Documentation ¶
Overview ¶
The config package provides config inheritance for Felix.
It supports loading config from various sources, parsing and validating the config and merging the config according to the priority of the sources.
Usage ¶
To use it, create a Config object with:
config.New()
Load some raw config using:
envConfig := config.LoadConfigFromEnvironment() fileConfig, err := config.LoadConfigFile()
Then feed it to the config object:
config.UpdateFrom(envConfig, config.EnvironmentVariable) config.UpdateFrom(fileConfig, config.ConfigFile)
The UpdateFrom() method returns an error, but, as a convenience, it also stores the error in config.Err.
Config inheritance ¶
Config from higher-priority sources overrides config from lower-priority sources. The priorities, in increasing order of priority, are:
Default // Default value of a parameter DatastoreGlobal // Cluster-wide config parameters from the datastore. DatastorePerHost // Per-host overrides from the datastore. ConfigFile // The local config file. EnvironmentVariable // Environment variables.
Index ¶
- Constants
- Variables
- func GetKubernetesService(namespace, svcName string) (*v1.Service, error)
- func LoadConfigFile(filename string) (map[string]string, error)
- func LoadConfigFileData(data []byte) (map[string]string, error)
- func LoadConfigFromEnvironment(environ []string) map[string]string
- type BoolParam
- type CIDRListParam
- type Config
- func (config *Config) DatastoreConfig() apiconfig.CalicoAPIConfig
- func (c *Config) InterfacePrefixes() []string
- func (config *Config) OpenstackActive() bool
- func (config *Config) RawValues() map[string]string
- func (config *Config) UpdateFrom(rawData map[string]string, source Source) (changed bool, err error)
- func (config *Config) Validate() (err error)
- type EndpointListParam
- type FileParam
- type FloatParam
- type Int32Param
- type IntParam
- type Ipv4Param
- type MarkBitmaskParam
- type Metadata
- type MillisParam
- type OneofListParam
- type PortListParam
- type PortRangeListParam
- type PortRangeParam
- type ProtoPort
- type RegexpParam
- type RegexpPatternListParam
- type RegionParam
- type SecondsParam
- type Source
Constants ¶
const ( Default = iota DatastoreGlobal DatastorePerHost ConfigFile EnvironmentVariable )
const (
MinIptablesMarkBits = 2
)
Variables ¶
var ( // RegexpIfaceElemRegexp matches an individual element in the overall interface list; // assumes the value represents a regular expression and is marked by '/' at the start // and end and cannot have spaces RegexpIfaceElemRegexp = regexp.MustCompile(`^\/[^\s]+\/$`) // NonRegexpIfaceElemRegexp matches an individual element in the overall interface list; // assumes the value is between 1-15 chars long and only be alphanumeric or - or _ NonRegexpIfaceElemRegexp = regexp.MustCompile(`^[a-zA-Z0-9_-]{1,15}$`) IfaceListRegexp = regexp.MustCompile(`^[a-zA-Z0-9_-]{1,15}(,[a-zA-Z0-9_-]{1,15})*$`) AuthorityRegexp = regexp.MustCompile(`^[^:/]+:\d+$`) HostnameRegexp = regexp.MustCompile(`^[a-zA-Z0-9_.-]+$`) StringRegexp = regexp.MustCompile(`^.*$`) IfaceParamRegexp = regexp.MustCompile(`^[a-zA-Z0-9:._+-]{1,15}$`) )
var SourcesInDescendingOrder = []Source{EnvironmentVariable, ConfigFile, DatastorePerHost, DatastoreGlobal}
Functions ¶
func GetKubernetesService ¶
func LoadConfigFromEnvironment ¶
LoadConfigFromEnvironment extracts raw config parameters (identified by case-insensitive prefix "felix_") from the given OS environment variables. An environment entry of "FELIX_FOO=bar" is translated to "foo": "bar".
Types ¶
type CIDRListParam ¶
type CIDRListParam struct {
Metadata
}
func (*CIDRListParam) Parse ¶
func (c *CIDRListParam) Parse(raw string) (result interface{}, err error)
type Config ¶
type Config struct { // Configuration parameters. UseInternalDataplaneDriver bool `config:"bool;true"` DataplaneDriver string `config:"file(must-exist,executable);calico-iptables-plugin;non-zero,die-on-fail,skip-default-validation"` DatastoreType string `config:"oneof(kubernetes,etcdv3);etcdv3;non-zero,die-on-fail,local"` FelixHostname string `config:"hostname;;local,non-zero"` EtcdAddr string `config:"authority;127.0.0.1:2379;local"` EtcdScheme string `config:"oneof(http,https);http;local"` EtcdKeyFile string `config:"file(must-exist);;local"` EtcdCertFile string `config:"file(must-exist);;local"` EtcdCaFile string `config:"file(must-exist);;local"` EtcdEndpoints []string `config:"endpoint-list;;local"` TyphaAddr string `config:"authority;;local"` TyphaK8sServiceName string `config:"string;;local"` TyphaK8sNamespace string `config:"string;kube-system;non-zero,local"` TyphaReadTimeout time.Duration `config:"seconds;30;local"` TyphaWriteTimeout time.Duration `config:"seconds;10;local"` // Client-side TLS config for Felix's communication with Typha. If any of these are // specified, they _all_ must be - except that either TyphaCN or TyphaURISAN may be left // unset. Felix will then initiate a secure (TLS) connection to Typha. Typha must present // a certificate signed by a CA in TyphaCAFile, and with CN matching TyphaCN or URI SAN // matching TyphaURISAN. TyphaKeyFile string `config:"file(must-exist);;local"` TyphaCertFile string `config:"file(must-exist);;local"` TyphaCAFile string `config:"file(must-exist);;local"` TyphaCN string `config:"string;;local"` TyphaURISAN string `config:"string;;local"` Ipv6Support bool `config:"bool;true"` IgnoreLooseRPF bool `config:"bool;false"` RouteRefreshInterval time.Duration `config:"seconds;90"` IptablesRefreshInterval time.Duration `config:"seconds;90"` IptablesPostWriteCheckIntervalSecs time.Duration `config:"seconds;1"` IptablesLockFilePath string `config:"file;/run/xtables.lock"` IptablesLockTimeoutSecs time.Duration `config:"seconds;0"` IptablesLockProbeIntervalMillis time.Duration `config:"millis;50"` IpsetsRefreshInterval time.Duration `config:"seconds;10"` MaxIpsetSize int `config:"int;1048576;non-zero"` XDPRefreshInterval time.Duration `config:"seconds;90"` PolicySyncPathPrefix string `config:"file;;"` NetlinkTimeoutSecs time.Duration `config:"seconds;10"` MetadataAddr string `config:"hostname;127.0.0.1;die-on-fail"` MetadataPort int `config:"int(0,65535);8775;die-on-fail"` OpenstackRegion string `config:"region;;die-on-fail"` InterfacePrefix string `config:"iface-list;cali;non-zero,die-on-fail"` InterfaceExclude []*regexp.Regexp `config:"iface-list-regexp;kube-ipvs0"` ChainInsertMode string `config:"oneof(insert,append);insert;non-zero,die-on-fail"` DefaultEndpointToHostAction string `config:"oneof(DROP,RETURN,ACCEPT);DROP;non-zero,die-on-fail"` IptablesFilterAllowAction string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"` IptablesMangleAllowAction string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"` LogPrefix string `config:"string;calico-packet"` LogFilePath string `config:"file;/var/log/calico/felix.log;die-on-fail"` LogSeverityFile string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"` LogSeverityScreen string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"` LogSeveritySys string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"` VXLANEnabled bool `config:"bool;false"` VXLANPort int `config:"int;4789"` VXLANVNI int `config:"int;4096"` VXLANMTU int `config:"int;1410;non-zero"` IPv4VXLANTunnelAddr net.IP `config:"ipv4;"` VXLANTunnelMACAddr string `config:"string;"` IpInIpEnabled bool `config:"bool;false"` IpInIpMtu int `config:"int;1440;non-zero"` IpInIpTunnelAddr net.IP `config:"ipv4;"` ReportingIntervalSecs time.Duration `config:"seconds;30"` ReportingTTLSecs time.Duration `config:"seconds;90"` EndpointReportingEnabled bool `config:"bool;false"` EndpointReportingDelaySecs time.Duration `config:"seconds;1"` IptablesMarkMask uint32 `config:"mark-bitmask;0xffff0000;non-zero,die-on-fail"` DisableConntrackInvalidCheck bool `config:"bool;false"` HealthEnabled bool `config:"bool;false"` HealthPort int `config:"int(0,65535);9099"` HealthHost string `config:"string;localhost"` PrometheusMetricsEnabled bool `config:"bool;false"` PrometheusMetricsPort int `config:"int(0,65535);9091"` PrometheusGoMetricsEnabled bool `config:"bool;true"` PrometheusProcessMetricsEnabled bool `config:"bool;true"` FailsafeInboundHostPorts []ProtoPort `config:"port-list;tcp:22,udp:68,tcp:179,tcp:2379,tcp:2380,tcp:6666,tcp:6667;die-on-fail"` FailsafeOutboundHostPorts []ProtoPort `config:"port-list;udp:53,udp:67,tcp:179,tcp:2379,tcp:2380,tcp:6666,tcp:6667;die-on-fail"` KubeNodePortRanges []numorstring.Port `config:"portrange-list;30000:32767"` NATPortRange numorstring.Port `config:"portrange;"` NATOutgoingAddress net.IP `config:"ipv4;"` UsageReportingEnabled bool `config:"bool;true"` UsageReportingInitialDelaySecs time.Duration `config:"seconds;300"` UsageReportingIntervalSecs time.Duration `config:"seconds;86400"` ClusterGUID string `config:"string;baddecaf"` ClusterType string `config:"string;"` CalicoVersion string `config:"string;"` ExternalNodesCIDRList []string `config:"cidr-list;;die-on-fail"` DebugMemoryProfilePath string `config:"file;;"` DebugCPUProfilePath string `config:"file;/tmp/felix-cpu-<timestamp>.pprof;"` DebugDisableLogDropping bool `config:"bool;false"` DebugSimulateCalcGraphHangAfter time.Duration `config:"seconds;0"` DebugSimulateDataplaneHangAfter time.Duration `config:"seconds;0"` Err error IptablesNATOutgoingInterfaceFilter string `config:"iface-param;"` SockmapEnabled bool `config:"bool;false"` XDPEnabled bool `config:"bool;true"` GenericXDPEnabled bool `config:"bool;false"` SockmapCgroupv2Subdir string `config:"string;;local"` // contains filtered or unexported fields }
Config contains the best, parsed config values loaded from the various sources. We use tags to control the parsing and validation.
func (*Config) DatastoreConfig ¶
func (config *Config) DatastoreConfig() apiconfig.CalicoAPIConfig
func (*Config) InterfacePrefixes ¶
func (*Config) OpenstackActive ¶
func (*Config) UpdateFrom ¶
func (config *Config) UpdateFrom(rawData map[string]string, source Source) (changed bool, err error)
Load parses and merges the rawData from one particular source into this config object. If there is a config value already loaded from a higher-priority source, then the new value will be ignored (after validation).
type EndpointListParam ¶
type EndpointListParam struct {
Metadata
}
func (*EndpointListParam) Parse ¶
func (p *EndpointListParam) Parse(raw string) (result interface{}, err error)
type FloatParam ¶
type FloatParam struct {
Metadata
}
func (*FloatParam) Parse ¶
func (p *FloatParam) Parse(raw string) (result interface{}, err error)
type Int32Param ¶
type Int32Param struct {
Metadata
}
func (*Int32Param) Parse ¶
func (p *Int32Param) Parse(raw string) (interface{}, error)
type MarkBitmaskParam ¶
type MarkBitmaskParam struct {
Metadata
}
func (*MarkBitmaskParam) Parse ¶
func (p *MarkBitmaskParam) Parse(raw string) (interface{}, error)
type Metadata ¶
type Metadata struct { Name string Default interface{} ZeroValue interface{} NonZero bool DieOnParseFailure bool Local bool }
func (*Metadata) GetMetadata ¶
type MillisParam ¶
type MillisParam struct {
Metadata
}
func (*MillisParam) Parse ¶
func (p *MillisParam) Parse(raw string) (result interface{}, err error)
type OneofListParam ¶
type OneofListParam struct { Metadata // contains filtered or unexported fields }
func (*OneofListParam) Parse ¶
func (p *OneofListParam) Parse(raw string) (result interface{}, err error)
type PortListParam ¶
type PortListParam struct {
Metadata
}
func (*PortListParam) Parse ¶
func (p *PortListParam) Parse(raw string) (interface{}, error)
type PortRangeListParam ¶
type PortRangeListParam struct {
Metadata
}
func (*PortRangeListParam) Parse ¶
func (p *PortRangeListParam) Parse(raw string) (interface{}, error)
type PortRangeParam ¶
type PortRangeParam struct {
Metadata
}
func (*PortRangeParam) Parse ¶
func (p *PortRangeParam) Parse(raw string) (interface{}, error)
type RegexpParam ¶
func (*RegexpParam) Parse ¶
func (p *RegexpParam) Parse(raw string) (result interface{}, err error)
type RegexpPatternListParam ¶
type RegexpPatternListParam struct { Metadata RegexpElemRegexp *regexp.Regexp NonRegexpElemRegexp *regexp.Regexp Delimiter string Msg string }
RegexpPatternListParam differs from RegexpParam (above) in that it validates string values that are (themselves) regular expressions.
func (*RegexpPatternListParam) Parse ¶
func (p *RegexpPatternListParam) Parse(raw string) (interface{}, error)
Parse validates whether the given raw string contains a list of valid values. Validation is dictated by two regexp patterns: one for valid regular expression values, another for non-regular expressions.
type RegionParam ¶
type RegionParam struct {
Metadata
}
func (*RegionParam) Parse ¶
func (r *RegionParam) Parse(raw string) (result interface{}, err error)
type SecondsParam ¶
type SecondsParam struct {
Metadata
}
func (*SecondsParam) Parse ¶
func (p *SecondsParam) Parse(raw string) (result interface{}, err error)