Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document all the fields in the Cilium spec #8559

Merged
merged 8 commits into from
Mar 13, 2020
Merged

Document all the fields in the Cilium spec #8559

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
73fb299
Document all the fields in the Cilium spec
Feb 14, 2020
d71c77a
Apply suggestions from code review
olemarkus Mar 2, 2020
8ca9bb1
Fixed more mistakes
Mar 2, 2020
c1e1231
Fix documentation for enableNodePort and IPAM
Mar 2, 2020
4f17852
Apply suggestions from code review
olemarkus Mar 3, 2020
3fc80bc
More documentation changes
Mar 3, 2020
8338824
Apply suggestions from code review
olemarkus Mar 4, 2020
3a32b76
Add the docs to the api specs
Mar 12, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
278 changes: 211 additions & 67 deletions pkg/apis/kops/networking.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,80 +195,224 @@ const CiliumIpamEni = "eni"

// CiliumNetworkingSpec declares that we want Cilium networking
type CiliumNetworkingSpec struct {
// Version is the version of the Cilium agent and the Cilium Operator.
Version string `json:"version,omitempty"`

AccessLog string `json:"accessLog,omitempty"`
AgentLabels []string `json:"agentLabels,omitempty"`
AgentPrometheusPort int `json:"agentPrometheusPort,omitempty"`
AllowLocalhost string `json:"allowLocalhost,omitempty"`
AutoIpv6NodeRoutes bool `json:"autoIpv6NodeRoutes,omitempty"`
BPFRoot string `json:"bpfRoot,omitempty"`
ContainerRuntime []string `json:"containerRuntime,omitempty"`
// AccessLog has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
AccessLog string `json:"accessLog,omitempty"`
// AgentLabels has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
AgentLabels []string `json:"agentLabels,omitempty"`
// AgentPrometheusPort is the port to listen to for Prometheus metrics.
// Defaults to 9090.
AgentPrometheusPort int `json:"agentPrometheusPort,omitempty"`
// AllowLocalhost has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
AllowLocalhost string `json:"allowLocalhost,omitempty"`
// AutoIpv6NodeRoutes has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
AutoIpv6NodeRoutes bool `json:"autoIpv6NodeRoutes,omitempty"`
// BPFRoot has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
BPFRoot string `json:"bpfRoot,omitempty"`
// ContainerRuntime has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
ContainerRuntime []string `json:"containerRuntime,omitempty"`
// ContainerRuntimeEndpoint has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
ContainerRuntimeEndpoint map[string]string `json:"containerRuntimeEndpoint,omitempty"`
Debug bool `json:"debug,omitempty"`
DebugVerbose []string `json:"debugVerbose,omitempty"`
Device string `json:"device,omitempty"`
DisableConntrack bool `json:"disableConntrack,omitempty"`
DisableIpv4 bool `json:"disableIpv4,omitempty"`
DisableK8sServices bool `json:"disableK8sServices,omitempty"`
EnablePolicy string `json:"enablePolicy,omitempty"`
EnableTracing bool `json:"enableTracing,omitempty"`
EnablePrometheusMetrics bool `json:"enablePrometheusMetrics,omitempty"`
EnvoyLog string `json:"envoyLog,omitempty"`
Ipv4ClusterCIDRMaskSize int `json:"ipv4ClusterCidrMaskSize,omitempty"`
Ipv4Node string `json:"ipv4Node,omitempty"`
Ipv4Range string `json:"ipv4Range,omitempty"`
Ipv4ServiceRange string `json:"ipv4ServiceRange,omitempty"`
Ipv6ClusterAllocCidr string `json:"ipv6ClusterAllocCidr,omitempty"`
Ipv6Node string `json:"ipv6Node,omitempty"`
Ipv6Range string `json:"ipv6Range,omitempty"`
Ipv6ServiceRange string `json:"ipv6ServiceRange,omitempty"`
K8sAPIServer string `json:"k8sApiServer,omitempty"`
K8sKubeconfigPath string `json:"k8sKubeconfigPath,omitempty"`
KeepBPFTemplates bool `json:"keepBpfTemplates,omitempty"`
KeepConfig bool `json:"keepConfig,omitempty"`
LabelPrefixFile string `json:"labelPrefixFile,omitempty"`
Labels []string `json:"labels,omitempty"`
LB string `json:"lb,omitempty"`
LibDir string `json:"libDir,omitempty"`
LogDrivers []string `json:"logDriver,omitempty"`
LogOpt map[string]string `json:"logOpt,omitempty"`
Logstash bool `json:"logstash,omitempty"`
LogstashAgent string `json:"logstashAgent,omitempty"`
LogstashProbeTimer uint32 `json:"logstashProbeTimer,omitempty"`
DisableMasquerade bool `json:"disableMasquerade,omitempty"`
Nat46Range string `json:"nat46Range,omitempty"`
Pprof bool `json:"pprof,omitempty"`
PrefilterDevice string `json:"prefilterDevice,omitempty"`
PrometheusServeAddr string `json:"prometheusServeAddr,omitempty"`
Restore bool `json:"restore,omitempty"`
SingleClusterRoute bool `json:"singleClusterRoute,omitempty"`
SocketPath string `json:"socketPath,omitempty"`
StateDir string `json:"stateDir,omitempty"`
TracePayloadLen int `json:"tracePayloadlen,omitempty"`
Tunnel string `json:"tunnel,omitempty"`

EnableIpv6 bool `json:"enableipv6"`
EnableIpv4 bool `json:"enableipv4"`
MonitorAggregation string `json:"monitorAggregation"`
BPFCTGlobalTCPMax int `json:"bpfCTGlobalTCPMax"`
BPFCTGlobalAnyMax int `json:"bpfCTGlobalAnyMax"`
PreallocateBPFMaps bool `json:"preallocateBPFMaps"`
// Debug runs Cilium in debug mode.
Debug bool `json:"debug,omitempty"`
// DebugVerbose has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
DebugVerbose []string `json:"debugVerbose,omitempty"`
// Device has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Device string `json:"device,omitempty"`
// DisableConntrack has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
DisableConntrack bool `json:"disableConntrack,omitempty"`
// DisableIpv4 is deprecated: Use EnableIpv4 instead.
// Setting this flag has no effect.
DisableIpv4 bool `json:"disableIpv4,omitempty"`
// DisableK8sServices has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
DisableK8sServices bool `json:"disableK8sServices,omitempty"`
// EnablePolicy determines the policy enforcement mode.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// "default": Follows Kubernetes policy enforcement.
// "always": Cilium restricts all traffic if no policy is in place.
// "never": Cilium allows all traffic regardless of policies in place.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
EnablePolicy string `json:"enablePolicy,omitempty"`
// EnableTracing has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
EnableTracing bool `json:"enableTracing,omitempty"`
// EnablePrometheusMetrics enables the Cilium /metrics endpoint for both the agent and the operator.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
EnablePrometheusMetrics bool `json:"enablePrometheusMetrics,omitempty"`
// EnvoyLog has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
EnvoyLog string `json:"envoyLog,omitempty"`
// Ipv4ClusterCIDRMaskSize has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Ipv4ClusterCIDRMaskSize int `json:"ipv4ClusterCidrMaskSize,omitempty"`
// Ipv4Node has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Ipv4Node string `json:"ipv4Node,omitempty"`
// Ipv4Range has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Ipv4Range string `json:"ipv4Range,omitempty"`
// Ipv4ServiceRange has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Ipv4ServiceRange string `json:"ipv4ServiceRange,omitempty"`
// Ipv6ClusterAllocCidr has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Ipv6ClusterAllocCidr string `json:"ipv6ClusterAllocCidr,omitempty"`
// Ipv6Node has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Ipv6Node string `json:"ipv6Node,omitempty"`
// Ipv6Range has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Ipv6Range string `json:"ipv6Range,omitempty"`
// Ipv6ServiceRange has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Ipv6ServiceRange string `json:"ipv6ServiceRange,omitempty"`
// K8sAPIServer has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
K8sAPIServer string `json:"k8sApiServer,omitempty"`
// K8sKubeconfigPath has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
K8sKubeconfigPath string `json:"k8sKubeconfigPath,omitempty"`
// KeepBPFTemplates has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
KeepBPFTemplates bool `json:"keepBpfTemplates,omitempty"`
// KeepConfig has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
KeepConfig bool `json:"keepConfig,omitempty"`
// LabelPrefixFile has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect
LabelPrefixFile string `json:"labelPrefixFile,omitempty"`
// Labels has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Labels []string `json:"labels,omitempty"`
// LB has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LB string `json:"lb,omitempty"`
// LibDir has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LibDir string `json:"libDir,omitempty"`
// LogDrivers has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LogDrivers []string `json:"logDriver,omitempty"`
// LogOpt has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LogOpt map[string]string `json:"logOpt,omitempty"`
// Logstash has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Logstash bool `json:"logstash,omitempty"`
// LogstashAgent has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LogstashAgent string `json:"logstashAgent,omitempty"`
// LogstashProbeTimer has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
LogstashProbeTimer uint32 `json:"logstashProbeTimer,omitempty"`
// DisableMasquerade determines if external traffic should be masqued behind the node IP.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
DisableMasquerade bool `json:"disableMasquerade,omitempty"`
// Nat6Range has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Nat46Range string `json:"nat46Range,omitempty"`
// Pprof has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Pprof bool `json:"pprof,omitempty"`
// PrefilterDevice has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
PrefilterDevice string `json:"prefilterDevice,omitempty"`
// PrometheusServeAddr is deprecated. Use EnablePrometheusMetrics and AgentPrometheusPort instead.
// Setting this has currently no effect.
PrometheusServeAddr string `json:"prometheusServeAddr,omitempty"`
// Restore has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
Restore bool `json:"restore,omitempty"`
// SingleClusterRoute has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
SingleClusterRoute bool `json:"singleClusterRoute,omitempty"`
// SocketPath has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
SocketPath string `json:"socketPath,omitempty"`
// StateDir has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
StateDir string `json:"stateDir,omitempty"`
// TracePayloadLen has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
TracePayloadLen int `json:"tracePayloadlen,omitempty"`
// Tunnel determines the cilium tunelling mode. Possible values are "vxlan", "geneve", or "disabled".
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// Default: vxlan
Tunnel string `json:"tunnel,omitempty"`
// EnableIpv6 enables cluster ipv6 traffic. Note that if both EnableIpv6 and EnableIpv4 are set to false.
// Ipv4 will be enabled.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// Default: false
EnableIpv6 bool `json:"enableipv6"`
// EnableIpv4 enables cluster ipv4 traffic. Note that if both EnableIpv6 and EnableIpv4 are set to false.
// Ipv4 will be enabled.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// Default: false
EnableIpv4 bool `json:"enableipv4"`
// MonitorAggregation sets the level of packet monitoring. Can be set to either "low", "medium", or "maximum".
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// Default: medium
MonitorAggregation string `json:"monitorAggregation"`
// BPFCTGlobalTCPMax is the maximum number of entries in TCP CT table.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// Default: 524288
BPFCTGlobalTCPMax int `json:"bpfCTGlobalTCPMax"`
// BPFCTGlobalAnyMax is the maximum number of entries in non-TCP CT table.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// Default: 262144
BPFCTGlobalAnyMax int `json:"bpfCTGlobalAnyMax"`
// PreallocateBPFMaps reduce the per-packet latency at the expense of up-front memory allocation.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// Default: true
PreallocateBPFMaps bool `json:"preallocateBPFMaps"`
// SidecarIstioProxyImage is the regular expression matching compatible Istio sidecar istio-proxy.
// container image names.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// Default: cilium/istio_proxy
SidecarIstioProxyImage string `json:"sidecarIstioProxyImage"`
ClusterName string `json:"clusterName"`
ToFqdnsEnablePoller bool `json:"toFqdnsEnablePoller"`
// ClusterName is the of the cluster and is only relevant when building a mesh of clusters.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
ClusterName string `json:"clusterName"`
// ToFqdnsEnablePoller is disabled by default starting from version 1.4.x in favor
// of a more powerful DNS proxy-based implementation.
// Enable this option if you want to use FQDN policies but do not want to use
// the DNS proxy.
// To ease upgrade, users may opt to set this option to "true".
// Default: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Version 1.4.x of what? Kops? Cilium?

The default is "true"? That seems to contradict the previous text.

I suggest first saying what it does, then talk about what the default is and possibly why one would want to change it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

ToFqdnsEnablePoller bool `json:"toFqdnsEnablePoller"`
// ContainerRuntimeLabels determines the container runtime(s) used by Cilium
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// Supported values are: "none", "containerd", "crio", "docker", "auto"
// Default: none
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
ContainerRuntimeLabels string `json:"containerRuntimeLabels,omitempty"`
IPTablesRulesNoinstall bool `json:"IPTablesRulesNoinstall"`
AutoDirectNodeRoutes bool `json:"autoDirectNodeRoutes"`
EnableNodePort bool `json:"enableNodePort"`
Ipam string `json:"ipam,omitempty"`
// Ipam determines which IP address allocation mode to use.
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// "eni" will use AWS native networking for pods
Ipam string `json:"ipam,omitempty"`
// IPTablesRulesNoinstall determins if the base iptables rules for cilium to mainly interact with kube-proxy (and masquerading)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"determins" is a typo and it looks like a verb is missing.
Perhaps something more like "IPTablesRulesNoinstall disables installing the base IPTables rules used for masquerading and kube-proxy."

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

// Default: false
IPTablesRulesNoinstall bool `json:"IPTablesRulesNoinstall"`
// AutoDirectNodeRoutes adds automatic L2 routing between nodes
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// Default: false
AutoDirectNodeRoutes bool `json:"autoDirectNodeRoutes"`
// EnableNodePort replaces kube-proxy with Cilium's BPF implementation
// Requires masquerading to be disabled
olemarkus marked this conversation as resolved.
Show resolved Hide resolved
// Default: false
EnableNodePort bool `json:"enableNodePort"`

//node init options
RemoveCbrBridge bool `json:"removeCbrBridge"`
RestartPods bool `json:"restartPods"`
ReconfigureKubelet bool `json:"reconfigureKubelet"`
// RemoveCbrBridge has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
RemoveCbrBridge bool `json:"removeCbrBridge"`
// RestartPods has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
RestartPods bool `json:"restartPods"`
// ReconfigureKubelet has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
ReconfigureKubelet bool `json:"reconfigureKubelet"`
// NodeInitBootstrapFile has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
NodeInitBootstrapFile string `json:"nodeInitBootstrapFile"`
CniBinPath string `json:"cniBinPath"`
// CniBinPath has not been implemented in the new templates and may be removed in the future.
// Setting this has currently no effect.
CniBinPath string `json:"cniBinPath"`
}

// LyftVPCNetworkingSpec declares that we want to use the cni-ipvlan-vpc-k8s CNI networking.
Expand Down