Documentation ¶
Overview ¶
The config package provides config inheritance for Felix.
It supports loading config from various sources, parsing and validating the config and merging the config according to the priority of the sources.
Usage ¶
To use it, create a Config object with:
config.New()
Load some raw config using:
envConfig := config.LoadConfigFromEnvironment() fileConfig, err := config.LoadConfigFile()
Then feed it to the config object:
config.UpdateFrom(envConfig, config.EnvironmentVariable) config.UpdateFrom(fileConfig, config.ConfigFile)
The UpdateFrom() method returns an error, but, as a convenience, it also stores the error in config.Err.
Config inheritance ¶
Config from higher-priority sources overrides config from lower-priority sources. The priorities, in increasing order of priority, are:
Default // Default value of a parameter DatastoreGlobal // Cluster-wide config parameters from the datastore. DatastorePerHost // Per-host overrides from the datastore. ConfigFile // The local config file. EnvironmentVariable // Environment variables.
Index ¶
- Constants
- Variables
- func LoadConfigFile(filename string) (map[string]string, error)
- func LoadConfigFileData(data []byte) (map[string]string, error)
- func LoadConfigFromEnvironment(environ []string) map[string]string
- func Params() map[string]Param
- func SafeParamsEqual(a any, b any) bool
- type AllowedConfigSources
- type BoolParam
- type BoolPtrParam
- type CIDRListParam
- type Config
- func (config *Config) Copy() *Config
- func (config *Config) DatastoreConfig() apiconfig.CalicoAPIConfig
- func (config *Config) FilterAllowAction() string
- func (config *Config) FilterDenyAction() string
- func (config *Config) InterfacePrefixes() []string
- func (config *Config) IsLeader() bool
- func (config *Config) KubernetesProvider() Provider
- func (config *Config) MangleAllowAction() string
- func (config *Config) MarkMask() uint32
- func (config *Config) OpenstackActive() bool
- func (config *Config) OverrideParam(name, value string) (bool, error)
- func (config *Config) RawValues() map[string]string
- func (config *Config) RouteTableIndices() []idalloc.IndexRange
- func (config *Config) SetLoadClientConfigFromEnvironmentFunction(fnc func() (*apiconfig.CalicoAPIConfig, error))
- func (config *Config) SetUseNodeResourceUpdates(b bool)
- func (config *Config) TableRefreshInterval() time.Duration
- func (config *Config) ToConfigUpdate() *proto.ConfigUpdate
- func (config *Config) UpdateFrom(rawData map[string]string, source Source) (changed bool, err error)
- func (config *Config) UpdateFromConfigUpdate(configUpdate *proto.ConfigUpdate) (changedFields set.Set[string], err error)
- func (config *Config) UseNodeResourceUpdates() bool
- func (config *Config) Validate() (err error)
- type Encapsulation
- type EndpointListParam
- type FieldInfo
- type FileParam
- type FloatParam
- type Int32Param
- type IntParam
- type Ipv4Param
- type Ipv6Param
- type KeyDurationListParam
- type KeyValueListParam
- type MarkBitmaskParam
- type Metadata
- type MillisParam
- type MinMax
- type OneofListParam
- type Param
- type ParseFailureAction
- type PortListParam
- type PortRangeListParam
- type PortRangeParam
- type ProtoPort
- type Provider
- type RegexpParam
- type RegexpPatternListParam
- type RegexpPatternParam
- type RegionParam
- type RouteTableRangeParam
- type RouteTableRangesParam
- type SecondsParam
- type ServerListParam
- type ServerPort
- type Source
- type StringSliceParam
- type StructInfo
- type YAMLInfo
Constants ¶
const (
MinIptablesMarkBits = 2
)
Variables ¶
var ( // RegexpIfaceElemRegexp matches an individual element in the overall interface list; // assumes the value represents a regular expression and is marked by '/' at the start // and end and cannot have spaces RegexpIfaceElemRegexp = regexp.MustCompile(`^/[^\s]+/$`) InterfaceRegex = regexp.MustCompile("^[a-zA-Z0-9_.-]{1,15}$") // NonRegexpIfaceElemRegexp matches an individual element in the overall interface list; // assumes the value is between 1-15 chars long and only be alphanumeric or - or _ NonRegexpIfaceElemRegexp = regexp.MustCompile(`^[a-zA-Z0-9_-]{1,15}$`) IfaceListRegexp = regexp.MustCompile(`^[a-zA-Z0-9_-]{1,15}(,[a-zA-Z0-9_-]{1,15})*$`) AuthorityRegexp = regexp.MustCompile(`^[^:/]+:\d+$`) HostnameRegexp = regexp.MustCompile(`^[a-zA-Z0-9_.-]+$`) StringRegexp = regexp.MustCompile(`^.*$`) IfaceParamRegexp = regexp.MustCompile(`^[a-zA-Z0-9:._+-]{1,15}$`) // Hostname have to be valid ipv4, ipv6 or strings up to 64 characters. HostAddressRegexp = regexp.MustCompile(`^[a-zA-Z0-9:._+-]{1,64}$`) )
var ConfigGroups = map[string]string{
"^(Datastore|Typha|Etcd|FelixHostname)": "00 Datastore connection",
"^Log": "00 Process: Logging",
"^Go": "00 Process: Go runtime",
"^Feature": "00 Process: Feature detection/overrides",
"^Health": "00 Process: Health port and timeouts",
"^Prometheus.*Metrics": "00 Process: Prometheus metrics",
"^(Debug|StatsDumpFilePath)": "97 Debug/test-only (generally unsupported)",
"^(Iptables|Ipsets|KubeNodePortRanges|MaxIpsetSize)": "20 Dataplane: iptables",
"^Nftables": "21 Dataplane: nftables",
"^BPF": "22 Dataplane: eBPF",
"^Windows": "23 Dataplane: Windows",
"^(Openstack|Metadata|EndpointReporting|Reporting)": "25 Dataplane: OpenStack support",
"^(XDP|GenericXDP)": "25 Dataplane: XDP acceleration for iptables dataplane",
"^(IPv4|IPv6|)VXLAN": "31 Overlay: VXLAN overlay",
"^IpInIp": "32 Overlay: IP-in-IP",
"^Wireguard": "33 Overlay: Wireguard",
"^IPSec": "34 Overlay: IPSec",
"^FlowLogs": "40 Flow logs: file reports",
"^SyslogReporter": "40 Flow logs: Syslog reports",
"^(PrometheusReporter|DeletedMetricsRetentionSecs)": "40 Flow logs: Prometheus reports",
"^DNS": "50 DNS logs / policy",
"^L7Logs": "50 L7 logs",
"^AWS": "60 AWS integration",
"^Egress": "70 Egress gateway",
"^ExternalNetwork": "70 External network support",
"^Capture": "80 Packet capture",
"^TPROXY": "90 L7 proxy",
"UsageReporting": "99 Usage reporting",
}
var GetKubernetesService = realGetKubernetesService
var SourcesInDescendingOrder = []Source{InternalOverride, EnvironmentVariable, ConfigFile, DatastorePerHost, DatastoreGlobal}
Functions ¶
func LoadConfigFromEnvironment ¶
LoadConfigFromEnvironment extracts raw config parameters (identified by case-insensitive prefix "felix_") from the given OS environment variables. An environment entry of "FELIX_FOO=bar" is translated to "foo": "bar".
func SafeParamsEqual ¶
SafeParamsEqual compares two values drawn from the types of our config fields. For the most part it uses reflect.DeepEquals() but some types (such as regexps and IPs) are handled inline to avoid pitfalls.
Types ¶
type AllowedConfigSources ¶
type AllowedConfigSources string
const ( AllowedConfigSourcesAll AllowedConfigSources = "All" AllowedConfigSourcesLocalOnly AllowedConfigSources = "LocalOnly" )
type BoolPtrParam ¶
type BoolPtrParam struct {
Metadata
}
func (*BoolPtrParam) Parse ¶
func (p *BoolPtrParam) Parse(raw string) (interface{}, error)
func (*BoolPtrParam) SchemaDescription ¶
func (p *BoolPtrParam) SchemaDescription() string
type CIDRListParam ¶
type CIDRListParam struct {
Metadata
}
func (*CIDRListParam) Parse ¶
func (c *CIDRListParam) Parse(raw string) (result interface{}, err error)
func (*CIDRListParam) SchemaDescription ¶
func (c *CIDRListParam) SchemaDescription() string
type Config ¶
type Config struct { // Configuration parameters. UseInternalDataplaneDriver bool `config:"bool;true"` DataplaneDriver string `config:"file(must-exist,executable);calico-iptables-plugin;non-zero,die-on-fail,skip-default-validation"` DataplaneWatchdogTimeout time.Duration `config:"seconds;90"` // Wireguard configuration WireguardEnabled bool `config:"bool;false"` WireguardEnabledV6 bool `config:"bool;false"` WireguardListeningPort int `config:"int;51820"` WireguardListeningPortV6 int `config:"int;51821"` WireguardRoutingRulePriority int `config:"int;99"` WireguardInterfaceName string `config:"iface-param;wireguard.cali;non-zero"` WireguardInterfaceNameV6 string `config:"iface-param;wg-v6.cali;non-zero"` WireguardMTU int `config:"int;0"` WireguardMTUV6 int `config:"int;0"` WireguardHostEncryptionEnabled bool `config:"bool;false"` WireguardPersistentKeepAlive time.Duration `config:"seconds;0"` WireguardThreadingEnabled bool `config:"bool;false"` // nftables configuration. NFTablesMode string `config:"oneof(Enabled,Disabled);Disabled"` // BPF configuration. BPFEnabled bool `config:"bool;false"` BPFDisableUnprivileged bool `config:"bool;true"` BPFLogLevel string `config:"oneof(off,info,debug);off;non-zero"` BPFConntrackLogLevel string `config:"oneof(off,debug);off;non-zero"` BPFConntrackCleanupMode string `config:"oneof(Auto,Userspace,BPFProgram);Auto"` BPFConntrackTimeouts map[string]string `` /* 173-byte string literal not displayed */ BPFLogFilters map[string]string `config:"keyvaluelist;;"` BPFCTLBLogFilter string `config:"oneof(all);;"` BPFDataIfacePattern *regexp.Regexp `config:"regexp;^((en|wl|ww|sl|ib)[Popsx].*|(eth|wlan|wwan|bond).*)"` BPFL3IfacePattern *regexp.Regexp `config:"regexp;"` BPFConnectTimeLoadBalancingEnabled bool `config:"bool;;"` BPFConnectTimeLoadBalancing string `config:"oneof(TCP,Enabled,Disabled);TCP;non-zero"` BPFHostNetworkedNATWithoutCTLB string `config:"oneof(Enabled,Disabled);Enabled;non-zero"` BPFExternalServiceMode string `config:"oneof(tunnel,dsr);tunnel;non-zero"` BPFDSROptoutCIDRs []string `config:"cidr-list;;"` BPFKubeProxyIptablesCleanupEnabled bool `config:"bool;true"` BPFKubeProxyMinSyncPeriod time.Duration `config:"seconds;1"` BPFKubeProxyEndpointSlicesEnabled bool `config:"bool;true"` BPFExtToServiceConnmark int `config:"int;0"` BPFPSNATPorts numorstring.Port `config:"portrange;20000:29999"` BPFMapSizeNATFrontend int `config:"int;65536;non-zero"` BPFMapSizeNATBackend int `config:"int;262144;non-zero"` BPFMapSizeNATAffinity int `config:"int;65536;non-zero"` BPFMapSizeRoute int `config:"int;262144;non-zero"` BPFMapSizeConntrack int `config:"int;512000;non-zero"` BPFMapSizePerCPUConntrack int `config:"int;0"` BPFMapSizeConntrackCleanupQueue int `config:"int;100000;non-zero"` BPFMapSizeIPSets int `config:"int;1048576;non-zero"` BPFMapSizeIfState int `config:"int;1000;non-zero"` BPFHostConntrackBypass bool `config:"bool;false"` BPFEnforceRPF string `config:"oneof(Disabled,Strict,Loose);Loose;non-zero"` BPFPolicyDebugEnabled bool `config:"bool;true"` BPFForceTrackPacketsFromIfaces []string `config:"iface-filter-slice;docker+"` BPFDisableGROForIfaces *regexp.Regexp `config:"regexp;"` BPFExcludeCIDRsFromNAT []string `config:"cidr-list;;"` BPFRedirectToPeer string `config:"oneof(Disabled,Enabled,L2Only);L2Only;non-zero"` BPFProfiling string `config:"oneof(Disabled,Enabled);Disabled;non-zero"` // DebugBPFCgroupV2 controls the cgroup v2 path that we apply the connect-time load balancer to. Most distros // are configured for cgroup v1, which prevents all but the root cgroup v2 from working so this is only useful // for development right now. DebugBPFCgroupV2 string `config:"string;;local"` // DebugBPFMapRepinEnabled can be used to prevent Felix from repinning its BPF maps at startup. This is useful for // testing with multiple Felix instances running on one host. DebugBPFMapRepinEnabled bool `config:"bool;false;local"` // DatastoreType controls which datastore driver Felix will use. Typically, this is detected from the environment // and it does not need to be set manually. (For example, if `KUBECONFIG` is set, the kubernetes datastore driver // will be used by default). DatastoreType string `config:"oneof(kubernetes,etcdv3);etcdv3;non-zero,die-on-fail,local"` // FelixHostname is the name of this node, used to identify resources in the datastore that belong to this node. // Auto-detected from the node's hostname if not provided. FelixHostname string `config:"hostname;;local,non-zero"` // EtcdAddr: when using the `etcdv3` datastore driver, the etcd server and port to connect to. If EtcdEndpoints // is also specified, it takes precedence. EtcdAddr string `config:"authority;127.0.0.1:2379;local"` // EtcdAddr: when using the `etcdv3` datastore driver, the URL scheme to use. If EtcdEndpoints // is also specified, it takes precedence. EtcdScheme string `config:"oneof(http,https);http;local"` // EtcdKeyFile: when using the `etcdv3` datastore driver, path to TLS private key file to use when connecting to // etcd. If the key file is specified, the other TLS parameters are mandatory. EtcdKeyFile string `config:"file(must-exist);;local"` // EtcdCertFile: when using the `etcdv3` datastore driver, path to TLS certificate file to use when connecting to // etcd. If the certificate file is specified, the other TLS parameters are mandatory. EtcdCertFile string `config:"file(must-exist);;local"` // EtcdCaFile: when using the `etcdv3` datastore driver, path to TLS CA file to use when connecting to // etcd. If the CA file is specified, the other TLS parameters are mandatory. EtcdCaFile string `config:"file(must-exist);;local"` // EtcdEndpoints: when using the `etcdv3` datastore driver, comma-delimited list of etcd endpoints to connect to, // replaces EtcdAddr and EtcdScheme. EtcdEndpoints []string `config:"endpoint-list;;local"` // TyphaAddr if set, tells Felix to connect to Typha at the given address and port. Overrides TyphaK8sServiceName. TyphaAddr string `config:"authority;;local"` // TyphaK8sServiceName if set, tells Felix to connect to Typha by looking up the Endpoints of the given Kubernetes // Service in namespace specified by TyphaK8sNamespace. TyphaK8sServiceName string `config:"string;;local"` // TyphaK8sNamespace namespace to look in when looking for Typha's service (see TyphaK8sServiceName). TyphaK8sNamespace string `config:"string;kube-system;non-zero,local"` // TyphaReadTimeout read timeout when reading from the Typha connection. If typha sends no data for this long, // Felix will exit and restart. (Note that Typha sends regular pings so traffic is always expected.) TyphaReadTimeout time.Duration `config:"seconds;30;local"` // TyphaWriteTimeout write timeout when writing data to Typha. TyphaWriteTimeout time.Duration `config:"seconds;10;local"` // TyphaKeyFile path to the TLS private key to use when communicating with Typha. If this parameter is specified, // the other TLS parameters must also be specified. TyphaKeyFile string `config:"file(must-exist);;local"` // TyphaCertFile path to the TLS certificate to use when communicating with Typha. If this parameter is specified, // the other TLS parameters must also be specified. TyphaCertFile string `config:"file(must-exist);;local"` // TyphaCAFile path to the TLS CA file to use when communicating with Typha. If this parameter is specified, // the other TLS parameters must also be specified. TyphaCAFile string `config:"file(must-exist);;local"` // TyphaCN Common name to use when authenticating to Typha over TLS. If any TLS parameters are specified then one of // TyphaCN and TyphaURISAN must be set. TyphaCN string `config:"string;;local"` // TyphaURISAN URI SAN to use when authenticating to Typha over TLS. If any TLS parameters are specified then one of // TyphaCN and TyphaURISAN must be set. TyphaURISAN string `config:"string;;local"` Ipv6Support bool `config:"bool;true"` IptablesBackend string `config:"oneof(legacy,nft,auto);auto"` RouteRefreshInterval time.Duration `config:"seconds;90"` InterfaceRefreshInterval time.Duration `config:"seconds;90"` DeviceRouteSourceAddress net.IP `config:"ipv4;"` DeviceRouteSourceAddressIPv6 net.IP `config:"ipv6;"` DeviceRouteProtocol int `config:"int;3"` RemoveExternalRoutes bool `config:"bool;true"` IPForwarding string `config:"oneof(Enabled,Disabled);Enabled"` IptablesRefreshInterval time.Duration `config:"seconds;180"` IptablesPostWriteCheckIntervalSecs time.Duration `config:"seconds;5"` IptablesLockFilePath string `config:"file;/run/xtables.lock"` IptablesLockTimeoutSecs time.Duration `config:"seconds;0"` IptablesLockProbeIntervalMillis time.Duration `config:"millis;50"` FeatureDetectOverride map[string]string `config:"keyvaluelist;;"` FeatureGates map[string]string `config:"keyvaluelist;;"` IpsetsRefreshInterval time.Duration `config:"seconds;90"` MaxIpsetSize int `config:"int;1048576;non-zero"` XDPRefreshInterval time.Duration `config:"seconds;90"` PolicySyncPathPrefix string `config:"file;;"` NetlinkTimeoutSecs time.Duration `config:"seconds;10"` MetadataAddr string `config:"hostname;127.0.0.1;die-on-fail"` MetadataPort int `config:"int(0:65535);8775;die-on-fail"` OpenstackRegion string `config:"region;;die-on-fail"` InterfacePrefix string `config:"iface-list;cali;non-zero,die-on-fail"` InterfaceExclude []*regexp.Regexp `config:"iface-list-regexp;kube-ipvs0"` ChainInsertMode string `config:"oneof(insert,append);insert;non-zero,die-on-fail"` DefaultEndpointToHostAction string `config:"oneof(DROP,RETURN,ACCEPT);DROP;non-zero,die-on-fail"` IptablesFilterAllowAction string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"` IptablesMangleAllowAction string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"` IptablesFilterDenyAction string `config:"oneof(DROP,REJECT);DROP;non-zero,die-on-fail"` LogPrefix string `config:"string;calico-packet"` LogFilePath string `config:"file;/var/log/calico/felix.log;die-on-fail"` LogSeverityFile string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"` LogSeverityScreen string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"` LogSeveritySys string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"` // LogDebugFilenameRegex controls which source code files have their Debug log output included in the logs. // Only logs from files with names that match the given regular expression are included. The filter only applies // to Debug level logs. LogDebugFilenameRegex *regexp.Regexp `config:"regexp(nil-on-empty);"` // Optional: VXLAN encap is now determined by the existing IP pools (Encapsulation struct) VXLANEnabled *bool `config:"*bool;"` VXLANPort int `config:"int;4789"` VXLANVNI int `config:"int;4096"` VXLANMTU int `config:"int;0"` VXLANMTUV6 int `config:"int;0"` IPv4VXLANTunnelAddr net.IP `config:"ipv4;"` IPv6VXLANTunnelAddr net.IP `config:"ipv6;"` VXLANTunnelMACAddr string `config:"string;"` VXLANTunnelMACAddrV6 string `config:"string;"` // Optional: IPIP encap is now determined by the existing IP pools (Encapsulation struct) IpInIpEnabled *bool `config:"*bool;"` IpInIpMtu int `config:"int;0"` IpInIpTunnelAddr net.IP `config:"ipv4;"` // Feature enablement. Can be either "Enabled" or "Disabled". Note, this governs the // programming of NAT mappings derived from Kubernetes pod annotations. OpenStack floating // IPs are always programmed, regardless of this setting. FloatingIPs string `config:"oneof(Enabled,Disabled);Disabled"` // WindowsManageFirewallRules configures whether or not Felix will program Windows Firewall rules. [Default: Disabled] WindowsManageFirewallRules string `config:"oneof(Enabled,Disabled);Disabled"` // Knobs provided to explicitly control whether we add rules to drop encap traffic // from workloads. We always add them unless explicitly requested not to add them. AllowVXLANPacketsFromWorkloads bool `config:"bool;false"` AllowIPIPPacketsFromWorkloads bool `config:"bool;false"` AWSSrcDstCheck string `config:"oneof(DoNothing,Enable,Disable);DoNothing;non-zero"` ServiceLoopPrevention string `config:"oneof(Drop,Reject,Disabled);Drop"` WorkloadSourceSpoofing string `config:"oneof(Disabled,Any);Disabled"` ReportingIntervalSecs time.Duration `config:"seconds;30"` ReportingTTLSecs time.Duration `config:"seconds;90"` EndpointReportingEnabled bool `config:"bool;false"` EndpointReportingDelaySecs time.Duration `config:"seconds;1"` // EndpointStatusPathPrefix is the path to the directory // where endpoint status will be written. Endpoint status // file reporting is disabled if field is empty. // // Chosen directory should match the directory used by the CNI for PodStartupDelay. // [Default: "/var/run/calico"] EndpointStatusPathPrefix string `config:"file;/var/run/calico"` IptablesMarkMask uint32 `config:"mark-bitmask;0xffff0000;non-zero,die-on-fail"` DisableConntrackInvalidCheck bool `config:"bool;false"` HealthEnabled bool `config:"bool;false"` HealthPort int `config:"int(0:65535);9099"` HealthHost string `config:"host-address;localhost"` HealthTimeoutOverrides map[string]time.Duration `config:"keydurationlist;;"` PrometheusMetricsEnabled bool `config:"bool;false"` PrometheusMetricsHost string `config:"host-address;"` PrometheusMetricsPort int `config:"int(0:65535);9091"` PrometheusGoMetricsEnabled bool `config:"bool;true"` PrometheusProcessMetricsEnabled bool `config:"bool;true"` PrometheusWireGuardMetricsEnabled bool `config:"bool;true"` FailsafeInboundHostPorts []ProtoPort `config:"port-list;tcp:22,udp:68,tcp:179,tcp:2379,tcp:2380,tcp:5473,tcp:6443,tcp:6666,tcp:6667;die-on-fail"` FailsafeOutboundHostPorts []ProtoPort `config:"port-list;udp:53,udp:67,tcp:179,tcp:2379,tcp:2380,tcp:5473,tcp:6443,tcp:6666,tcp:6667;die-on-fail"` KubeNodePortRanges []numorstring.Port `config:"portrange-list;30000:32767"` NATPortRange numorstring.Port `config:"portrange;"` NATOutgoingAddress net.IP `config:"ipv4;"` UsageReportingEnabled bool `config:"bool;true"` UsageReportingInitialDelaySecs time.Duration `config:"seconds;300"` UsageReportingIntervalSecs time.Duration `config:"seconds;86400"` ClusterGUID string `config:"string;baddecaf"` ClusterType string `config:"string;"` CalicoVersion string `config:"string;"` ExternalNodesCIDRList []string `config:"cidr-list;;die-on-fail"` DebugMemoryProfilePath string `config:"file;;"` DebugCPUProfilePath string `config:"file;/tmp/felix-cpu-<timestamp>.pprof;"` DebugDisableLogDropping bool `config:"bool;false"` DebugSimulateCalcGraphHangAfter time.Duration `config:"seconds;0"` DebugSimulateDataplaneHangAfter time.Duration `config:"seconds;0"` DebugSimulateDataplaneApplyDelay time.Duration `config:"seconds;0"` DebugPanicAfter time.Duration `config:"seconds;0"` DebugSimulateDataRace bool `config:"bool;false"` // DebugHost is the host to bind the debug server port to. Only used if DebugPort is non-zero. DebugHost string `config:"host-address;localhost"` // DebugPort is the port to bind the pprof debug server to or 0 to disable the debug port. DebugPort int `config:"int(0:65535);"` // Configure where Felix gets its routing information. // - workloadIPs: use workload endpoints to construct routes. // - calicoIPAM: use IPAM data to construct routes. RouteSource string `config:"oneof(WorkloadIPs,CalicoIPAM);CalicoIPAM"` // RouteTableRange is deprecated in favor of RouteTableRanges, RouteTableRange idalloc.IndexRange `config:"route-table-range;;die-on-fail"` RouteTableRanges []idalloc.IndexRange `config:"route-table-ranges;;die-on-fail"` RouteSyncDisabled bool `config:"bool;false"` IptablesNATOutgoingInterfaceFilter string `config:"iface-param;"` SidecarAccelerationEnabled bool `config:"bool;false"` XDPEnabled bool `config:"bool;true"` GenericXDPEnabled bool `config:"bool;false"` Variant string `config:"string;Calico"` // GoGCThreshold sets the Go runtime's GC threshold. It is overridden by the GOGC env var if that is also // specified. A value of -1 disables GC. GoGCThreshold int `config:"int(-1);40"` // GoMemoryLimitMB sets the Go runtime's memory limit. It is overridden by the GOMEMLIMIT env var if that is // also specified. A value of -1 disables the limit. GoMemoryLimitMB int `config:"int(-1);-1"` // GoMaxProcs sets the Go runtime's GOMAXPROCS. It is overridden by the GOMAXPROCS env var if that is also // set. A value of -1 disables the override and uses the runtime default. GoMaxProcs int `config:"int(-1);-1"` // Configures MTU auto-detection. MTUIfacePattern *regexp.Regexp `config:"regexp;^((en|wl|ww|sl|ib)[Pcopsvx].*|(eth|wlan|wwan).*)"` // Encapsulation information calculated from IP Pools and FelixConfiguration (VXLANEnabled and IpInIpEnabled) Encapsulation Encapsulation // NftablesRefreshInterval controls the interval at which Felix periodically refreshes the nftables rules. [Default: 180s] NftablesRefreshInterval time.Duration `config:"seconds;180"` NftablesFilterAllowAction string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"` NftablesMangleAllowAction string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"` NftablesFilterDenyAction string `config:"oneof(DROP,REJECT);DROP;non-zero,die-on-fail"` // MarkMask is the mask that Felix selects its nftables Mark bits from. Should be a 32 bit hexadecimal // number with at least 8 bits set, none of which clash with any other mark bits in use on the system. // [Default: 0xffff0000] NftablesMarkMask uint32 `config:"mark-bitmask;0xffff0000;non-zero,die-on-fail"` // Err holds the most recent error from a config update. Err error // contains filtered or unexported fields }
Config contains the best, parsed config values loaded from the various sources. We use tags to control the parsing and validation.
func FromConfigUpdate ¶
func FromConfigUpdate(msg *proto.ConfigUpdate) *Config
func (*Config) Copy ¶
Copy makes a copy of the object. Internal state is deep copied but config parameters are only shallow copied. This saves work since updates to the copy will trigger the config params to be recalculated.
func (*Config) DatastoreConfig ¶
func (config *Config) DatastoreConfig() apiconfig.CalicoAPIConfig
func (*Config) FilterAllowAction ¶
func (*Config) FilterDenyAction ¶
func (*Config) InterfacePrefixes ¶
func (*Config) KubernetesProvider ¶
KubernetesProvider attempts to parse the kubernetes provider, e.g. AKS out of the ClusterType. The ClusterType is a string which contains a set of comma-separated values in no particular order.
func (*Config) MangleAllowAction ¶
func (*Config) OpenstackActive ¶
func (*Config) OverrideParam ¶
OverrideParam installs a maximum priority parameter override for the given parameter. This is useful for disabling features that are found to be unsupported, for example. By using an extra priority class, the override will persist even if the host/global config is updated.
func (*Config) RouteTableIndices ¶
func (config *Config) RouteTableIndices() []idalloc.IndexRange
RouteTableIndices compares provided args for the deprecated RoutTableRange arg and the newer RouteTableRanges arg, giving precedence to the newer arg if it's explicitly-set
func (*Config) SetLoadClientConfigFromEnvironmentFunction ¶
func (config *Config) SetLoadClientConfigFromEnvironmentFunction(fnc func() (*apiconfig.CalicoAPIConfig, error))
func (*Config) SetUseNodeResourceUpdates ¶
func (*Config) TableRefreshInterval ¶
func (*Config) ToConfigUpdate ¶
func (config *Config) ToConfigUpdate() *proto.ConfigUpdate
func (*Config) UpdateFrom ¶
func (config *Config) UpdateFrom(rawData map[string]string, source Source) (changed bool, err error)
UpdateFrom parses and merges the rawData from one particular source into this config object. If there is a config value already loaded from a higher-priority source, then the new value will be ignored (after validation).
func (*Config) UpdateFromConfigUpdate ¶
func (*Config) UseNodeResourceUpdates ¶
type Encapsulation ¶
type EndpointListParam ¶
type EndpointListParam struct {
Metadata
}
func (*EndpointListParam) Parse ¶
func (p *EndpointListParam) Parse(raw string) (result interface{}, err error)
func (*EndpointListParam) SchemaDescription ¶
func (p *EndpointListParam) SchemaDescription() string
type FieldInfo ¶
type FieldInfo struct { Group string GroupWithSortPrefix string // NameConfigFile is the name of the parameter in the Felix configuration INI file. NameConfigFile string // NameEnvVar is the name of the environment variable that can be used to set the parameter. // Env vars use the config file string format, the name of the env var is case-insensitive. NameEnvVar string // NameYAML is the name of the field in the FelixConfiguration CustomResource. NameYAML string // NameGoAPI is the name of the field in the FelixConfiguration v3 Go API structs. NameGoAPI string // StringSchema is a description of the parameter's format when expressed // as a string in the config file or environment variable. This sometimes // differs from the format of the FelixConfiguration field. For example, // Felix may require a comma-delimited list in the env var, but the YAML // can represent a list natively. StringSchema string StringSchemaHTML string // StringDefault is the default value for the parameter in Felix's string // format. This is Felix's baseline default value if the configuration is // not set by config file, env var, or FelixConfiguration resource. Note // that The operator may apply environment-specific defaults to the // FelixConfiguration, making it appear that the default value is different // in a particular environment. StringDefault string // ParsedDefault is the result of parsing StringDefault and pretty-printing // it. For example, the String default for a duration field might be "90", // meaning 90 seconds. That would be converted to a time.Duration, which // would pretty-print as "1m30s". ParsedDefault string // JSON encoding of the ParsedDefault value. ParsedDefaultJSON string // ParsedType is the type of the field in the Config struct; the type of // the ParsedDefault value. ParsedType string // YAMLType is the type of the field in the FelixConfiguration YAML. YAMLType string // YAMLSchema is a description of the parameter's format when expressed in // YAML in the FelixConfiguration. YAMLSchema string YAMLEnumValues []string YAMLSchemaHTML string // YAMLDefault is the default value for the parameter in FelixConfiguration // YAML. YAMLDefault string // Required is true if the parameter must be set for felix to start. Required bool // OnParseFailure is the action that Felix takes if the value is invalid. // Typically, Felix replaces the value with the default, but some important // fields trigger Felix to exit. OnParseFailure ParseFailureAction // AllowedConfigSources indicates where Felix will accept the // configuration from. For example, datastore-related fields must be set // locally, they cannot come from the datastore. AllowedConfigSources AllowedConfigSources // Description is a human-readable description of the parameter, largely // derived from the CRD. Description string DescriptionHTML string // UserEditable is true if the parameter is intended to be set by the user. // Some fields are auto-populated from the cluster or node identity. They // are "config" to Felix, but they are set by another component. UserEditable bool // GoType is the type of the field in the FelixConfiguration Go API structs. GoType string }
FieldInfo contains metadata about a Felix configuration parameter, including both the config package representation and the v3 API representation.
func CombinedFieldInfo ¶
CombinedFieldInfo loads the metadata for Felix's configuration parameters. it combines the metadata from Felix's config package with the metadata from the v3 API structs.
type FileParam ¶
func (*FileParam) SchemaDescription ¶
type FloatParam ¶
type FloatParam struct {
Metadata
}
func (*FloatParam) Parse ¶
func (p *FloatParam) Parse(raw string) (result interface{}, err error)
func (*FloatParam) SchemaDescription ¶
func (p *FloatParam) SchemaDescription() string
type Int32Param ¶
type Int32Param struct {
Metadata
}
func (*Int32Param) Parse ¶
func (p *Int32Param) Parse(raw string) (interface{}, error)
func (*Int32Param) SchemaDescription ¶
func (p *Int32Param) SchemaDescription() string
type IntParam ¶
func (*IntParam) SchemaDescription ¶
type KeyDurationListParam ¶
type KeyDurationListParam struct {
Metadata
}
func (*KeyDurationListParam) Parse ¶
func (p *KeyDurationListParam) Parse(raw string) (result interface{}, err error)
func (*KeyDurationListParam) SchemaDescription ¶
func (p *KeyDurationListParam) SchemaDescription() string
type KeyValueListParam ¶
type KeyValueListParam struct {
Metadata
}
func (*KeyValueListParam) Parse ¶
func (p *KeyValueListParam) Parse(raw string) (result interface{}, err error)
func (*KeyValueListParam) SchemaDescription ¶
func (p *KeyValueListParam) SchemaDescription() string
type MarkBitmaskParam ¶
type MarkBitmaskParam struct {
Metadata
}
func (*MarkBitmaskParam) Parse ¶
func (p *MarkBitmaskParam) Parse(raw string) (interface{}, error)
func (*MarkBitmaskParam) SchemaDescription ¶
func (p *MarkBitmaskParam) SchemaDescription() string
type Metadata ¶
type Metadata struct { Name string Type string DefaultString string Default interface{} ZeroValue interface{} NonZero bool DieOnParseFailure bool Local bool }
func (*Metadata) GetMetadata ¶
type MillisParam ¶
type MillisParam struct {
Metadata
}
func (*MillisParam) Parse ¶
func (p *MillisParam) Parse(raw string) (result interface{}, err error)
func (*MillisParam) SchemaDescription ¶
func (p *MillisParam) SchemaDescription() string
type OneofListParam ¶
type OneofListParam struct { Metadata // contains filtered or unexported fields }
func (*OneofListParam) Parse ¶
func (p *OneofListParam) Parse(raw string) (result interface{}, err error)
func (*OneofListParam) SchemaDescription ¶
func (p *OneofListParam) SchemaDescription() string
type ParseFailureAction ¶
type ParseFailureAction string
const ( ParseFailureActionExit ParseFailureAction = "Exit" ParseFailureActionReplaceWithDefault ParseFailureAction = "ReplaceWithDefault" )
type PortListParam ¶
type PortListParam struct {
Metadata
}
func (*PortListParam) Parse ¶
func (p *PortListParam) Parse(raw string) (interface{}, error)
func (*PortListParam) SchemaDescription ¶
func (p *PortListParam) SchemaDescription() string
type PortRangeListParam ¶
type PortRangeListParam struct {
Metadata
}
func (*PortRangeListParam) Parse ¶
func (p *PortRangeListParam) Parse(raw string) (interface{}, error)
func (*PortRangeListParam) SchemaDescription ¶
func (p *PortRangeListParam) SchemaDescription() string
type PortRangeParam ¶
type PortRangeParam struct {
Metadata
}
func (*PortRangeParam) Parse ¶
func (p *PortRangeParam) Parse(raw string) (interface{}, error)
func (*PortRangeParam) SchemaDescription ¶
func (p *PortRangeParam) SchemaDescription() string
type ProtoPort ¶
ProtoPort aliases the v3 type so that we pick up its JSON encoding, which is used by the documentation generator.
type Provider ¶
type Provider uint8
Provider represents a particular provider or flavor of Kubernetes.
type RegexpParam ¶
func (*RegexpParam) Parse ¶
func (p *RegexpParam) Parse(raw string) (result interface{}, err error)
func (*RegexpParam) SchemaDescription ¶
func (p *RegexpParam) SchemaDescription() string
type RegexpPatternListParam ¶
type RegexpPatternListParam struct { Metadata RegexpElemRegexp *regexp.Regexp NonRegexpElemRegexp *regexp.Regexp Delimiter string Msg string Schema string }
RegexpPatternListParam differs from RegexpParam (above) in that it validates string values that are (themselves) regular expressions.
func (*RegexpPatternListParam) Parse ¶
func (p *RegexpPatternListParam) Parse(raw string) (interface{}, error)
Parse validates whether the given raw string contains a list of valid values. Validation is dictated by two regexp patterns: one for valid regular expression values, another for non-regular expressions.
func (*RegexpPatternListParam) SchemaDescription ¶
func (p *RegexpPatternListParam) SchemaDescription() string
type RegexpPatternParam ¶
RegexpPatternParam differs from RegexpParam (above) in that it validates string values that are (themselves) regular expressions.
func (*RegexpPatternParam) Parse ¶
func (p *RegexpPatternParam) Parse(raw string) (interface{}, error)
Parse validates whether the given raw string contains a valid regexp pattern.
func (*RegexpPatternParam) SchemaDescription ¶
func (p *RegexpPatternParam) SchemaDescription() string
type RegionParam ¶
type RegionParam struct {
Metadata
}
func (*RegionParam) Parse ¶
func (r *RegionParam) Parse(raw string) (result interface{}, err error)
func (*RegionParam) SchemaDescription ¶
func (r *RegionParam) SchemaDescription() string
type RouteTableRangeParam ¶
type RouteTableRangeParam struct {
Metadata
}
func (*RouteTableRangeParam) Parse ¶
func (p *RouteTableRangeParam) Parse(raw string) (result interface{}, err error)
func (*RouteTableRangeParam) SchemaDescription ¶
func (p *RouteTableRangeParam) SchemaDescription() string
type RouteTableRangesParam ¶
type RouteTableRangesParam struct {
Metadata
}
func (*RouteTableRangesParam) Parse ¶
func (p *RouteTableRangesParam) Parse(raw string) (result interface{}, err error)
func (*RouteTableRangesParam) SchemaDescription ¶
func (p *RouteTableRangesParam) SchemaDescription() string
type SecondsParam ¶
func (*SecondsParam) Parse ¶
func (p *SecondsParam) Parse(raw string) (result interface{}, err error)
func (*SecondsParam) SchemaDescription ¶
func (p *SecondsParam) SchemaDescription() string
type ServerListParam ¶
type ServerListParam struct {
Metadata
}
func (*ServerListParam) Parse ¶
func (c *ServerListParam) Parse(raw string) (result interface{}, err error)
func (*ServerListParam) SchemaDescription ¶
func (c *ServerListParam) SchemaDescription() string
type ServerPort ¶
type Source ¶
type Source uint8
Source of a config value. Values from higher-numbered sources override those from lower-numbered sources. Note: some parameters (such as those needed to connect to the datastore) can only be set from a local source.
type StringSliceParam ¶
func (*StringSliceParam) Parse ¶
func (p *StringSliceParam) Parse(raw string) (result interface{}, err error)
func (*StringSliceParam) SchemaDescription ¶
func (p *StringSliceParam) SchemaDescription() string