option

package
v0.0.0-...-ec72bf4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// GopsPort is the TCP port for the gops server.
	GopsPort = "gops-port"
	// AgentHealthPort is the TCP port for agent health status API
	AgentHealthPort = "health-port"

	// ClusterHealthPort is the TCP port for cluster-wide network connectivity health API
	ClusterHealthPort = "cluster-health-port"

	// AgentLabels are additional labels to identify this agent
	AgentLabels = "agent-labels"

	// AllowLocalhost is the policy when to allow local stack to reach local endpoints { auto | always | policy }
	AllowLocalhost = "allow-localhost"

	// AllowLocalhostAuto defaults to policy except when running in
	// Kubernetes where it then defaults to "always"
	AllowLocalhostAuto = "auto"

	// AllowLocalhostAlways always allows the local stack to reach local
	// endpoints
	AllowLocalhostAlways = "always"

	// AnnotateK8sNode enables annotating a kubernetes node while bootstrapping
	// the daemon, which can also be disbled using this option.
	AnnotateK8sNode = "annotate-k8s-node"
	// ConfigFile is the Configuration file (default "$HOME/cced.yaml")
	ConfigFile = "config"

	// ConfigDir is the directory that contains a file for each option where
	// the filename represents the option name and the content of that file
	// represents the value of that option.
	ConfigDir = "config-dir"

	// DebugArg is the argument enables debugging mode
	DebugArg = "debug"

	// Add unreachable routes on pod deletion
	EnableUnreachableRoutes = "enable-unreachable-routes"

	// IPv4Range is the per-node IPv4 endpoint prefix, e.g. 10.16.0.0/16
	IPv4Range = "ipv4-range"

	// IPv6Range is the per-node IPv6 endpoint prefix, must be /96, e.g. fd02:1:1::/96
	IPv6Range = "ipv6-range"

	// IPv4ServiceRange is the Kubernetes IPv4 services CIDR if not inside cluster prefix
	IPv4ServiceRange = "ipv4-service-range"

	// IPv6ServiceRange is the Kubernetes IPv6 services CIDR if not inside cluster prefix
	IPv6ServiceRange = "ipv6-service-range"

	// IPv6ClusterAllocCIDRName is the name of the IPv6ClusterAllocCIDR option
	IPv6ClusterAllocCIDRName = "ipv6-cluster-alloc-cidr"

	// K8sRequireIPv4PodCIDRName is the name of the K8sRequireIPv4PodCIDR option
	K8sRequireIPv4PodCIDRName = "k8s-require-ipv4-pod-cidr"

	// K8sRequireIPv6PodCIDRName is the name of the K8sRequireIPv6PodCIDR option
	K8sRequireIPv6PodCIDRName = "k8s-require-ipv6-pod-cidr"

	// K8sWatcherEndpointSelector specifies the k8s endpoints that CCE
	// should watch for.
	K8sWatcherEndpointSelector = "k8s-watcher-endpoint-selector"

	// K8sAPIServer is the kubernetes api address server (for https use --k8s-kubeconfig-path instead)
	K8sAPIServer = "k8s-api-server"

	// K8sKubeConfigPath is the absolute path of the kubernetes kubeconfig file
	K8sKubeConfigPath = "k8s-kubeconfig-path"

	// K8sServiceCacheSize is service cache size for cce k8s package.
	K8sServiceCacheSize = "k8s-service-cache-size"

	// K8sSyncTimeout is the timeout since last event was received to synchronize all resources with k8s.
	K8sSyncTimeoutName = "k8s-sync-timeout"

	// LibDir enables the directory path to store runtime build environment
	LibDir = "lib-dir"

	// LogDriver sets logging endpoints to use for example syslog, fluentd
	LogDriver = "log-driver"

	// LogOpt sets log driver options for cce
	LogOpt = "log-opt"

	// Logstash enables logstash integration
	Logstash = "logstash"

	IPTablesLockTimeout = "iptables-lock-timeout"

	// IPTablesRandomFully sets iptables flag random-fully on masquerading rules
	IPTablesRandomFully = "iptables-random-fully"

	// IPv6NodeAddr is the IPv6 address of node
	IPv6NodeAddr = "ipv6-node"

	// IPv4NodeAddr is the IPv4 address of node
	IPv4NodeAddr = "ipv4-node"

	// Restore restores state, if possible, from previous daemon
	Restore = "restore"

	// SocketPath sets daemon's socket path to listen for connections
	SocketPath = "socket-path"

	// StateDir is the directory path to store runtime state
	StateDir = "state-dir"

	// TracePayloadlen length of payload to capture when tracing
	TracePayloadlen = "trace-payloadlen"

	// Version prints the version information
	Version = "version"

	// PProf enables serving the pprof debugging API
	PProf = "pprof"

	// PProfPort is the port that the pprof listens on
	PProfPort = "pprof-port"

	ProcFs = "procfs"

	// PrometheusServeAddr IP:Port on which to serve prometheus metrics (pass ":Port" to bind on all interfaces, "" is off)
	PrometheusServeAddr = "prometheus-serve-addr"

	// CMDRef is the path to cmdref output directory
	CMDRef = "cmdref"

	// MTUName is the name of the MTU option
	MTUName = "mtu"

	// HostServicesTCP is the name of EnableHostServicesTCP config
	HostServicesTCP = "tcp"

	// HostServicesUDP is the name of EnableHostServicesUDP config
	HostServicesUDP = "udp"

	// SingleClusterRouteName is the name of the SingleClusterRoute option
	//
	// SingleClusterRoute enables use of a single route covering the entire
	// cluster CIDR to point to the cce_host interface instead of using
	// a separate route for each cluster node CIDR. This option is not
	// compatible with Tunnel=TunnelDisabled
	SingleClusterRouteName = "single-cluster-route"

	// MonitorAggregationInterval configures interval for monitor-aggregation
	MonitorAggregationInterval = "monitor-aggregation-interval"

	// MonitorAggregationFlags configures TCP flags used by monitor aggregation.
	MonitorAggregationFlags = "monitor-aggregation-flags"

	// LogSystemLoadConfigName is the name of the option to enable system
	// load loggging
	LogSystemLoadConfigName = "log-system-load"

	// DisableCCEEndpointCRDName is the name of the option to disable
	// use of the CEP CRD
	DisableCCEEndpointCRDName = "disable-endpoint-crd"

	// DisableENICRDName is the name of the option to disable
	// use of the ENI CRD
	DisableENICRDName = "disable-eni-crd"

	// MaxCtrlIntervalName and MaxCtrlIntervalNameEnv allow configuration
	// of MaxControllerInterval.
	MaxCtrlIntervalName = "max-controller-interval"

	// K8sNamespaceName is the name of the K8sNamespace option
	K8sNamespaceName = "k8s-namespace"

	// AgentNotReadyNodeTaintKeyName is the name of the option to set
	// AgentNotReadyNodeTaintKey
	AgentNotReadyNodeTaintKeyName = "agent-not-ready-taint-key"

	// EnableIPv4Name is the name of the option to enable IPv4 support
	EnableIPv4Name = "enable-ipv4"

	// EnableIPv6Name is the name of the option to enable IPv6 support
	EnableIPv6Name = "enable-ipv6"

	// EnableRDMAName is the name of the option to enable RDMA support
	EnableRDMAName = "enable-rdma"

	// EnableIPv6NDPName is the name of the option to enable IPv6 NDP support
	EnableIPv6NDPName = "enable-ipv6-ndp"

	// IPv6MCastDevice is the name of the option to select IPv6 multicast device
	IPv6MCastDevice = "ipv6-mcast-device"

	// EnableMonitor is the name of the option to enable the monitor socket
	EnableMonitorName = "enable-monitor"

	// MonitorQueueSizeName is the name of the option MonitorQueueSize
	MonitorQueueSizeName = "monitor-queue-size"

	// IPAllocationTimeout is the timeout when allocating CIDRs
	IPAllocationTimeout = "ip-allocation-timeout"

	// EnableHealthChecking is the name of the EnableHealthChecking option
	EnableHealthChecking = "enable-health-checking"

	// EnableEndpointHealthChecking is the name of the EnableEndpointHealthChecking option
	EnableEndpointHealthChecking = "enable-endpoint-health-checking"

	// EndpointGCInterval interval to attempt garbage collection of
	// endpoints that are no longer alive and healthy.
	EndpointGCInterval = "endpoint-gc-interval"

	// K8sEventHandover is the name of the K8sEventHandover option
	K8sEventHandover = "enable-k8s-event-handover"

	// Metrics represents the metrics subsystem that CCE should expose
	// to prometheus.
	Metrics = "metrics"

	// LoopbackIPv4 is the address to use for service loopback SNAT
	LoopbackIPv4 = "ipv4-service-loopback-address"

	// LocalRouterIPv4 is the link-local IPv4 address to use for CCE router device
	LocalRouterIPv4 = "local-router-ipv4"

	// LocalRouterIPv6 is the link-local IPv6 address to use for CCE router device
	LocalRouterIPv6 = "local-router-ipv6"

	// EndpointInterfaceNamePrefix is the prefix name of the interface
	// names shared by all endpoints
	EndpointInterfaceNamePrefix = "endpoint-interface-name-prefix"

	// SkipCRDCreation specifies whether the CustomResourceDefinition will be
	// created by the daemon
	SkipCRDCreation = "skip-crd-creation"

	// EnableEndpointRoutes enables use of per endpoint routes
	EnableEndpointRoutes = "enable-endpoint-routes"

	// ExcludeLocalAddress excludes certain addresses to be recognized as a
	// local address
	ExcludeLocalAddress = "exclude-local-address"

	EnableBandwidthManager   = "enable-bandwidth-manager"
	EnableEgressPriority     = "enable-egress-priority"
	EnableEgressPriorityDSCP = "enable-egress-priority-dscp"

	// IPv4PodSubnets A list of IPv4 subnets that pods may be
	// assigned from. Used with CNI chaining where IPs are not directly managed
	// by CCE.
	IPv4PodSubnets = "ipv4-pod-subnets"

	// IPv6PodSubnets A list of IPv6 subnets that pods may be
	// assigned from. Used with CNI chaining where IPs are not directly managed
	// by CCE.
	IPv6PodSubnets = "ipv6-pod-subnets"

	// IPAM is the IPAM method to use
	IPAM = "ipam"

	// K8sClientQPSLimit is the queries per second limit for the K8s client. Defaults to k8s client defaults.
	K8sClientQPSLimit = "k8s-client-qps"

	// K8sClientBurst is the burst value allowed for the K8s client. Defaults to k8s client defaults.
	K8sClientBurst        = "k8s-client-burst"
	K8sEnableAPIDiscovery = "k8s-api-discovery"

	// AutoCreateNetResourceSetResource enables automatic creation of a
	// NetResourceSet resource for the local node
	AutoCreateNetResourceSetResource = "auto-create-network-resource-set-resource"

	// IPv4NativeRoutingCIDR describes a v4 CIDR in which pod IPs are routable
	IPv4NativeRoutingCIDR = "ipv4-native-routing-cidr"

	// IPv6NativeRoutingCIDR describes a v6 CIDR in which pod IPs are routable
	IPv6NativeRoutingCIDR = "ipv6-native-routing-cidr"

	// K8sHeartbeatTimeout configures the timeout for apiserver heartbeat
	K8sHeartbeatTimeout = "k8s-heartbeat-timeout"

	// APIRateLimitName enables configuration of the API rate limits
	APIRateLimitName = "api-rate-limit"

	// DefaultAPIBurst is the burst value allowed when accessing external Cloud APIs
	DefaultAPIBurst = "default-api-burst"

	// DefaultAPIQPSLimit is the queries per second limit when accessing external Cloud APIs
	DefaultAPIQPSLimit = "default-api-qps"

	// DefaultAPITimeoutLimit is the timeout limit when accessing external Cloud APIs
	DefaultAPITimeoutLimit = "default-api-timeout"

	// CRDWaitTimeout is the timeout in which CCE will exit if CRDs are not
	// available.
	CRDWaitTimeout = "crd-wait-timeout"

	// CCEEndpointGCInterval interval of single machine recycling endpoint
	CCEEndpointGCInterval = "cce-endpoint-gc-interval"
	// FixedIPTimeout Timeout for waiting for the fixed IP assignment to succeed
	FixedIPTimeout = "fixed-ip-allocate-timeout"

	// BCECloudVPCID allows user to specific vpc
	BCECloudVPCID = "bce-cloud-vpc-id"
	// ClusterID is the cluster ID of the CCE cluster
	ClusterID              = "cce-cluster-id"
	ResourceResyncInterval = "resource-resync-interval"

	// this flags only use for vpc-eni mode
	ENIUseMode                    = "eni-use-mode"
	MaxAllocateENI                = "max-allocate-eni"
	MaxIPsPerENI                  = "max-ips-per-eni"
	ENIPreAllocateENINum          = "eni-pre-allocate-num"
	ENISubnets                    = "eni-subnet-ids"
	ENIRouteTableOffset           = "eni-route-table-offset"
	ENISecurityGroupIDs           = "eni-security-group-ids"
	ENIEnterpriseSecurityGroupIds = "eni-enterprise-security-group-ids"
	ENIInstallSourceBasedRouting  = "eni-install-source-based-routing"
	IPPoolMinAllocateIPs          = "ippool-min-allocate-ips"
	IPPoolPreAllocate             = "ippool-pre-allocate"
	IPPoolMaxAboveWatermark       = "ippool-max-above-watermark"

	// BurstableMehrfachENI is the number of idle IPs with the minimum reserved ENI
	// IP capacity multiple. If 0, it means that the Burstable ENI mode is not used.
	// If it is 1, it means always ensuring that an ENI's IP address is in a ready
	// idle state (ready+IP capacity is full)
	BurstableMehrfachENI = "burstable-mehrfach-eni"

	// this flags only use for vpc-rdma mode
	MaxRDMAIPsPerENI            = "rdma-max-ips-per-eni"
	RDMAIPPoolMinAllocateIPs    = "rdma-ippool-min-allocate-ips"
	RDMAIPPoolPreAllocate       = "rdma-ippool-pre-allocate"
	RDMAIPPoolMaxAboveWatermark = "rdma-ippool-max-above-watermark"

	ExtCNIPluginsList = "ext-cni-plugins"
)
View Source 
const (
	// TunnelVXLAN specifies VXLAN encapsulation
	TunnelVXLAN = "vxlan"

	// TunnelGeneve specifies Geneve encapsulation
	TunnelGeneve = "geneve"

	// TunnelDisabled specifies to disable encapsulation
	TunnelDisabled = "disabled"
)

Available option for DaemonConfig.Tunnel

View Source 
const (
	// WriteCNIConfigurationWhenReady writes the CNI configuration to the
	// specified location once the agent is ready to serve requests. This
	// allows to keep a Kubernetes node NotReady until CCE is up and
	// running and able to schedule endpoints.
	WriteCNIConfigurationWhenReady = "write-cni-conf-when-ready"

	// EnableCCEEndpointSlice enables the cce endpoint slicing feature.
	EnableCCEEndpointSlice = "enable-cce-endpoint-slice"
)
View Source 
const (
	// NodePortMinDefault is the minimal port to listen for NodePort requests
	NodePortMinDefault = 30000

	// NodePortMaxDefault is the maximum port to listen for NodePort requests
	NodePortMaxDefault = 32767
)
View Source 
const (
	// TCP_FIN, ... from <linux/tcp.h> (host byte-order)
	TCP_FIN = uint16(0x0001)
	TCP_SYN = uint16(0x0002)
	TCP_RST = uint16(0x0004)
	TCP_PSH = uint16(0x0008)
	TCP_ACK = uint16(0x0010)
	TCP_URG = uint16(0x0020)
	TCP_ECE = uint16(0x0040)
	TCP_CWR = uint16(0x0080)
)
View Source 
const (
	PolicyTracing       = "PolicyTracing"
	ConntrackAccounting = "ConntrackAccounting"
	ConntrackLocal      = "ConntrackLocal"
	Debug               = "Debug"
	DebugLB             = "DebugLB"
	DebugPolicy         = "DebugPolicy"
	DropNotify          = "DropNotification"
	TraceNotify         = "TraceNotification"
	PolicyVerdictNotify = "PolicyVerdictNotification"
	PolicyAuditMode     = "PolicyAuditMode"
	MonitorAggregation  = "MonitorAggregationLevel"
	AlwaysEnforce       = "always"
	NeverEnforce        = "never"
	DefaultEnforcement  = "default"
)
View Source 
const HostExtensionMKE = 0x1bda7a

Variables

View Source 
var (

	// DaemonOptionLibrary is the daemon's option library that should be
	// used for read-only.
	DaemonOptionLibrary = OptionLibrary{
		PolicyTracing: &specPolicyTracing,
	}

	DaemonMutableOptionLibrary = OptionLibrary{
		ConntrackAccounting: &specConntrackAccounting,
		ConntrackLocal:      &specConntrackLocal,
		Debug:               &specDebug,
		DebugLB:             &specDebugLB,
		DebugPolicy:         &specDebugPolicy,
		DropNotify:          &specDropNotify,
		TraceNotify:         &specTraceNotify,
		PolicyVerdictNotify: &specPolicyVerdictNotify,
		PolicyAuditMode:     &specPolicyAuditMode,
		MonitorAggregation:  &specMonitorAggregation,
	}
)
View Source 
var (
	// Config represents the daemon configuration
	Config = &DaemonConfig{
		CreationTime:                     time.Now(),
		Opts:                             NewIntOptions(&DaemonOptionLibrary),
		Monitor:                          &models.MonitorStatus{Cpus: int64(runtime.NumCPU()), Npages: 64, Pagesize: int64(os.Getpagesize()), Lost: 0, Unknown: 0},
		IPv6ClusterAllocCIDR:             defaults.IPv6ClusterAllocCIDR,
		IPv6ClusterAllocCIDRBase:         defaults.IPv6ClusterAllocCIDRBase,
		EnableHealthChecking:             defaults.EnableHealthChecking,
		EnableEndpointHealthChecking:     defaults.EnableEndpointHealthChecking,
		EnableHealthCheckNodePort:        defaults.EnableHealthCheckNodePort,
		EnableIPv4:                       defaults.EnableIPv4,
		EnableIPv6:                       defaults.EnableIPv6,
		EnableIPv6NDP:                    defaults.EnableIPv6NDP,
		EnableRDMA:                       defaults.EnableRDMA,
		LogOpt:                           make(map[string]string),
		LoopbackIPv4:                     defaults.LoopbackIPv4,
		ForceLocalPolicyEvalAtSource:     defaults.ForceLocalPolicyEvalAtSource,
		EnableEndpointRoutes:             defaults.EnableEndpointRoutes,
		AnnotateK8sNode:                  defaults.AnnotateK8sNode,
		K8sServiceCacheSize:              defaults.K8sServiceCacheSize,
		AutoCreateNetResourceSetResource: defaults.AutoCreateNetResourceSetResource,
		K8sEnableAPIDiscovery:            defaults.K8sEnableAPIDiscovery,

		K8sEnableLeasesFallbackDiscovery: defaults.K8sEnableLeasesFallbackDiscovery,
		APIRateLimit:                     make(map[string]string),
		FixedIPTimeout:                   defaults.CCEEndpointGCInterval,
		CCEEndpointGC:                    defaults.CCEEndpointGCInterval,
	}
)
View Source 
var RegisteredOptions = map[string]struct{}{}

RegisteredOptions maps all options that are bind to viper.

View Source 
var (
	TCPFlags = map[string]uint16{
		"none": uint16(0x0000),
		"all":  uint16(0x00FF),
		"fin":  TCP_FIN,
		"syn":  TCP_SYN,
		"rst":  TCP_RST,
		"psh":  TCP_PSH,
		"ack":  TCP_ACK,
		"urg":  TCP_URG,
		"ece":  TCP_ECE,
		"cwr":  TCP_CWR,
	}
)

Functions

func BindEnv 

func BindEnv(optName string)

BindEnv binds the option name with an deterministic generated environment variable which s based on the given optName. If the same optName is bind more than 1 time, this function panics.

func BindEnvWithLegacyEnvFallback 

func BindEnvWithLegacyEnvFallback(optName, legacyEnvName string)

BindEnvWithLegacyEnvFallback binds the given option name with either the same environment variable as BindEnv, if it's set, or with the given legacyEnvName.

The function is used to work around the viper.BindEnv limitation that only one environment variable can be bound for an option, and we need multiple environment variables due to backward compatibility reasons.

func FormatMonitorAggregationLevel 

func FormatMonitorAggregationLevel(level OptionSetting) string

FormatMonitorAggregationLevel maps a MonitorAggregationLevel to a string.

func GetTunnelModes 

func GetTunnelModes() string

GetTunnelModes returns the list of all tunnel modes

func InitConfig 

func InitConfig(cmd *cobra.Command, programName, configName string) func()

InitConfig reads in config file and ENV variables if set.

func LogRegisteredOptions 

func LogRegisteredOptions(entry *logrus.Entry)

LogRegisteredOptions logs all options that where bind to viper.

func MergeConfig 

func MergeConfig(m map[string]interface{}) error

MergeConfig merges the given configuration map with viper's configuration.

func MightAutoDetectDevices 

func MightAutoDetectDevices() bool

MightAutoDetectDevices returns true if the device auto-detection might take place.

func ReadDirConfig 

func ReadDirConfig(dirName string) (map[string]interface{}, error)

ReadDirConfig reads the given directory and returns a map that maps the filename to the contents of that file.

func ReplaceDeprecatedFields 

func ReplaceDeprecatedFields(m map[string]interface{})

ReplaceDeprecatedFields replaces the deprecated options set with the new set of options that overwrite the deprecated ones. This function replaces the deprecated fields used by environment variables with a different name than the option they are setting. This also replaces the deprecated names used in the Kubernetes ConfigMap. Once we remove them from this function we also need to remove them from daemon_main.go and warn users about the old environment variable nor the option in the configuration map have any effect.

func StoreViperInFile 

func StoreViperInFile(dir string) error

StoreViperInFile stores viper's configuration in a the given directory under the file name 'viper-config.yaml'. If this file already exists, it is renamed to 'viper-config-1.yaml', if 'viper-config-1.yaml' also exists, 'viper-config-1.yaml' is renamed to 'viper-config-2.yaml'

func VerifyMonitorAggregationLevel 

func VerifyMonitorAggregationLevel(key, value string) error

VerifyMonitorAggregationLevel validates the specified key/value for a monitor aggregation level.

Types

type BPFClockSource 

type BPFClockSource int
const (
	ClockSourceKtime BPFClockSource = iota
	ClockSourceJiffies
)

type ChangedFunc 

type ChangedFunc func(key string, value OptionSetting, data interface{})

ChangedFunc is called by `Apply()` for each option changed

type DaemonConfig 

type DaemonConfig struct {
	CreationTime time.Time
	RunDir       string // CCE runtime directory
	HostV4Addr   net.IP // Host v4 address of the snooping device
	HostV6Addr   net.IP // Host v6 address of the snooping device
	DryMode      bool   // Do not create BPF maps, devices, ..

	IPAllocationTimeout time.Duration
	// AllowLocalhost defines when to allows the local stack to local endpoints
	// values: { auto | always | policy }
	AllowLocalhost string

	// StateDir is the directory where runtime state of endpoints is stored
	StateDir string

	SocketPath string

	// Options changeable at runtime
	Opts *IntOptions

	// Mutex for serializing configuration updates to the daemon.
	ConfigPatchMutex lock.RWMutex

	// Monitor contains the configuration for the node monitor.
	Monitor  *models.MonitorStatus
	GopsPort int
	// AgentHealthPort is the TCP port for agent health status API
	AgentHealthPort int

	// AgentLabels contains additional labels to identify this agent in monitor events.
	AgentLabels []string

	// IPv6ClusterAllocCIDR is the base CIDR used to allocate IPv6 node
	// CIDRs if allocation is not performed by an orchestration system
	IPv6ClusterAllocCIDR string

	// IPv6ClusterAllocCIDRBase is derived from IPv6ClusterAllocCIDR and
	// contains the CIDR without the mask, e.g. "fdfd::1/64" -> "fdfd::"
	//
	// This variable should never be written to, it is initialized via
	// DaemonConfig.Validate()
	IPv6ClusterAllocCIDRBase string

	// K8sRequireIPv4PodCIDR requires the k8s node resource to specify the
	// IPv4 PodCIDR. CCE will block bootstrapping until the information
	// is available.
	K8sRequireIPv4PodCIDR bool

	// K8sRequireIPv6PodCIDR requires the k8s node resource to specify the
	// IPv6 PodCIDR. CCE will block bootstrapping until the information
	// is available.
	K8sRequireIPv6PodCIDR bool

	// K8sServiceCacheSize is the service cache size for cce k8s package.
	K8sServiceCacheSize uint

	// MTU is the maximum transmission unit of the underlying network
	MTU int

	// EnableMonitor enables the monitor unix domain socket server
	EnableMonitor bool

	// MonitorAggregationInterval configures the interval between monitor
	// messages when monitor aggregation is enabled.
	MonitorAggregationInterval time.Duration

	// MonitorAggregationFlags determines which TCP flags that the monitor
	// aggregation ensures reports are generated for when monitor-aggragation
	// is enabled. Network byte-order.
	MonitorAggregationFlags uint16

	// DisableCCEEndpointCRD disables the use of CCEEndpoint CRD
	DisableCCEEndpointCRD bool

	// DisableENICRD disables the use of ENI CRD
	DisableENICRD bool

	// MaxControllerInterval is the maximum value for a controller's
	// RunInterval. Zero means unlimited.
	MaxControllerInterval int

	// UseSingleClusterRoute specifies whether to use a single cluster route
	// instead of per-node routes.
	UseSingleClusterRoute bool

	ProcFs string

	// K8sNamespace is the name of the namespace in which CCE is
	// deployed in when running in Kubernetes mode
	K8sNamespace string

	// AgentNotReadyNodeTaint is a node taint which prevents pods from being
	// scheduled. Once cce is setup it is removed from the node. Mostly
	// used in cloud providers to prevent existing CNI plugins from managing
	// pods.
	AgentNotReadyNodeTaintKey string

	// EnableIPv4 is true when IPv4 is enabled
	EnableIPv4 bool

	// EnableIPv6 is true when IPv6 is enabled
	EnableIPv6 bool

	// EnableIPv6NDP is true when NDP is enabled for IPv6
	EnableIPv6NDP bool

	// EnableRDMA is true when RDMA is enabled
	EnableRDMA bool

	// IPv6MCastDevice is the name of device that joins IPv6's solicitation multicast group
	IPv6MCastDevice string
	// MonitorQueueSize is the size of the monitor event queue
	MonitorQueueSize int

	ConfigFile                 string
	ConfigDir                  string
	Debug                      bool
	DebugVerbose               []string
	EnableTracing              bool
	IPv4Range                  string
	IPv6Range                  string
	K8sAPIServer               string
	K8sKubeConfigPath          string
	K8sClientBurst             int
	K8sClientQPSLimit          float64
	K8sHeartbeatTimeout        time.Duration
	K8sSyncTimeout             time.Duration
	K8sWatcherEndpointSelector string
	LogDriver                  []string
	LogOpt                     map[string]string
	Logstash                   bool
	LogSystemLoadConfig        bool

	TracePayloadlen     int
	Version             string
	PProf               bool
	PProfPort           int
	PrometheusServeAddr string

	// EnableAutoDirectRouting enables installation of direct routes to
	// other nodes when available
	EnableAutoDirectRouting bool
	EnableUnreachableRoutes bool

	// EnableLocalNodeRoute controls installation of the route which points
	// the allocation prefix of the local node.
	EnableLocalNodeRoute bool

	// EnableHealthChecking enables health checking between nodes and
	// health endpoints
	EnableHealthChecking bool

	// EnableEndpointHealthChecking enables health checking between virtual
	// health endpoints
	EnableEndpointHealthChecking bool

	// EnableHealthCheckNodePort enables health checking of NodePort by
	// cce
	EnableHealthCheckNodePort bool

	// EndpointGCInterval is interval to attempt garbage collection of
	// endpoints that are no longer alive and healthy.
	EndpointGCInterval time.Duration

	// ConntrackGCInterval is the connection tracking garbage collection
	// interval
	ConntrackGCInterval time.Duration

	// K8sEventHandover enables use of the kvstore to optimize Kubernetes
	// event handling by listening for k8s events in the operator and
	// mirroring it into the kvstore for reduced overhead in large
	// clusters.
	K8sEventHandover bool

	// MetricsConfig is the configuration set in metrics
	MetricsConfig metrics.Configuration

	// LoopbackIPv4 is the address to use for service loopback SNAT
	LoopbackIPv4 string

	// LocalRouterIPv4 is the link-local IPv4 address used for CCE's router device
	LocalRouterIPv4 string

	// LocalRouterIPv6 is the link-local IPv6 address used for CCE's router device
	LocalRouterIPv6 string

	// ForceLocalPolicyEvalAtSource forces a policy decision at the source
	// endpoint for all local communication
	ForceLocalPolicyEvalAtSource bool

	// EnableEndpointRoutes enables use of per endpoint routes
	EnableEndpointRoutes bool

	// Specifies wheather to annotate the kubernetes nodes or not
	AnnotateK8sNode bool

	// RunMonitorAgent indicates whether to run the monitor agent
	RunMonitorAgent bool

	// WriteCNIConfigurationWhenReady writes the CNI configuration to the
	// specified location once the agent is ready to serve requests. This
	// allows to keep a Kubernetes node NotReady until CCE is up and
	// running and able to schedule endpoints.
	WriteCNIConfigurationWhenReady string

	// EnableHealthDatapath enables IPIP health probes data path
	EnableHealthDatapath bool

	// KernelHz is the HZ rate the kernel is operating in
	KernelHz int

	// ExcludeLocalAddresses excludes certain addresses to be recognized as
	// a local address
	ExcludeLocalAddresses []*net.IPNet

	// IPv4PodSubnets available subnets to be assign IPv4 addresses to pods from
	IPv4PodSubnets []*net.IPNet

	// IPv6PodSubnets available subnets to be assign IPv6 addresses to pods from
	IPv6PodSubnets []*net.IPNet

	// IPAM is the IPAM method to use
	IPAM string

	// IPAM Config is the Configuration to use for Ethernet IPAM
	IPPoolMinAllocateIPs    int
	IPPoolPreAllocate       int
	IPPoolMaxAboveWatermark int

	// BurstableMehrfachENI is the number of idle IPs with the minimum reserved ENI
	// IP capacity multiple. If 0, it means that the Burstable ENI mode is not used.
	// If it is 1, it means always ensuring that an ENI's IP address is in a ready
	// idle state (ready+IP capacity is full)
	// default is 1
	BurstableMehrfachENI int

	// RDMAIPAM Config is the Configuration to use for RDMA
	RDMAIPPoolMinAllocateIPs    int
	RDMAIPPoolPreAllocate       int
	RDMAIPPoolMaxAboveWatermark int

	// AutoCreateNetResourceSetResource enables automatic creation of a
	// NetResourceSet resource for the local node
	AutoCreateNetResourceSetResource bool

	// IPv4NativeRoutingCIDR describes a CIDR in which pod IPs are routable
	IPv4NativeRoutingCIDR *cidr.CIDR

	// IPv6NativeRoutingCIDR describes a CIDR in which pod IPs are routable
	IPv6NativeRoutingCIDR *cidr.CIDR

	K8sEnableAPIDiscovery bool

	// k8sEnableLeasesFallbackDiscovery enables k8s to fallback to API probing to check
	// for the support of Leases in Kubernetes when there is an error in discovering
	// API groups using Discovery API.
	// We require to check for Leases capabilities in operator only, which uses Leases for leader
	// election purposes in HA mode.
	// This is only enabled for cce-operator
	K8sEnableLeasesFallbackDiscovery bool

	// APIRateLimitName enables configuration of the API rate limits
	APIRateLimit map[string]string

	// DefaultAPIBurst is the burst value allowed when accessing external Cloud APIs
	DefaultAPIBurst int

	// DefaultAPIQPSLimit is the queries per second limit when accessing external Cloud APIs
	DefaultAPIQPSLimit float64

	// DefaultAPITimeoutLimit is the timeout limit when accessing external Cloud APIs
	DefaultAPITimeoutLimit time.Duration

	// CRDWaitTimeout is the timeout in which CCE will exit if CRDs are not
	// available.
	CRDWaitTimeout time.Duration

	// CCEEndpointGC interval of single machine recycling endpoint
	CCEEndpointGC time.Duration

	// FixedIPTimeout Timeout for waiting for the fixed IP assignment to succeed
	FixedIPTimeout time.Duration

	// For BCE CCE
	// ResourceResyncInterval is the interval between attempts of the sync between Cloud and k8s
	// like ENIs,Subnets
	ResourceResyncInterval time.Duration

	// ClusterID is the unique identifier of the cluster
	ClusterID string
	// only use for vpc-eni mode
	ENI *bceapi.ENISpec

	// EnableBandwidthManager enables bandwidth manager
	EnableBandwidthManager   bool
	EnableEgressPriority     bool
	EnableEgressPriorityDSCP bool

	// ExtCNIPluginsList Expand the list of CNI plugins, such as 'sbr-eip'
	ExtCNIPluginsList []string
}

DaemonConfig is the configuration used by Daemon.

func (*DaemonConfig) AgentNotReadyNodeTaintValue 

func (c *DaemonConfig) AgentNotReadyNodeTaintValue() string

AgentNotReadyNodeTaintValue returns the value of the taint key that cce agents will manage on their nodes

func (*DaemonConfig) AlwaysAllowLocalhost 

func (c *DaemonConfig) AlwaysAllowLocalhost() bool

AlwaysAllowLocalhost returns true if the daemon has the option set that localhost can always reach local endpoints

func (*DaemonConfig) CCENamespaceName 

func (c *DaemonConfig) CCENamespaceName() string

CCENamespaceName returns the name of the namespace in which CCE is deployed in

func (*DaemonConfig) EnableK8sLeasesFallbackDiscovery 

func (c *DaemonConfig) EnableK8sLeasesFallbackDiscovery()

EnableK8sLeasesFallbackDiscovery enables using direct API probing as a fallback to check for the support of Leases when discovering API groups is not possible.

func (*DaemonConfig) GetCCEEndpointGC 

func (c *DaemonConfig) GetCCEEndpointGC() time.Duration

GetCCEEndpointGC interval of single machine recycling endpoint

func (*DaemonConfig) GetFixedIPTimeout 

func (c *DaemonConfig) GetFixedIPTimeout() time.Duration

GetFixedIPTimeout FixedIPTimeout Timeout for waiting for the fixed IP assignment to succeed

func (*DaemonConfig) GetGlobalsDir 

func (c *DaemonConfig) GetGlobalsDir() string

GetGlobalsDir returns the path for the globals directory.

func (*DaemonConfig) GetIPv4NativeRoutingCIDR 

func (c *DaemonConfig) GetIPv4NativeRoutingCIDR() (cidr *cidr.CIDR)

GetIPv4NativeRoutingCIDR returns the native routing CIDR if configured

func (*DaemonConfig) GetIPv6NativeRoutingCIDR 

func (c *DaemonConfig) GetIPv6NativeRoutingCIDR() (cidr *cidr.CIDR)

GetIPv6NativeRoutingCIDR returns the native routing CIDR if configured

func (*DaemonConfig) GetNodeConfigPath 

func (c *DaemonConfig) GetNodeConfigPath() string

GetNodeConfigPath returns the full path of the NodeConfigFile.

func (*DaemonConfig) HealthCheckingEnabled 

func (c *DaemonConfig) HealthCheckingEnabled() bool

HealthCheckingEnabled returns true if health checking is enabled

func (*DaemonConfig) IPAMMode 

func (c *DaemonConfig) IPAMMode() string

IPAMMode returns the IPAM mode

func (*DaemonConfig) IPv4Enabled 

func (c *DaemonConfig) IPv4Enabled() bool

IPv4Enabled returns true if IPv4 is enabled

func (*DaemonConfig) IPv6Enabled 

func (c *DaemonConfig) IPv6Enabled() bool

IPv6Enabled returns true if IPv6 is enabled

func (*DaemonConfig) IPv6NDPEnabled 

func (c *DaemonConfig) IPv6NDPEnabled() bool

IPv6NDPEnabled returns true if IPv6 NDP support is enabled

func (*DaemonConfig) IsExcludedLocalAddress 

func (c *DaemonConfig) IsExcludedLocalAddress(ip net.IP) bool

IsExcludedLocalAddress returns true if the specified IP matches one of the excluded local IP ranges

func (*DaemonConfig) IsPodSubnetsDefined 

func (c *DaemonConfig) IsPodSubnetsDefined() bool

IsPodSubnetsDefined returns true if encryption subnets should be configured at init time.

func (*DaemonConfig) K8sAPIDiscoveryEnabled 

func (c *DaemonConfig) K8sAPIDiscoveryEnabled() bool

K8sAPIDiscoveryEnabled returns true if API discovery of API groups and resources is enabled

func (*DaemonConfig) K8sLeasesFallbackDiscoveryEnabled 

func (c *DaemonConfig) K8sLeasesFallbackDiscoveryEnabled() bool

K8sLeasesFallbackDiscoveryEnabled returns true if we should fallback to direct API probing when checking for support of Leases in case Discovery API fails to discover required groups.

func (*DaemonConfig) LocalClusterName 

func (c *DaemonConfig) LocalClusterName() string

LocalClusterName returns the name of the cluster CCE is deployed in

func (*DaemonConfig) Populate 

func (c *DaemonConfig) Populate()

Populate sets all options with the values from viper

func (*DaemonConfig) RDMAEnabled 

func (c *DaemonConfig) RDMAEnabled() bool

IPv6Enabled returns true if IPv6 is enabled

func (*DaemonConfig) SetIPv4NativeRoutingCIDR 

func (c *DaemonConfig) SetIPv4NativeRoutingCIDR(cidr *cidr.CIDR)

SetIPv4NativeRoutingCIDR sets the native routing CIDR

func (*DaemonConfig) SetIPv6NativeRoutingCIDR 

func (c *DaemonConfig) SetIPv6NativeRoutingCIDR(cidr *cidr.CIDR)

SetIPv6NativeRoutingCIDR sets the native routing CIDR

func (*DaemonConfig) StoreInFile 

func (c *DaemonConfig) StoreInFile(dir string) error

StoreInFile stores the configuration in a the given directory under the file name 'daemon-config.json'. If this file already exists, it is renamed to 'daemon-config-1.json', if 'daemon-config-1.json' also exists, 'daemon-config-1.json' is renamed to 'daemon-config-2.json'

func (*DaemonConfig) TracingEnabled 

func (c *DaemonConfig) TracingEnabled() bool

TracingEnabled returns if tracing policy (outlining which rules apply to a specific set of labels) is enabled.

func (*DaemonConfig) UnreachableRoutesEnabled 

func (c *DaemonConfig) UnreachableRoutesEnabled() bool

UnreachableRoutesEnabled returns true if unreachable routes is enabled

func (*DaemonConfig) Validate 

func (c *DaemonConfig) Validate() error

Validate validates the daemon configuration

type FormatFunc 

type FormatFunc func(value OptionSetting) string

FormatFunc formats the specified value as textual representation option.

type IntOptions 

type IntOptions struct {
	Opts    OptionMap      `json:"map"`
	Library *OptionLibrary `json:"-"`
	// contains filtered or unexported fields
}

IntOptions member functions with external access do not require locking by the caller, while functions with internal access presume the caller to have taken care of any locking needed.

func NewIntOptions 

func NewIntOptions(lib *OptionLibrary) *IntOptions

func (*IntOptions) ApplyValidated 

func (o *IntOptions) ApplyValidated(n OptionMap, changed ChangedFunc, data interface{}) int

ApplyValidated takes a configuration map and applies the changes. For an option which is changed, the `ChangedFunc` function is called with the `data` argument passed in as well. Returns the number of options changed if any.

The caller is expected to have validated the configuration options prior to calling this function.

func (*IntOptions) DeepCopy 

func (o *IntOptions) DeepCopy() *IntOptions

func (*IntOptions) Delete 

func (o *IntOptions) Delete(key string)

func (*IntOptions) Dump 

func (o *IntOptions) Dump()

func (*IntOptions) GetFmtList 

func (o *IntOptions) GetFmtList() string

func (*IntOptions) GetImmutableModel 

func (o *IntOptions) GetImmutableModel() *models.ConfigurationMap

GetImmutableModel returns the set of immutable options as a ConfigurationMap API model.

func (*IntOptions) GetMutableModel 

func (o *IntOptions) GetMutableModel() *models.ConfigurationMap

GetMutableModel returns the set of mutable options as a ConfigurationMap API model.

func (*IntOptions) GetValue 

func (o *IntOptions) GetValue(key string) OptionSetting

func (*IntOptions) InheritDefault 

func (o *IntOptions) InheritDefault(parent *IntOptions, key string)

func (*IntOptions) IsEnabled 

func (o *IntOptions) IsEnabled(key string) bool

func (*IntOptions) SetBool 

func (o *IntOptions) SetBool(key string, value bool)

SetBool sets the specified option to Enabled.

func (*IntOptions) SetIfUnset 

func (o *IntOptions) SetIfUnset(key string, value OptionSetting)

func (*IntOptions) SetValidated 

func (o *IntOptions) SetValidated(key string, value OptionSetting)

SetValidated sets the option `key` to the specified value. The caller is expected to have validated the input to this function.

func (*IntOptions) Validate 

func (o *IntOptions) Validate(n models.ConfigurationMap) error

Validate validates a given configuration map based on the option library

type IpvlanConfig 

type IpvlanConfig struct {
	MasterDeviceIndex int
	OperationMode     string
}

IpvlanConfig is the configuration used by Daemon when in ipvlan mode.

type MapOptions 

type MapOptions struct {
	// contains filtered or unexported fields
}

MapOptions holds a map of values and a validation function.

func NewMapOpts 

func NewMapOpts(values map[string]string, validator Validator) *MapOptions

NewMapOpts creates a new MapOpts with the specified map of values and an optional validator.

func (*MapOptions) Set 

func (opts *MapOptions) Set(value string) error

Set validates, if needed, the input value and adds it to the internal map, by splitting on '='.

func (*MapOptions) String 

func (opts *MapOptions) String() string

func (*MapOptions) Type 

func (opts *MapOptions) Type() string

Type returns a string name for this Option type

type MonitorAggregationLevel 

type MonitorAggregationLevel OptionSetting

MonitorAggregationLevel represents a level of aggregation for monitor events from the datapath. Low values represent no aggregation, that is, to increase the number of events emitted from the datapath; Higher values represent more aggregation, to minimize the number of events emitted from the datapath.

The MonitorAggregationLevel does not affect the Debug option in the daemon or endpoint, so debug notifications will continue uninhibited by this setting.

type NamedMapOptions 

type NamedMapOptions struct {
	MapOptions
	// contains filtered or unexported fields
}

NamedMapOptions is a MapOptions struct with a configuration name. This struct is useful to keep reference to the assigned field name in the internal configuration struct.

func NewNamedMapOptions 

func NewNamedMapOptions(name string, values *map[string]string, validator Validator) *NamedMapOptions

NewNamedMapOptions creates a reference to a new NamedMapOpts struct.

type Option 

type Option struct {
	// Define is the name of the #define used for BPF programs
	Define string
	// Description is a short human readable description
	Description string
	// Immutable marks an option which is read-only
	Immutable bool
	// Requires is a list of required options, such options will be
	// automatically enabled as required.
	Requires []string
	// Parse is called to parse the option. If not specified, defaults to
	// NormalizeBool().
	Parse ParseFunc
	// FormatFunc is called to format the value for an option. If not
	// specified, defaults to formatting 0 as "Disabled" and other values
	// as "Enabled".
	Format FormatFunc
	// Verify is called prior to applying the option
	Verify VerifyFunc
}

Option is the structure used to specify the semantics of a configurable boolean option

func (Option) RequiresOption 

func (o Option) RequiresOption(name string) bool

RequiresOption returns true if the option requires the specified option `name`.

type OptionLibrary 

type OptionLibrary map[string]*Option

func (OptionLibrary) Define 

func (l OptionLibrary) Define(name string) string

func (OptionLibrary) Lookup 

func (l OptionLibrary) Lookup(name string) (string, *Option)

func (OptionLibrary) Validate 

func (l OptionLibrary) Validate(name string, value string) error

func (*OptionLibrary) ValidateConfigurationMap 

func (l *OptionLibrary) ValidateConfigurationMap(n models.ConfigurationMap) (OptionMap, error)

ValidateConfigurationMap validates a given configuration map based on the option library

type OptionMap 

type OptionMap map[string]OptionSetting

func (OptionMap) DeepCopy 

func (om OptionMap) DeepCopy() OptionMap

type OptionSetting 

type OptionSetting int

OptionSetting specifies the different choices each Option has. 

const (
	// MonitorAggregationLevelNone represents no aggregation in the
	// datapath; all packets will be monitored.
	MonitorAggregationLevelNone OptionSetting = 0

	// MonitorAggregationLevelLow represents aggregation of monitor events
	// to emit a maximum of one trace event per packet. Trace events when
	// packets are received are disabled.
	MonitorAggregationLevelLowest OptionSetting = 1

	// MonitorAggregationLevelLow is the same as
	// MonitorAggregationLevelLowest, but may aggregate additional traffic
	// in future.
	MonitorAggregationLevelLow OptionSetting = 2

	// MonitorAggregationLevelMedium represents aggregation of monitor
	// events to only emit notifications periodically for each connection
	// unless there is new information (eg, a TCP connection is closed).
	MonitorAggregationLevelMedium OptionSetting = 3

	// MonitorAggregationLevelMax is the maximum level of aggregation
	// currently supported.
	MonitorAggregationLevelMax OptionSetting = 4
)
const (
	OptionDisabled OptionSetting = iota
	OptionEnabled
)

func NormalizeBool 

func NormalizeBool(value string) (OptionSetting, error)

func ParseDaemonOption 

func ParseDaemonOption(opt string) (string, OptionSetting, error)

ParseDaemonOption parses a string as daemon option

func ParseKeyValue 

func ParseKeyValue(lib *OptionLibrary, arg, value string) (string, OptionSetting, error)

func ParseMonitorAggregationLevel 

func ParseMonitorAggregationLevel(value string) (OptionSetting, error)

ParseMonitorAggregationLevel turns a string into a monitor aggregation level. The string may contain an integer value or a string representation of a particular monitor aggregation level.

func ParseOption 

func ParseOption(arg string, lib *OptionLibrary) (string, OptionSetting, error)

type ParseFunc 

type ParseFunc func(value string) (OptionSetting, error)

ParseFunc parses the option value and may return an error if the option cannot be parsed or applied.

type Validator 

type Validator func(val string) (string, error)

Validator returns a validated string along with a possible error.

type VerifyFunc 

type VerifyFunc func(key string, value string) error

VerifyFunc validates option key with value and may return an error if the option should not be applied

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.