andata
/
rke2-charts
mirror of https://git.rancher.io/rke2-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Calico crds on Canal 

Signed-off-by: Roberto Bonafiglia <roberto.bonafiglia@suse.com>
pull/357/head
Roberto Bonafiglia 2023-07-11 17:02:53 +02:00 committed by Roberto Bonafiglia
parent af102741d0
commit 3dafaa66b8
18 changed files with 385 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
packages/rke2-canal/charts/templates/crds/bgpconfigurations.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: BGPConfigurationList listKind: BGPConfigurationList
plural: bgpconfigurations plural: bgpconfigurations
singular: bgpconfiguration singular: bgpconfiguration
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1
@ -39,6 +40,12 @@ spec:
64512]' 64512]'
format: int32 format: int32
type: integer type: integer
bindMode:
description: BindMode indicates whether to listen for BGP connections
on all addresses (None) or only on the node's canonical IP address
Node.Spec.BGP.IPvXAddress (NodeIP). Default behaviour is to listen
for BGP connections on all addresses.
type: string
communities: communities:
description: Communities is a list of BGP community values and their description: Communities is a list of BGP community values and their
arbitrary names for tagging routes. arbitrary names for tagging routes.
@ -59,6 +66,12 @@ spec:
type: string type: string
type: object type: object
type: array type: array
ignoredInterfaces:
description: IgnoredInterfaces indicates the network interfaces that
needs to be excluded when reading device routes.
items:
type: string
type: array
listenPort: listenPort:
description: ListenPort is the port where BGP protocol should listen. description: ListenPort is the port where BGP protocol should listen.
Defaults to 179 Defaults to 179
@ -69,6 +82,37 @@ spec:
description: 'LogSeverityScreen is the log severity above which logs description: 'LogSeverityScreen is the log severity above which logs
are sent to the stdout. [Default: INFO]' are sent to the stdout. [Default: INFO]'
type: string type: string
nodeMeshMaxRestartTime:
description: Time to allow for software restart for node-to-mesh peerings. When
specified, this is configured as the graceful restart timeout. When
not specified, the BIRD default of 120s is used. This field can
only be set on the default BGPConfiguration instance and requires
that NodeMesh is enabled
type: string
nodeMeshPassword:
description: Optional BGP password for full node-to-mesh peerings.
This field can only be set on the default BGPConfiguration instance
and requires that NodeMesh is enabled
properties:
secretKeyRef:
description: Selects a key of a secret in the node pod's namespace.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
type: object
nodeToNodeMeshEnabled: nodeToNodeMeshEnabled:
description: 'NodeToNodeMeshEnabled sets whether full node to node description: 'NodeToNodeMeshEnabled sets whether full node to node
BGP mesh is enabled. [Default: true]' BGP mesh is enabled. [Default: true]'

22
packages/rke2-canal/charts/templates/crds/bgppeers.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: BGPPeerList listKind: BGPPeerList
plural: bgppeers plural: bgppeers
singular: bgppeer singular: bgppeer
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1
@ -44,8 +45,8 @@ spec:
in the specific branch of the Node on "bird.cfg". in the specific branch of the Node on "bird.cfg".
type: boolean type: boolean
maxRestartTime: maxRestartTime:
description: Time to allow for software restart. When specified, this description: Time to allow for software restart. When specified,
is configured as the graceful restart timeout. When not specified, this is configured as the graceful restart timeout. When not specified,
the BIRD default of 120s is used. the BIRD default of 120s is used.
type: string type: string
node: node:
@ -57,6 +58,12 @@ spec:
description: Selector for the nodes that should have this peering. When description: Selector for the nodes that should have this peering. When
this is set, the Node field must be empty. this is set, the Node field must be empty.
type: string type: string
numAllowedLocalASNumbers:
description: Maximum number of local AS numbers that are allowed in
the AS path for received routes. This removes BGP loop prevention
and should only be used if absolutely necesssary.
format: int32
type: integer
password: password:
description: Optional BGP password for the peerings generated by this description: Optional BGP password for the peerings generated by this
BGPPeer resource. BGPPeer resource.
@ -96,12 +103,23 @@ spec:
remote AS number comes from the remote node's NodeBGPSpec.ASNumber, remote AS number comes from the remote node's NodeBGPSpec.ASNumber,
or the global default if that is not set. or the global default if that is not set.
type: string type: string
reachableBy:
description: Add an exact, i.e. /32, static route toward peer IP in
order to prevent route flapping. ReachableBy contains the address
of the gateway which peer can be reached by.
type: string
sourceAddress: sourceAddress:
description: Specifies whether and how to configure a source address description: Specifies whether and how to configure a source address
for the peerings generated by this BGPPeer resource. Default value for the peerings generated by this BGPPeer resource. Default value
"UseNodeIP" means to configure the node IP as the source address. "None" "UseNodeIP" means to configure the node IP as the source address. "None"
means not to configure a source address. means not to configure a source address.
type: string type: string
ttlSecurity:
description: TTLSecurity enables the generalized TTL security mechanism
(GTSM) which protects against spoofed packets by ignoring received
packets with a smaller than expected TTL value. The provided value
is the number of hops (edges) between the peers.
type: integer
type: object type: object
type: object type: object
served: true served: true

1
packages/rke2-canal/charts/templates/crds/blockaffinities.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: BlockAffinityList listKind: BlockAffinityList
plural: blockaffinities plural: blockaffinities
singular: blockaffinity singular: blockaffinity
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1

1
packages/rke2-canal/charts/templates/crds/caliconodestatuses.crd.yaml
View File

@ -14,6 +14,7 @@ spec:
listKind: CalicoNodeStatusList listKind: CalicoNodeStatusList
plural: caliconodestatuses plural: caliconodestatuses
singular: caliconodestatus singular: caliconodestatus
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1

1
packages/rke2-canal/charts/templates/crds/clusterinformations.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: ClusterInformationList listKind: ClusterInformationList
plural: clusterinformations plural: clusterinformations
singular: clusterinformation singular: clusterinformation
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1

253
packages/rke2-canal/charts/templates/crds/felixconfigurations.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: FelixConfigurationList listKind: FelixConfigurationList
plural: felixconfigurations plural: felixconfigurations
singular: felixconfiguration singular: felixconfiguration
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1
@ -46,7 +47,7 @@ spec:
type: boolean type: boolean
awsSrcDstCheck: awsSrcDstCheck:
description: 'Set source-destination-check on AWS EC2 instances. Accepted description: 'Set source-destination-check on AWS EC2 instances. Accepted
value must be one of "DoNothing", "Enabled" or "Disabled". [Default: value must be one of "DoNothing", "Enable" or "Disable". [Default:
DoNothing]' DoNothing]'
enum: enum:
- DoNothing - DoNothing
@ -80,6 +81,19 @@ spec:
description: 'BPFEnabled, if enabled Felix will use the BPF dataplane. description: 'BPFEnabled, if enabled Felix will use the BPF dataplane.
[Default: false]' [Default: false]'
type: boolean type: boolean
bpfEnforceRPF:
description: 'BPFEnforceRPF enforce strict RPF on all host interfaces
with BPF programs regardless of what is the per-interfaces or global
setting. Possible values are Disabled, Strict or Loose. [Default:
Strict]'
type: string
bpfExtToServiceConnmark:
description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit
mark that is set on connections from an external client to a local
service. This mark allows us to control how packets of that connection
are routed within the host and how is routing interpreted by RPF
check. [Default: 0]'
type: integer
bpfExternalServiceMode: bpfExternalServiceMode:
description: 'BPFExternalServiceMode in BPF mode, controls how connections description: 'BPFExternalServiceMode in BPF mode, controls how connections
from outside the cluster to services (node ports and cluster IPs) from outside the cluster to services (node ports and cluster IPs)
@ -90,14 +104,11 @@ spec:
node appears to use the IP of the ingress node; this requires a node appears to use the IP of the ingress node; this requires a
permissive L2 network. [Default: Tunnel]' permissive L2 network. [Default: Tunnel]'
type: string type: string
bpfExtToServiceConnmark: bpfHostConntrackBypass:
description: 'BPFExtToServiceConnmark in BPF mode, controls a description: 'BPFHostConntrackBypass Controls whether to bypass Linux
32bit mark that is set on connections from an external client to conntrack in BPF mode for workloads and services. [Default: true
a local service. This mark allows us to control how packets of - bypass Linux conntrack]'
that connection are routed within the host and how is routing type: boolean
intepreted by RPF check. [Default: 0]'
type: integer
bpfKubeProxyEndpointSlicesEnabled: bpfKubeProxyEndpointSlicesEnabled:
description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls
whether Felix's embedded kube-proxy accepts EndpointSlices or not. whether Felix's embedded kube-proxy accepts EndpointSlices or not.
@ -114,12 +125,75 @@ spec:
kube-proxy. Lower values give reduced set-up latency. Higher values kube-proxy. Lower values give reduced set-up latency. Higher values
reduce Felix CPU usage by batching up more work. [Default: 1s]' reduce Felix CPU usage by batching up more work. [Default: 1s]'
type: string type: string
bpfL3IfacePattern:
description: BPFL3IfacePattern is a regular expression that allows
to list tunnel devices like wireguard or vxlan (i.e., L3 devices)
in addition to BPFDataIfacePattern. That is, tunnel interfaces not
created by Calico, that Calico workload traffic flows over as well
as any interfaces that handle incoming traffic to nodeports and
services from outside the cluster.
type: string
bpfLogLevel: bpfLogLevel:
description: 'BPFLogLevel controls the log level of the BPF programs description: 'BPFLogLevel controls the log level of the BPF programs
when in BPF dataplane mode. One of "Off", "Info", or "Debug". The when in BPF dataplane mode. One of "Off", "Info", or "Debug". The
logs are emitted to the BPF trace pipe, accessible with the command logs are emitted to the BPF trace pipe, accessible with the command
`tc exec bpf debug`. [Default: Off].' `tc exec bpf debug`. [Default: Off].'
type: string type: string
bpfMapSizeConntrack:
description: 'BPFMapSizeConntrack sets the size for the conntrack
map. This map must be large enough to hold an entry for each active
connection. Warning: changing the size of the conntrack map can
cause disruption.'
type: integer
bpfMapSizeIPSets:
description: BPFMapSizeIPSets sets the size for ipsets map. The IP
sets map must be large enough to hold an entry for each endpoint
matched by every selector in the source/destination matches in network
policy. Selectors such as "all()" can result in large numbers of
entries (one entry per endpoint in that case).
type: integer
bpfMapSizeIfState:
description: BPFMapSizeIfState sets the size for ifstate map. The
ifstate map must be large enough to hold an entry for each device
(host + workloads) on a host.
type: integer
bpfMapSizeNATAffinity:
type: integer
bpfMapSizeNATBackend:
description: BPFMapSizeNATBackend sets the size for nat back end map.
This is the total number of endpoints. This is mostly more than
the size of the number of services.
type: integer
bpfMapSizeNATFrontend:
description: BPFMapSizeNATFrontend sets the size for nat front end
map. FrontendMap should be large enough to hold an entry for each
nodeport, external IP and each port in each service.
type: integer
bpfMapSizeRoute:
description: BPFMapSizeRoute sets the size for the routes map. The
routes map should be large enough to hold one entry per workload
and a handful of entries per host (enough to cover its own IPs and
tunnel IPs).
type: integer
bpfPSNATPorts:
anyOf:
- type: integer
- type: string
description: 'BPFPSNATPorts sets the range from which we randomly
pick a port if there is a source port collision. This should be
within the ephemeral range as defined by RFC 6056 (102465535) and
preferably outside the ephemeral ranges used by common operating
systems. Linux uses 3276860999, while others mostly use the IANA
defined range 4915265535. It is not necessarily a problem if this
range overlaps with the operating systems. Both ends of the range
are inclusive. [Default: 20000:29999]'
pattern: ^.*
x-kubernetes-int-or-string: true
bpfPolicyDebugEnabled:
description: BPFPolicyDebugEnabled when true, Felix records detailed
information about the BPF policy programs, which can be examined
with the calico-bpf command-line tool.
type: boolean
chainInsertMode: chainInsertMode:
description: 'ChainInsertMode controls whether Felix hooks the kernel''s description: 'ChainInsertMode controls whether Felix hooks the kernel''s
top-level iptables chains by inserting a rule at the top of the top-level iptables chains by inserting a rule at the top of the
@ -130,6 +204,16 @@ spec:
Calico policy will be bypassed. [Default: insert]' Calico policy will be bypassed. [Default: insert]'
type: string type: string
dataplaneDriver: dataplaneDriver:
description: DataplaneDriver filename of the external dataplane driver
to use. Only used if UseInternalDataplaneDriver is set to false.
type: string
dataplaneWatchdogTimeout:
description: "DataplaneWatchdogTimeout is the readiness/liveness timeout
used for Felix's (internal) dataplane driver. Increase this value
if you experience spurious non-ready or non-live events when Felix
is under heavy load. Decrease the value to get felix to report non-live
or non-ready more quickly. [Default: 90s] \n Deprecated: replaced
by the generic HealthTimeoutOverrides."
type: string type: string
debugDisableLogDropping: debugDisableLogDropping:
type: boolean type: boolean
@ -158,9 +242,14 @@ spec:
routes, by default this will be RTPROT_BOOT when left blank. routes, by default this will be RTPROT_BOOT when left blank.
type: integer type: integer
deviceRouteSourceAddress: deviceRouteSourceAddress:
description: This is the source address to use on programmed device description: This is the IPv4 source address to use on programmed
routes. By default the source address is left blank, leaving the device routes. By default the source address is left blank, leaving
kernel to choose the source address used. the kernel to choose the source address used.
type: string
deviceRouteSourceAddressIPv6:
description: This is the IPv6 source address to use on programmed
device routes. By default the source address is left blank, leaving
the kernel to choose the source address used.
type: string type: string
disableConntrackInvalidCheck: disableConntrackInvalidCheck:
type: boolean type: boolean
@ -228,11 +317,24 @@ spec:
type: object type: object
type: array type: array
featureDetectOverride: featureDetectOverride:
description: FeatureDetectOverride is used to override the feature description: FeatureDetectOverride is used to override feature detection
detection. Values are specified in a comma separated list with no based on auto-detected platform capabilities. Values are specified
spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true"
"true" or "false" will force the feature, empty or omitted values or "false" will force the feature, empty or omitted values are auto-detected.
are auto-detected. type: string
featureGates:
description: FeatureGates is used to enable or disable tech-preview
Calico features. Values are specified in a comma separated list
with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false".
This is used to enable features that are not fully production ready.
type: string
floatingIPs:
description: FloatingIPs configures whether or not Felix will program
non-OpenStack floating IP addresses. (OpenStack-derived floating
IPs are always programmed, regardless of this setting.)
enum:
- Enabled
- Disabled
type: string type: string
genericXDPEnabled: genericXDPEnabled:
description: 'GenericXDPEnabled enables Generic XDP so network cards description: 'GenericXDPEnabled enables Generic XDP so network cards
@ -246,6 +348,23 @@ spec:
type: string type: string
healthPort: healthPort:
type: integer type: integer
healthTimeoutOverrides:
description: HealthTimeoutOverrides allows the internal watchdog timeouts
of individual subcomponents to be overriden. This is useful for
working around "false positive" liveness timeouts that can occur
in particularly stressful workloads or if CPU is constrained. For
a list of active subcomponents, see Felix's logs.
items:
properties:
name:
type: string
timeout:
type: string
required:
- name
- timeout
type: object
type: array
interfaceExclude: interfaceExclude:
description: 'InterfaceExclude is a comma-separated list of interfaces description: 'InterfaceExclude is a comma-separated list of interfaces
that Felix should exclude when monitoring for host endpoints. The that Felix should exclude when monitoring for host endpoints. The
@ -271,6 +390,9 @@ spec:
disabled by setting the interval to 0. disabled by setting the interval to 0.
type: string type: string
ipipEnabled: ipipEnabled:
description: 'IPIPEnabled overrides whether Felix should configure
an IPIP interface on the host. Optional as Felix determines this
based on the existing IP pools. [Default: nil (unset)]'
type: boolean type: boolean
ipipMTU: ipipMTU:
description: 'IPIPMTU is the MTU to set on the tunnel device. See description: 'IPIPMTU is the MTU to set on the tunnel device. See
@ -284,7 +406,7 @@ spec:
type: string type: string
iptablesBackend: iptablesBackend:
description: IptablesBackend specifies which backend of iptables will description: IptablesBackend specifies which backend of iptables will
be used. The default is legacy. be used. The default is Auto.
type: string type: string
iptablesFilterAllowAction: iptablesFilterAllowAction:
type: string type: string
@ -337,6 +459,8 @@ spec:
usage. [Default: 10s]' usage. [Default: 10s]'
type: string type: string
ipv6Support: ipv6Support:
description: IPv6Support controls whether Felix enables support for
IPv6 (if supported by the in-use dataplane).
type: boolean type: boolean
kubeNodePortRanges: kubeNodePortRanges:
description: 'KubeNodePortRanges holds list of port ranges used for description: 'KubeNodePortRanges holds list of port ranges used for
@ -350,6 +474,12 @@ spec:
pattern: ^.* pattern: ^.*
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
type: array type: array
logDebugFilenameRegex:
description: LogDebugFilenameRegex controls which source code files
have their Debug log output included in the logs. Only logs from
files with names that match the given regular expression are included. The
filter only applies to Debug level logs.
type: string
logFilePath: logFilePath:
description: 'LogFilePath is the full path to the Felix log. Set to description: 'LogFilePath is the full path to the Felix log. Set to
none to disable file logging. [Default: /var/log/calico/felix.log]' none to disable file logging. [Default: /var/log/calico/felix.log]'
@ -446,6 +576,12 @@ spec:
to false. This reduces the number of metrics reported, reducing to false. This reduces the number of metrics reported, reducing
Prometheus load. [Default: true]' Prometheus load. [Default: true]'
type: boolean type: boolean
prometheusWireGuardMetricsEnabled:
description: 'PrometheusWireGuardMetricsEnabled disables wireguard
metrics collection, which the Prometheus client does by default,
when set to false. This reduces the number of metrics reported,
reducing Prometheus load. [Default: true]'
type: boolean
removeExternalRoutes: removeExternalRoutes:
description: Whether or not to remove device routes that have not description: Whether or not to remove device routes that have not
been programmed by Felix. Disabling this will allow external applications been programmed by Felix. Disabling this will allow external applications
@ -472,10 +608,14 @@ spec:
information. - WorkloadIPs: use workload endpoints to construct information. - WorkloadIPs: use workload endpoints to construct
routes. - CalicoIPAM: the default - use IPAM data to construct routes.' routes. - CalicoIPAM: the default - use IPAM data to construct routes.'
type: string type: string
routeSyncDisabled:
description: RouteSyncDisabled will disable all operations performed
on the route table. Set to true to run in network-policy mode only.
type: boolean
routeTableRange: routeTableRange:
description: Calico programs additional Linux route tables for various description: Deprecated in favor of RouteTableRanges. Calico programs
purposes. RouteTableRange specifies the indices of the route tables additional Linux route tables for various purposes. RouteTableRange
that Calico should use. specifies the indices of the route tables that Calico should use.
properties: properties:
max: max:
type: integer type: integer
@ -485,6 +625,21 @@ spec:
- max - max
- min - min
type: object type: object
routeTableRanges:
description: Calico programs additional Linux route tables for various
purposes. RouteTableRanges specifies a set of table index ranges
that Calico should use. Deprecates`RouteTableRange`, overrides `RouteTableRange`.
items:
properties:
max:
type: integer
min:
type: integer
required:
- max
- min
type: object
type: array
serviceLoopPrevention: serviceLoopPrevention:
description: 'When service IP advertisement is enabled, prevent routing description: 'When service IP advertisement is enabled, prevent routing
loops to service IPs that are not in use, by dropping or rejecting loops to service IPs that are not in use, by dropping or rejecting
@ -512,37 +667,79 @@ spec:
Felix makes reports. [Default: 86400s]' Felix makes reports. [Default: 86400s]'
type: string type: string
useInternalDataplaneDriver: useInternalDataplaneDriver:
description: UseInternalDataplaneDriver, if true, Felix will use its
internal dataplane programming logic. If false, it will launch
an external dataplane driver and communicate with it over protobuf.
type: boolean type: boolean
vxlanEnabled: vxlanEnabled:
description: 'VXLANEnabled overrides whether Felix should create the
VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix
determines this based on the existing IP pools. [Default: nil (unset)]'
type: boolean type: boolean
vxlanMTU: vxlanMTU:
description: 'VXLANMTU is the MTU to set on the tunnel device. See description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel
Configuring MTU [Default: 1440]' device. See Configuring MTU [Default: 1410]'
type: integer
vxlanMTUV6:
description: 'VXLANMTUV6 is the MTU to set on the IPv6 VXLAN tunnel
device. See Configuring MTU [Default: 1390]'
type: integer type: integer
vxlanPort: vxlanPort:
type: integer type: integer
vxlanVNI: vxlanVNI:
type: integer type: integer
wireguardEnabled: wireguardEnabled:
description: 'WireguardEnabled controls whether Wireguard is enabled. description: 'WireguardEnabled controls whether Wireguard is enabled
for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network).
[Default: false]' [Default: false]'
type: boolean type: boolean
wireguardEnabledV6:
description: 'WireguardEnabledV6 controls whether Wireguard is enabled
for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network).
[Default: false]'
type: boolean
wireguardHostEncryptionEnabled:
description: 'WireguardHostEncryptionEnabled controls whether Wireguard
host-to-host encryption is enabled. [Default: false]'
type: boolean
wireguardInterfaceName: wireguardInterfaceName:
description: 'WireguardInterfaceName specifies the name to use for description: 'WireguardInterfaceName specifies the name to use for
the Wireguard interface. [Default: wg.calico]' the IPv4 Wireguard interface. [Default: wireguard.cali]'
type: string
wireguardInterfaceNameV6:
description: 'WireguardInterfaceNameV6 specifies the name to use for
the IPv6 Wireguard interface. [Default: wg-v6.cali]'
type: string
wireguardKeepAlive:
description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive
option. Set 0 to disable. [Default: 0]'
type: string type: string
wireguardListeningPort: wireguardListeningPort:
description: 'WireguardListeningPort controls the listening port used description: 'WireguardListeningPort controls the listening port used
by Wireguard. [Default: 51820]' by IPv4 Wireguard. [Default: 51820]'
type: integer
wireguardListeningPortV6:
description: 'WireguardListeningPortV6 controls the listening port
used by IPv6 Wireguard. [Default: 51821]'
type: integer type: integer
wireguardMTU: wireguardMTU:
description: 'WireguardMTU controls the MTU on the Wireguard interface. description: 'WireguardMTU controls the MTU on the IPv4 Wireguard
See Configuring MTU [Default: 1420]' interface. See Configuring MTU [Default: 1440]'
type: integer
wireguardMTUV6:
description: 'WireguardMTUV6 controls the MTU on the IPv6 Wireguard
interface. See Configuring MTU [Default: 1420]'
type: integer type: integer
wireguardRoutingRulePriority: wireguardRoutingRulePriority:
description: 'WireguardRoutingRulePriority controls the priority value description: 'WireguardRoutingRulePriority controls the priority value
to use for the Wireguard routing rule. [Default: 99]' to use for the Wireguard routing rule. [Default: 99]'
type: integer type: integer
workloadSourceSpoofing:
description: WorkloadSourceSpoofing controls whether pods can use
the allowedSourcePrefixes annotation to send traffic with a source
IP address that is not theirs. This is disabled by default. When
set to "Any", pods can request any prefix.
type: string
xdpEnabled: xdpEnabled:
description: 'XDPEnabled enables XDP acceleration for suitable untracked description: 'XDPEnabled enables XDP acceleration for suitable untracked
incoming deny rules. [Default: true]' incoming deny rules. [Default: true]'

17
packages/rke2-canal/charts/templates/crds/globalnetworkpolicies.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: GlobalNetworkPolicyList listKind: GlobalNetworkPolicyList
plural: globalnetworkpolicies plural: globalnetworkpolicies
singular: globalnetworkpolicy singular: globalnetworkpolicy
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1
@ -172,8 +173,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -398,8 +399,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -545,8 +546,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -771,8 +772,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes

1
packages/rke2-canal/charts/templates/crds/globalnetworksets.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: GlobalNetworkSetList listKind: GlobalNetworkSetList
plural: globalnetworksets plural: globalnetworksets
singular: globalnetworkset singular: globalnetworkset
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1

1
packages/rke2-canal/charts/templates/crds/hostendpoints.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: HostEndpointList listKind: HostEndpointList
plural: hostendpoints plural: hostendpoints
singular: hostendpoint singular: hostendpoint
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1

39
packages/rke2-canal/charts/templates/crds/ipamblocks.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: IPAMBlockList listKind: IPAMBlockList
plural: ipamblocks plural: ipamblocks
singular: ipamblock singular: ipamblock
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1
@ -35,8 +36,16 @@ spec:
resource. resource.
properties: properties:
affinity: affinity:
description: Affinity of the block, if this block has one. If set,
it will be of the form "host:<hostname>". If not set, this block
is not affine to a host.
type: string type: string
allocations: allocations:
description: Array of allocations in-use within this block. nil entries
mean the allocation is free. For non-nil entries at index i, the
index is the ordinal of the allocation within this block and the
value is the index of the associated attributes in the Attributes
array.
items: items:
type: integer type: integer
# TODO: This nullable is manually added in. We should update controller-gen # TODO: This nullable is manually added in. We should update controller-gen
@ -44,6 +53,10 @@ spec:
nullable: true nullable: true
type: array type: array
attributes: attributes:
description: Attributes is an array of arbitrary metadata associated
with allocations in the block. To find attributes for a given allocation,
use the value of the allocation's entry in the Allocations array
as the index of the element in this array.
items: items:
properties: properties:
handle_id: handle_id:
@ -55,12 +68,38 @@ spec:
type: object type: object
type: array type: array
cidr: cidr:
description: The block's CIDR.
type: string type: string
deleted: deleted:
description: Deleted is an internal boolean used to workaround a limitation
in the Kubernetes API whereby deletion will not return a conflict
error if the block has been updated. It should not be set manually.
type: boolean type: boolean
sequenceNumber:
default: 0
description: We store a sequence number that is updated each time
the block is written. Each allocation will also store the sequence
number of the block at the time of its creation. When releasing
an IP, passing the sequence number associated with the allocation
allows us to protect against a race condition and ensure the IP
hasn't been released and re-allocated since the release request.
format: int64
type: integer
sequenceNumberForAllocation:
additionalProperties:
format: int64
type: integer
description: Map of allocated ordinal within the block to sequence
number of the block at the time of allocation. Kubernetes does not
allow numerical keys for maps, so the key is cast to a string.
type: object
strictAffinity: strictAffinity:
description: StrictAffinity on the IPAMBlock is deprecated and no
longer used by the code. Use IPAMConfig StrictAffinity instead.
type: boolean type: boolean
unallocated: unallocated:
description: Unallocated is an ordered list of allocations which are
free in the block.
items: items:
type: integer type: integer
type: array type: array

3
packages/rke2-canal/charts/templates/crds/ipamconfigs.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: IPAMConfigList listKind: IPAMConfigList
plural: ipamconfigs plural: ipamconfigs
singular: ipamconfig singular: ipamconfig
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1
@ -39,6 +40,8 @@ spec:
maxBlocksPerHost: maxBlocksPerHost:
description: MaxBlocksPerHost, if non-zero, is the max number of blocks description: MaxBlocksPerHost, if non-zero, is the max number of blocks
that can be affine to each host. that can be affine to each host.
maximum: 2147483647
minimum: 0
type: integer type: integer
strictAffinity: strictAffinity:
type: boolean type: boolean

1
packages/rke2-canal/charts/templates/crds/ipamhandles.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: IPAMHandleList listKind: IPAMHandleList
plural: ipamhandles plural: ipamhandles
singular: ipamhandle singular: ipamhandle
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1

15
packages/rke2-canal/charts/templates/crds/ippools.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: IPPoolList listKind: IPPoolList
plural: ippools plural: ippools
singular: ippool singular: ippool
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1
@ -33,13 +34,23 @@ spec:
spec: spec:
description: IPPoolSpec contains the specification for an IPPool resource. description: IPPoolSpec contains the specification for an IPPool resource.
properties: properties:
allowedUses:
description: AllowedUse controls what the IP pool will be used for. If
not specified or empty, defaults to ["Tunnel", "Workload"] for back-compatibility
items:
type: string
type: array
blockSize: blockSize:
description: The block size to use for IP address assignments from description: The block size to use for IP address assignments from
this pool. Defaults to 26 for IPv4 and 112 for IPv6. this pool. Defaults to 26 for IPv4 and 122 for IPv6.
type: integer type: integer
cidr: cidr:
description: The pool CIDR. description: The pool CIDR.
type: string type: string
disableBGPExport:
description: 'Disable exporting routes from this IP Pool''s CIDR over
BGP. [Default: false]'
type: boolean
disabled: disabled:
description: When disabled is true, Calico IPAM will not assign addresses description: When disabled is true, Calico IPAM will not assign addresses
from this pool. from this pool.
@ -73,7 +84,7 @@ spec:
for internal use only.' for internal use only.'
type: boolean type: boolean
natOutgoing: natOutgoing:
description: When nat-outgoing is true, packets sent from Calico networked description: When natOutgoing is true, packets sent from Calico networked
containers in this pool to destinations outside of this pool will containers in this pool to destinations outside of this pool will
be masqueraded. be masqueraded.
type: boolean type: boolean

4
packages/rke2-canal/charts/templates/crds/ipreservations.crd.yaml
View File

@ -4,6 +4,9 @@
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: ipreservations.crd.projectcalico.org name: ipreservations.crd.projectcalico.org
spec: spec:
group: crd.projectcalico.org group: crd.projectcalico.org
@ -12,6 +15,7 @@ spec:
listKind: IPReservationList listKind: IPReservationList
plural: ipreservations plural: ipreservations
singular: ipreservation singular: ipreservation
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1

11
packages/rke2-canal/charts/templates/crds/kubecontrollersconfigurations.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: KubeControllersConfigurationList listKind: KubeControllersConfigurationList
plural: kubecontrollersconfigurations plural: kubecontrollersconfigurations
singular: kubecontrollersconfiguration singular: kubecontrollersconfiguration
preserveUnknownFields: false
scope: Cluster scope: Cluster
versions: versions:
- name: v1 - name: v1
@ -102,6 +103,11 @@ spec:
type: string type: string
type: object type: object
type: object type: object
debugProfilePort:
description: DebugProfilePort configures the port to serve memory
and cpu profiles on. If not specified, profiling is disabled.
format: int32
type: integer
etcdV3CompactionPeriod: etcdV3CompactionPeriod:
description: 'EtcdV3CompactionPeriod is the period between etcdv3 description: 'EtcdV3CompactionPeriod is the period between etcdv3
compaction requests. Set to 0 to disable. [Default: 10m]' compaction requests. Set to 0 to disable. [Default: 10m]'
@ -212,6 +218,11 @@ spec:
type: string type: string
type: object type: object
type: object type: object
debugProfilePort:
description: DebugProfilePort configures the port to serve memory
and cpu profiles on. If not specified, profiling is disabled.
format: int32
type: integer
etcdV3CompactionPeriod: etcdV3CompactionPeriod:
description: 'EtcdV3CompactionPeriod is the period between etcdv3 description: 'EtcdV3CompactionPeriod is the period between etcdv3
compaction requests. Set to 0 to disable. [Default: 10m]' compaction requests. Set to 0 to disable. [Default: 10m]'

17
packages/rke2-canal/charts/templates/crds/networkpolicies.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: NetworkPolicyList listKind: NetworkPolicyList
plural: networkpolicies plural: networkpolicies
singular: networkpolicy singular: networkpolicy
preserveUnknownFields: false
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1 - name: v1
@ -161,8 +162,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -387,8 +388,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -534,8 +535,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes
@ -760,8 +761,8 @@ spec:
within the selected service(s) will be matched, and only within the selected service(s) will be matched, and only
to/from each endpoint's port. \n Services cannot be specified to/from each endpoint's port. \n Services cannot be specified
on the same rule as Selector, NotSelector, NamespaceSelector, on the same rule as Selector, NotSelector, NamespaceSelector,
Ports, NotPorts, Nets, NotNets or ServiceAccounts. \n Nets, NotNets or ServiceAccounts. \n Ports and NotPorts
Only valid on egress rules." can only be specified with Services on ingress rules."
properties: properties:
name: name:
description: Name specifies the name of a Kubernetes description: Name specifies the name of a Kubernetes

1
packages/rke2-canal/charts/templates/crds/networksets.crd.yaml
View File

@ -12,6 +12,7 @@ spec:
listKind: NetworkSetList listKind: NetworkSetList
plural: networksets plural: networksets
singular: networkset singular: networkset
preserveUnknownFields: false
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1 - name: v1

2
packages/rke2-canal/package.yaml
View File

@ -1,2 +1,2 @@
url: local url: local
packageVersion: 02 packageVersion: 03