config

package
v3.9.0-0.dev+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 10, 2019 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Overview

The config package provides config inheritance for Felix.

It supports loading config from various sources, parsing and validating the config and merging the config according to the priority of the sources.

Usage

To use it, create a Config object with:

config.New()

Load some raw config using:

envConfig := config.LoadConfigFromEnvironment()
fileConfig, err := config.LoadConfigFile()

Then feed it to the config object:

config.UpdateFrom(envConfig, config.EnvironmentVariable)
config.UpdateFrom(fileConfig, config.ConfigFile)

The UpdateFrom() method returns an error, but, as a convenience, it also stores the error in config.Err.

Config inheritance

Config from higher-priority sources overrides config from lower-priority sources. The priorities, in increasing order of priority, are:

Default              // Default value of a parameter
DatastoreGlobal      // Cluster-wide config parameters from the datastore.
DatastorePerHost     // Per-host overrides from the datastore.
ConfigFile           // The local config file.
EnvironmentVariable  // Environment variables.

Index

Constants

View Source
const (
	Default = iota
	DatastoreGlobal
	DatastorePerHost
	ConfigFile
	EnvironmentVariable
)
View Source
const (
	MinIptablesMarkBits = 2
)

Variables

View Source
var (
	// RegexpIfaceElemRegexp matches an individual element in the overall interface list;
	// assumes the value represents a regular expression and is marked by '/' at the start
	// and end and cannot have spaces
	RegexpIfaceElemRegexp = regexp.MustCompile(`^\/[^\s]+\/$`)
	// NonRegexpIfaceElemRegexp matches an individual element in the overall interface list;
	// assumes the value is between 1-15 chars long and only be alphanumeric or - or _
	NonRegexpIfaceElemRegexp = regexp.MustCompile(`^[a-zA-Z0-9_-]{1,15}$`)
	IfaceListRegexp          = regexp.MustCompile(`^[a-zA-Z0-9_-]{1,15}(,[a-zA-Z0-9_-]{1,15})*$`)
	AuthorityRegexp          = regexp.MustCompile(`^[^:/]+:\d+$`)
	HostnameRegexp           = regexp.MustCompile(`^[a-zA-Z0-9_.-]+$`)
	StringRegexp             = regexp.MustCompile(`^.*$`)
	IfaceParamRegexp         = regexp.MustCompile(`^[a-zA-Z0-9:._+-]{1,15}$`)
)

Functions

func GetKubernetesService

func GetKubernetesService(namespace, svcName string) (*v1.Service, error)

func LoadConfigFile

func LoadConfigFile(filename string) (map[string]string, error)

func LoadConfigFileData

func LoadConfigFileData(data []byte) (map[string]string, error)

func LoadConfigFromEnvironment

func LoadConfigFromEnvironment(environ []string) map[string]string

LoadConfigFromEnvironment extracts raw config parameters (identified by case-insensitive prefix "felix_") from the given OS environment variables. An environment entry of "FELIX_FOO=bar" is translated to "foo": "bar".

Types

type BoolParam

type BoolParam struct {
	Metadata
}

func (*BoolParam) Parse

func (p *BoolParam) Parse(raw string) (interface{}, error)

type CIDRListParam

type CIDRListParam struct {
	Metadata
}

func (*CIDRListParam) Parse

func (c *CIDRListParam) Parse(raw string) (result interface{}, err error)

type Config

type Config struct {
	// Configuration parameters.
	UseInternalDataplaneDriver bool   `config:"bool;true"`
	DataplaneDriver            string `config:"file(must-exist,executable);calico-iptables-plugin;non-zero,die-on-fail,skip-default-validation"`

	DatastoreType string `config:"oneof(kubernetes,etcdv3);etcdv3;non-zero,die-on-fail,local"`

	FelixHostname string `config:"hostname;;local,non-zero"`

	EtcdAddr      string   `config:"authority;127.0.0.1:2379;local"`
	EtcdScheme    string   `config:"oneof(http,https);http;local"`
	EtcdKeyFile   string   `config:"file(must-exist);;local"`
	EtcdCertFile  string   `config:"file(must-exist);;local"`
	EtcdCaFile    string   `config:"file(must-exist);;local"`
	EtcdEndpoints []string `config:"endpoint-list;;local"`

	TyphaAddr           string        `config:"authority;;local"`
	TyphaK8sServiceName string        `config:"string;;local"`
	TyphaK8sNamespace   string        `config:"string;kube-system;non-zero,local"`
	TyphaReadTimeout    time.Duration `config:"seconds;30;local"`
	TyphaWriteTimeout   time.Duration `config:"seconds;10;local"`

	// Client-side TLS config for Felix's communication with Typha.  If any of these are
	// specified, they _all_ must be - except that either TyphaCN or TyphaURISAN may be left
	// unset.  Felix will then initiate a secure (TLS) connection to Typha.  Typha must present
	// a certificate signed by a CA in TyphaCAFile, and with CN matching TyphaCN or URI SAN
	// matching TyphaURISAN.
	TyphaKeyFile  string `config:"file(must-exist);;local"`
	TyphaCertFile string `config:"file(must-exist);;local"`
	TyphaCAFile   string `config:"file(must-exist);;local"`
	TyphaCN       string `config:"string;;local"`
	TyphaURISAN   string `config:"string;;local"`

	Ipv6Support    bool `config:"bool;true"`
	IgnoreLooseRPF bool `config:"bool;false"`

	RouteRefreshInterval               time.Duration `config:"seconds;90"`
	IptablesRefreshInterval            time.Duration `config:"seconds;90"`
	IptablesPostWriteCheckIntervalSecs time.Duration `config:"seconds;1"`
	IptablesLockFilePath               string        `config:"file;/run/xtables.lock"`
	IptablesLockTimeoutSecs            time.Duration `config:"seconds;0"`
	IptablesLockProbeIntervalMillis    time.Duration `config:"millis;50"`
	IpsetsRefreshInterval              time.Duration `config:"seconds;10"`
	MaxIpsetSize                       int           `config:"int;1048576;non-zero"`
	XDPRefreshInterval                 time.Duration `config:"seconds;90"`

	PolicySyncPathPrefix string `config:"file;;"`

	NetlinkTimeoutSecs time.Duration `config:"seconds;10"`

	MetadataAddr string `config:"hostname;127.0.0.1;die-on-fail"`
	MetadataPort int    `config:"int(0,65535);8775;die-on-fail"`

	OpenstackRegion string `config:"region;;die-on-fail"`

	InterfacePrefix  string           `config:"iface-list;cali;non-zero,die-on-fail"`
	InterfaceExclude []*regexp.Regexp `config:"iface-list-regexp;kube-ipvs0"`

	ChainInsertMode             string `config:"oneof(insert,append);insert;non-zero,die-on-fail"`
	DefaultEndpointToHostAction string `config:"oneof(DROP,RETURN,ACCEPT);DROP;non-zero,die-on-fail"`
	IptablesFilterAllowAction   string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"`
	IptablesMangleAllowAction   string `config:"oneof(ACCEPT,RETURN);ACCEPT;non-zero,die-on-fail"`
	LogPrefix                   string `config:"string;calico-packet"`

	LogFilePath string `config:"file;/var/log/calico/felix.log;die-on-fail"`

	LogSeverityFile   string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"`
	LogSeverityScreen string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"`
	LogSeveritySys    string `config:"oneof(DEBUG,INFO,WARNING,ERROR,FATAL);INFO"`

	VXLANEnabled        bool   `config:"bool;false"`
	VXLANPort           int    `config:"int;4789"`
	VXLANVNI            int    `config:"int;4096"`
	VXLANMTU            int    `config:"int;1410;non-zero"`
	IPv4VXLANTunnelAddr net.IP `config:"ipv4;"`
	VXLANTunnelMACAddr  string `config:"string;"`

	IpInIpEnabled    bool   `config:"bool;false"`
	IpInIpMtu        int    `config:"int;1440;non-zero"`
	IpInIpTunnelAddr net.IP `config:"ipv4;"`

	ReportingIntervalSecs time.Duration `config:"seconds;30"`
	ReportingTTLSecs      time.Duration `config:"seconds;90"`

	EndpointReportingEnabled   bool          `config:"bool;false"`
	EndpointReportingDelaySecs time.Duration `config:"seconds;1"`

	IptablesMarkMask uint32 `config:"mark-bitmask;0xffff0000;non-zero,die-on-fail"`

	DisableConntrackInvalidCheck bool `config:"bool;false"`

	HealthEnabled                   bool   `config:"bool;false"`
	HealthPort                      int    `config:"int(0,65535);9099"`
	HealthHost                      string `config:"string;localhost"`
	PrometheusMetricsEnabled        bool   `config:"bool;false"`
	PrometheusMetricsPort           int    `config:"int(0,65535);9091"`
	PrometheusGoMetricsEnabled      bool   `config:"bool;true"`
	PrometheusProcessMetricsEnabled bool   `config:"bool;true"`

	FailsafeInboundHostPorts  []ProtoPort `config:"port-list;tcp:22,udp:68,tcp:179,tcp:2379,tcp:2380,tcp:6666,tcp:6667;die-on-fail"`
	FailsafeOutboundHostPorts []ProtoPort `config:"port-list;udp:53,udp:67,tcp:179,tcp:2379,tcp:2380,tcp:6666,tcp:6667;die-on-fail"`

	KubeNodePortRanges []numorstring.Port `config:"portrange-list;30000:32767"`
	NATPortRange       numorstring.Port   `config:"portrange;"`
	NATOutgoingAddress net.IP             `config:"ipv4;"`

	UsageReportingEnabled          bool          `config:"bool;true"`
	UsageReportingInitialDelaySecs time.Duration `config:"seconds;300"`
	UsageReportingIntervalSecs     time.Duration `config:"seconds;86400"`
	ClusterGUID                    string        `config:"string;baddecaf"`
	ClusterType                    string        `config:"string;"`
	CalicoVersion                  string        `config:"string;"`

	ExternalNodesCIDRList []string `config:"cidr-list;;die-on-fail"`

	DebugMemoryProfilePath          string        `config:"file;;"`
	DebugCPUProfilePath             string        `config:"file;/tmp/felix-cpu-<timestamp>.pprof;"`
	DebugDisableLogDropping         bool          `config:"bool;false"`
	DebugSimulateCalcGraphHangAfter time.Duration `config:"seconds;0"`
	DebugSimulateDataplaneHangAfter time.Duration `config:"seconds;0"`

	Err error

	IptablesNATOutgoingInterfaceFilter string `config:"iface-param;"`

	SockmapEnabled    bool `config:"bool;false"`
	XDPEnabled        bool `config:"bool;true"`
	GenericXDPEnabled bool `config:"bool;false"`

	SockmapCgroupv2Subdir string `config:"string;;local"`
	// contains filtered or unexported fields
}

Config contains the best, parsed config values loaded from the various sources. We use tags to control the parsing and validation.

func New

func New() *Config

func (*Config) DatastoreConfig

func (config *Config) DatastoreConfig() apiconfig.CalicoAPIConfig

func (*Config) InterfacePrefixes

func (c *Config) InterfacePrefixes() []string

func (*Config) OpenstackActive

func (config *Config) OpenstackActive() bool

func (*Config) RawValues

func (config *Config) RawValues() map[string]string

func (*Config) UpdateFrom

func (config *Config) UpdateFrom(rawData map[string]string, source Source) (changed bool, err error)

Load parses and merges the rawData from one particular source into this config object. If there is a config value already loaded from a higher-priority source, then the new value will be ignored (after validation).

func (*Config) Validate

func (config *Config) Validate() (err error)

Validate() performs cross-field validation.

type EndpointListParam

type EndpointListParam struct {
	Metadata
}

func (*EndpointListParam) Parse

func (p *EndpointListParam) Parse(raw string) (result interface{}, err error)

type FileParam

type FileParam struct {
	Metadata
	MustExist  bool
	Executable bool
}

func (*FileParam) Parse

func (p *FileParam) Parse(raw string) (interface{}, error)

type FloatParam

type FloatParam struct {
	Metadata
}

func (*FloatParam) Parse

func (p *FloatParam) Parse(raw string) (result interface{}, err error)

type Int32Param

type Int32Param struct {
	Metadata
}

func (*Int32Param) Parse

func (p *Int32Param) Parse(raw string) (interface{}, error)

type IntParam

type IntParam struct {
	Metadata
	Min int
	Max int
}

func (*IntParam) Parse

func (p *IntParam) Parse(raw string) (interface{}, error)

type Ipv4Param

type Ipv4Param struct {
	Metadata
}

func (*Ipv4Param) Parse

func (p *Ipv4Param) Parse(raw string) (result interface{}, err error)

type MarkBitmaskParam

type MarkBitmaskParam struct {
	Metadata
}

func (*MarkBitmaskParam) Parse

func (p *MarkBitmaskParam) Parse(raw string) (interface{}, error)

type Metadata

type Metadata struct {
	Name              string
	Default           interface{}
	ZeroValue         interface{}
	NonZero           bool
	DieOnParseFailure bool
	Local             bool
}

func (*Metadata) GetMetadata

func (m *Metadata) GetMetadata() *Metadata

type MillisParam

type MillisParam struct {
	Metadata
}

func (*MillisParam) Parse

func (p *MillisParam) Parse(raw string) (result interface{}, err error)

type OneofListParam

type OneofListParam struct {
	Metadata
	// contains filtered or unexported fields
}

func (*OneofListParam) Parse

func (p *OneofListParam) Parse(raw string) (result interface{}, err error)

type PortListParam

type PortListParam struct {
	Metadata
}

func (*PortListParam) Parse

func (p *PortListParam) Parse(raw string) (interface{}, error)

type PortRangeListParam

type PortRangeListParam struct {
	Metadata
}

func (*PortRangeListParam) Parse

func (p *PortRangeListParam) Parse(raw string) (interface{}, error)

type PortRangeParam

type PortRangeParam struct {
	Metadata
}

func (*PortRangeParam) Parse

func (p *PortRangeParam) Parse(raw string) (interface{}, error)

type ProtoPort

type ProtoPort struct {
	Protocol string
	Port     uint16
}

type RegexpParam

type RegexpParam struct {
	Metadata
	Regexp *regexp.Regexp
	Msg    string
}

func (*RegexpParam) Parse

func (p *RegexpParam) Parse(raw string) (result interface{}, err error)

type RegexpPatternListParam

type RegexpPatternListParam struct {
	Metadata
	RegexpElemRegexp    *regexp.Regexp
	NonRegexpElemRegexp *regexp.Regexp
	Delimiter           string
	Msg                 string
}

RegexpPatternListParam differs from RegexpParam (above) in that it validates string values that are (themselves) regular expressions.

func (*RegexpPatternListParam) Parse

func (p *RegexpPatternListParam) Parse(raw string) (interface{}, error)

Parse validates whether the given raw string contains a list of valid values. Validation is dictated by two regexp patterns: one for valid regular expression values, another for non-regular expressions.

type RegionParam

type RegionParam struct {
	Metadata
}

func (*RegionParam) Parse

func (r *RegionParam) Parse(raw string) (result interface{}, err error)

type SecondsParam

type SecondsParam struct {
	Metadata
}

func (*SecondsParam) Parse

func (p *SecondsParam) Parse(raw string) (result interface{}, err error)

type Source

type Source uint8

Source of a config value. Values from higher-numbered sources override those from lower-numbered sources. Note: some parameters (such as those needed to connect to the datastore) can only be set from a local source.

func (Source) Local

func (source Source) Local() bool

func (Source) String

func (source Source) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL