auto-update crds catalog
This commit is contained in:
parent
b0c087a3b6
commit
313a8b4c7d
123
projectcalico.org/bgpfilter_v3.json
Normal file
123
projectcalico.org/bgpfilter_v3.json
Normal file
@ -0,0 +1,123 @@
|
|||||||
|
{
|
||||||
|
"properties": {
|
||||||
|
"apiVersion": {
|
||||||
|
"description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"kind": {
|
||||||
|
"description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"metadata": {
|
||||||
|
"type": "object"
|
||||||
|
},
|
||||||
|
"spec": {
|
||||||
|
"description": "BGPFilterSpec contains the IPv4 and IPv6 filter rules of the BGP Filter.",
|
||||||
|
"properties": {
|
||||||
|
"exportV4": {
|
||||||
|
"description": "The ordered set of IPv4 BGPFilter rules acting on exporting routes to a peer.",
|
||||||
|
"items": {
|
||||||
|
"description": "BGPFilterRuleV4 defines a BGP filter rule consisting a single IPv4 CIDR block and a filter action for this CIDR.",
|
||||||
|
"properties": {
|
||||||
|
"action": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"cidr": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"matchOperator": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"required": [
|
||||||
|
"action",
|
||||||
|
"cidr",
|
||||||
|
"matchOperator"
|
||||||
|
],
|
||||||
|
"type": "object",
|
||||||
|
"additionalProperties": false
|
||||||
|
},
|
||||||
|
"type": "array"
|
||||||
|
},
|
||||||
|
"exportV6": {
|
||||||
|
"description": "The ordered set of IPv6 BGPFilter rules acting on exporting routes to a peer.",
|
||||||
|
"items": {
|
||||||
|
"description": "BGPFilterRuleV6 defines a BGP filter rule consisting a single IPv6 CIDR block and a filter action for this CIDR.",
|
||||||
|
"properties": {
|
||||||
|
"action": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"cidr": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"matchOperator": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"required": [
|
||||||
|
"action",
|
||||||
|
"cidr",
|
||||||
|
"matchOperator"
|
||||||
|
],
|
||||||
|
"type": "object",
|
||||||
|
"additionalProperties": false
|
||||||
|
},
|
||||||
|
"type": "array"
|
||||||
|
},
|
||||||
|
"importV4": {
|
||||||
|
"description": "The ordered set of IPv4 BGPFilter rules acting on importing routes from a peer.",
|
||||||
|
"items": {
|
||||||
|
"description": "BGPFilterRuleV4 defines a BGP filter rule consisting a single IPv4 CIDR block and a filter action for this CIDR.",
|
||||||
|
"properties": {
|
||||||
|
"action": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"cidr": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"matchOperator": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"required": [
|
||||||
|
"action",
|
||||||
|
"cidr",
|
||||||
|
"matchOperator"
|
||||||
|
],
|
||||||
|
"type": "object",
|
||||||
|
"additionalProperties": false
|
||||||
|
},
|
||||||
|
"type": "array"
|
||||||
|
},
|
||||||
|
"importV6": {
|
||||||
|
"description": "The ordered set of IPv6 BGPFilter rules acting on importing routes from a peer.",
|
||||||
|
"items": {
|
||||||
|
"description": "BGPFilterRuleV6 defines a BGP filter rule consisting a single IPv6 CIDR block and a filter action for this CIDR.",
|
||||||
|
"properties": {
|
||||||
|
"action": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"cidr": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"matchOperator": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"required": [
|
||||||
|
"action",
|
||||||
|
"cidr",
|
||||||
|
"matchOperator"
|
||||||
|
],
|
||||||
|
"type": "object",
|
||||||
|
"additionalProperties": false
|
||||||
|
},
|
||||||
|
"type": "array"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "object",
|
||||||
|
"additionalProperties": false
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "object"
|
||||||
|
}
|
@ -19,6 +19,13 @@
|
|||||||
"format": "int32",
|
"format": "int32",
|
||||||
"type": "integer"
|
"type": "integer"
|
||||||
},
|
},
|
||||||
|
"filters": {
|
||||||
|
"description": "The ordered set of BGPFilters applied on this BGP peer.",
|
||||||
|
"items": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"type": "array"
|
||||||
|
},
|
||||||
"keepOriginalNextHop": {
|
"keepOriginalNextHop": {
|
||||||
"description": "Option to keep the original nexthop field when routes are sent to a BGP Peer. Setting \"true\" configures the selected BGP Peers node to use the \"next hop keep;\" instead of \"next hop self;\"(default) in the specific branch of the Node on \"bird.cfg\".",
|
"description": "Option to keep the original nexthop field when routes are sent to a BGP Peer. Setting \"true\" configures the selected BGP Peers node to use the \"next hop keep;\" instead of \"next hop self;\"(default) in the specific branch of the Node on \"bird.cfg\".",
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
|
@ -36,6 +36,13 @@
|
|||||||
"description": "BPFConnectTimeLoadBalancingEnabled when in BPF mode, controls whether Felix installs the connection-time load balancer. The connect-time load balancer is required for the host to be able to reach Kubernetes services and it improves the performance of pod-to-service connections. The only reason to disable it is for debugging purposes. [Default: true]",
|
"description": "BPFConnectTimeLoadBalancingEnabled when in BPF mode, controls whether Felix installs the connection-time load balancer. The connect-time load balancer is required for the host to be able to reach Kubernetes services and it improves the performance of pod-to-service connections. The only reason to disable it is for debugging purposes. [Default: true]",
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
},
|
||||||
|
"bpfDSROptoutCIDRs": {
|
||||||
|
"description": "BPFDSROptoutCIDRs is a list of CIDRs which are excluded from DSR. That is, clients in those CIDRs will accesses nodeports as if BPFExternalServiceMode was set to Tunnel.",
|
||||||
|
"items": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"type": "array"
|
||||||
|
},
|
||||||
"bpfDataIfacePattern": {
|
"bpfDataIfacePattern": {
|
||||||
"description": "BPFDataIfacePattern is a regular expression that controls which interfaces Felix should attach BPF programs to in order to catch traffic to/from the network. This needs to match the interfaces that Calico workload traffic flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster. It should not match the workload interfaces (usually named cali...).",
|
"description": "BPFDataIfacePattern is a regular expression that controls which interfaces Felix should attach BPF programs to in order to catch traffic to/from the network. This needs to match the interfaces that Calico workload traffic flows over as well as any interfaces that handle incoming traffic to nodeports and services from outside the cluster. It should not match the workload interfaces (usually named cali...).",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
@ -49,7 +56,7 @@
|
|||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
},
|
||||||
"bpfEnforceRPF": {
|
"bpfEnforceRPF": {
|
||||||
"description": "BPFEnforceRPF enforce strict RPF on all host interfaces with BPF programs regardless of what is the per-interfaces or global setting. Possible values are Disabled, Strict or Loose. [Default: Strict]",
|
"description": "BPFEnforceRPF enforce strict RPF on all host interfaces with BPF programs regardless of what is the per-interfaces or global setting. Possible values are Disabled, Strict or Loose. [Default: Loose]",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
"bpfExtToServiceConnmark": {
|
"bpfExtToServiceConnmark": {
|
||||||
@ -262,7 +269,7 @@
|
|||||||
"type": "integer"
|
"type": "integer"
|
||||||
},
|
},
|
||||||
"healthTimeoutOverrides": {
|
"healthTimeoutOverrides": {
|
||||||
"description": "HealthTimeoutOverrides allows the internal watchdog timeouts of individual subcomponents to be overriden. This is useful for working around \"false positive\" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs.",
|
"description": "HealthTimeoutOverrides allows the internal watchdog timeouts of individual subcomponents to be overridden. This is useful for working around \"false positive\" liveness timeouts that can occur in particularly stressful workloads or if CPU is constrained. For a list of active subcomponents, see Felix's logs.",
|
||||||
"items": {
|
"items": {
|
||||||
"properties": {
|
"properties": {
|
||||||
"name": {
|
"name": {
|
||||||
@ -312,6 +319,10 @@
|
|||||||
"iptablesFilterAllowAction": {
|
"iptablesFilterAllowAction": {
|
||||||
"type": "string"
|
"type": "string"
|
||||||
},
|
},
|
||||||
|
"iptablesFilterDenyAction": {
|
||||||
|
"description": "IptablesFilterDenyAction controls what happens to traffic that is denied by network policy. By default Calico blocks traffic with an iptables \"DROP\" action. If you want to use \"REJECT\" action instead you can configure it in here.",
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
"iptablesLockFilePath": {
|
"iptablesLockFilePath": {
|
||||||
"description": "IptablesLockFilePath is the location of the iptables lock file. You may need to change this if the lock file is not in its standard location (for example if you have mapped it into Felix's container at a different path). [Default: /run/xtables.lock]",
|
"description": "IptablesLockFilePath is the location of the iptables lock file. You may need to change this if the lock file is not in its standard location (for example if you have mapped it into Felix's container at a different path). [Default: /run/xtables.lock]",
|
||||||
"type": "string"
|
"type": "string"
|
||||||
|
Loading…
Reference in New Issue
Block a user