Documentation
¶
Index ¶
Constants ¶
View Source
const ( // CNPNodeStatusGCInterval is the GC interval for nodes which have been // removed from the cluster in CiliumNetworkPolicy and // CiliumClusterwideNetworkPolicy Status. CNPNodeStatusGCInterval = "cnp-node-status-gc-interval" // CNPStatusUpdateInterval is the interval between status updates // being sent to the K8s apiserver for a given CNP. CNPStatusUpdateInterval = "cnp-status-update-interval" // EnableCEPGC enables CiliumEndpoint garbage collector // Deprecated: use EndpointGCInterval and remove in 1.9 EnableCEPGC = "cilium-endpoint-gc" // EnableCCNPNodeStatusGC enables CiliumClusterwideNetworkPolicy Status // garbage collection for nodes which have been removed from the cluster // Deprecated: use CNPNodeStatusGCInterval and remove in 1.9 EnableCCNPNodeStatusGC = "ccnp-node-status-gc" // EnableCNPNodeStatusGC enables CiliumNetworkPolicy Status garbage // collection for nodes which have been removed from the cluster // Deprecated: use CNPNodeStatusGCInterval and remove in 1.9 EnableCNPNodeStatusGC = "cnp-node-status-gc" // EnableMetrics enables prometheus metrics. EnableMetrics = "enable-metrics" // EndpointGCInterval is the interval between attempts of the CEP GC // controller. // Note that only one node per cluster should run this, and most iterations // will simply return. EndpointGCInterval = "cilium-endpoint-gc-interval" // IdentityGCInterval is the interval in which allocator identities are // attempted to be expired from the kvstore IdentityGCInterval = "identity-gc-interval" // IdentityGCRateInterval is the interval used for rate limiting the GC of // identities. IdentityGCRateInterval = "identity-gc-rate-interval" // IdentityGCRateLimit is the maximum identities used for rate limiting the // GC of identities. IdentityGCRateLimit = "identity-gc-rate-limit" // IdentityHeartbeatTimeout is the timeout used to GC identities from k8s IdentityHeartbeatTimeout = "identity-heartbeat-timeout" // NodesGCInterval is the duration for which the nodes are GC in the KVStore. NodesGCInterval = "nodes-gc-interval" // OperatorAPIServeAddr IP:Port on which to serve api requests in // operator (pass ":Port" to bind on all interfaces, "" is off) OperatorAPIServeAddr = "operator-api-serve-addr" // OperatorPrometheusServeAddr IP:Port on which to serve prometheus // metrics (pass ":Port" to bind on all interfaces, "" is off). OperatorPrometheusServeAddr = "operator-prometheus-serve-addr" // SyncK8sServices synchronizes k8s services into the kvstore SyncK8sServices = "synchronize-k8s-services" // SyncK8sNodes synchronizes k8s nodes into the kvstore SyncK8sNodes = "synchronize-k8s-nodes" // UnmanagedPodWatcherInterval is the interval to check for unmanaged kube-dns pods (0 to disable) UnmanagedPodWatcherInterval = "unmanaged-pod-watcher-interval" // AWSClientBurstDeprecated is the deprecated version of IPAMAPIBurst and will be rewmoved in v1.9 AWSClientBurstDeprecated = "aws-client-burst" // AWSClientQPSLimitDeprecated is the deprecated version of IPAMAPIQPSLimit and will be removed in v1.9 AWSClientQPSLimitDeprecated = "aws-client-qps" // IPAMAPIBurst is the burst value allowed when accessing external IPAM APIs IPAMAPIBurst = "limit-ipam-api-burst" // IPAMAPIQPSLimit is the queries per second limit when accessing external IPAM APIs IPAMAPIQPSLimit = "limit-ipam-api-qps" // IPAMSubnetsIDs are optional subnets IDs used to filter subnets and interfaces listing IPAMSubnetsIDs = "subnet-ids-filter" // IPAMSubnetsTags are optional tags used to filter subnets, and interfaces within those subnets IPAMSubnetsTags = "subnet-tags-filter" // IPAMOperatorV4CIDR is the cluster IPv4 podCIDR that should be used to // allocate pods in the node. IPAMOperatorV4CIDR = "cluster-pool-ipv4-cidr" // IPAMOperatorV6CIDR is the cluster IPv6 podCIDR that should be used to // allocate pods in the node. IPAMOperatorV6CIDR = "cluster-pool-ipv6-cidr" // NodeCIDRMaskSizeIPv4 is the IPv4 podCIDR mask size that will be used // per node. NodeCIDRMaskSizeIPv4 = "cluster-pool-ipv4-mask-size" // NodeCIDRMaskSizeIPv6 is the IPv6 podCIDR mask size that will be used // per node. NodeCIDRMaskSizeIPv6 = "cluster-pool-ipv6-mask-size" // AWSInstanceLimitMapping allows overwirting AWS instance limits defined in // pkg/aws/eni/limits.go // e.g. {"a1.medium": "2,4,4", "a2.custom2": "4,5,6"} AWSInstanceLimitMapping = "aws-instance-limit-mapping" // AWSReleaseExcessIPs allows releasing excess free IP addresses from ENI. // Enabling this option reduces waste of IP addresses but may increase // the number of API calls to AWS EC2 service. AWSReleaseExcessIPs = "aws-release-excess-ips" // ENITags are the tags that will be added to every ENI created by the // AWS ENI IPAM. ENITags = "eni-tags" // ENIParallelWorkersDeprecated is the deprecated name of the option // ParallelAllocWorkers that can be removed in Cilium 1.9 ENIParallelWorkersDeprecated = "eni-parallel-workers" // ParallelAllocWorkers specifies the number of parallel workers to be used for IPAM allocation ParallelAllocWorkers = "parallel-alloc-workers" // UpdateEC2AdapterLimitViaAPI configures the operator to use the EC2 // API to fill out the instnacetype to adapter limit mapping. UpdateEC2AdapterLimitViaAPI = "update-ec2-apdater-limit-via-api" // EC2APIEndpoint is the custom API endpoint to use for the EC2 AWS service, // e.g. "ec2-fips.us-west-1.amazonaws.com" to use a FIPS endpoint in the us-west-1 region. EC2APIEndpoint = "ec2-api-endpoint" // AzureSubscriptionID is the subscription ID to use when accessing the Azure API AzureSubscriptionID = "azure-subscription-id" // AzureResourceGroup is the resource group of the nodes used for the cluster AzureResourceGroup = "azure-resource-group" // CRDWaitTimeout it the time after which Cilium CRDs have to be available. CRDWaitTimeout = "crd-wait-timeout" // LeaderElectionLeaseDuration is the duration that non-leader candidates will wait to // force acquire leadership LeaderElectionLeaseDuration = "leader-election-lease-duration" // LeaderElectionRenewDeadline is the duration that the current acting master in HA deployment // will retry refreshing leadership before giving up the lock. LeaderElectionRenewDeadline = "leader-election-renew-deadline" // LeaderElectionRetryPeriod is the duration the LeaderElector clients should wait between // tries of the actions in operator HA deployment. LeaderElectionRetryPeriod = "leader-election-retry-period" )
View Source
const ( // EndpointGCIntervalDefault is the default time for the CEP GC EndpointGCIntervalDefault = 5 * time.Minute )
Variables ¶
View Source
var Config = &OperatorConfig{ IPAMSubnetsIDs: make([]string, 0), IPAMSubnetsTags: make(map[string]string), AWSInstanceLimitMapping: make(map[string]string), ENITags: make(map[string]string), }
Config represents the operator configuration.
Functions ¶
This section is empty.
Types ¶
type OperatorConfig ¶
type OperatorConfig struct {
// CNPNodeStatusGCInterval is the GC interval for nodes which have been
// removed from the cluster in CiliumNetworkPolicy and
// CiliumClusterwideNetworkPolicy Status.
CNPNodeStatusGCInterval time.Duration
// CNPStatusUpdateInterval is the interval between status updates
// being sent to the K8s apiserver for a given CNP.
CNPStatusUpdateInterval time.Duration
// EnableCEPGC enables CiliumEndpoint garbage collector
// Deprecated: use EndpointGCInterval and remove in 1.9
EnableCEPGC bool
// EnableCNPNodeStatusGC enables CiliumNetworkPolicy Status garbage collection
// for nodes which have been removed from the cluster
// Deprecated: use CNPNodeStatusGCInterval and remove in 1.9
EnableCNPNodeStatusGC bool
// EnableMetrics enables prometheus metrics.
EnableMetrics bool
// EnableCCNPNodeStatusGC enables CiliumClusterwideNetworkPolicy Status
// garbage collection for nodes which have been removed from the cluster
// Deprecated: use CNPNodeStatusGCInterval and remove in 1.9
EnableCCNPNodeStatusGC bool
// EndpointGCInterval is the interval between attempts of the CEP GC
// controller.
// Note that only one node per cluster should run this, and most iterations
// will simply return.
EndpointGCInterval time.Duration
// IdentityGCInterval is the interval in which allocator identities are
// attempted to be expired from the kvstore
IdentityGCInterval time.Duration
// IdentityGCRateInterval is the interval used for rate limiting the GC of
// identities.
IdentityGCRateInterval time.Duration
// IdentityGCRateLimit is the maximum identities used for rate limiting the
// GC of identities.
IdentityGCRateLimit int64
// IdentityHeartbeatTimeout is the timeout used to GC identities from k8s
IdentityHeartbeatTimeout time.Duration
// NodesGCInterval is the duration for which the nodes are GC in the KVStore.
NodesGCInterval time.Duration
OperatorAPIServeAddr string
OperatorPrometheusServeAddr string
// SyncK8sServices synchronizes k8s services into the kvstore
SyncK8sServices bool
// SyncK8sNodes synchronizes k8s nodes into the kvstore
SyncK8sNodes bool
// UnmanagedPodWatcherInterval is the interval to check for unmanaged kube-dns pods (0 to disable)
UnmanagedPodWatcherInterval int
// IPAMAPIBurst is the burst value allowed when accessing external IPAM APIs
IPAMAPIBurst int
// IPAMAPIQPSLimit is the queries per second limit when accessing external IPAM APIs
IPAMAPIQPSLimit float64
// IPAMSubnetsIDs are optional subnets IDs used to filter subnets and interfaces listing
IPAMSubnetsIDs []string
// IPAMSubnetsTags are optional tags used to filter subnets, and interfaces within those subnets
IPAMSubnetsTags map[string]string
// IPAMOperatorV4CIDR is the cluster IPv4 podCIDR that should be used to
// allocate pods in the node.
IPAMOperatorV4CIDR []string
// IPAMOperatorV6CIDR is the cluster IPv6 podCIDR that should be used to
// allocate pods in the node.
IPAMOperatorV6CIDR []string
// NodeCIDRMaskSizeIPv4 is the IPv4 podCIDR mask size that will be used
// per node.
NodeCIDRMaskSizeIPv4 int
// NodeCIDRMaskSizeIPv6 is the IPv6 podCIDR mask size that will be used
// per node.
NodeCIDRMaskSizeIPv6 int
// ENITags are the tags that will be added to every ENI created by the AWS ENI IPAM
ENITags map[string]string
// ParallelAllocWorkers specifies the number of parallel workers to be used in ENI mode.
ParallelAllocWorkers int64
// AWSInstanceLimitMapping allows overwriting AWS instance limits defined in
// pkg/aws/eni/limits.go
// e.g. {"a1.medium": "2,4,4", "a2.custom2": "4,5,6"}
AWSInstanceLimitMapping map[string]string
// AWSReleaseExcessIps allows releasing excess free IP addresses from ENI.
// Enabling this option reduces waste of IP addresses but may increase
// the number of API calls to AWS EC2 service.
AWSReleaseExcessIPs bool
// UpdateEC2AdapterLimitViaAPI configures the operator to use the EC2 API to fill out the instnacetype to adapter limit mapping
UpdateEC2AdapterLimitViaAPI bool
// EC2APIEndpoint is the custom API endpoint to use for the EC2 AWS service,
// e.g. "ec2-fips.us-west-1.amazonaws.com" to use a FIPS endpoint in the us-west-1 region.
EC2APIEndpoint string
// AzureSubscriptionID is the subscription ID to use when accessing the Azure API
AzureSubscriptionID string
// AzureResourceGroup is the resource group of the nodes used for the cluster
AzureResourceGroup string
// CRDWaitTimeout it the time after which Cilium CRDs have to be available.
CRDWaitTimeout time.Duration
// LeaderElectionLeaseDuration is the duration that non-leader candidates will wait to
// force acquire leadership in Cilium Operator HA deployment.
LeaderElectionLeaseDuration time.Duration
// LeaderElectionRenewDeadline is the duration that the current acting master in HA deployment
// will retry refreshing leadership in before giving up the lock.
LeaderElectionRenewDeadline time.Duration
// LeaderElectionRetryPeriod is the duration that LeaderElector clients should wait between
// retries of the actions in operator HA deployment.
LeaderElectionRetryPeriod time.Duration
}
OperatorConfig is the configuration used by the operator.
func (*OperatorConfig) Populate ¶
func (c *OperatorConfig) Populate()
Populate sets all options with the values from viper.
Source Files
Click to show internal directories.
Click to hide internal directories.