metrics.
// Defaults to 9090
AgentPrometheusPort int `json:"agentPrometheusPort,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
AllowLocalhost string `json:"allowLocalhost,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
AutoIpv6NodeRoutes bool `json:"autoIpv6NodeRoutes,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
BPFRoot string `json:"bpfRoot,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
ContainerRuntime []string `json:"containerRuntime,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
ContainerRuntimeEndpoint map[string]string `json:"containerRuntimeEndpoint,omitempty"`
Debug bool `json:"debug,omitempty"`
DebugVerbose []string `json:"debugVerbose,omitempty"`
Device string `json:"device,omitempty"`
DisableConntrack bool `json:"disableConntrack,omitempty"`
DisableIpv4 bool `json:"disableIpv4,omitempty"`
DisableK8sServices bool `json:"disableK8sServices,omitempty"`
EnablePolicy string `json:"enablePolicy,omitempty"`
EnableTracing bool `json:"enableTracing,omitempty"`
EnablePrometheusMetrics bool `json:"enablePrometheusMetrics,omitempty"`
EnvoyLog string `json:"envoyLog,omitempty"`
Ipv4ClusterCIDRMaskSize int `json:"ipv4ClusterCidrMaskSize,omitempty"`
Ipv4Node string `json:"ipv4Node,omitempty"`
Ipv4Range string `json:"ipv4Range,omitempty"`
Ipv4ServiceRange string `json:"ipv4ServiceRange,omitempty"`
Ipv6ClusterAllocCidr string `json:"ipv6ClusterAllocCidr,omitempty"`
Ipv6Node string `json:"ipv6Node,omitempty"`
Ipv6Range string `json:"ipv6Range,omitempty"`
Ipv6ServiceRange string `json:"ipv6ServiceRange,omitempty"`
K8sAPIServer string `json:"k8sApiServer,omitempty"`
K8sKubeconfigPath string `json:"k8sKubeconfigPath,omitempty"`
KeepBPFTemplates bool `json:"keepBpfTemplates,omitempty"`
KeepConfig bool `json:"keepConfig,omitempty"`
LabelPrefixFile string `json:"labelPrefixFile,omitempty"`
Labels []string `json:"labels,omitempty"`
LB string `json:"lb,omitempty"`
LibDir string `json:"libDir,omitempty"`
LogDrivers []string `json:"logDriver,omitempty"`
LogOpt map[string]string `json:"logOpt,omitempty"`
Logstash bool `json:"logstash,omitempty"`
LogstashAgent string `json:"logstashAgent,omitempty"`
LogstashProbeTimer uint32 `json:"logstashProbeTimer,omitempty"`
DisableMasquerade bool `json:"disableMasquerade,omitempty"`
Nat46Range string `json:"nat46Range,omitempty"`
Pprof bool `json:"pprof,omitempty"`
PrefilterDevice string `json:"prefilterDevice,omitempty"`
PrometheusServeAddr string `json:"prometheusServeAddr,omitempty"`
Restore bool `json:"restore,omitempty"`
SingleClusterRoute bool `json:"singleClusterRoute,omitempty"`
SocketPath string `json:"socketPath,omitempty"`
StateDir string `json:"stateDir,omitempty"`
TracePayloadLen int `json:"tracePayloadlen,omitempty"`
Tunnel string `json:"tunnel,omitempty"`

EnableIpv6 bool `json:"enableipv6"`
EnableIpv4 bool `json:"enableipv4"`
MonitorAggregation string `json:"monitorAggregation"`
BPFCTGlobalTCPMax int `json:"bpfCTGlobalTCPMax"`
BPFCTGlobalAnyMax int `json:"bpfCTGlobalAnyMax"`
PreallocateBPFMaps bool `json:"preallocateBPFMaps"`
// Enable this to run Cilium in debug mode
Debug bool `json:"debug,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
DebugVerbose []string `json:"debugVerbose,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Device string `json:"device,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
DisableConntrack bool `json:"disableConntrack,omitempty"`
// Deprecated: Use EnableIpv4 instead
// Setting this flag has no effect
DisableIpv4 bool `json:"disableIpv4,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
DisableK8sServices bool `json:"disableK8sServices,omitempty"`
// Determines the policy enforcement mode.
// "default": Follows Kubernetes policy enforcement
// "always": Cilium restricts all traffic if no policy is in place
// "never": Cilium allows all traffic regardless of policies in place
EnablePolicy string `json:"enablePolicy,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
EnableTracing bool `json:"enableTracing,omitempty"`
// Set to true to enable the Cilium /metrics endpoint for both the agent and the operator
EnablePrometheusMetrics bool `json:"enablePrometheusMetrics,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
EnvoyLog string `json:"envoyLog,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Ipv4ClusterCIDRMaskSize int `json:"ipv4ClusterCidrMaskSize,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Ipv4Node string `json:"ipv4Node,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Ipv4Range string `json:"ipv4Range,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Ipv4ServiceRange string `json:"ipv4ServiceRange,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Ipv6ClusterAllocCidr string `json:"ipv6ClusterAllocCidr,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Ipv6Node string `json:"ipv6Node,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Ipv6Range string `json:"ipv6Range,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Ipv6ServiceRange string `json:"ipv6ServiceRange,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
K8sAPIServer string `json:"k8sApiServer,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
K8sKubeconfigPath string `json:"k8sKubeconfigPath,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
KeepBPFTemplates bool `json:"keepBpfTemplates,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
KeepConfig bool `json:"keepConfig,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
LabelPrefixFile string `json:"labelPrefixFile,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Labels []string `json:"labels,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
LB string `json:"lb,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
LibDir string `json:"libDir,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
LogDrivers []string `json:"logDriver,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
LogOpt map[string]string `json:"logOpt,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Logstash bool `json:"logstash,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
LogstashAgent string `json:"logstashAgent,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
LogstashProbeTimer uint32 `json:"logstashProbeTimer,omitempty"`
// Determine of external traffic should be masqued behind the node IP
DisableMasquerade bool `json:"disableMasquerade,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Nat46Range string `json:"nat46Range,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Pprof bool `json:"pprof,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
PrefilterDevice string `json:"prefilterDevice,omitempty"`
// Deprecated: Use EnablePrometheusMetrics and AgentPrometheusPort instead
// Setting this has currently no effect
PrometheusServeAddr string `json:"prometheusServeAddr,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
Restore bool `json:"restore,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
SingleClusterRoute bool `json:"singleClusterRoute,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
SocketPath string `json:"socketPath,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
StateDir string `json:"stateDir,omitempty"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
TracePayloadLen int `json:"tracePayloadlen,omitempty"`
// Cilium tunelling mode. Possible values are "vxlan", "geneve", or "disabled"
// Default: vxlan
Tunnel string `json:"tunnel,omitempty"`
// Enables cluster ipv6 traffic. Note that if both EnableIpv6 and EnableIpv4 are set to false
// Ipv4 will be enabled.
// Default: false
EnableIpv6 bool `json:"enableipv6"`
// Enables cluster ipv4 traffic. Note that if both EnableIpv6 and EnableIpv4 are set to false
// Ipv4 will be enabled.
// Default: false
EnableIpv4 bool `json:"enableipv4"`
// Sets the level of packet monitoring. Can be set to either "low", "medium", or "maximum"
// Default: medium
MonitorAggregation string `json:"monitorAggregation"`
// Maximum number of entries in TCP CT table
// Default: 524288
BPFCTGlobalTCPMax int `json:"bpfCTGlobalTCPMax"`
// Maximum number of entries in non-TCP CT table
// Default: 262144
BPFCTGlobalAnyMax int `json:"bpfCTGlobalAnyMax"`
// Pre-allocate BPF maps to reduce per-packet latency at the expense of up-front memory allocation
// Default: true
PreallocateBPFMaps bool `json:"preallocateBPFMaps"`
// Regular expression matching compatible Istio sidecar istio-proxy
// container image names
// Default: cilium/istio_proxy
SidecarIstioProxyImage string `json:"sidecarIstioProxyImage"`
ClusterName string `json:"clusterName"`
ToFqdnsEnablePoller bool `json:"toFqdnsEnablePoller"`
// Name of the cluster. Only relevant when building a mesh of clusters.
ClusterName string `json:"clusterName"`
// This option is disabled by default starting from version 1.4.x in favor
// of a more powerful DNS proxy-based implementation // Enable this option if you want to use FQDN policies but do not want to use
// the DNS proxy.
// To ease upgrade, users may opt to set this option to "true".
// Default: true
ToFqdnsEnablePoller bool `json:"toFqdnsEnablePoller"`
// Set the container runtime(s) used by Cilium
// Supported values are: "none", "containerd", "crio", "docker", "auto"
// Default: none
ContainerRuntimeLabels string `json:"containerRuntimeLabels,omitempty"`
IPTablesRulesNoinstall bool `json:"IPTablesRulesNoinstall"`
AutoDirectNodeRoutes bool `json:"autoDirectNodeRoutes"`
EnableNodePort bool `json:"enableNodePort"`
// Don't install base iptables rules for cilium to mainly interact with kube-proxy (and masquerading)
// Default: false
IPTablesRulesNoinstall bool `json:"IPTablesRulesNoinstall"`
// Enable automatic L2 routing between nodes
// Default: false
AutoDirectNodeRoutes bool `json:"autoDirectNodeRoutes"`
// Enable BPF NodePort replacing the kube-proxy NodePort implementation
// Requires masquerading to be disabled
// Default: false
EnableNodePort bool `json:"enableNodePort"`

//node init options
RemoveCbrBridge bool `json:"removeCbrBridge"`
RestartPods bool `json:"restartPods"`
ReconfigureKubelet bool `json:"reconfigureKubelet"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
RemoveCbrBridge bool `json:"removeCbrBridge"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
RestartPods bool `json:"restartPods"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
ReconfigureKubelet bool `json:"reconfigureKubelet"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
NodeInitBootstrapFile string `json:"nodeInitBootstrapFile"`
CniBinPath string `json:"cniBinPath"`
// This field has not been implemented in the new templates and may be removed in the future
// Setting this has currently no effect
CniBinPath string `json:"cniBinPath"`
}

// LyftIpVlanNetworkingSpec declares that we want to use the cni-ipvlan-vpc-k8s CNI networking
Expand Down

0 comments on commit a169697

Please sign in to comment.