config

package
v1.32.0-alpha.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 17, 2024 License: Apache-2.0 Imports: 5 Imported by: 193

Documentation

Index

Constants

View Source
const GroupName = "kubeproxy.config.k8s.io"

GroupName is the group name used in this package

View Source
const NodePortAddressesPrimary string = "primary"

NodePortAddressesPrimary is a special value for NodePortAddresses indicating that it should only use the primary node IPs.

Variables

View Source
var (
	// SchemeBuilder is the scheme builder with scheme init functions to run for this API package
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	// AddToScheme is a global function that registers this API group & version to a scheme
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}

SchemeGroupVersion is group version used to register these objects

Functions

This section is empty.

Types

type DetectLocalConfiguration added in v1.24.0

type DetectLocalConfiguration struct {
	// bridgeInterface is a bridge interface name. When DetectLocalMode is set to
	// LocalModeBridgeInterface, kube-proxy will consider traffic to be local if
	// it originates from this bridge.
	BridgeInterface string
	// clusterCIDRs is the dual-stack list of CIDR ranges of the pods in the cluster. When
	// DetectLocalMode is set to LocalModeClusterCIDR, kube-proxy will consider
	// traffic to be local if its source IP is in the range of any given CIDR.
	ClusterCIDRs []string
	// interfaceNamePrefix is an interface name prefix. When DetectLocalMode is set to
	// LocalModeInterfaceNamePrefix, kube-proxy will consider traffic to be local if
	// it originates from any interface whose name begins with this prefix.
	InterfaceNamePrefix string
}

DetectLocalConfiguration contains optional settings related to DetectLocalMode option

func (*DetectLocalConfiguration) DeepCopy added in v1.24.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DetectLocalConfiguration.

func (*DetectLocalConfiguration) DeepCopyInto added in v1.24.0

func (in *DetectLocalConfiguration) DeepCopyInto(out *DetectLocalConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubeProxyConfiguration

type KubeProxyConfiguration struct {
	metav1.TypeMeta

	// linux contains Linux-related configuration options.
	Linux KubeProxyLinuxConfiguration

	// windows contains Windows-related configuration options.
	Windows KubeProxyWindowsConfiguration

	// featureGates is a map of feature names to bools that enable or disable alpha/experimental features.
	FeatureGates map[string]bool

	// clientConnection specifies the kubeconfig file and client connection settings for the proxy
	// server to use when communicating with the apiserver.
	ClientConnection componentbaseconfig.ClientConnectionConfiguration
	// logging specifies the options of logging.
	// Refer to [Logs Options](https://github.com/kubernetes/component-base/blob/master/logs/options.go)
	// for more information.
	Logging logsapi.LoggingConfiguration

	// hostnameOverride, if non-empty, will be used as the name of the Node that
	// kube-proxy is running on. If unset, the node name is assumed to be the same as
	// the node's hostname.
	HostnameOverride string
	// bindAddress can be used to override kube-proxy's idea of what its node's
	// primary IP is. Note that the name is a historical artifact, and kube-proxy does
	// not actually bind any sockets to this IP.
	BindAddress string
	// healthzBindAddresses is a list of CIDR ranges that contains a valid node IP on which
	// the healthz server will be served on, defaulting to [ "0.0.0.0/0", "::/0" ].
	HealthzBindAddresses []string
	// healthzBindPort is the port on which healthz server will be exposed, defaulting to 10256.
	HealthzBindPort int32
	// metricsBindAddresses is a list of CIDR ranges that contains a valid node IP on which
	// the metrics server will be served on, defaulting to [ "127.0.0.0/8", "::1/128" ].
	MetricsBindAddresses []string
	// metricsBindPort is the port on which metrics server will be exposed, defaulting to 10249.
	MetricsBindPort int32
	// bindAddressHardFail, if true, tells kube-proxy to treat failure to bind to a
	// port as fatal and exit
	BindAddressHardFail bool
	// enableProfiling enables profiling via web interface on /debug/pprof handler.
	// Profiling handlers will be handled by metrics server.
	EnableProfiling bool
	// showHiddenMetricsForVersion is the version for which you want to show hidden metrics.
	ShowHiddenMetricsForVersion string

	// mode specifies which proxy mode to use.
	Mode ProxyMode
	// iptables contains iptables-related configuration options.
	IPTables KubeProxyIPTablesConfiguration
	// ipvs contains ipvs-related configuration options.
	IPVS KubeProxyIPVSConfiguration
	// winkernel contains winkernel-related configuration options.
	Winkernel KubeProxyWinkernelConfiguration
	// nftables contains nftables-related configuration options.
	NFTables KubeProxyNFTablesConfiguration

	// detectLocalMode determines mode to use for detecting local traffic, defaults to LocalModeClusterCIDR
	DetectLocalMode LocalMode
	// detectLocal contains optional configuration settings related to DetectLocalMode.
	DetectLocal DetectLocalConfiguration

	// nodePortAddresses is a list of CIDR ranges that contain valid node IPs, or
	// alternatively, the single string 'primary'. If set to a list of CIDRs,
	// connections to NodePort services will only be accepted on node IPs in one of
	// the indicated ranges. If set to 'primary', NodePort services will only be
	// accepted on the node's primary IPv4 and/or IPv6 address according to the Node
	// object. If unset, NodePort connections will be accepted on all local IPs.
	NodePortAddresses []string

	// syncPeriod is an interval (e.g. '5s', '1m', '2h22m') indicating how frequently
	// various re-synchronizing and cleanup operations are performed. Must be greater
	// than 0.
	SyncPeriod metav1.Duration
	// minSyncPeriod is the minimum period between proxier rule resyncs (e.g. '5s',
	// '1m', '2h22m'). A value of 0 means every Service or EndpointSlice change will
	// result in an immediate proxier resync.
	MinSyncPeriod metav1.Duration
	// configSyncPeriod is how often configuration from the apiserver is refreshed. Must be greater
	// than 0.
	ConfigSyncPeriod metav1.Duration
}

KubeProxyConfiguration contains everything necessary to configure the Kubernetes proxy server.

func (*KubeProxyConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyConfiguration.

func (*KubeProxyConfiguration) DeepCopyInto

func (in *KubeProxyConfiguration) DeepCopyInto(out *KubeProxyConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*KubeProxyConfiguration) DeepCopyObject

func (in *KubeProxyConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type KubeProxyConntrackConfiguration

type KubeProxyConntrackConfiguration struct {
	// maxPerCore is the maximum number of NAT connections to track
	// per CPU core (0 to leave the limit as-is and ignore min).
	MaxPerCore *int32
	// min is the minimum value of connect-tracking records to allocate,
	// regardless of maxPerCore (set maxPerCore=0 to leave the limit as-is).
	Min *int32
	// tcpEstablishedTimeout is how long an idle TCP connection will be kept open
	// (e.g. '2s').  Must be greater than 0 to set.
	TCPEstablishedTimeout *metav1.Duration
	// tcpCloseWaitTimeout is how long an idle conntrack entry
	// in CLOSE_WAIT state will remain in the conntrack
	// table. (e.g. '60s'). Must be greater than 0 to set.
	TCPCloseWaitTimeout *metav1.Duration
	// tcpBeLiberal, if true, kube-proxy will configure conntrack
	// to run in liberal mode for TCP connections and packets with
	// out-of-window sequence numbers won't be marked INVALID.
	TCPBeLiberal bool
	// udpTimeout is how long an idle UDP conntrack entry in
	// UNREPLIED state will remain in the conntrack table
	// (e.g. '30s'). Must be greater than 0 to set.
	UDPTimeout metav1.Duration
	// udpStreamTimeout is how long an idle UDP conntrack entry in
	// ASSURED state will remain in the conntrack table
	// (e.g. '300s'). Must be greater than 0 to set.
	UDPStreamTimeout metav1.Duration
}

KubeProxyConntrackConfiguration contains conntrack settings for the Kubernetes proxy server.

func (*KubeProxyConntrackConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyConntrackConfiguration.

func (*KubeProxyConntrackConfiguration) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubeProxyIPTablesConfiguration

type KubeProxyIPTablesConfiguration struct {
	// masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using
	// the iptables or ipvs proxy mode. Values must be within the range [0, 31].
	MasqueradeBit *int32
	// localhostNodePorts, if false, tells kube-proxy to disable the legacy behavior
	// of allowing NodePort services to be accessed via localhost. (Applies only to
	// iptables mode and IPv4; localhost NodePorts are never allowed with other proxy
	// modes or with IPv6.)
	LocalhostNodePorts *bool
}

KubeProxyIPTablesConfiguration contains iptables-related configuration details for the Kubernetes proxy server.

func (*KubeProxyIPTablesConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyIPTablesConfiguration.

func (*KubeProxyIPTablesConfiguration) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubeProxyIPVSConfiguration

type KubeProxyIPVSConfiguration struct {
	// scheduler is the IPVS scheduler to use
	Scheduler string
	// excludeCIDRs is a list of CIDRs which the ipvs proxier should not touch
	// when cleaning up ipvs services.
	ExcludeCIDRs []string
	// strictARP configures arp_ignore and arp_announce to avoid answering ARP queries
	// from kube-ipvs0 interface
	StrictARP bool
	// tcpTimeout is the timeout value used for idle IPVS TCP sessions.
	// The default value is 0, which preserves the current timeout value on the system.
	TCPTimeout metav1.Duration
	// tcpFinTimeout is the timeout value used for IPVS TCP sessions after receiving a FIN.
	// The default value is 0, which preserves the current timeout value on the system.
	TCPFinTimeout metav1.Duration
	// udpTimeout is the timeout value used for IPVS UDP packets.
	// The default value is 0, which preserves the current timeout value on the system.
	UDPTimeout metav1.Duration
}

KubeProxyIPVSConfiguration contains ipvs-related configuration details for the Kubernetes proxy server.

func (*KubeProxyIPVSConfiguration) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyIPVSConfiguration.

func (*KubeProxyIPVSConfiguration) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubeProxyLinuxConfiguration added in v1.31.0

type KubeProxyLinuxConfiguration struct {
	// conntrack contains conntrack-related configuration options.
	Conntrack KubeProxyConntrackConfiguration
	// masqueradeAll tells kube-proxy to SNAT all traffic sent to Service cluster IPs. This may
	// be required with some CNI plugins.
	MasqueradeAll bool
	// oomScoreAdj is the oom-score-adj value for kube-proxy process. Values must be within
	// the range [-1000, 1000]
	OOMScoreAdj *int32
}

KubeProxyLinuxConfiguration contains Linux platform related configuration details for the Kubernetes proxy server that aren't specific to a particular backend.

func (*KubeProxyLinuxConfiguration) DeepCopy added in v1.31.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyLinuxConfiguration.

func (*KubeProxyLinuxConfiguration) DeepCopyInto added in v1.31.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubeProxyNFTablesConfiguration added in v1.29.0

type KubeProxyNFTablesConfiguration struct {
	// masqueradeBit is the bit of the iptables fwmark space to use for SNAT if using
	// the nftables proxy mode. Values must be within the range [0, 31].
	MasqueradeBit *int32
}

KubeProxyNFTablesConfiguration contains nftables-related configuration details for the Kubernetes proxy server.

func (*KubeProxyNFTablesConfiguration) DeepCopy added in v1.29.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyNFTablesConfiguration.

func (*KubeProxyNFTablesConfiguration) DeepCopyInto added in v1.29.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubeProxyWindowsConfiguration added in v1.31.0

type KubeProxyWindowsConfiguration struct {
	// runAsService, if true, enables Windows service control manager API integration.
	RunAsService bool
}

KubeProxyWindowsConfiguration contains Windows platform related configuration details for the Kubernetes proxy server that aren't specific to a particular backend

func (*KubeProxyWindowsConfiguration) DeepCopy added in v1.31.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyWindowsConfiguration.

func (*KubeProxyWindowsConfiguration) DeepCopyInto added in v1.31.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KubeProxyWinkernelConfiguration added in v1.14.0

type KubeProxyWinkernelConfiguration struct {
	// networkName is the name of the network kube-proxy will use
	// to create endpoints and policies
	NetworkName string
	// sourceVip is the IP address of the source VIP endpoint used for
	// NAT when loadbalancing
	SourceVip string
	// enableDSR tells kube-proxy whether HNS policies should be created
	// with DSR
	EnableDSR bool
	// rootHnsEndpointName is the name of hnsendpoint that is attached to
	// l2bridge for root network namespace
	RootHnsEndpointName string
	// forwardHealthCheckVip forwards service VIP for health check port on
	// Windows
	ForwardHealthCheckVip bool
}

KubeProxyWinkernelConfiguration contains Windows/HNS settings for the Kubernetes proxy server.

func (*KubeProxyWinkernelConfiguration) DeepCopy added in v1.14.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxyWinkernelConfiguration.

func (*KubeProxyWinkernelConfiguration) DeepCopyInto added in v1.14.0

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LocalMode added in v1.18.0

type LocalMode string

LocalMode represents modes to detect local traffic from the node

const (
	LocalModeClusterCIDR         LocalMode = "ClusterCIDR"
	LocalModeNodeCIDR            LocalMode = "NodeCIDR"
	LocalModeBridgeInterface     LocalMode = "BridgeInterface"
	LocalModeInterfaceNamePrefix LocalMode = "InterfaceNamePrefix"
)

Currently supported modes for LocalMode

func (*LocalMode) Set added in v1.18.0

func (m *LocalMode) Set(s string) error

func (*LocalMode) String added in v1.18.0

func (m *LocalMode) String() string

func (*LocalMode) Type added in v1.18.0

func (m *LocalMode) Type() string

type ProxyMode

type ProxyMode string

ProxyMode represents modes used by the Kubernetes proxy server.

Currently, three modes of proxy are available on Linux platforms: 'iptables', 'ipvs', and 'nftables'. One mode of proxy is available on Windows platforms: 'kernelspace'.

If the proxy mode is unspecified, the best-available proxy mode will be used (currently this is `iptables` on Linux and `kernelspace` on Windows). If the selected proxy mode cannot be used (due to lack of kernel support, missing userspace components, etc) then kube-proxy will exit with an error.

const (
	ProxyModeIPTables    ProxyMode = "iptables"
	ProxyModeIPVS        ProxyMode = "ipvs"
	ProxyModeNFTables    ProxyMode = "nftables"
	ProxyModeKernelspace ProxyMode = "kernelspace"
)

func (*ProxyMode) Set

func (m *ProxyMode) Set(s string) error

func (*ProxyMode) String

func (m *ProxyMode) String() string

func (*ProxyMode) Type

func (m *ProxyMode) Type() string

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL