Documentation
¶
Index ¶
- Constants
- Variables
- func AllocateV4MasqueradeIPs(masqueradeSubnetNetworkAddress net.IP, masqueradeIPs *MasqueradeIPsConfig) error
- func AllocateV6MasqueradeIPs(masqueradeSubnetNetworkAddress net.IP, masqueradeIPs *MasqueradeIPsConfig) error
- func GetFlags(customFlags []cli.Flag) []cli.Flag
- func InitConfig(ctx *cli.Context, exec kexec.Interface, defaults *Defaults) (string, error)
- func InitConfigSa(ctx *cli.Context, exec kexec.Interface, saPath string, defaults *Defaults) (string, error)
- func ParseNetConf(bytes []byte) (*ovncnitypes.NetConf, error)
- func PrepareTestConfig() error
- func ReadCNIConfig(bytes []byte) (*ovncnitypes.NetConf, error)
- func UpdateOVNNodeAuth(masterIP []string, southboundDBPort, northboundDBPort string)
- func ValidateNetConfNameFields(netconf *ovncnitypes.NetConf) error
- func WriteCNIConfig() error
- type CIDRNetworkEntry
- type CNIConfig
- type ClusterManagerConfig
- type ConfigSubnet
- type ConfigSubnetType
- type ConfigSubnets
- type DefaultConfig
- type Defaults
- type GatewayConfig
- type GatewayMode
- type HAConfig
- type HostPort
- type HybridOverlayConfig
- type IPFIXConfig
- type KubernetesConfig
- type LoggingConfig
- type MasqueradeIPsConfig
- type MetricsConfig
- type MonitoringConfig
- type OVNKubernetesFeatureConfig
- type OvnAuthConfig
- type OvnDBScheme
- type OvnKubeNodeConfig
Constants ¶
View Source
const DefaultAPIServer = "http://localhost:8443"
View Source
const DefaultDBTxnTimeout = time.Second * 100
View Source
const DefaultEncapPort = 6081
DefaultEncapPort number used if not supplied
View Source
const DefaultVXLANPort = 4789
Default IANA-assigned UDP port number for VXLAN
Variables ¶
View Source
var ( // Build information. Populated at build-time. // commit ID used to build ovn-kubernetes Commit = "" // branch used to build ovn-kubernetes Branch = "" // ovn-kubernetes build user BuildUser = "" // ovn-kubernetes build date BuildDate = "" // ovn-kubernetes version, to be changed with every release Version = "1.0.0" // version of the go runtime used to compile ovn-kubernetes GoVersion = runtime.Version() // os and architecture used to build ovn-kubernetes OSArch = fmt.Sprintf("%s %s", runtime.GOOS, runtime.GOARCH) // ovn-kubernetes cni config file name CNIConfFileName = "10-ovn-kubernetes.conf" // Default holds parsed config file parameters and command-line overrides Default = DefaultConfig{ MTU: 1400, ConntrackZone: 64000, EncapType: "geneve", EncapIP: "", EncapPort: DefaultEncapPort, InactivityProbe: 100000, OpenFlowProbe: 180, OfctrlWaitBeforeClear: 0, MonitorAll: true, OVSDBTxnTimeout: DefaultDBTxnTimeout, LFlowCacheEnable: true, RawClusterSubnets: "10.128.0.0/14/23", Zone: types.OvnDefaultZone, RawUDNAllowedDefaultServices: "default/kubernetes,kube-system/kube-dns", } // Logging holds logging-related parsed config file parameters and command-line overrides Logging = LoggingConfig{ File: "", CNIFile: "", LibovsdbFile: "", Level: 4, LogFileMaxSize: 100, LogFileMaxBackups: 5, LogFileMaxAge: 5, ACLLoggingRateLimit: 20, } // Monitoring holds monitoring-related parsed config file parameters and command-line overrides Monitoring = MonitoringConfig{ RawNetFlowTargets: "", RawSFlowTargets: "", RawIPFIXTargets: "", } // IPFIX holds IPFIX-related performance configuration options. It requires that the // IPFIXTargets value of the Monitoring section contains at least one endpoint. IPFIX = IPFIXConfig{ Sampling: 400, CacheActiveTimeout: 60, CacheMaxFlows: 0, } // CNI holds CNI-related parsed config file parameters and command-line overrides CNI = CNIConfig{ ConfDir: "/etc/cni/net.d", Plugin: "ovn-k8s-cni-overlay", } // Kubernetes holds Kubernetes-related parsed config file parameters and command-line overrides Kubernetes = KubernetesConfig{ APIServer: DefaultAPIServer, RawServiceCIDRs: "172.16.1.0/24", OVNConfigNamespace: "ovn-kubernetes", HostNetworkNamespace: "", DisableRequestedChassis: false, PlatformType: "", DNSServiceNamespace: "kube-system", DNSServiceName: "kube-dns", CertDuration: 10 * time.Minute, } // Metrics holds Prometheus metrics-related parameters. Metrics MetricsConfig // OVNKubernetesFeatureConfig holds OVN-Kubernetes feature enhancement config file parameters and command-line overrides OVNKubernetesFeature = OVNKubernetesFeatureConfig{ EgressIPReachabiltyTotalTimeout: 1, } // OvnNorth holds northbound OVN database client and server authentication and location details OvnNorth OvnAuthConfig // OvnSouth holds southbound OVN database client and server authentication and location details OvnSouth OvnAuthConfig // Gateway holds node gateway-related parsed config file parameters and command-line overrides Gateway = GatewayConfig{ V4JoinSubnet: "100.64.0.0/16", V6JoinSubnet: "fd98::/64", V4MasqueradeSubnet: "169.254.169.0/29", V6MasqueradeSubnet: "fd69::/125", MasqueradeIPs: MasqueradeIPsConfig{ V4OVNMasqueradeIP: net.ParseIP("169.254.169.1"), V6OVNMasqueradeIP: net.ParseIP("fd69::1"), V4HostMasqueradeIP: net.ParseIP("169.254.169.2"), V6HostMasqueradeIP: net.ParseIP("fd69::2"), V4HostETPLocalMasqueradeIP: net.ParseIP("169.254.169.3"), V6HostETPLocalMasqueradeIP: net.ParseIP("fd69::3"), V4DummyNextHopMasqueradeIP: net.ParseIP("169.254.169.4"), V6DummyNextHopMasqueradeIP: net.ParseIP("fd69::4"), V4OVNServiceHairpinMasqueradeIP: net.ParseIP("169.254.169.5"), V6OVNServiceHairpinMasqueradeIP: net.ParseIP("fd69::5"), }, } // MasterHA holds master HA related config options. MasterHA = HAConfig{ ElectionRetryPeriod: 26, ElectionRenewDeadline: 107, ElectionLeaseDuration: 137, } // ClusterMgrHA holds cluster manager HA related config options. ClusterMgrHA = HAConfig{ ElectionRetryPeriod: 26, ElectionRenewDeadline: 107, ElectionLeaseDuration: 137, } // HybridOverlay holds hybrid overlay feature config options. HybridOverlay = HybridOverlayConfig{ VXLANPort: DefaultVXLANPort, } // UnprivilegedMode allows ovnkube-node to run without SYS_ADMIN capability, by performing interface setup in the CNI plugin UnprivilegedMode bool // EnableMulticast enables multicast support between the pods within the same namespace EnableMulticast bool // IPv4Mode captures whether we are using IPv4 for OVN logical topology. (ie, single-stack IPv4 or dual-stack) IPv4Mode bool // IPv6Mode captures whether we are using IPv6 for OVN logical topology. (ie, single-stack IPv6 or dual-stack) IPv6Mode bool // OvnKubeNode holds ovnkube-node parsed config file parameters and command-line overrides OvnKubeNode = OvnKubeNodeConfig{ Mode: types.NodeModeFull, } ClusterManager = ClusterManagerConfig{ V4TransitSwitchSubnet: "100.88.0.0/16", V6TransitSwitchSubnet: "fd97::/64", } )
The following are global config parameters that other modules may access directly
View Source
var CNIFlags = []cli.Flag{ &cli.StringFlag{ Name: "cni-conf-dir", Usage: "the CNI config directory in which to write the overlay CNI config file (default: /etc/cni/net.d)", Destination: &cliConfig.CNI.ConfDir, Value: CNI.ConfDir, }, &cli.StringFlag{ Name: "cni-plugin", Usage: "the name of the CNI plugin (default: ovn-k8s-cni-overlay)", Destination: &cliConfig.CNI.Plugin, Value: CNI.Plugin, }, }
CNIFlags capture CNI-related options
View Source
var ClusterManagerFlags = []cli.Flag{ &cli.StringFlag{ Name: "cluster-manager-v4-transit-switch-subnet", Usage: "The v4 transit switch subnet used for assigning transit switch IPv4 addresses for interconnect", Destination: &cliConfig.ClusterManager.V4TransitSwitchSubnet, Value: ClusterManager.V4TransitSwitchSubnet, }, &cli.StringFlag{ Name: "cluster-manager-v6-transit-switch-subnet", Usage: "The v6 transit switch subnet used for assigning transit switch IPv6 addresses for interconnect", Destination: &cliConfig.ClusterManager.V6TransitSwitchSubnet, Value: ClusterManager.V6TransitSwitchSubnet, }, }
ClusterManagerFlags captures ovnkube-cluster-manager specific configurations
View Source
var ClusterMgrHAFlags = []cli.Flag{ &cli.IntFlag{ Name: "cluster-manager-ha-election-lease-duration", Usage: "Leader election lease duration (in secs) (default: 60)", Destination: &cliConfig.ClusterMgrHA.ElectionLeaseDuration, Value: ClusterMgrHA.ElectionLeaseDuration, }, &cli.IntFlag{ Name: "cluster-manager-ha-election-renew-deadline", Usage: "Leader election renew deadline (in secs) (default: 30)", Destination: &cliConfig.ClusterMgrHA.ElectionRenewDeadline, Value: ClusterMgrHA.ElectionRenewDeadline, }, &cli.IntFlag{ Name: "cluster-manager-ha-election-retry-period", Usage: "Leader election retry period (in secs) (default: 20)", Destination: &cliConfig.ClusterMgrHA.ElectionRetryPeriod, Value: ClusterMgrHA.ElectionRetryPeriod, }, }
ClusterMgrHAFlags capture leader election flags for cluster manager
View Source
var CommonFlags = []cli.Flag{ &cli.StringFlag{ Name: "init-master", Usage: "initialize master (both cluster-manager and ovnkube-controller), requires the hostname as argument", }, &cli.StringFlag{ Name: "init-cluster-manager", Usage: "initialize cluster manager (but not ovnkube-controller), requires the hostname as argument", }, &cli.StringFlag{ Name: "init-ovnkube-controller", Usage: "initialize ovnkube-controller (but not cluster-manager), requires the hostname as argument", }, &cli.StringFlag{ Name: "init-node", Usage: "initialize node, requires the name that node is registered with in kubernetes cluster", }, &cli.StringFlag{ Name: "cleanup-node", Usage: "cleanup node, requires the name that node is registered with in kubernetes cluster", }, &cli.StringFlag{ Name: "pidfile", Usage: "Name of file that will hold the ovnkube pid (optional)", }, &cli.StringFlag{ Name: "config-file", Usage: "configuration file path (default: /etc/openvswitch/ovn_k8s.conf)", }, &cli.IntFlag{ Name: "mtu", Usage: "MTU value used for the overlay networks (default: 1400)", Destination: &cliConfig.Default.MTU, Value: Default.MTU, }, &cli.IntFlag{ Name: "routable-mtu", Usage: "Maximum routable MTU between nodes, used to facilitate an MTU migration procedure where different nodes might be using different MTU values", Destination: &cliConfig.Default.RoutableMTU, }, &cli.IntFlag{ Name: "conntrack-zone", Usage: "For gateway nodes, the conntrack zone used for conntrack flow rules (default: 64000)", Destination: &cliConfig.Default.ConntrackZone, Value: Default.ConntrackZone, }, &cli.StringFlag{ Name: "encap-type", Usage: "The encapsulation protocol to use to transmit packets between hypervisors (default: geneve)", Destination: &cliConfig.Default.EncapType, Value: Default.EncapType, }, &cli.StringFlag{ Name: "encap-ip", Usage: "The IP address of the encapsulation endpoint (default: Node IP address resolved from Node hostname)", Destination: &cliConfig.Default.EncapIP, }, &cli.UintFlag{ Name: "encap-port", Usage: "The UDP port used by the encapsulation endpoint (default: 6081)", Destination: &cliConfig.Default.EncapPort, Value: Default.EncapPort, }, &cli.IntFlag{ Name: "inactivity-probe", Usage: "Maximum number of milliseconds of idle time on " + "connection for ovn-controller before it sends a inactivity probe", Destination: &cliConfig.Default.InactivityProbe, Value: Default.InactivityProbe, }, &cli.IntFlag{ Name: "openflow-probe", Usage: "Maximum number of seconds of idle time on the openflow " + "connection for ovn-controller before it sends a inactivity probe", Destination: &cliConfig.Default.OpenFlowProbe, Value: Default.OpenFlowProbe, }, &cli.IntFlag{ Name: "ofctrl-wait-before-clear", Usage: "Maximum number of milliseconds that ovn-controller waits before " + "clearing existing flows during start up, to make sure the initial flow " + "compute is complete and avoid data plane interruptions.", Destination: &cliConfig.Default.OfctrlWaitBeforeClear, Value: Default.OfctrlWaitBeforeClear, }, &cli.BoolFlag{ Name: "monitor-all", Usage: "Enable monitoring all data from SB DB instead of conditionally " + "monitoring the data relevant to this node only. " + "By default it is enabled.", Destination: &cliConfig.Default.MonitorAll, Value: Default.MonitorAll, }, &cli.DurationFlag{ Name: "db-txn-timeout", Usage: "OVSDBTxnTimeout is the timeout for db transaction in seconds, " + "may be useful to increase for high-scale clusters. default value is 60 seconds.", Destination: &cliConfig.Default.OVSDBTxnTimeout, Value: Default.OVSDBTxnTimeout, }, &cli.BoolFlag{ Name: "enable-lflow-cache", Usage: "Enable the logical flow in-memory cache it uses " + "when processing Southbound database logical flow changes. " + "By default caching is enabled.", Destination: &cliConfig.Default.LFlowCacheEnable, Value: Default.LFlowCacheEnable, }, &cli.UintFlag{ Name: "lflow-cache-limit", Usage: "Maximum number of logical flow cache entries ovn-controller " + "may create when the logical flow cache is enabled. By " + "default the size of the cache is unlimited.", Destination: &cliConfig.Default.LFlowCacheLimit, Value: Default.LFlowCacheLimit, }, &cli.UintFlag{ Name: "lflow-cache-limit-kb", Usage: "Maximum size of the logical flow cache ovn-controller " + "may create when the logical flow cache is enabled. By " + "default the size of the cache is unlimited.", Destination: &cliConfig.Default.LFlowCacheLimitKb, Value: Default.LFlowCacheLimitKb, }, &cli.StringFlag{ Name: "cluster-subnet", Usage: "Deprecated alias for cluster-subnets.", Destination: &clusterSubnet, }, &cli.StringFlag{ Name: "cluster-subnets", Value: Default.RawClusterSubnets, Usage: "A comma separated set of IP subnets and the associated " + "hostsubnet prefix lengths to use for the cluster (eg, \"10.128.0.0/14/23,10.0.0.0/14/23\"). " + "Each entry is given in the form [IP address/prefix-length/hostsubnet-prefix-length] " + "and cannot overlap with other entries. The hostsubnet-prefix-length " + "defines how large a subnet is given to each node and may be different " + "for each entry. For IPv6 subnets, it must be 64 (and does not need to " + "be explicitly specified). For IPv4 subnets an explicit " + "hostsubnet-prefix should be specified, but for backward compatibility " + "it defaults to 24 if unspecified.", Destination: &cliConfig.Default.RawClusterSubnets, }, &cli.BoolFlag{ Name: "unprivileged-mode", Usage: "Run ovnkube-node container in unprivileged mode. Valid only with --init-node option.", Destination: &UnprivilegedMode, }, &cli.BoolFlag{ Name: "enable-multicast", Usage: "Adds multicast support. Valid only with --init-master option.", Destination: &EnableMulticast, }, &cli.IntFlag{ Name: "loglevel", Usage: "log verbosity and level: info, warn, fatal, error are always printed no matter the log level. Use 5 for debug (default: 4)", Destination: &cliConfig.Logging.Level, Value: Logging.Level, }, &cli.StringFlag{ Name: "logfile", Usage: "path of a file to direct log output to", Destination: &cliConfig.Logging.File, }, &cli.StringFlag{ Name: "cnilogfile", Usage: "path of a file to direct log from cni shim to output to (default: /var/log/ovn-kubernetes/ovn-k8s-cni-overlay.log)", Destination: &cliConfig.Logging.CNIFile, Value: "/var/log/ovn-kubernetes/ovn-k8s-cni-overlay.log", }, &cli.StringFlag{ Name: "libovsdblogfile", Usage: "path of a file to direct log from libovsdb client to output to (default is to use same as --logfile)", Destination: &cliConfig.Logging.LibovsdbFile, }, &cli.IntFlag{ Name: "logfile-maxsize", Usage: "Maximum size in bytes of the log file before it gets rolled", Destination: &cliConfig.Logging.LogFileMaxSize, Value: Logging.LogFileMaxSize, }, &cli.IntFlag{ Name: "logfile-maxbackups", Usage: "Maximum number of old log files to retain", Destination: &cliConfig.Logging.LogFileMaxBackups, Value: Logging.LogFileMaxBackups, }, &cli.IntFlag{ Name: "logfile-maxage", Usage: "Maximum number of days to retain old log files", Destination: &cliConfig.Logging.LogFileMaxAge, Value: Logging.LogFileMaxAge, }, &cli.IntFlag{ Name: "acl-logging-rate-limit", Usage: "The largest number of messages per second that gets logged before drop (default 20)", Destination: &cliConfig.Logging.ACLLoggingRateLimit, Value: 20, }, &cli.StringFlag{ Name: "zone", Usage: "zone name to which ovnkube-node/ovnkube-controller belongs to", Value: Default.Zone, Destination: &cliConfig.Default.Zone, }, &cli.StringFlag{ Name: "udn-allowed-default-services", Usage: "a list of namespaced names of default cluster network services accessible from primary" + "user-defined networks. If not specified defaults to [\"default/kubernetes\", \"kube-system/kube-dns\"]." + "Only used when enable-network-segmentation is set", Value: Default.RawUDNAllowedDefaultServices, Destination: &cliConfig.Default.RawUDNAllowedDefaultServices, }, }
CommonFlags capture general options.
View Source
var ErrorAttachDefNotOvnManaged = errors.New("net-attach-def not managed by OVN")
View Source
var ErrorChainingNotSupported = errors.New("CNI plugin chaining is not supported")
View Source
var Flags []cli.Flag
Flags are general command-line flags. Apps should add these flags to their own urfave/cli flags and call InitConfig() early in the application.
View Source
var HybridOverlayFlags = []cli.Flag{ &cli.BoolFlag{ Name: "enable-hybrid-overlay", Usage: "Enables hybrid overlay functionality", Destination: &cliConfig.HybridOverlay.Enabled, }, &cli.StringFlag{ Name: "hybrid-overlay-cluster-subnets", Value: HybridOverlay.RawClusterSubnets, Usage: "A comma separated set of IP subnets and the associated" + "hostsubnetlengths (eg, \"10.128.0.0/14/23,10.0.0.0/14/23\"). " + "to use with the extended hybrid network. Each entry is given " + "in the form IP address/subnet mask/hostsubnetlength, " + "the hostsubnetlength is optional and if unspecified defaults to 24. The " + "hostsubnetlength defines how many IP addresses are dedicated to each node.", Destination: &cliConfig.HybridOverlay.RawClusterSubnets, }, &cli.UintFlag{ Name: "hybrid-overlay-vxlan-port", Value: HybridOverlay.VXLANPort, Usage: "The UDP port used by the VXLAN protocol for hybrid networks.", Destination: &cliConfig.HybridOverlay.VXLANPort, }, }
HybridOverlayFlags capture hybrid overlay feature options
View Source
var IPFIXFlags = []cli.Flag{ &cli.UintFlag{ Name: "ipfix-sampling", Usage: "Rate at which packets should be sampled and sent to each target collector (default: 400)", Destination: &cliConfig.IPFIX.Sampling, Value: IPFIX.Sampling, }, &cli.UintFlag{ Name: "ipfix-cache-max-flows", Usage: "Maximum number of IPFIX flow records that can be cached at a time. If 0, caching is disabled (default: 0)", Destination: &cliConfig.IPFIX.CacheMaxFlows, Value: IPFIX.CacheMaxFlows, }, &cli.UintFlag{ Name: "ipfix-cache-active-timeout", Usage: "Maximum period in seconds for which an IPFIX flow record is cached and aggregated before being sent. If 0, caching is disabled (default: 60)", Destination: &cliConfig.IPFIX.CacheActiveTimeout, Value: IPFIX.CacheActiveTimeout, }, }
IPFIXFlags capture IPFIX-related options
View Source
var K8sFlags = []cli.Flag{ &cli.StringFlag{ Name: "service-cluster-ip-range", Usage: "Deprecated alias for k8s-service-cidrs.", Destination: &serviceClusterIPRange, }, &cli.StringFlag{ Name: "k8s-service-cidr", Usage: "Deprecated alias for k8s-service-cidrs.", Destination: &cliConfig.Kubernetes.CompatServiceCIDR, }, &cli.StringFlag{ Name: "k8s-service-cidrs", Usage: "A comma-separated set of CIDR notation IP ranges from which k8s assigns " + "service cluster IPs. This should be the same as the value " + "provided for kube-apiserver \"--service-cluster-ip-range\" " + "option. (default: 172.16.1.0/24)", Destination: &cliConfig.Kubernetes.RawServiceCIDRs, Value: Kubernetes.RawServiceCIDRs, }, &cli.StringFlag{ Name: "k8s-kubeconfig", Usage: "absolute path to the Kubernetes kubeconfig file (not required if the --k8s-apiserver, --k8s-ca-cert, and --k8s-token are given)", Destination: &cliConfig.Kubernetes.Kubeconfig, }, &cli.StringFlag{ Name: "bootstrap-kubeconfig", Usage: "absolute path to the Kubernetes kubeconfig file that is used to create the initial, per node, client certificates (should only be used together with 'cert-dir')", Destination: &cliConfig.Kubernetes.BootstrapKubeconfig, }, &cli.StringFlag{ Name: "k8s-apiserver", Usage: "URL of the Kubernetes API server (not required if --k8s-kubeconfig is given) (default: http://localhost:8443)", Destination: &cliConfig.Kubernetes.APIServer, Value: Kubernetes.APIServer, }, &cli.StringFlag{ Name: "cert-dir", Usage: "absolute path to the directory of the client key and certificate (not required if --k8s-kubeconfig or --k8s-apiserver, --k8s-ca-cert, and --k8s-token are given)", Destination: &cliConfig.Kubernetes.CertDir, }, &cli.DurationFlag{ Name: "cert-duration", Usage: "requested certificate duration, default: 10min", Destination: &cliConfig.Kubernetes.CertDuration, Value: Kubernetes.CertDuration, }, &cli.StringFlag{ Name: "k8s-cacert", Usage: "the absolute path to the Kubernetes API CA certificate (not required if --k8s-kubeconfig is given)", Destination: &cliConfig.Kubernetes.CACert, }, &cli.StringFlag{ Name: "k8s-token", Usage: "the Kubernetes API authentication token (not required if --k8s-kubeconfig is given)", Destination: &cliConfig.Kubernetes.Token, }, &cli.StringFlag{ Name: "k8s-token-file", Usage: "the path to Kubernetes API token. If set, it is periodically read and takes precedence over k8s-token", Destination: &cliConfig.Kubernetes.TokenFile, }, &cli.StringFlag{ Name: "ovn-config-namespace", Usage: "specify a namespace which will contain services to config the OVN databases", Destination: &cliConfig.Kubernetes.OVNConfigNamespace, Value: Kubernetes.OVNConfigNamespace, }, &cli.BoolFlag{ Name: "ovn-empty-lb-events", Usage: "If set, then load balancers do not get deleted when all backends are removed. " + "Instead, ovn-kubernetes monitors the OVN southbound database for empty lb backends " + "controller events. If one arrives, then a NeedPods event is sent so that Kubernetes " + "will spin up pods for the load balancer to send traffic to.", Destination: &cliConfig.Kubernetes.OVNEmptyLbEvents, }, &cli.StringFlag{ Name: "pod-ip", Usage: "UNUSED", }, &cli.StringFlag{ Name: "no-hostsubnet-nodes", Usage: "Specify a label for nodes that will manage their own hostsubnets", Destination: &cliConfig.Kubernetes.RawNoHostSubnetNodes, }, &cli.StringFlag{ Name: "host-network-namespace", Usage: "specify a namespace which will be used to classify host network traffic for network policy", Destination: &cliConfig.Kubernetes.HostNetworkNamespace, Value: Kubernetes.HostNetworkNamespace, }, &cli.BoolFlag{ Name: "disable-requestedchassis", Usage: "If set to true, requested-chassis option will not be set during pod creation", Destination: &cliConfig.Kubernetes.DisableRequestedChassis, Value: Kubernetes.DisableRequestedChassis, }, &cli.StringFlag{ Name: "platform-type", Usage: "The cloud provider platform type ovn-kubernetes is deployed on. " + "Valid values can be found in: https://github.com/ovn-org/ovn-kubernetes/blob/master/go-controller/vendor/github.com/openshift/api/config/v1/types_infrastructure.go#L130-L172", Destination: &cliConfig.Kubernetes.PlatformType, Value: Kubernetes.PlatformType, }, &cli.StringFlag{ Name: "healthz-bind-address", Usage: "The IP address and port for the node proxy healthz server to serve on (set to '0.0.0.0:10256' or '[::]:10256' for listening in all interfaces and IP families). Disabled by default.", Destination: &cliConfig.Kubernetes.HealthzBindAddress, }, &cli.StringFlag{ Name: "dns-service-namespace", Usage: "DNS kubernetes service namespace used to expose name resolving to live migratable vms.", Destination: &cliConfig.Kubernetes.DNSServiceNamespace, Value: Kubernetes.DNSServiceNamespace, }, &cli.StringFlag{ Name: "dns-service-name", Usage: "DNS kubernetes service name used to expose name resolving to live migratable vms.", Destination: &cliConfig.Kubernetes.DNSServiceName, Value: Kubernetes.DNSServiceName, }, }
K8sFlags capture Kubernetes-related options
View Source
var MasterHAFlags = []cli.Flag{ &cli.IntFlag{ Name: "ha-election-lease-duration", Usage: "Leader election lease duration (in secs) (default: 60)", Destination: &cliConfig.MasterHA.ElectionLeaseDuration, Value: MasterHA.ElectionLeaseDuration, }, &cli.IntFlag{ Name: "ha-election-renew-deadline", Usage: "Leader election renew deadline (in secs) (default: 30)", Destination: &cliConfig.MasterHA.ElectionRenewDeadline, Value: MasterHA.ElectionRenewDeadline, }, &cli.IntFlag{ Name: "ha-election-retry-period", Usage: "Leader election retry period (in secs) (default: 20)", Destination: &cliConfig.MasterHA.ElectionRetryPeriod, Value: MasterHA.ElectionRetryPeriod, }, }
MasterHAFlags capture leader election flags for master
View Source
var MetricsFlags = []cli.Flag{ &cli.StringFlag{ Name: "metrics-bind-address", Usage: "The IP address and port for the OVN K8s metrics server to serve on (set to 0.0.0.0 for all IPv4 interfaces)", Destination: &cliConfig.Metrics.BindAddress, }, &cli.StringFlag{ Name: "ovn-metrics-bind-address", Usage: "The IP address and port for the OVN metrics server to serve on (set to 0.0.0.0 for all IPv4 interfaces)", Destination: &cliConfig.Metrics.OVNMetricsBindAddress, }, &cli.BoolFlag{ Name: "export-ovs-metrics", Usage: "When true exports OVS metrics from the OVN metrics server", Destination: &cliConfig.Metrics.ExportOVSMetrics, }, &cli.BoolFlag{ Name: "metrics-enable-pprof", Usage: "If true, then also accept pprof requests on the metrics port.", Destination: &cliConfig.Metrics.EnablePprof, Value: Metrics.EnablePprof, }, &cli.StringFlag{ Name: "node-server-privkey", Usage: "Private key that the OVN node K8s metrics server uses to serve metrics over TLS.", Destination: &cliConfig.Metrics.NodeServerPrivKey, }, &cli.StringFlag{ Name: "node-server-cert", Usage: "Certificate that the OVN node K8s metrics server uses to serve metrics over TLS.", Destination: &cliConfig.Metrics.NodeServerCert, }, &cli.BoolFlag{ Name: "metrics-enable-config-duration", Usage: "Enables monitoring OVN-Kubernetes master and OVN configuration duration", Destination: &cliConfig.Metrics.EnableConfigDuration, }, &cli.BoolFlag{ Name: "metrics-enable-scale", Usage: "Enables metrics related to scaling", Destination: &cliConfig.Metrics.EnableScaleMetrics, }, }
MetricsFlags capture metrics-related options
View Source
var MonitoringFlags = []cli.Flag{ &cli.StringFlag{ Name: "netflow-targets", Value: Monitoring.RawNetFlowTargets, Usage: "A comma separated set of NetFlow collectors to export flow data (eg, \"10.128.0.150:2056,10.0.0.151:2056\")." + "Each entry is given in the form [IP address:port] or [:port]. If only port is provided, it uses the Node IP", Destination: &cliConfig.Monitoring.RawNetFlowTargets, }, &cli.StringFlag{ Name: "sflow-targets", Value: Monitoring.RawSFlowTargets, Usage: "A comma separated set of SFlow collectors to export flow data (eg, \"10.128.0.150:6343,10.0.0.151:6343\")." + "Each entry is given in the form [IP address:port] or [:port]. If only port is provided, it uses the Node IP", Destination: &cliConfig.Monitoring.RawSFlowTargets, }, &cli.StringFlag{ Name: "ipfix-targets", Value: Monitoring.RawIPFIXTargets, Usage: "A comma separated set of IPFIX collectors to export flow data (eg, \"10.128.0.150:2055,10.0.0.151:2055\")." + "Each entry is given in the form [IP address:port] or [:port]. If only port is provided, it uses the Node IP", Destination: &cliConfig.Monitoring.RawIPFIXTargets, }, }
MonitoringFlags capture monitoring-related options
View Source
var OVNGatewayFlags = []cli.Flag{ &cli.StringFlag{ Name: "gateway-mode", Usage: "Sets the cluster gateway mode. One of \"shared\", " + "or \"local\". If not given, gateway functionality is disabled.", }, &cli.StringFlag{ Name: "gateway-interface", Usage: "The interface on nodes that will be the gateway interface. " + "If none specified, then the node's interface on which the " + "default gateway is configured will be used as the gateway " + "interface. Only useful with \"init-gateways\"", Destination: &cliConfig.Gateway.Interface, }, &cli.StringFlag{ Name: "exgw-interface", Usage: "The interface on nodes that will be used for external gw network traffic. " + "If none specified, ovnk will use the default interface", Destination: &cliConfig.Gateway.EgressGWInterface, }, &cli.StringFlag{ Name: "gateway-nexthop", Usage: "The external default gateway which is used as a next hop by " + "OVN gateway. This is many times just the default gateway " + "of the node in question. If not specified, the default gateway" + "configured in the node is used. Only useful with " + "\"init-gateways\"", Destination: &cliConfig.Gateway.NextHop, }, &cli.UintFlag{ Name: "gateway-vlanid", Usage: "The VLAN on which the external network is available. " + "Valid only for Shared Gateway interface mode.", Destination: &cliConfig.Gateway.VLANID, }, &cli.BoolFlag{ Name: "nodeport", Usage: "Setup nodeport based ingress on gateways.", Destination: &cliConfig.Gateway.NodeportEnable, }, &cli.BoolFlag{ Name: "disable-snat-multiple-gws", Usage: "Disable SNAT for egress traffic with multiple gateways.", Destination: &cliConfig.Gateway.DisableSNATMultipleGWs, }, &cli.BoolFlag{ Name: "disable-forwarding", Usage: "Disable forwarding on OVNK controlled interfaces.", Destination: &cliConfig.Gateway.DisableForwarding, }, &cli.StringFlag{ Name: "gateway-v4-join-subnet", Usage: "The v4 join subnet used for assigning join switch IPv4 addresses", Destination: &cliConfig.Gateway.V4JoinSubnet, Value: Gateway.V4JoinSubnet, }, &cli.StringFlag{ Name: "gateway-v6-join-subnet", Usage: "The v6 join subnet used for assigning join switch IPv6 addresses", Destination: &cliConfig.Gateway.V6JoinSubnet, Value: Gateway.V6JoinSubnet, }, &cli.StringFlag{ Name: "gateway-v4-masquerade-subnet", Usage: "The v4 masquerade subnet used for assigning masquerade IPv4 addresses", Destination: &cliConfig.Gateway.V4MasqueradeSubnet, Value: Gateway.V4MasqueradeSubnet, }, &cli.StringFlag{ Name: "gateway-v6-masquerade-subnet", Usage: "The v6 masquerade subnet used for assigning masquerade IPv6 addresses", Destination: &cliConfig.Gateway.V6MasqueradeSubnet, Value: Gateway.V6MasqueradeSubnet, }, &cli.BoolFlag{ Name: "disable-pkt-mtu-check", Usage: "Disable OpenFlow checks for if packet size is greater than pod MTU", Destination: &cliConfig.Gateway.DisablePacketMTUCheck, }, &cli.StringFlag{ Name: "gateway-router-subnet", Usage: "The Subnet to be used for the gateway router external port (shared mode only). " + "auto-detected if not given. Must match the the kube node IP address. " + "Currently valid for DPUs only", Destination: &cliConfig.Gateway.RouterSubnet, Value: Gateway.RouterSubnet, }, &cli.BoolFlag{ Name: "single-node", Usage: "Enable single node optimizations. " + "Single node indicates a one node cluster and allows to simplify ovn-kubernetes gateway logic", Destination: &cliConfig.Gateway.SingleNode, }, &cli.BoolFlag{ Name: "allow-no-uplink", Usage: "Allow the external gateway bridge without an uplink port in local gateway mode", Destination: &cliConfig.Gateway.AllowNoUplink, }, &cli.BoolFlag{ Name: "init-gateways", Usage: "DEPRECATED; use --gateway-mode instead", Destination: &initGateways, }, &cli.BoolFlag{ Name: "gateway-local", Usage: "DEPRECATED; use --gateway-mode instead", Destination: &gatewayLocal, }, }
OVNGatewayFlags capture L3 Gateway related flags
View Source
var OVNK8sFeatureFlags = []cli.Flag{ &cli.BoolFlag{ Name: "enable-admin-network-policy", Usage: "Configure to use Admin Network Policy CRD feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableAdminNetworkPolicy, Value: OVNKubernetesFeature.EnableAdminNetworkPolicy, }, &cli.BoolFlag{ Name: "enable-egress-ip", Usage: "Configure to use EgressIP CRD feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableEgressIP, Value: OVNKubernetesFeature.EnableEgressIP, }, &cli.IntFlag{ Name: "egressip-reachability-total-timeout", Usage: "EgressIP node reachability total timeout in seconds (default: 1)", Destination: &cliConfig.OVNKubernetesFeature.EgressIPReachabiltyTotalTimeout, Value: 1, }, &cli.BoolFlag{ Name: "enable-egress-firewall", Usage: "Configure to use EgressFirewall CRD feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableEgressFirewall, Value: OVNKubernetesFeature.EnableEgressFirewall, }, &cli.BoolFlag{ Name: "enable-egress-qos", Usage: "Configure to use EgressQoS CRD feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableEgressQoS, Value: OVNKubernetesFeature.EnableEgressQoS, }, &cli.IntFlag{ Name: "egressip-node-healthcheck-port", Usage: "Configure EgressIP node reachability using gRPC on this TCP port.", Destination: &cliConfig.OVNKubernetesFeature.EgressIPNodeHealthCheckPort, }, &cli.BoolFlag{ Name: "enable-multi-network", Usage: "Configure to use multiple NetworkAttachmentDefinition CRD feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableMultiNetwork, Value: OVNKubernetesFeature.EnableMultiNetwork, }, &cli.BoolFlag{ Name: "enable-multi-networkpolicy", Usage: "Configure to use MultiNetworkPolicy CRD feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableMultiNetworkPolicy, Value: OVNKubernetesFeature.EnableMultiNetworkPolicy, }, &cli.BoolFlag{ Name: "disable-udn-host-isolation", Usage: "Configure to disable UDN host isolation with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.DisableUDNHostIsolation, Value: OVNKubernetesFeature.DisableUDNHostIsolation, }, &cli.BoolFlag{ Name: "enable-network-segmentation", Usage: "Configure to use network segmentation feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableNetworkSegmentation, Value: OVNKubernetesFeature.EnableNetworkSegmentation, }, &cli.BoolFlag{ Name: "enable-route-advertisements", Usage: "Configure to use route advertisements feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableRouteAdvertisements, Value: OVNKubernetesFeature.EnableRouteAdvertisements, }, &cli.BoolFlag{ Name: "enable-stateless-netpol", Usage: "Configure to use stateless network policy feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableStatelessNetPol, Value: OVNKubernetesFeature.EnableStatelessNetPol, }, &cli.BoolFlag{ Name: "enable-interconnect", Usage: "Configure to enable interconnecting multiple zones.", Destination: &cliConfig.OVNKubernetesFeature.EnableInterconnect, Value: OVNKubernetesFeature.EnableInterconnect, }, &cli.BoolFlag{ Name: "enable-egress-service", Usage: "Configure to use EgressService CRD feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableEgressService, Value: OVNKubernetesFeature.EnableEgressService, }, &cli.BoolFlag{ Name: "enable-multi-external-gateway", Usage: "Configure to use AdminPolicyBasedExternalRoute CRD feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableMultiExternalGateway, Value: OVNKubernetesFeature.EnableMultiExternalGateway, }, &cli.BoolFlag{ Name: "enable-persistent-ips", Usage: "Configure to use the persistent ips feature for virtualization with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnablePersistentIPs, Value: OVNKubernetesFeature.EnablePersistentIPs, }, &cli.BoolFlag{ Name: "enable-dns-name-resolver", Usage: "Configure to use DNSNameResolver CRD feature with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableDNSNameResolver, Value: OVNKubernetesFeature.EnableDNSNameResolver, }, &cli.BoolFlag{ Name: "enable-svc-template-support", Usage: "Configure to use svc-template with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableServiceTemplateSupport, Value: OVNKubernetesFeature.EnableServiceTemplateSupport, }, &cli.BoolFlag{ Name: "enable-observability", Usage: "Configure to use OVN sampling with ovn-kubernetes.", Destination: &cliConfig.OVNKubernetesFeature.EnableObservability, Value: OVNKubernetesFeature.EnableObservability, }, }
OVNK8sFeatureFlags capture OVN-Kubernetes feature related options
View Source
var OvnKubeNodeFlags = []cli.Flag{ &cli.StringFlag{ Name: "ovnkube-node-mode", Usage: "ovnkube-node operating mode full(default), dpu, dpu-host", Value: OvnKubeNode.Mode, Destination: &cliConfig.OvnKubeNode.Mode, }, &cli.StringFlag{ Name: "ovnkube-node-mgmt-port-netdev", Usage: "When provided, use this netdev as management port. It will be renamed to ovn-k8s-mp0 " + "and used to allow host network services and pods to access k8s pod and service networks. ", Value: OvnKubeNode.MgmtPortNetdev, Destination: &cliConfig.OvnKubeNode.MgmtPortNetdev, }, &cli.StringFlag{ Name: "ovnkube-node-mgmt-port-dp-resource-name", Usage: "When provided, use this device plugin resource name to find the allocated resource as management port. " + "The interface chosen from this resource will be renamed to ovn-k8s-mp0 " + "and used to allow host network services and pods to access k8s pod and service networks. ", Value: OvnKubeNode.MgmtPortDPResourceName, Destination: &cliConfig.OvnKubeNode.MgmtPortDPResourceName, }, &cli.BoolFlag{ Name: "disable-ovn-iface-id-ver", Usage: "Deprecated; iface-id-ver is always enabled", Destination: &disableOVNIfaceIDVer, }, }
OvnKubeNodeFlags captures ovnkube-node specific configurations
View Source
var OvnNBFlags = []cli.Flag{
&cli.StringFlag{
Name: "nb-address",
Usage: "IP address and port of the OVN northbound API " +
"(eg, ssl:1.2.3.4:6641,ssl:1.2.3.5:6642). Leave empty to " +
"use a local unix socket.",
Destination: &cliConfig.OvnNorth.Address,
},
&cli.StringFlag{
Name: "nb-client-privkey",
Usage: "Private key that the client should use for talking to the OVN database (default when ssl address is used: /etc/openvswitch/ovnnb-privkey.pem). " +
"Default value for this setting is empty which defaults to use local unix socket.",
Destination: &cliConfig.OvnNorth.PrivKey,
},
&cli.StringFlag{
Name: "nb-client-cert",
Usage: "Client certificate that the client should use for talking to the OVN database (default when ssl address is used: /etc/openvswitch/ovnnb-cert.pem). " +
"Default value for this setting is empty which defaults to use local unix socket.",
Destination: &cliConfig.OvnNorth.Cert,
},
&cli.StringFlag{
Name: "nb-client-cacert",
Usage: "CA certificate that the client should use for talking to the OVN database (default when ssl address is used: /etc/openvswitch/ovnnb-ca.cert)." +
"Default value for this setting is empty which defaults to use local unix socket.",
Destination: &cliConfig.OvnNorth.CACert,
},
&cli.StringFlag{
Name: "nb-cert-common-name",
Usage: "Common Name of the certificate used for TLS server certificate verification. " +
"In cases where the certificate doesn't have any SAN Extensions, this parameter " +
"should match the DNS(hostname) of the server. In case the certificate has a " +
"SAN extension, this parameter should match one of the SAN fields.",
Destination: &cliConfig.OvnNorth.CertCommonName,
},
&cli.UintFlag{
Name: "nb-raft-election-timer",
Usage: "The desired northbound database election timer.",
Destination: &cliConfig.OvnNorth.ElectionTimer,
},
}
OvnNBFlags capture OVN northbound database options
View Source
var OvnSBFlags = []cli.Flag{
&cli.StringFlag{
Name: "sb-address",
Usage: "IP address and port of the OVN southbound API " +
"(eg, ssl:1.2.3.4:6642,ssl:1.2.3.5:6642). " +
"Leave empty to use a local unix socket.",
Destination: &cliConfig.OvnSouth.Address,
},
&cli.StringFlag{
Name: "sb-client-privkey",
Usage: "Private key that the client should use for talking to the OVN database (default when ssl address is used: /etc/openvswitch/ovnsb-privkey.pem)." +
"Default value for this setting is empty which defaults to use local unix socket.",
Destination: &cliConfig.OvnSouth.PrivKey,
},
&cli.StringFlag{
Name: "sb-client-cert",
Usage: "Client certificate that the client should use for talking to the OVN database(default when ssl address is used: /etc/openvswitch/ovnsb-cert.pem). " +
"Default value for this setting is empty which defaults to use local unix socket.",
Destination: &cliConfig.OvnSouth.Cert,
},
&cli.StringFlag{
Name: "sb-client-cacert",
Usage: "CA certificate that the client should use for talking to the OVN database (default when ssl address is used /etc/openvswitch/ovnsb-ca.cert). " +
"Default value for this setting is empty which defaults to use local unix socket.",
Destination: &cliConfig.OvnSouth.CACert,
},
&cli.StringFlag{
Name: "sb-cert-common-name",
Usage: "Common Name of the certificate used for TLS server certificate verification. " +
"In cases where the certificate doesn't have any SAN Extensions, this parameter " +
"should match the DNS(hostname) of the server. In case the certificate has a " +
"SAN extension, this parameter should match one of the SAN fields.",
Destination: &cliConfig.OvnSouth.CertCommonName,
},
&cli.UintFlag{
Name: "sb-raft-election-timer",
Usage: "The desired southbound database election timer.",
Destination: &cliConfig.OvnSouth.ElectionTimer,
},
}
OvnSBFlags capture OVN southbound database options
Functions ¶
func AllocateV4MasqueradeIPs ¶
func AllocateV4MasqueradeIPs(masqueradeSubnetNetworkAddress net.IP, masqueradeIPs *MasqueradeIPsConfig) error
func AllocateV6MasqueradeIPs ¶
func AllocateV6MasqueradeIPs(masqueradeSubnetNetworkAddress net.IP, masqueradeIPs *MasqueradeIPsConfig) error
func GetFlags ¶
func GetFlags(customFlags []cli.Flag) []cli.Flag
GetFlags returns an array of all command-line flags necessary to configure ovn-kubernetes
func InitConfig ¶
InitConfig reads the config file and common command-line options and constructs the global config object from them. It returns the config file path (if explicitly specified) or an error
func InitConfigSa ¶
func InitConfigSa(ctx *cli.Context, exec kexec.Interface, saPath string, defaults *Defaults) (string, error)
InitConfigSa reads the config file and common command-line options and constructs the global config object from them. It passes the service account directory. It returns the config file path (if explicitly specified) or an error
func ParseNetConf ¶
func ParseNetConf(bytes []byte) (*ovncnitypes.NetConf, error)
ParseNetConf parses config in NAD spec
func PrepareTestConfig ¶
func PrepareTestConfig() error
PrepareTestConfig restores default config values. Used by testcases to provide a pristine environment between tests.
func ReadCNIConfig ¶
func ReadCNIConfig(bytes []byte) (*ovncnitypes.NetConf, error)
ReadCNIConfig unmarshals a CNI JSON config into an NetConf structure
func UpdateOVNNodeAuth ¶
UpdateOVNNodeAuth updates the host and URL in ClientAuth for both OvnNorth and OvnSouth. It updates them with the new masterIP.
func ValidateNetConfNameFields ¶
func ValidateNetConfNameFields(netconf *ovncnitypes.NetConf) error
func WriteCNIConfig ¶
func WriteCNIConfig() error
WriteCNIConfig writes a CNI JSON config file to directory given by global config if the file doesn't already exist, or is different than the content that would be written.
Types ¶
type CIDRNetworkEntry ¶
CIDRNetworkEntry is the object that holds the definition for a single network CIDR range
func ParseClusterSubnetEntries ¶
func ParseClusterSubnetEntries(clusterSubnetCmd string) ([]CIDRNetworkEntry, error)
ParseClusterSubnetEntries returns the parsed set of CIDRNetworkEntries. If not specified, it assumes a default host specific prefix length of 24 or 64 bits for ipv4 and ipv6 respectively.
func ParseClusterSubnetEntriesWithDefaults ¶
func ParseClusterSubnetEntriesWithDefaults(clusterSubnetCmd string, ipv4HostLength, ipv6HostLength int) ([]CIDRNetworkEntry, error)
ParseClusterSubnetEntriesWithDefaults returns the parsed set of CIDRNetworkEntries. These entries define a network space by specifying a set of CIDR and netmasks the SDN can allocate addresses from including how that network space is partitioned for each of the cluster nodes. When no host specific prefix length is specified, the provided ones are assumed as default. The host specific prefix length is validated to be greater than the overall subnet length. When 0 is specified as default host specific prefix length, no host specific prefix length is allowed or validated.
func (CIDRNetworkEntry) String ¶
func (c CIDRNetworkEntry) String() string
type CNIConfig ¶
type CNIConfig struct {
// ConfDir specifies the CNI config directory in which to write the overlay CNI config file
ConfDir string `gcfg:"conf-dir"`
// Plugin specifies the name of the CNI plugin
Plugin string `gcfg:"plugin"`
}
CNIConfig holds CNI-related parsed config file parameters and command-line overrides
type ClusterManagerConfig ¶
type ClusterManagerConfig struct {
// V4TransitSwitchSubnet to be used in the cluster for interconnecting multiple zones
V4TransitSwitchSubnet string `gcfg:"v4-transit-switch-subnet"`
// V6TransitSwitchSubnet to be used in the cluster for interconnecting multiple zones
V6TransitSwitchSubnet string `gcfg:"v6-transit-switch-subnet"`
}
ClusterManagerConfig holds configuration for ovnkube-cluster-manager
type ConfigSubnet ¶
type ConfigSubnet struct {
SubnetType ConfigSubnetType
Subnet *net.IPNet
}
type ConfigSubnetType ¶
type ConfigSubnetType string
const ( ConfigSubnetJoin ConfigSubnetType = "built-in join subnet" ConfigSubnetCluster ConfigSubnetType = "cluster subnet" ConfigSubnetService ConfigSubnetType = "service subnet" ConfigSubnetHybrid ConfigSubnetType = "hybrid overlay subnet" ConfigSubnetMasquerade ConfigSubnetType = "masquerade subnet" ConfigSubnetTransit ConfigSubnetType = "transit switch subnet" UserDefinedSubnets ConfigSubnetType = "user defined subnet" UserDefinedJoinSubnet ConfigSubnetType = "user defined join subnet" )
type ConfigSubnets ¶
type ConfigSubnets struct {
Subnets []ConfigSubnet
V4 map[ConfigSubnetType]bool
V6 map[ConfigSubnetType]bool
}
ConfigSubnets represents a set of configured subnets (and their names)
func NewConfigSubnets ¶
func NewConfigSubnets() *ConfigSubnets
NewConfigSubnets returns a new ConfigSubnets
func (*ConfigSubnets) Append ¶
func (cs *ConfigSubnets) Append(subnetType ConfigSubnetType, subnet *net.IPNet)
append adds a single subnet to cs
func (*ConfigSubnets) CheckForOverlaps ¶
func (cs *ConfigSubnets) CheckForOverlaps() error
CheckForOverlaps checks if any of the subnets in cs overlap
type DefaultConfig ¶
type DefaultConfig struct {
// MTU value used for the overlay networks.
MTU int `gcfg:"mtu"`
// RoutableMTU is the maximum routable MTU between nodes, used to facilitate
// an MTU migration procedure where different nodes might be using different
// MTU values
RoutableMTU int `gcfg:"routable-mtu"`
// ConntrackZone affects only the gateway nodes, This value is used to track connections
// that are initiated from the pods so that the reverse connections go back to the pods.
// This represents the conntrack zone used for the conntrack flow rules.
ConntrackZone int `gcfg:"conntrack-zone"`
// HostMasqConntrackZone is an unexposed config with the value of ConntrackZone+1
HostMasqConntrackZone int
// OVNMasqConntrackZone is an unexposed config with the value of ConntrackZone+2
OVNMasqConntrackZone int
// HostNodePortCTZone is an unexposed config with the value of ConntrackZone+3
HostNodePortConntrackZone int
// ReassemblyConntrackZone is an unexposed config with the value of ConntrackZone+4
ReassemblyConntrackZone int
// EncapType value defines the encapsulation protocol to use to transmit packets between
// hypervisors. By default the value is 'geneve'
EncapType string `gcfg:"encap-type"`
// The IP address of the encapsulation endpoint. If not specified, the IP address the
// NodeName resolves to will be used
EncapIP string `gcfg:"encap-ip"`
// The UDP Port of the encapsulation endpoint. If not specified, the IP default port
// of 6081 will be used
EncapPort uint `gcfg:"encap-port"`
// Maximum number of milliseconds of idle time on connection that
// ovn-controller waits before it will send a connection health probe.
InactivityProbe int `gcfg:"inactivity-probe"`
// Maximum number of seconds of idle time on the OpenFlow connection
// that ovn-controller will wait before it sends a connection health probe
OpenFlowProbe int `gcfg:"openflow-probe"`
// Maximum number of milliseconds that ovn-controller waits before clearing existing flows
// during start up, to make sure the initial flow compute is complete and avoid data plane
// interruptions.
OfctrlWaitBeforeClear int `gcfg:"ofctrl-wait-before-clear"`
// The boolean flag indicates if ovn-controller should monitor all data in SB DB
// instead of conditionally monitoring the data relevant to this node only.
// By default monitor-all is enabled.
MonitorAll bool `gcfg:"monitor-all"`
// OVSDBTxnTimeout is the timeout for db transaction, may be useful to increase for high-scale clusters.
// default value is 100 seconds.
OVSDBTxnTimeout time.Duration `gcfg:"db-txn-timeout"`
// The boolean flag indicates if ovn-controller should
// enable/disable the logical flow in-memory cache it uses
// when processing Southbound database logical flow changes.
// By default caching is enabled.
LFlowCacheEnable bool `gcfg:"enable-lflow-cache"`
// Maximum number of logical flow cache entries ovn-controller
// may create when the logical flow cache is enabled. By
// default the size of the cache is unlimited.
LFlowCacheLimit uint `gcfg:"lflow-cache-limit"`
// Maximum number of logical flow cache entries ovn-controller
// may create when the logical flow cache is enabled. By
// default the size of the cache is unlimited.
LFlowCacheLimitKb uint `gcfg:"lflow-cache-limit-kb"`
// RawClusterSubnets holds the unparsed cluster subnets. Should only be
// used inside config module.
RawClusterSubnets string `gcfg:"cluster-subnets"`
// ClusterSubnets holds parsed cluster subnet entries and may be used
// outside the config module.
ClusterSubnets []CIDRNetworkEntry
// EnableUDPAggregation is true if ovn-kubernetes should use UDP Generic Receive
// Offload forwarding to improve the performance of containers that transmit lots
// of small UDP packets by allowing them to be aggregated before passing through
// the kernel network stack. This requires a new-enough kernel (5.15 or RHEL 8.5).
EnableUDPAggregation bool `gcfg:"enable-udp-aggregation"`
// Zone name to which ovnkube-node/ovnkube-controller belongs to
Zone string `gcfg:"zone"`
// RawUDNAllowedDefaultServices holds the unparsed UDNAllowedDefaultServices. Should only be
// used inside config module.
RawUDNAllowedDefaultServices string `gcfg:"udn-allowed-default-services"`
// UDNAllowedDefaultServices holds a list of namespaced names of
// default cluster network services accessible from primary user-defined networks
UDNAllowedDefaultServices []string
}
DefaultConfig holds parsed config file parameters and command-line overrides
type Defaults ¶
type Defaults struct {
OvnNorthAddress bool
K8sAPIServer bool
K8sToken bool
K8sTokenFile bool
K8sCert bool
}
Defaults are a set of flags to indicate which options should be read from ovs-vsctl and used as default values if option is not found via the config file or command-line
type GatewayConfig ¶
type GatewayConfig struct {
// Mode is the gateway mode; if may be either empty (disabled), "shared", or "local"
Mode GatewayMode `gcfg:"mode"`
// Interface is the network interface to use for the gateway in "shared" mode
Interface string `gcfg:"interface"`
// Exgress gateway interface is the optional network interface to use for external gw pods traffic.
EgressGWInterface string `gcfg:"egw-interface"`
// NextHop is the gateway IP address of Interface; will be autodetected if not given
NextHop string `gcfg:"next-hop"`
// VLANID is the option VLAN tag to apply to gateway traffic for "shared" mode
VLANID uint `gcfg:"vlan-id"`
// NodeportEnable sets whether to provide Kubernetes NodePort service or not
NodeportEnable bool `gcfg:"nodeport"`
// DisableSNATMultipleGws sets whether to disable SNAT of egress traffic in namespaces annotated with routing-external-gws
DisableSNATMultipleGWs bool `gcfg:"disable-snat-multiple-gws"`
// V4JoinSubnet to be used in the cluster
V4JoinSubnet string `gcfg:"v4-join-subnet"`
// V6JoinSubnet to be used in the cluster
V6JoinSubnet string `gcfg:"v6-join-subnet"`
// V4MasqueradeSubnet to be used in the cluster
V4MasqueradeSubnet string `gcfg:"v4-masquerade-subnet"`
// V6MasqueradeSubnet to be used in the cluster
V6MasqueradeSubnet string `gcfg:"v6-masquerade-subnet"`
// MasqueradeIps to be allocated from the masquerade subnets to enable host to service traffic
MasqueradeIPs MasqueradeIPsConfig
// DisablePacketMTUCheck disables adding openflow flows to check packets too large to be
// delivered to OVN due to pod MTU being lower than NIC MTU. Disabling this check will result in southbound packets
// exceeding pod MTU to be dropped by OVN. With this check enabled, ICMP needs frag/packet too big will be sent
// back to the original client
DisablePacketMTUCheck bool `gcfg:"disable-pkt-mtu-check"`
// RouterSubnet is the subnet to be used for the GR external port. auto-detected if not given.
// Must match the the kube node IP address. Currently valid for DPU only.
RouterSubnet string `gcfg:"router-subnet"`
// SingeNode indicates the cluster has only one node
SingleNode bool `gcfg:"single-node"`
// DisableForwarding (enabled by default) controls if forwarding is allowed on OVNK controlled interfaces
DisableForwarding bool `gcfg:"disable-forwarding"`
// AllowNoUplink (disabled by default) controls if the external gateway bridge without an uplink port is allowed in local gateway mode.
AllowNoUplink bool `gcfg:"allow-no-uplink"`
}
GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides
type GatewayMode ¶
type GatewayMode string
GatewayMode holds the node gateway mode
const ( // GatewayModeDisabled indicates the node gateway mode is disabled GatewayModeDisabled GatewayMode = "" GatewayModeShared GatewayMode = "shared" // GatewayModeLocal indicates OVN creates a local NAT-ed interface for the gateway GatewayModeLocal GatewayMode = "local" )
type HAConfig ¶
type HAConfig struct {
ElectionLeaseDuration int `gcfg:"election-lease-duration"`
ElectionRenewDeadline int `gcfg:"election-renew-deadline"`
ElectionRetryPeriod int `gcfg:"election-retry-period"`
}
HAConfig holds configuration for HA configuration.
type HostPort ¶
HostPort is the object that holds the definition for a host and port tuple
func ParseFlowCollectors ¶
ParseFlowCollectors returns the parsed set of HostPorts passed by the user on the command line These entries define the flow collectors OVS will send flow metadata by using NetFlow/SFlow/IPFIX.
type HybridOverlayConfig ¶
type HybridOverlayConfig struct {
// Enabled indicates whether hybrid overlay features are enabled or not.
Enabled bool `gcfg:"enabled"`
// RawClusterSubnets holds the unparsed hybrid overlay cluster subnets.
// Should only be used inside config module.
RawClusterSubnets string `gcfg:"cluster-subnets"`
// ClusterSubnets holds parsed hybrid overlay cluster subnet entries and
// may be used outside the config module.
ClusterSubnets []CIDRNetworkEntry
// VXLANPort holds the VXLAN tunnel UDP port number.
VXLANPort uint `gcfg:"hybrid-overlay-vxlan-port"`
}
HybridOverlayConfig holds configuration for hybrid overlay configuration.
type IPFIXConfig ¶
type IPFIXConfig struct {
// Sampling is an optional integer in range 1 to 4,294,967,295. It holds the rate at which
// packets should be sampled and sent to each target collector. If not specified, defaults to
// 400, which means one out of 400 packets, on average, will be sent to each target collector.
Sampling uint `gcfg:"sampling"`
// CacheActiveTimeout is an optional integer in range 0 to 4,200. It holds the maximum period in
// seconds for which an IPFIX flow record is cached and aggregated before being sent. If not
// specified, defaults to 60. If 0, caching is disabled.
CacheActiveTimeout uint `gcfg:"cache-active-timeout"`
// CacheMaxFlows is an optional integer in range 0 to 4,294,967,295. It holds the maximum number
// of IPFIX flow records that can be cached at a time. If not specified in OVS, defaults to 0
// (however, this controller defaults it to 60). If 0, caching is disabled.
CacheMaxFlows uint `gcfg:"cache-max-flows"`
}
IPFIXConfig holds IPFIX-related performance configuration options. It requires that the ipfix-targets value of the [monitoring] section contains at least one endpoint.
type KubernetesConfig ¶
type KubernetesConfig struct {
BootstrapKubeconfig string `gcfg:"bootstrap-kubeconfig"`
CertDir string `gcfg:"cert-dir"`
CertDuration time.Duration `gcfg:"cert-duration"`
Kubeconfig string `gcfg:"kubeconfig"`
CACert string `gcfg:"cacert"`
CAData []byte
APIServer string `gcfg:"apiserver"`
Token string `gcfg:"token"`
TokenFile string `gcfg:"tokenFile"`
CompatServiceCIDR string `gcfg:"service-cidr"`
RawServiceCIDRs string `gcfg:"service-cidrs"`
ServiceCIDRs []*net.IPNet
OVNConfigNamespace string `gcfg:"ovn-config-namespace"`
OVNEmptyLbEvents bool `gcfg:"ovn-empty-lb-events"`
PodIP string `gcfg:"pod-ip"` // UNUSED
RawNoHostSubnetNodes string `gcfg:"no-hostsubnet-nodes"`
NoHostSubnetNodes labels.Selector
HostNetworkNamespace string `gcfg:"host-network-namespace"`
DisableRequestedChassis bool `gcfg:"disable-requestedchassis"`
PlatformType string `gcfg:"platform-type"`
HealthzBindAddress string `gcfg:"healthz-bind-address"`
// CompatMetricsBindAddress is overridden by the corresponding option in MetricsConfig
CompatMetricsBindAddress string `gcfg:"metrics-bind-address"`
// CompatOVNMetricsBindAddress is overridden by the corresponding option in MetricsConfig
CompatOVNMetricsBindAddress string `gcfg:"ovn-metrics-bind-address"`
// CompatMetricsEnablePprof is overridden by the corresponding option in MetricsConfig
CompatMetricsEnablePprof bool `gcfg:"metrics-enable-pprof"`
DNSServiceNamespace string `gcfg:"dns-service-namespace"`
DNSServiceName string `gcfg:"dns-service-name"`
}
KubernetesConfig holds Kubernetes-related parsed config file parameters and command-line overrides
type LoggingConfig ¶
type LoggingConfig struct {
// File is the path of the file to log to
File string `gcfg:"logfile"`
// CNIFile is the path of the file for the CNI shim to log to
CNIFile string `gcfg:"cnilogfile"`
// LibovsdbFile is the path of the file for the libovsdb client to log to
LibovsdbFile string `gcfg:"libovsdblogfile"`
// Level is the logging verbosity level
Level int `gcfg:"loglevel"`
// LogFileMaxSize is the maximum size in megabytes of the logfile
// before it gets rolled.
LogFileMaxSize int `gcfg:"logfile-maxsize"`
// LogFileMaxBackups represents the the maximum number of old log files to retain
LogFileMaxBackups int `gcfg:"logfile-maxbackups"`
// LogFileMaxAge represents the maximum number of days to retain old log files
LogFileMaxAge int `gcfg:"logfile-maxage"`
// Logging rate-limiting meter
ACLLoggingRateLimit int `gcfg:"acl-logging-rate-limit"`
}
LoggingConfig holds logging-related parsed config file parameters and command-line overrides
type MasqueradeIPsConfig ¶
type MasqueradeIPsConfig struct {
V4OVNMasqueradeIP net.IP
V6OVNMasqueradeIP net.IP
V4HostMasqueradeIP net.IP
V6HostMasqueradeIP net.IP
V4HostETPLocalMasqueradeIP net.IP
V6HostETPLocalMasqueradeIP net.IP
V4DummyNextHopMasqueradeIP net.IP
V6DummyNextHopMasqueradeIP net.IP
V4OVNServiceHairpinMasqueradeIP net.IP
V6OVNServiceHairpinMasqueradeIP net.IP
}
masqueradeIP represents the masqueradeIPs used by the masquerade subnets for host to service traffic
type MetricsConfig ¶
type MetricsConfig struct {
BindAddress string `gcfg:"bind-address"`
OVNMetricsBindAddress string `gcfg:"ovn-metrics-bind-address"`
ExportOVSMetrics bool `gcfg:"export-ovs-metrics"`
EnablePprof bool `gcfg:"enable-pprof"`
NodeServerPrivKey string `gcfg:"node-server-privkey"`
NodeServerCert string `gcfg:"node-server-cert"`
// EnableConfigDuration holds the boolean flag to enable OVN-Kubernetes master to monitor OVN-Kubernetes master
// configuration duration and optionally, its application to all nodes
EnableConfigDuration bool `gcfg:"enable-config-duration"`
EnableScaleMetrics bool `gcfg:"enable-scale-metrics"`
}
MetricsConfig holds Prometheus metrics-related parameters.
type MonitoringConfig ¶
type MonitoringConfig struct {
// RawNetFlowTargets holds the unparsed NetFlow targets. Should only be used inside the config module.
RawNetFlowTargets string `gcfg:"netflow-targets"`
// RawSFlowTargets holds the unparsed SFlow targets. Should only be used inside the config module.
RawSFlowTargets string `gcfg:"sflow-targets"`
// RawIPFIXTargets holds the unparsed IPFIX targets. Should only be used inside the config module.
RawIPFIXTargets string `gcfg:"ipfix-targets"`
// NetFlowTargets holds the parsed NetFlow targets and may be used outside the config module.
NetFlowTargets []HostPort
// SFlowTargets holds the parsed SFlow targets and may be used outside the config module.
SFlowTargets []HostPort
// IPFIXTargets holds the parsed IPFIX targets and may be used outside the config module.
IPFIXTargets []HostPort
}
MonitoringConfig holds monitoring-related parsed config file parameters and command-line overrides
type OVNKubernetesFeatureConfig ¶
type OVNKubernetesFeatureConfig struct {
// Admin Network Policy feature is enabled
EnableAdminNetworkPolicy bool `gcfg:"enable-admin-network-policy"`
// EgressIP feature is enabled
EnableEgressIP bool `gcfg:"enable-egress-ip"`
// EgressIP node reachability total timeout in seconds
EgressIPReachabiltyTotalTimeout int `gcfg:"egressip-reachability-total-timeout"`
EnableEgressFirewall bool `gcfg:"enable-egress-firewall"`
EnableEgressQoS bool `gcfg:"enable-egress-qos"`
EnableEgressService bool `gcfg:"enable-egress-service"`
EgressIPNodeHealthCheckPort int `gcfg:"egressip-node-healthcheck-port"`
EnableMultiNetwork bool `gcfg:"enable-multi-network"`
EnableNetworkSegmentation bool `gcfg:"enable-network-segmentation"`
EnableRouteAdvertisements bool `gcfg:"enable-route-advertisements"`
// This feature requires a kernel fix https://github.com/torvalds/linux/commit/7f3287db654395f9c5ddd246325ff7889f550286
// to work on a kind cluster. Flag allows to disable it for current CI, will be turned on when github runners have this fix.
DisableUDNHostIsolation bool `gcfg:"disable-udn-host-isolation"`
EnableMultiNetworkPolicy bool `gcfg:"enable-multi-networkpolicy"`
EnableStatelessNetPol bool `gcfg:"enable-stateless-netpol"`
EnableInterconnect bool `gcfg:"enable-interconnect"`
EnableMultiExternalGateway bool `gcfg:"enable-multi-external-gateway"`
EnablePersistentIPs bool `gcfg:"enable-persistent-ips"`
EnableDNSNameResolver bool `gcfg:"enable-dns-name-resolver"`
EnableServiceTemplateSupport bool `gcfg:"enable-svc-template-support"`
EnableObservability bool `gcfg:"enable-observability"`
}
OVNKubernetesFeatureConfig holds OVN-Kubernetes feature enhancement config file parameters and command-line overrides
type OvnAuthConfig ¶
type OvnAuthConfig struct {
// e.g: "ssl:192.168.1.2:6641,ssl:192.168.1.2:6642"
Address string `gcfg:"address"`
PrivKey string `gcfg:"client-privkey"`
Cert string `gcfg:"client-cert"`
CACert string `gcfg:"client-cacert"`
CertCommonName string `gcfg:"cert-common-name"`
Scheme OvnDBScheme
ElectionTimer uint `gcfg:"election-timer"`
// contains filtered or unexported fields
}
OvnAuthConfig holds client authentication and location details for an OVN database (either northbound or southbound)
func (*OvnAuthConfig) GetURL ¶
func (a *OvnAuthConfig) GetURL() string
GetURL returns a URL suitable for passing to ovn-northd which describes the transport mechanism for connection to the database
func (*OvnAuthConfig) SetDBAuth ¶
func (a *OvnAuthConfig) SetDBAuth() error
SetDBAuth sets the authentication configuration and connection method for the OVN northbound or southbound database server or client
type OvnDBScheme ¶
type OvnDBScheme string
OvnDBScheme describes the OVN database connection transport method
const ( // OvnDBSchemeSSL specifies SSL as the OVN database transport method OvnDBSchemeSSL OvnDBScheme = "ssl" // OvnDBSchemeTCP specifies TCP as the OVN database transport method OvnDBSchemeTCP OvnDBScheme = "tcp" // OvnDBSchemeUnix specifies Unix domains sockets as the OVN database transport method OvnDBSchemeUnix OvnDBScheme = "unix" )
Source Files
Click to show internal directories.
Click to hide internal directories.