config

package
v1.11.0-cni-plu...-8f3027a Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 27, 2024 License: Apache-2.0, Apache-2.0 Imports: 42 Imported by: 0

Documentation

Overview

The config package provides config inheritance for Felix.

It supports loading config from various sources, parsing and validating the config and merging the config according to the priority of the sources.

Usage

To use it, create a Config object with:

config.New()

Load some raw config using:

envConfig := config.LoadConfigFromEnvironment()
fileConfig, err := config.LoadConfigFile()

Then feed it to the config object:

config.UpdateFrom(envConfig, config.EnvironmentVariable)
config.UpdateFrom(fileConfig, config.ConfigFile)

The UpdateFrom() method returns an error, but, as a convenience, it also stores the error in config.Err.

Config inheritance

Config from higher-priority sources overrides config from lower-priority sources. The priorities, in increasing order of priority, are:

Default              // Default value of a parameter
DatastoreGlobal      // Cluster-wide config parameters from the datastore.
DatastorePerHost     // Per-host overrides from the datastore.
ConfigFile           // The local config file.
EnvironmentVariable  // Environment variables.

Index

Constants

View Source
const (
	MinIptablesMarkBits = 2
)

Variables

View Source
var (
	// RegexpIfaceElemRegexp matches an individual element in the overall interface list;
	// assumes the value represents a regular expression and is marked by '/' at the start
	// and end and cannot have spaces
	RegexpIfaceElemRegexp = regexp.MustCompile(`^/[^\s]+/$`)
	InterfaceRegex        = regexp.MustCompile("^[a-zA-Z0-9_.-]{1,15}$")
	// NonRegexpIfaceElemRegexp matches an individual element in the overall interface list;
	// assumes the value is between 1-15 chars long and only be alphanumeric or - or _
	NonRegexpIfaceElemRegexp = regexp.MustCompile(`^[a-zA-Z0-9_-]{1,15}$`)
	IfaceListRegexp          = regexp.MustCompile(`^[a-zA-Z0-9_-]{1,15}(,[a-zA-Z0-9_-]{1,15})*$`)
	AuthorityRegexp          = regexp.MustCompile(`^[^:/]+:\d+$`)
	HostnameRegexp           = regexp.MustCompile(`^[a-zA-Z0-9_.-]+$`)
	StringRegexp             = regexp.MustCompile(`^.*$`)
	IfaceParamRegexp         = regexp.MustCompile(`^[a-zA-Z0-9:._+-]{1,15}$`)
	// Hostname  have to be valid ipv4, ipv6 or strings up to 64 characters.
	HostAddressRegexp = regexp.MustCompile(`^[a-zA-Z0-9:._+-]{1,64}$`)
)
View Source
var ConfigGroups = map[string]string{
	"^(Datastore|Typha|Etcd|FelixHostname)": "00 Datastore connection",

	"^Log":                       "00 Process: Logging",
	"^Go":                        "00 Process: Go runtime",
	"^Feature":                   "00 Process: Feature detection/overrides",
	"^Health":                    "00 Process: Health port and timeouts",
	"^Prometheus.*Metrics":       "00 Process: Prometheus metrics",
	"^(Debug|StatsDumpFilePath)": "97 Debug/test-only (generally unsupported)",

	"^(Iptables|Ipsets|KubeNodePortRanges|MaxIpsetSize)": "20 Dataplane: iptables",
	"^Nftables": "21 Dataplane: nftables",
	"^BPF":      "22 Dataplane: eBPF",
	"^Windows":  "23 Dataplane: Windows",
	"^(Openstack|Metadata|EndpointReporting|Reporting)": "25 Dataplane: OpenStack support",
	"^(XDP|GenericXDP)": "25 Dataplane: XDP acceleration for iptables dataplane",

	"^(IPv4|IPv6|)VXLAN": "31 Overlay: VXLAN overlay",
	"^IpInIp":            "32 Overlay: IP-in-IP",
	"^Wireguard":         "33 Overlay: Wireguard",
	"^IPSec":             "34 Overlay: IPSec",

	"^FlowLogs":       "40 Flow logs: file reports",
	"^SyslogReporter": "40 Flow logs: Syslog reports",
	"^(PrometheusReporter|DeletedMetricsRetentionSecs)": "40 Flow logs: Prometheus reports",

	"^DNS":    "50 DNS logs / policy",
	"^L7Logs": "50 L7 logs",

	"^AWS": "60 AWS integration",

	"^Egress":          "70 Egress gateway",
	"^ExternalNetwork": "70 External network support",
	"^Capture":         "80 Packet capture",
	"^TPROXY":          "90 L7 proxy",

	"UsageReporting": "99 Usage reporting",
}
View Source
var GetKubernetesService = realGetKubernetesService

Functions

func LoadConfigFile

func LoadConfigFile(filename string) (map[string]string, error)

func LoadConfigFileData

func LoadConfigFileData(data []byte) (map[string]string, error)

func LoadConfigFromEnvironment

func LoadConfigFromEnvironment(environ []string) map[string]string

LoadConfigFromEnvironment extracts raw config parameters (identified by case-insensitive prefix "felix_") from the given OS environment variables. An environment entry of "FELIX_FOO=bar" is translated to "foo": "bar".

func Params

func Params() map[string]Param

func SafeParamsEqual

func SafeParamsEqual(a any, b any) bool

SafeParamsEqual compares two values drawn from the types of our config fields. For the most part it uses reflect.DeepEquals() but some types (such as regexps and IPs) are handled inline to avoid pitfalls.

Types

type AllowedConfigSources

type AllowedConfigSources string
const (
	AllowedConfigSourcesAll       AllowedConfigSources = "All"
	AllowedConfigSourcesLocalOnly AllowedConfigSources = "LocalOnly"
)

type BoolParam

type BoolParam struct {
	Metadata
}

func (*BoolParam) Parse

func (p *BoolParam) Parse(raw string) (interface{}, error)

func (*BoolParam) SchemaDescription

func (p *BoolParam) SchemaDescription() string

type BoolPtrParam

type BoolPtrParam struct {
	Metadata
}

func (*BoolPtrParam) Parse

func (p *BoolPtrParam) Parse(raw string) (interface{}, error)

func (*BoolPtrParam) SchemaDescription

func (p *BoolPtrParam) SchemaDescription() string

type CIDRListParam

type CIDRListParam struct {
	Metadata
}

func (*CIDRListParam) Parse

func (c *CIDRListParam) Parse(raw string) (result interface{}, err error)

func (*CIDRListParam) SchemaDescription

func (c *CIDRListParam) SchemaDescription() string

type Config

type Config struct {
	// Configuration parameters.
	UseInternalDataplaneDriver bool          `config:"bool;true"`
	DataplaneDriver            string        `config:"file(must-exist,executable);calico-iptables-plugin;non-zero,die-on-fail,skip-default-validation"`
	DataplaneWatchdogTimeout   time.Duration `config:"seconds;90"`

	// Wireguard configuration
	WireguardEnabled               bool          `config:"bool;false"`
	WireguardEnabledV6             bool          `config:"bool;false"`
	WireguardListeningPort         int           `config:"int;51820"`
	WireguardListeningPortV6       int           `config:"int;51821"`
	WireguardRoutingRulePriority   int           `config:"int;99"`
	WireguardInterfaceName         string        `config:"iface-param;wireguard.cali;non-zero"`
	WireguardInterfaceNameV6       string        `config:"iface-param;wg-v6.cali;non-zero"`
	WireguardMTU                   int           `config:"int;0"`
	WireguardMTUV6                 int           `config:"int;0"`
	WireguardHostEncryptionEnabled bool          `config:"bool;false"`
	WireguardPersistentKeepAlive   time.Duration `config:"seconds;0"`
	WireguardThreadingEnabled      bool          `config:"bool;false"`

	// nftables configuration.
	NFTablesMode string `config:"oneof(Enabled,Disabled);Disabled"`

	// BPF configuration.
	BPFEnabled                         bool              `config:"bool;false"`
	BPFDisableUnprivileged             bool              `config:"bool;true"`
	BPFLogLevel                        string            `config:"oneof(off,info,debug);off;non-zero"`
	BPFConntrackLogLevel               string            `config:"oneof(off,debug);off;non-zero"`
	BPFConntrackCleanupMode            string            `config:"oneof(Auto,Userspace,BPFProgram);Auto"`
	BPFLogFilters                      map[string]string `config:"keyvaluelist;;"`
	BPFCTLBLogFilter                   string            `config:"oneof(all);;"`
	BPFDataIfacePattern                *regexp.Regexp    `config:"regexp;^((en|wl|ww|sl|ib)[Popsx].*|(eth|wlan|wwan|bond).*)"`
	BPFL3IfacePattern                  *regexp.Regexp    `config:"regexp;"`
	BPFConnectTimeLoadBalancingEnabled bool              `config:"bool;;"`
	BPFConnectTimeLoadBalancing        string            `config:"oneof(TCP,Enabled,Disabled);TCP;non-zero"`
	BPFHostNetworkedNATWithoutCTLB     string            `config:"oneof(Enabled,Disabled);Enabled;non-zero"`
	BPFExternalServiceMode             string            `config:"oneof(tunnel,dsr);tunnel;non-zero"`
	BPFDSROptoutCIDRs                  []string          `config:"cidr-list;;"`
	BPFKubeProxyIptablesCleanupEnabled bool              `config:"bool;true"`
	BPFKubeProxyMinSyncPeriod          time.Duration     `config:"seconds;1"`
	BPFKubeProxyEndpointSlicesEnabled  bool              `config:"bool;true"`
	BPFExtToServiceConnmark            int               `config:"int;0"`
	BPFPSNATPorts                      numorstring.Port  `config:"portrange;20000:29999"`
	BPFMapSizeNATFrontend              int               `config:"int;65536;non-zero"`
	BPFMapSizeNATBackend               int               `config:"int;262144;non-zero"`
	BPFMapSizeNATAffinity              int               `config:"int;65536;non-zero"`
	BPFMapSizeRoute                    int               `config:"int;262144;non-zero"`
	BPFMapSizeConntrack                int               `config:"int;512000;non-zero"`
	BPFMapSizeConntrackCleanupQueue    int               `config:"int;100000;non-zero"`
	BPFMapSizeIPSets                   int               `config:"int;1048576;non-zero"`
	BPFMapSizeIfState                  int               `config:"int;1000;non-zero"`
	BPFHostConntrackBypass             bool              `config:"bool;false"`
	BPFEnforceRPF                      string            `config:"oneof(Disabled,Strict,Loose);Loose;non-zero"`
	BPFPolicyDebugEnabled              bool              `config:"bool;true"`
	BPFForceTrackPacketsFromIfaces     []string          `config:"iface-filter-slice;docker+"`
	BPFDisableGROForIfaces             *regexp.Regexp    `config:"regexp;"`
	BPFExcludeCIDRsFromNAT             []string          `config:"cidr-list;;"`
	BPFRedirectToPeer                  string            `config:"oneof(Disabled,Enabled,L2Only);L2Only;non-zero"`

	// DebugBPFCgroupV2 controls the cgroup v2 path that we apply the connect-time load balancer to.  Most distros
	// are configured for cgroup v1, which prevents all but the root cgroup v2 from working so this is only useful
	// for development right now.
	DebugBPFCgroupV2 string `config:"string;;local"`
	// DebugBPFMapRepinEnabled can be used to prevent Felix from repinning its BPF maps at startup.  This is useful for
	// testing with multiple Felix instances running on one host.
	DebugBPFMapRepinEnabled bool `config:"bool;false;local"`

	// DatastoreType controls which datastore driver Felix will use.  Typically, this is detected from the environment
	// and it does not need to be set manually. (For example, if `KUBECONFIG` is set, the kubernetes datastore driver
	// will be used by default).
	DatastoreType string `config:"oneof(kubernetes,etcdv3);etcdv3;non-zero,die-on-fail,local"`

	// FelixHostname is the name of this node, used to identify resources in the datastore that belong to this node.
	// Auto-detected from the node's hostname if not provided.
	FelixHostname string `config:"hostname;;local,non-zero"`

	// EtcdAddr: when using the `etcdv3` datastore driver, the etcd server and port to connect to.  If EtcdEndpoints
	// is also specified, it takes precedence.
	EtcdAddr string `config:"authority;127.0.0.1:2379;local"`
	// EtcdAddr: when using the `etcdv3` datastore driver, the URL scheme to use. If EtcdEndpoints
	// is also specified, it takes precedence.
	EtcdScheme string `config:"oneof(http,https);http;local"`
	// EtcdKeyFile: when using the `etcdv3` datastore driver, path to TLS private key file to use when connecting to
	// etcd.  If the key file is specified, the other TLS parameters are mandatory.
	EtcdKeyFile string `config:"file(must-exist);;local"`
	// EtcdCertFile: when using the `etcdv3` datastore driver, path to TLS certificate file to use when connecting to
	// etcd.  If the certificate file is specified, the other TLS parameters are mandatory.
	EtcdCertFile string `config:"file(must-exist);;local"`
	// EtcdCaFile: when using the `etcdv3` datastore driver, path to TLS CA file to use when connecting to
	// etcd.  If the CA file is specified, the other TLS parameters are mandatory.
	EtcdCaFile string `config:"file(must-exist);;local"`
	// EtcdEndpoints: when using the `etcdv3` datastore driver, comma-delimited list of etcd endpoints to connect to,
	// replaces EtcdAddr and EtcdScheme.
	EtcdEndpoints []string `config:"endpoint-list;;local"`

	// TyphaAddr if set, tells Felix to connect to Typha at the given address and port.  Overrides TyphaK8sServiceName.
	TyphaAddr string `config:"authority;;local"`
	// TyphaK8sServiceName if set, tells Felix to connect to Typha by looking up the Endpoints of the given Kubernetes
	// Service in namespace specified by TyphaK8sNamespace.
	TyphaK8sServiceName string `config:"string;;local"`
	// TyphaK8sNamespace namespace to look in when looking for Typha's service (see TyphaK8sServiceName).
	TyphaK8sNamespace string `config:"string;kube-system;non-zero,local"`
	// TyphaReadTimeout read timeout when reading from the Typha connection.  If typha sends no data for this long,
	// Felix will exit and restart.  (Note that Typha sends regular pings so traffic is always expected.)
	TyphaReadTimeout time.Duration `config:"seconds;30;local"`
	// TyphaWriteTimeout write timeout when writing data to Typha.
	TyphaWriteTimeout time.Duration `config:"seconds;10;local"`

	// TyphaKeyFile path to the TLS private key to use when communicating with Typha.  If this parameter is specified,
	// the other TLS parameters must also be specified.
	TyphaKeyFile string `config:"file(must-exist);;local"`
	// TyphaCertFile path to the TLS certificate to use when communicating with Typha.  If this parameter is specified,
	// the other TLS parameters must also be specified.
	TyphaCertFile string `config:"file(must-exist);;local"`
	// TyphaCAFile path to the TLS CA file to use when communicating with Typha.  If this parameter is specified,
	// the other TLS parameters must also be specified.
	TyphaCAFile string `config:"file(must-exist);;local"`
	// TyphaCN Common name to use when authenticating to Typha over TLS. If any TLS parameters are specified then one of
	// TyphaCN and TyphaURISAN must be set.
	TyphaCN string `config:"string;;local"`
	// TyphaURISAN URI SAN to use when authenticating to Typha over TLS. If any TLS parameters are specified then one of
	// TyphaCN and TyphaURISAN must be set.
	TyphaURISAN string `config:"string;;local"`

	Ipv6Support bool `config:"bool;true"`

	IptablesBackend                    string            `config:"oneof(legacy,nft,auto);auto"`
	RouteRefreshInterval               time.Duration     `config:"seconds;90"`
	InterfaceRefreshInterval           time.Duration     `config:"seconds;90"`
	DeviceRouteSourceAddress           net.IP            `config:"ipv4;"`
	DeviceRouteSourceAddressIPv6       net.IP            `config:"ipv6;"`
	DeviceRouteProtocol                int               `config:"int;3"`
	RemoveExternalRoutes               bool              `config:"bool;true"`
	IPForwarding                       string            `config:"oneof(Enabled,Disabled);Enabled"`
	IptablesRefreshInterval            time.Duration     `config:"seconds;180"`
	IptablesPostWriteCheckIntervalSecs time.Duration     `config:"seconds;5"`
	IptablesLockFilePath               string            `config:"file;/run/xtables.lock"`
	IptablesLockTimeoutSecs            time.Duration     `config:"seconds;0"`
	IptablesLockProbeIntervalMillis    time.Duration     `config:"millis;50"`
	FeatureDetectOverride              map[string]string `config:"keyvaluelist;;"`
	FeatureGates                       map[string]string `config:"keyvaluelist;;"`
	IpsetsRefreshInterval              time.Duration     `config:"seconds;90"`
	MaxIpsetSize                       int               `config:"int;1048576;non-zero"`
	XDPRefreshInterval                 time.Duration     `config:"seconds;90"`

	PolicySyncPathPrefix string `config:"file;;"`

	NetlinkTimeoutSecs time.Duration `config:"seconds;10"`

	MetadataAddr string `config:"hostname;127.0.0.1;die-on-fail"`
	MetadataPort int    `config:"int(0:65535);8775;die-on-fail"`

	OpenstackRegion string `config:"region;;die-on-fail"`

	InterfacePrefix  string           `config:"iface-list;cali;non-zero,die-on-fail"`
	InterfaceExclude []*regexp.Regexp `config:"iface-list-regexp;kube-ipvs0"`

	ChainInsertMode             string `config:"oneof(insert,append);insert;non-zero,die-on-fail"`
	DefaultEndpointToHostAction string `config:"oneof(DROP,RETURN,ACCEPT);DROP;non-zero,die-on-fail"`
	IptablesFilterAllowAction   string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"`
	IptablesMangleAllowAction   string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"`
	IptablesFilterDenyAction    string `config:"oneof(DROP,REJECT);DROP;non-zero,die-on-fail"`
	LogPrefix                   string `config:"string;calico-packet"`

	LogFilePath string `config:"file;/var/log/calico/felix.log;die-on-fail"`

	LogSeverityFile   string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"`
	LogSeverityScreen string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"`
	LogSeveritySys    string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"`
	// LogDebugFilenameRegex controls which source code files have their Debug log output included in the logs.
	// Only logs from files with names that match the given regular expression are included.  The filter only applies
	// to Debug level logs.
	LogDebugFilenameRegex *regexp.Regexp `config:"regexp(nil-on-empty);"`

	// Optional: VXLAN encap is now determined by the existing IP pools (Encapsulation struct)
	VXLANEnabled         *bool  `config:"*bool;"`
	VXLANPort            int    `config:"int;4789"`
	VXLANVNI             int    `config:"int;4096"`
	VXLANMTU             int    `config:"int;0"`
	VXLANMTUV6           int    `config:"int;0"`
	IPv4VXLANTunnelAddr  net.IP `config:"ipv4;"`
	IPv6VXLANTunnelAddr  net.IP `config:"ipv6;"`
	VXLANTunnelMACAddr   string `config:"string;"`
	VXLANTunnelMACAddrV6 string `config:"string;"`

	// Optional: IPIP encap is now determined by the existing IP pools (Encapsulation struct)
	IpInIpEnabled    *bool  `config:"*bool;"`
	IpInIpMtu        int    `config:"int;0"`
	IpInIpTunnelAddr net.IP `config:"ipv4;"`

	// Feature enablement.  Can be either "Enabled" or "Disabled".  Note, this governs the
	// programming of NAT mappings derived from Kubernetes pod annotations.  OpenStack floating
	// IPs are always programmed, regardless of this setting.
	FloatingIPs string `config:"oneof(Enabled,Disabled);Disabled"`

	// WindowsManageFirewallRules configures whether or not Felix will program Windows Firewall rules. [Default: Disabled]
	WindowsManageFirewallRules string `config:"oneof(Enabled,Disabled);Disabled"`

	// Knobs provided to explicitly control whether we add rules to drop encap traffic
	// from workloads. We always add them unless explicitly requested not to add them.
	AllowVXLANPacketsFromWorkloads bool `config:"bool;false"`
	AllowIPIPPacketsFromWorkloads  bool `config:"bool;false"`

	AWSSrcDstCheck string `config:"oneof(DoNothing,Enable,Disable);DoNothing;non-zero"`

	ServiceLoopPrevention string `config:"oneof(Drop,Reject,Disabled);Drop"`

	WorkloadSourceSpoofing string `config:"oneof(Disabled,Any);Disabled"`

	ReportingIntervalSecs time.Duration `config:"seconds;30"`
	ReportingTTLSecs      time.Duration `config:"seconds;90"`

	EndpointReportingEnabled   bool          `config:"bool;false"`
	EndpointReportingDelaySecs time.Duration `config:"seconds;1"`

	// EndpointStatusPathPrefix is the path to the directory
	// where endpoint status will be written. Endpoint status
	// file reporting is disabled if field is left empty.
	//
	// Chosen directory should match the directory used by the CNI for PodStartupDelay.
	// [Default: ""]
	EndpointStatusPathPrefix string `config:"file;;"`

	IptablesMarkMask uint32 `config:"mark-bitmask;0xffff0000;non-zero,die-on-fail"`

	DisableConntrackInvalidCheck bool `config:"bool;false"`

	HealthEnabled          bool                     `config:"bool;false"`
	HealthPort             int                      `config:"int(0:65535);9099"`
	HealthHost             string                   `config:"host-address;localhost"`
	HealthTimeoutOverrides map[string]time.Duration `config:"keydurationlist;;"`

	PrometheusMetricsEnabled          bool   `config:"bool;false"`
	PrometheusMetricsHost             string `config:"host-address;"`
	PrometheusMetricsPort             int    `config:"int(0:65535);9091"`
	PrometheusGoMetricsEnabled        bool   `config:"bool;true"`
	PrometheusProcessMetricsEnabled   bool   `config:"bool;true"`
	PrometheusWireGuardMetricsEnabled bool   `config:"bool;true"`

	FailsafeInboundHostPorts  []ProtoPort `config:"port-list;tcp:22,udp:68,tcp:179,tcp:2379,tcp:2380,tcp:5473,tcp:6443,tcp:6666,tcp:6667;die-on-fail"`
	FailsafeOutboundHostPorts []ProtoPort `config:"port-list;udp:53,udp:67,tcp:179,tcp:2379,tcp:2380,tcp:5473,tcp:6443,tcp:6666,tcp:6667;die-on-fail"`

	KubeNodePortRanges []numorstring.Port `config:"portrange-list;30000:32767"`
	NATPortRange       numorstring.Port   `config:"portrange;"`
	NATOutgoingAddress net.IP             `config:"ipv4;"`

	UsageReportingEnabled          bool          `config:"bool;true"`
	UsageReportingInitialDelaySecs time.Duration `config:"seconds;300"`
	UsageReportingIntervalSecs     time.Duration `config:"seconds;86400"`
	ClusterGUID                    string        `config:"string;baddecaf"`
	ClusterType                    string        `config:"string;"`
	CalicoVersion                  string        `config:"string;"`

	ExternalNodesCIDRList []string `config:"cidr-list;;die-on-fail"`

	DebugMemoryProfilePath           string        `config:"file;;"`
	DebugCPUProfilePath              string        `config:"file;/tmp/felix-cpu-<timestamp>.pprof;"`
	DebugDisableLogDropping          bool          `config:"bool;false"`
	DebugSimulateCalcGraphHangAfter  time.Duration `config:"seconds;0"`
	DebugSimulateDataplaneHangAfter  time.Duration `config:"seconds;0"`
	DebugSimulateDataplaneApplyDelay time.Duration `config:"seconds;0"`
	DebugPanicAfter                  time.Duration `config:"seconds;0"`
	DebugSimulateDataRace            bool          `config:"bool;false"`
	// DebugHost is the host to bind the debug server port to.  Only used if DebugPort is non-zero.
	DebugHost string `config:"host-address;localhost"`
	// DebugPort is the port to bind the pprof debug server to or 0 to disable the debug port.
	DebugPort int `config:"int(0:65535);"`

	// Configure where Felix gets its routing information.
	// - workloadIPs: use workload endpoints to construct routes.
	// - calicoIPAM: use IPAM data to construct routes.
	RouteSource string `config:"oneof(WorkloadIPs,CalicoIPAM);CalicoIPAM"`

	// RouteTableRange is deprecated in favor of RouteTableRanges,
	RouteTableRange   idalloc.IndexRange   `config:"route-table-range;;die-on-fail"`
	RouteTableRanges  []idalloc.IndexRange `config:"route-table-ranges;;die-on-fail"`
	RouteSyncDisabled bool                 `config:"bool;false"`

	IptablesNATOutgoingInterfaceFilter string `config:"iface-param;"`

	SidecarAccelerationEnabled bool `config:"bool;false"`
	XDPEnabled                 bool `config:"bool;true"`
	GenericXDPEnabled          bool `config:"bool;false"`

	Variant string `config:"string;Calico"`

	// GoGCThreshold sets the Go runtime's GC threshold.  It is overridden by the GOGC env var if that is also
	// specified. A value of -1 disables GC.
	GoGCThreshold int `config:"int(-1);40"`
	// GoMemoryLimitMB sets the Go runtime's memory limit.  It is overridden by the GOMEMLIMIT env var if that is
	// also specified. A value of -1 disables the limit.
	GoMemoryLimitMB int `config:"int(-1);-1"`
	// GoMaxProcs sets the Go runtime's GOMAXPROCS.  It is overridden by the GOMAXPROCS env var if that is also
	// set. A value of -1 disables the override and uses the runtime default.
	GoMaxProcs int `config:"int(-1);-1"`

	// Configures MTU auto-detection.
	MTUIfacePattern *regexp.Regexp `config:"regexp;^((en|wl|ww|sl|ib)[Pcopsvx].*|(eth|wlan|wwan).*)"`

	// Encapsulation information calculated from IP Pools and FelixConfiguration (VXLANEnabled and IpInIpEnabled)
	Encapsulation Encapsulation

	// NftablesRefreshInterval controls the interval at which Felix periodically refreshes the nftables rules. [Default: 180s]
	NftablesRefreshInterval time.Duration `config:"seconds;180"`

	NftablesFilterAllowAction string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"`
	NftablesMangleAllowAction string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"`
	NftablesFilterDenyAction  string `config:"oneof(DROP,REJECT);DROP;non-zero,die-on-fail"`

	// MarkMask is the mask that Felix selects its nftables Mark bits from. Should be a 32 bit hexadecimal
	// number with at least 8 bits set, none of which clash with any other mark bits in use on the system.
	// [Default: 0xffff0000]
	NftablesMarkMask uint32 `config:"mark-bitmask;0xffff0000;non-zero,die-on-fail"`

	// Err holds the most recent error from a config update.
	Err error
	// contains filtered or unexported fields
}

Config contains the best, parsed config values loaded from the various sources. We use tags to control the parsing and validation.

func FromConfigUpdate

func FromConfigUpdate(msg *proto.ConfigUpdate) *Config

func New

func New() *Config

func (*Config) Copy

func (config *Config) Copy() *Config

Copy makes a copy of the object. Internal state is deep copied but config parameters are only shallow copied. This saves work since updates to the copy will trigger the config params to be recalculated.

func (*Config) DatastoreConfig

func (config *Config) DatastoreConfig() apiconfig.CalicoAPIConfig

func (*Config) FilterAllowAction

func (config *Config) FilterAllowAction() string

func (*Config) FilterDenyAction

func (config *Config) FilterDenyAction() string

func (*Config) InterfacePrefixes

func (config *Config) InterfacePrefixes() []string

func (*Config) IsLeader

func (config *Config) IsLeader() bool

func (*Config) KubernetesProvider

func (config *Config) KubernetesProvider() Provider

KubernetesProvider attempts to parse the kubernetes provider, e.g. AKS out of the ClusterType. The ClusterType is a string which contains a set of comma-separated values in no particular order.

func (*Config) MangleAllowAction

func (config *Config) MangleAllowAction() string

func (*Config) MarkMask

func (config *Config) MarkMask() uint32

func (*Config) OpenstackActive

func (config *Config) OpenstackActive() bool

func (*Config) OverrideParam

func (config *Config) OverrideParam(name, value string) (bool, error)

OverrideParam installs a maximum priority parameter override for the given parameter. This is useful for disabling features that are found to be unsupported, for example. By using an extra priority class, the override will persist even if the host/global config is updated.

func (*Config) RawValues

func (config *Config) RawValues() map[string]string

func (*Config) RouteTableIndices

func (config *Config) RouteTableIndices() []idalloc.IndexRange

RouteTableIndices compares provided args for the deprecated RoutTableRange arg and the newer RouteTableRanges arg, giving precedence to the newer arg if it's explicitly-set

func (*Config) SetLoadClientConfigFromEnvironmentFunction

func (config *Config) SetLoadClientConfigFromEnvironmentFunction(fnc func() (*apiconfig.CalicoAPIConfig, error))

func (*Config) SetUseNodeResourceUpdates

func (config *Config) SetUseNodeResourceUpdates(b bool)

func (*Config) TableRefreshInterval

func (config *Config) TableRefreshInterval() time.Duration

func (*Config) ToConfigUpdate

func (config *Config) ToConfigUpdate() *proto.ConfigUpdate

func (*Config) UpdateFrom

func (config *Config) UpdateFrom(rawData map[string]string, source Source) (changed bool, err error)

UpdateFrom parses and merges the rawData from one particular source into this config object. If there is a config value already loaded from a higher-priority source, then the new value will be ignored (after validation).

func (*Config) UpdateFromConfigUpdate

func (config *Config) UpdateFromConfigUpdate(configUpdate *proto.ConfigUpdate) (changedFields set.Set[string], err error)

func (*Config) UseNodeResourceUpdates

func (config *Config) UseNodeResourceUpdates() bool

func (*Config) Validate

func (config *Config) Validate() (err error)

Validate() performs cross-field validation.

type Encapsulation

type Encapsulation struct {
	IPIPEnabled    bool
	VXLANEnabled   bool
	VXLANEnabledV6 bool
}

type EndpointListParam

type EndpointListParam struct {
	Metadata
}

func (*EndpointListParam) Parse

func (p *EndpointListParam) Parse(raw string) (result interface{}, err error)

func (*EndpointListParam) SchemaDescription

func (p *EndpointListParam) SchemaDescription() string

type FieldInfo

type FieldInfo struct {
	Group               string
	GroupWithSortPrefix string

	// NameConfigFile is the name of the parameter in the Felix configuration INI file.
	NameConfigFile string
	// NameEnvVar is the name of the environment variable that can be used to set the parameter.
	// Env vars use the config file string format, the name of the env var is case-insensitive.
	NameEnvVar string
	// NameYAML is the name of the field in the FelixConfiguration CustomResource.
	NameYAML string
	// NameGoAPI is the name of the field in the FelixConfiguration v3 Go API structs.
	NameGoAPI string

	// StringSchema is a description of the parameter's format when expressed
	// as a string in the config file or environment variable.  This sometimes
	// differs from the format of the FelixConfiguration field.  For example,
	// Felix may require a comma-delimited list in the env var, but the YAML
	// can represent a list natively.
	StringSchema     string
	StringSchemaHTML string

	// StringDefault is the default value for the parameter in Felix's string
	// format.  This is Felix's baseline default value if the configuration is
	// not set by config file, env var, or FelixConfiguration resource. Note
	// that The operator may apply environment-specific defaults to the
	// FelixConfiguration, making it appear that the default value is different
	// in a particular environment.
	StringDefault string
	// ParsedDefault is the result of parsing StringDefault and pretty-printing
	// it.  For example, the String default for a duration field might be "90",
	// meaning 90 seconds.  That would be converted to a time.Duration, which
	// would pretty-print as "1m30s".
	ParsedDefault string
	// JSON encoding of the ParsedDefault value.
	ParsedDefaultJSON string
	// ParsedType is the type of the field in the Config struct; the type of
	// the ParsedDefault value.
	ParsedType string

	// YAMLType is the type of the field in the FelixConfiguration YAML.
	YAMLType string
	// YAMLSchema is a description of the parameter's format when expressed in
	// YAML in the FelixConfiguration.
	YAMLSchema     string
	YAMLEnumValues []string
	YAMLSchemaHTML string

	// YAMLDefault is the default value for the parameter in FelixConfiguration
	// YAML.
	YAMLDefault string

	// Required is true if the parameter must be set for felix to start.
	Required bool
	// OnParseFailure is the action that Felix takes if the value is invalid.
	// Typically, Felix replaces the value with the default, but some important
	// fields trigger Felix to exit.
	OnParseFailure ParseFailureAction
	// AllowedConfigSources indicates where Felix will accept the
	// configuration from.  For example, datastore-related fields must be set
	// locally, they cannot come from the datastore.
	AllowedConfigSources AllowedConfigSources

	// Description is a human-readable description of the parameter, largely
	// derived from the CRD.
	Description     string
	DescriptionHTML string

	// UserEditable is true if the parameter is intended to be set by the user.
	// Some fields are auto-populated from the cluster or node identity.  They
	// are "config" to Felix, but they are set by another component.
	UserEditable bool

	// GoType is the type of the field in the FelixConfiguration Go API structs.
	GoType string
}

FieldInfo contains metadata about a Felix configuration parameter, including both the config package representation and the v3 API representation.

func CombinedFieldInfo

func CombinedFieldInfo() ([]*FieldInfo, error)

CombinedFieldInfo loads the metadata for Felix's configuration parameters. it combines the metadata from Felix's config package with the metadata from the v3 API structs.

type FileParam

type FileParam struct {
	Metadata
	MustExist  bool
	Executable bool
}

func (*FileParam) Parse

func (p *FileParam) Parse(raw string) (interface{}, error)

func (*FileParam) SchemaDescription

func (p *FileParam) SchemaDescription() string

type FloatParam

type FloatParam struct {
	Metadata
}

func (*FloatParam) Parse

func (p *FloatParam) Parse(raw string) (result interface{}, err error)

func (*FloatParam) SchemaDescription

func (p *FloatParam) SchemaDescription() string

type Int32Param

type Int32Param struct {
	Metadata
}

func (*Int32Param) Parse

func (p *Int32Param) Parse(raw string) (interface{}, error)

func (*Int32Param) SchemaDescription

func (p *Int32Param) SchemaDescription() string

type IntParam

type IntParam struct {
	Metadata
	Ranges []MinMax
}

func (*IntParam) Parse

func (p *IntParam) Parse(raw string) (interface{}, error)

func (*IntParam) SchemaDescription

func (p *IntParam) SchemaDescription() string

type Ipv4Param

type Ipv4Param struct {
	Metadata
}

func (*Ipv4Param) Parse

func (p *Ipv4Param) Parse(raw string) (result interface{}, err error)

func (*Ipv4Param) SchemaDescription

func (p *Ipv4Param) SchemaDescription() string

type Ipv6Param

type Ipv6Param struct {
	Metadata
}

func (*Ipv6Param) Parse

func (p *Ipv6Param) Parse(raw string) (result interface{}, err error)

func (*Ipv6Param) SchemaDescription

func (p *Ipv6Param) SchemaDescription() string

type KeyDurationListParam

type KeyDurationListParam struct {
	Metadata
}

func (*KeyDurationListParam) Parse

func (p *KeyDurationListParam) Parse(raw string) (result interface{}, err error)

func (*KeyDurationListParam) SchemaDescription

func (p *KeyDurationListParam) SchemaDescription() string

type KeyValueListParam

type KeyValueListParam struct {
	Metadata
}

func (*KeyValueListParam) Parse

func (p *KeyValueListParam) Parse(raw string) (result interface{}, err error)

func (*KeyValueListParam) SchemaDescription

func (p *KeyValueListParam) SchemaDescription() string

type MarkBitmaskParam

type MarkBitmaskParam struct {
	Metadata
}

func (*MarkBitmaskParam) Parse

func (p *MarkBitmaskParam) Parse(raw string) (interface{}, error)

func (*MarkBitmaskParam) SchemaDescription

func (p *MarkBitmaskParam) SchemaDescription() string

type Metadata

type Metadata struct {
	Name              string
	Type              string
	DefaultString     string
	Default           interface{}
	ZeroValue         interface{}
	NonZero           bool
	DieOnParseFailure bool
	Local             bool
}

func (*Metadata) GetMetadata

func (m *Metadata) GetMetadata() *Metadata

type MillisParam

type MillisParam struct {
	Metadata
}

func (*MillisParam) Parse

func (p *MillisParam) Parse(raw string) (result interface{}, err error)

func (*MillisParam) SchemaDescription

func (p *MillisParam) SchemaDescription() string

type MinMax

type MinMax struct {
	Min int
	Max int
}

type OneofListParam

type OneofListParam struct {
	Metadata
	// contains filtered or unexported fields
}

func (*OneofListParam) Parse

func (p *OneofListParam) Parse(raw string) (result interface{}, err error)

func (*OneofListParam) SchemaDescription

func (p *OneofListParam) SchemaDescription() string

type Param

type Param interface {
	GetMetadata() *Metadata
	Parse(raw string) (result interface{}, err error)

	SchemaDescription() string
	// contains filtered or unexported methods
}

type ParseFailureAction

type ParseFailureAction string
const (
	ParseFailureActionExit               ParseFailureAction = "Exit"
	ParseFailureActionReplaceWithDefault ParseFailureAction = "ReplaceWithDefault"
)

type PortListParam

type PortListParam struct {
	Metadata
}

func (*PortListParam) Parse

func (p *PortListParam) Parse(raw string) (interface{}, error)

func (*PortListParam) SchemaDescription

func (p *PortListParam) SchemaDescription() string

type PortRangeListParam

type PortRangeListParam struct {
	Metadata
}

func (*PortRangeListParam) Parse

func (p *PortRangeListParam) Parse(raw string) (interface{}, error)

func (*PortRangeListParam) SchemaDescription

func (p *PortRangeListParam) SchemaDescription() string

type PortRangeParam

type PortRangeParam struct {
	Metadata
}

func (*PortRangeParam) Parse

func (p *PortRangeParam) Parse(raw string) (interface{}, error)

func (*PortRangeParam) SchemaDescription

func (p *PortRangeParam) SchemaDescription() string

type ProtoPort

type ProtoPort = v3.ProtoPort

ProtoPort aliases the v3 type so that we pick up its JSON encoding, which is used by the documentation generator.

type Provider

type Provider uint8

Provider represents a particular provider or flavor of Kubernetes.

const (
	ProviderNone Provider = iota
	ProviderEKS
	ProviderGKE
	ProviderAKS
	ProviderOpenShift
	ProviderDockerEE
)

func (Provider) String

func (p Provider) String() string

type RegexpParam

type RegexpParam struct {
	Metadata
	Regexp *regexp.Regexp
	Msg    string
}

func (*RegexpParam) Parse

func (p *RegexpParam) Parse(raw string) (result interface{}, err error)

func (*RegexpParam) SchemaDescription

func (p *RegexpParam) SchemaDescription() string

type RegexpPatternListParam

type RegexpPatternListParam struct {
	Metadata
	RegexpElemRegexp    *regexp.Regexp
	NonRegexpElemRegexp *regexp.Regexp
	Delimiter           string
	Msg                 string
	Schema              string
}

RegexpPatternListParam differs from RegexpParam (above) in that it validates string values that are (themselves) regular expressions.

func (*RegexpPatternListParam) Parse

func (p *RegexpPatternListParam) Parse(raw string) (interface{}, error)

Parse validates whether the given raw string contains a list of valid values. Validation is dictated by two regexp patterns: one for valid regular expression values, another for non-regular expressions.

func (*RegexpPatternListParam) SchemaDescription

func (p *RegexpPatternListParam) SchemaDescription() string

type RegexpPatternParam

type RegexpPatternParam struct {
	Metadata
	Flags []string
}

RegexpPatternParam differs from RegexpParam (above) in that it validates string values that are (themselves) regular expressions.

func (*RegexpPatternParam) Parse

func (p *RegexpPatternParam) Parse(raw string) (interface{}, error)

Parse validates whether the given raw string contains a valid regexp pattern.

func (*RegexpPatternParam) SchemaDescription

func (p *RegexpPatternParam) SchemaDescription() string

type RegionParam

type RegionParam struct {
	Metadata
}

func (*RegionParam) Parse

func (r *RegionParam) Parse(raw string) (result interface{}, err error)

func (*RegionParam) SchemaDescription

func (r *RegionParam) SchemaDescription() string

type RouteTableRangeParam

type RouteTableRangeParam struct {
	Metadata
}

func (*RouteTableRangeParam) Parse

func (p *RouteTableRangeParam) Parse(raw string) (result interface{}, err error)

func (*RouteTableRangeParam) SchemaDescription

func (p *RouteTableRangeParam) SchemaDescription() string

type RouteTableRangesParam

type RouteTableRangesParam struct {
	Metadata
}

func (*RouteTableRangesParam) Parse

func (p *RouteTableRangesParam) Parse(raw string) (result interface{}, err error)

func (*RouteTableRangesParam) SchemaDescription

func (p *RouteTableRangesParam) SchemaDescription() string

type SecondsParam

type SecondsParam struct {
	Metadata
	Min int
	Max int
}

func (*SecondsParam) Parse

func (p *SecondsParam) Parse(raw string) (result interface{}, err error)

func (*SecondsParam) SchemaDescription

func (p *SecondsParam) SchemaDescription() string

type ServerListParam

type ServerListParam struct {
	Metadata
}

func (*ServerListParam) Parse

func (c *ServerListParam) Parse(raw string) (result interface{}, err error)

func (*ServerListParam) SchemaDescription

func (c *ServerListParam) SchemaDescription() string

type ServerPort

type ServerPort struct {
	IP   string
	Port uint16
}

type Source

type Source uint8

Source of a config value. Values from higher-numbered sources override those from lower-numbered sources. Note: some parameters (such as those needed to connect to the datastore) can only be set from a local source.

const (
	Default Source = iota
	DatastoreGlobal
	DatastorePerHost
	ConfigFile
	EnvironmentVariable
	InternalOverride
)

func (Source) Local

func (source Source) Local() bool

func (Source) String

func (source Source) String() string

type StringSliceParam

type StringSliceParam struct {
	Metadata
	ValidationRegex *regexp.Regexp
}

func (*StringSliceParam) Parse

func (p *StringSliceParam) Parse(raw string) (result interface{}, err error)

func (*StringSliceParam) SchemaDescription

func (p *StringSliceParam) SchemaDescription() string

type StructInfo

type StructInfo struct {
	GoName       string
	YAMLName     string
	V1Name       string
	GoType       string
	GoValidation string
}

type YAMLInfo

type YAMLInfo struct {
	YAMLName    string
	Description string
	Schema      string
	GoName      string
	GoType      string
	V1Name      string
	YAMLType    string
	EnumValues  []string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL