Skip to content

Commit

Permalink
Add configuration options for Cilium 1.6
Browse files Browse the repository at this point in the history 
Signed-off-by: Maciej Kwiek <[email protected]>
  • Loading branch information
@nebril
nebril committed Sep 11, 2019
1 parent 8889400 commit 0db3311
Show file tree
Hide file tree
Showing 7 changed files with 213 additions and 57 deletions.
120 changes: 118 additions & 2 deletions k8s/crds/kops_v1alpha2_cluster.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,10 @@ spec:
items:
type: string
type: array
crossZoneLoadBalancing:
description: CrossZoneLoadBalancing allows you to enable the
cross zone load balancing
type: boolean
idleTimeoutSeconds:
description: IdleTimeoutSeconds sets the timeout of the api
loadbalancer.
Expand Down Expand Up @@ -118,10 +122,26 @@ spec:
properties:
aws:
properties:
cpuLimit:
description: CPULimit CPU limit of AWS IAM Authenticator container.
Default 10m
type: string
cpuRequest:
description: CPURequest CPU request of AWS IAM Authenticator
container. Default 10m
type: string
image:
description: Image is the AWS IAM Authenticator docker image
to uses
type: string
memoryLimit:
description: MemoryLimit memory limit of AWS IAM Authenticator
container. Default 20Mi
type: string
memoryRequest:
description: MemoryRequest memory request of AWS IAM Authenticator
container. Default 20Mi
type: string
type: object
kopeio:
type: object
Expand Down Expand Up @@ -654,6 +674,9 @@ spec:
items:
type: string
type: array
admissionControlConfigFile:
description: AdmissionControlConfigFile is the location of the admission-control-config-file
type: string
allowPrivileged:
description: AllowPrivileged indicates if we can run privileged
containers
Expand All @@ -666,6 +689,12 @@ spec:
description: APIServerCount is the number of api servers
format: int32
type: integer
appendAdmissionPlugins:
description: AppendAdmissionPlugins appends list of enabled admission
plugins
items:
type: string
type: array
auditLogFormat:
description: AuditLogFormat flag specifies the format type for audit
log files.
Expand Down Expand Up @@ -755,6 +784,19 @@ spec:
description: AuthorizationRBACSuperUser is the name of the superuser
for default rbac
type: string
authorizationWebhookCacheAuthorizedTtl:
description: The duration to cache authorized responses from the
webhook token authorizer. Default is 5m. (default 5m0s)
type: string
authorizationWebhookCacheUnauthorizedTtl:
description: The duration to cache authorized responses from the
webhook token authorizer. Default is 30s. (default 30s)
type: string
authorizationWebhookConfigFile:
description: File with webhook configuration for authorization in
kubeconfig format. The API server will query the remote service
to determine whether to authorize the request.
type: string
basicAuthFile:
description: 'TODO: Remove unused BasicAuthFile'
type: string
Expand Down Expand Up @@ -1083,6 +1125,16 @@ spec:
image:
description: Image is the docker image to use
type: string
kubeAPIBurst:
description: KubeAPIBurst Burst to use while talking with kubernetes
apiserver. (default 30)
format: int32
type: integer
kubeAPIQPS:
description: KubeAPIQPS QPS to use while talking with kubernetes
apiserver. (default 20)
format: float
type: number
leaderElection:
description: LeaderElection defines the configuration of leader
election client.
Expand Down Expand Up @@ -1315,6 +1367,15 @@ spec:
master:
description: Master is a url to the kube master
type: string
maxPersistentVolumes:
description: 'MaxPersistentVolumes changes the maximum number of
persistent volumes the scheduler will scheduler onto the same
node. Only takes into affect if value is positive. This corresponds
to the KUBE_MAX_PD_VOLS environment variable, which has been supported
as far back as Kubernetes 1.7. The default depends on the version
and the cloud provider as outlined: https://kubernetes.io/docs/concepts/storage/storage-limits/'
format: int32
type: integer
usePolicyConfigMap:
description: UsePolicyConfigMap enable setting the scheduler policy
from a configmap
Expand Down Expand Up @@ -1643,7 +1704,8 @@ spec:
type: string
volumePluginDirectory:
description: The full path of the directory in which to search for
additional third party volume plugins
additional third party volume plugins (this path must be writeable,
dependant on your choice of OS)
type: string
volumeStatsAggPeriod:
description: VolumeStatsAggPeriod is the interval for kubelet to
Expand Down Expand Up @@ -1988,7 +2050,8 @@ spec:
type: string
volumePluginDirectory:
description: The full path of the directory in which to search for
additional third party volume plugins
additional third party volume plugins (this path must be writeable,
dependant on your choice of OS)
type: string
volumeStatsAggPeriod:
description: VolumeStatsAggPeriod is the interval for kubelet to
Expand Down Expand Up @@ -2104,6 +2167,8 @@ spec:
type: object
cilium:
properties:
IPTablesRulesNoinstall:
type: boolean
accessLog:
type: string
agentLabels:
Expand All @@ -2112,16 +2177,28 @@ spec:
type: array
allowLocalhost:
type: string
autoDirectNodeRoutes:
type: boolean
autoIpv6NodeRoutes:
type: boolean
bpfCTGlobalAnyMax:
format: int64
type: integer
bpfCTGlobalTCPMax:
format: int64
type: integer
bpfRoot:
type: string
clusterName:
type: string
containerRuntime:
items:
type: string
type: array
containerRuntimeEndpoint:
type: object
containerRuntimeLabels:
type: string
debug:
type: boolean
debugVerbose:
Expand All @@ -2138,10 +2215,16 @@ spec:
type: boolean
disableMasquerade:
type: boolean
enableNodePort:
type: boolean
enablePolicy:
type: string
enableTracing:
type: boolean
enableipv4:
type: boolean
enableipv6:
type: boolean
envoyLog:
type: string
ipv4ClusterCidrMaskSize:
Expand Down Expand Up @@ -2192,29 +2275,53 @@ spec:
logstashProbeTimer:
format: int32
type: integer
monitorAggregation:
type: string
nat46Range:
type: string
pprof:
type: boolean
preallocateBPFMaps:
type: boolean
prefilterDevice:
type: string
prometheusServeAddr:
type: string
restore:
type: boolean
sidecarIstioProxyImage:
type: string
singleClusterRoute:
type: boolean
socketPath:
type: string
stateDir:
type: string
toFqdnsEnablePoller:
type: boolean
tracePayloadlen:
format: int64
type: integer
tunnel:
type: string
version:
type: string
waitBPFMount:
type: boolean
required:
- enableipv6
- enableipv4
- monitorAggregation
- bpfCTGlobalTCPMax
- bpfCTGlobalAnyMax
- preallocateBPFMaps
- sidecarIstioProxyImage
- clusterName
- toFqdnsEnablePoller
- waitBPFMount
- IPTablesRulesNoinstall
- autoDirectNodeRoutes
- enableNodePort
type: object
classic:
type: object
Expand All @@ -2237,6 +2344,8 @@ spec:
format: int32
type: integer
type: object
gce:
type: object
kopeio:
type: object
kubenet:
Expand Down Expand Up @@ -2292,6 +2401,10 @@ spec:
image:
description: Image is the location of container
type: string
interval:
description: Interval the time between retires for authorization
request
type: string
nodeURL:
description: NodeURL is the node authorization service url
type: string
Expand Down Expand Up @@ -2319,6 +2432,9 @@ spec:
NonMasqueradeCIDR is the CIDR for the internal k8s network (on which
pods & services live) It cannot overlap ServiceClusterIPRange
type: string
podCIDR:
description: PodCIDR is the CIDR from which we allocate IPs for pods
type: string
project:
description: Project is the cloud project we should use, required on
GCE
Expand Down
7 changes: 6 additions & 1 deletion k8s/crds/kops_v1alpha2_instancegroup.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,10 @@ spec:
image:
description: Image is the instance (ami etc) we should use
type: string
instanceProtection:
description: InstanceProtection makes new instances in an autoscaling
group protected from scale in
type: boolean
kubelet:
description: Kubelet overrides kubelet config from the ClusterSpec
properties:
Expand Down Expand Up @@ -520,7 +524,8 @@ spec:
type: string
volumePluginDirectory:
description: The full path of the directory in which to search for
additional third party volume plugins
additional third party volume plugins (this path must be writeable,
dependant on your choice of OS)
type: string
volumeStatsAggPeriod:
description: VolumeStatsAggPeriod is the interval for kubelet to
Expand Down
15 changes: 15 additions & 0 deletions pkg/apis/kops/networking.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,21 @@ type CiliumNetworkingSpec struct {
StateDir string `json:"stateDir,omitempty"`
TracePayloadLen int `json:"tracePayloadlen,omitempty"`
Tunnel string `json:"tunnel,omitempty"`

EnableIpv6 bool `json:"enableipv6"`
EnableIpv4 bool `json:"enableipv4"`
MonitorAggregation string `json:"monitorAggregation"`
BPFCTGlobalTCPMax int `json:"bpfCTGlobalTCPMax"`
BPFCTGlobalAnyMax int `json:"bpfCTGlobalAnyMax"`
PreallocateBPFMaps bool `json:"preallocateBPFMaps"`
SidecarIstioProxyImage string `json:"sidecarIstioProxyImage"`
ClusterName string `json:"clusterName"`
ToFqdnsEnablePoller bool `json:"toFqdnsEnablePoller"`
WaitBPFMount bool `json:"waitBPFMount"`
ContainerRuntimeLabels string `json:"containerRuntimeLabels,omitempty"`
IPTablesRulesNoinstall bool `json:"IPTablesRulesNoinstall"`
AutoDirectNodeRoutes bool `json:"autoDirectNodeRoutes"`
EnableNodePort bool `json:"enableNodePort"`
}

// LyftIpVlanNetworkingSpec declares that we want to use the cni-ipvlan-vpc-k8s CNI networking
Expand Down
15 changes: 15 additions & 0 deletions pkg/apis/kops/v1alpha1/networking.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,21 @@ type CiliumNetworkingSpec struct {
StateDir string `json:"stateDir,omitempty"`
TracePayloadLen int `json:"tracePayloadlen,omitempty"`
Tunnel string `json:"tunnel,omitempty"`

EnableIpv6 bool `json:"enableipv6"`
EnableIpv4 bool `json:"enableipv4"`
MonitorAggregation string `json:"monitorAggregation"`
BPFCTGlobalTCPMax int `json:"bpfCTGlobalTCPMax"`
BPFCTGlobalAnyMax int `json:"bpfCTGlobalAnyMax"`
PreallocateBPFMaps bool `json:"preallocateBPFMaps"`
SidecarIstioProxyImage string `json:"sidecarIstioProxyImage"`
ClusterName string `json:"clusterName"`
ToFqdnsEnablePoller bool `json:"toFqdnsEnablePoller"`
WaitBPFMount bool `json:"waitBPFMount"`
ContainerRuntimeLabels string `json:"containerRuntimeLabels,omitempty"`
IPTablesRulesNoinstall bool `json:"IPTablesRulesNoinstall"`
AutoDirectNodeRoutes bool `json:"autoDirectNodeRoutes"`
EnableNodePort bool `json:"enableNodePort"`
}

// LyftIpVlanNetworkingSpec declares that we want to use the cni-ipvlan-vpc-k8s CNI networking
Expand Down
15 changes: 15 additions & 0 deletions pkg/apis/kops/v1alpha2/networking.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,21 @@ type CiliumNetworkingSpec struct {
StateDir string `json:"stateDir,omitempty"`
TracePayloadLen int `json:"tracePayloadlen,omitempty"`
Tunnel string `json:"tunnel,omitempty"`

EnableIpv6 bool `json:"enableipv6"`
EnableIpv4 bool `json:"enableipv4"`
MonitorAggregation string `json:"monitorAggregation"`
BPFCTGlobalTCPMax int `json:"bpfCTGlobalTCPMax"`
BPFCTGlobalAnyMax int `json:"bpfCTGlobalAnyMax"`
PreallocateBPFMaps bool `json:"preallocateBPFMaps"`
SidecarIstioProxyImage string `json:"sidecarIstioProxyImage"`
ClusterName string `json:"clusterName"`
ToFqdnsEnablePoller bool `json:"toFqdnsEnablePoller"`
WaitBPFMount bool `json:"waitBPFMount"`
ContainerRuntimeLabels string `json:"containerRuntimeLabels,omitempty"`
IPTablesRulesNoinstall bool `json:"IPTablesRulesNoinstall"`
AutoDirectNodeRoutes bool `json:"autoDirectNodeRoutes"`
EnableNodePort bool `json:"enableNodePort"`
}

// LyftIpVlanNetworkingSpec declares that we want to use the cni-ipvlan-vpc-k8s CNI networking
Expand Down
Loading

0 comments on commit 0db3311

Please sign in to comment.