1apiVersion: apiextensions.k8s.io/v1
2kind: CustomResourceDefinition
3metadata:
4 annotations:
5 api-approved.openshift.io: https://github.com/openshift/api/pull/475
6 include.release.openshift.io/self-managed-high-availability: "true"
7 include.release.openshift.io/single-node-developer: "true"
8 name: networks.operator.openshift.io
9spec:
10 group: operator.openshift.io
11 names:
12 kind: Network
13 listKind: NetworkList
14 plural: networks
15 singular: network
16 scope: Cluster
17 versions:
18 - name: v1
19 schema:
20 openAPIV3Schema:
21 description: "Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator. \n Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer)."
22 type: object
23 properties:
24 apiVersion:
25 description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
26 type: string
27 kind:
28 description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
29 type: string
30 metadata:
31 type: object
32 spec:
33 description: NetworkSpec is the top-level network configuration object.
34 type: object
35 properties:
36 additionalNetworks:
37 description: additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.
38 type: array
39 items:
40 description: AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one "Config" that matches the type.
41 type: object
42 properties:
43 name:
44 description: name is the name of the network. This will be populated in the resulting CRD This must be unique.
45 type: string
46 namespace:
47 description: namespace is the namespace of the network. This will be populated in the resulting CRD If not given the network will be created in the default namespace.
48 type: string
49 rawCNIConfig:
50 description: rawCNIConfig is the raw CNI configuration json to create in the NetworkAttachmentDefinition CRD
51 type: string
52 simpleMacvlanConfig:
53 description: SimpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan
54 type: object
55 properties:
56 ipamConfig:
57 description: IPAMConfig configures IPAM module will be used for IP Address Management (IPAM).
58 type: object
59 properties:
60 staticIPAMConfig:
61 description: StaticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic
62 type: object
63 properties:
64 addresses:
65 description: Addresses configures IP address for the interface
66 type: array
67 items:
68 description: StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses
69 type: object
70 properties:
71 address:
72 description: Address is the IP address in CIDR format
73 type: string
74 gateway:
75 description: Gateway is IP inside of subnet to designate as the gateway
76 type: string
77 dns:
78 description: DNS configures DNS for the interface
79 type: object
80 properties:
81 domain:
82 description: Domain configures the domainname the local domain used for short hostname lookups
83 type: string
84 nameservers:
85 description: Nameservers points DNS servers for IP lookup
86 type: array
87 items:
88 type: string
89 search:
90 description: Search configures priority ordered search domains for short hostname lookups
91 type: array
92 items:
93 type: string
94 routes:
95 description: Routes configures IP routes for the interface
96 type: array
97 items:
98 description: StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes
99 type: object
100 properties:
101 destination:
102 description: Destination points the IP route destination
103 type: string
104 gateway:
105 description: Gateway is the route's next-hop IP address If unset, a default gateway is assumed (as determined by the CNI plugin).
106 type: string
107 type:
108 description: Type is the type of IPAM module will be used for IP Address Management(IPAM). The supported values are IPAMTypeDHCP, IPAMTypeStatic
109 type: string
110 master:
111 description: master is the host interface to create the macvlan interface from. If not specified, it will be default route interface
112 type: string
113 mode:
114 description: 'mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge'
115 type: string
116 mtu:
117 description: mtu is the mtu to use for the macvlan interface. if unset, host's kernel will select the value.
118 type: integer
119 format: int32
120 minimum: 0
121 type:
122 description: type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan
123 type: string
124 clusterNetwork:
125 description: clusterNetwork is the IP address pool to use for pod IPs. Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.
126 type: array
127 items:
128 description: ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks
129 type: object
130 properties:
131 cidr:
132 type: string
133 hostPrefix:
134 type: integer
135 format: int32
136 minimum: 0
137 defaultNetwork:
138 description: defaultNetwork is the "default" network that all pods will receive
139 type: object
140 properties:
141 kuryrConfig:
142 description: KuryrConfig configures the kuryr plugin
143 type: object
144 properties:
145 controllerProbesPort:
146 description: The port kuryr-controller will listen for readiness and liveness requests.
147 type: integer
148 format: int32
149 minimum: 0
150 daemonProbesPort:
151 description: The port kuryr-daemon will listen for readiness and liveness requests.
152 type: integer
153 format: int32
154 minimum: 0
155 enablePortPoolsPrepopulation:
156 description: enablePortPoolsPrepopulation when true will make Kuryr prepopulate each newly created port pool with a minimum number of ports. Kuryr uses Neutron port pooling to fight the fact that it takes a significant amount of time to create one. It creates a number of ports when the first pod that is configured to use the dedicated network for pods is created in a namespace, and keeps them ready to be attached to pods. Port prepopulation is disabled by default.
157 type: boolean
158 mtu:
159 description: mtu is the MTU that Kuryr should use when creating pod networks in Neutron. The value has to be lower or equal to the MTU of the nodes network and Neutron has to allow creation of tenant networks with such MTU. If unset Pod networks will be created with the same MTU as the nodes network has. This also affects the services network created by cluster-network-operator.
160 type: integer
161 format: int32
162 minimum: 0
163 openStackServiceNetwork:
164 description: openStackServiceNetwork contains the CIDR of network from which to allocate IPs for OpenStack Octavia's Amphora VMs. Please note that with Amphora driver Octavia uses two IPs from that network for each loadbalancer - one given by OpenShift and second for VRRP connections. As the first one is managed by OpenShift's and second by Neutron's IPAMs, those need to come from different pools. Therefore `openStackServiceNetwork` needs to be at least twice the size of `serviceNetwork`, and whole `serviceNetwork` must be overlapping with `openStackServiceNetwork`. cluster-network-operator will then make sure VRRP IPs are taken from the ranges inside `openStackServiceNetwork` that are not overlapping with `serviceNetwork`, effectivly preventing conflicts. If not set cluster-network-operator will use `serviceNetwork` expanded by decrementing the prefix size by 1.
165 type: string
166 poolBatchPorts:
167 description: poolBatchPorts sets a number of ports that should be created in a single batch request to extend the port pool. The default is 3. For more information about port pools see enablePortPoolsPrepopulation setting.
168 type: integer
169 minimum: 0
170 poolMaxPorts:
171 description: poolMaxPorts sets a maximum number of free ports that are being kept in a port pool. If the number of ports exceeds this setting, free ports will get deleted. Setting 0 will disable this upper bound, effectively preventing pools from shrinking and this is the default value. For more information about port pools see enablePortPoolsPrepopulation setting.
172 type: integer
173 minimum: 0
174 poolMinPorts:
175 description: poolMinPorts sets a minimum number of free ports that should be kept in a port pool. If the number of ports is lower than this setting, new ports will get created and added to pool. The default is 1. For more information about port pools see enablePortPoolsPrepopulation setting.
176 type: integer
177 minimum: 1
178 openshiftSDNConfig:
179 description: openShiftSDNConfig configures the openshift-sdn plugin
180 type: object
181 properties:
182 enableUnidling:
183 description: enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled.
184 type: boolean
185 mode:
186 description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy"
187 type: string
188 mtu:
189 description: mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine's uplink.
190 type: integer
191 format: int32
192 minimum: 0
193 useExternalOpenvswitch:
194 description: 'useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored. DEPRECATED: non-functional as of 4.6'
195 type: boolean
196 vxlanPort:
197 description: vxlanPort is the port to use for all vxlan packets. The default is 4789.
198 type: integer
199 format: int32
200 minimum: 0
201 ovnKubernetesConfig:
202 description: ovnKubernetesConfig configures the ovn-kubernetes plugin.
203 type: object
204 properties:
205 egressIPConfig:
206 description: egressIPConfig holds the configuration for EgressIP options.
207 type: object
208 properties:
209 reachabilityTotalTimeoutSeconds:
210 description: reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. If the EgressIP node cannot be reached within this timeout, the node is declared down. Setting a large value may cause the EgressIP feature to react slowly to node changes. In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 1 second. A value of 0 disables the EgressIP node's reachability check.
211 type: integer
212 format: int32
213 maximum: 60
214 minimum: 0
215 gatewayConfig:
216 description: gatewayConfig holds the configuration for node gateway options.
217 type: object
218 properties:
219 routingViaHost:
220 description: RoutingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.
221 type: boolean
222 default: false
223 genevePort:
224 description: geneve port is the UDP port to be used by geneve encapulation. Default is 6081
225 type: integer
226 format: int32
227 minimum: 1
228 hybridOverlayConfig:
229 description: HybridOverlayConfig configures an additional overlay network for peers that are not using OVN.
230 type: object
231 properties:
232 hybridClusterNetwork:
233 description: HybridClusterNetwork defines a network space given to nodes on an additional overlay network.
234 type: array
235 items:
236 description: ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks
237 type: object
238 properties:
239 cidr:
240 type: string
241 hostPrefix:
242 type: integer
243 format: int32
244 minimum: 0
245 hybridOverlayVXLANPort:
246 description: HybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. Default is 4789
247 type: integer
248 format: int32
249 ipsecConfig:
250 description: ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
251 type: object
252 mtu:
253 description: mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400
254 type: integer
255 format: int32
256 minimum: 0
257 policyAuditConfig:
258 description: policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.
259 type: object
260 properties:
261 destination:
262 description: 'destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - "libc" -> to use the libc syslog() function of the host node''s journdald process - "udp:host:port" -> for sending syslog over UDP - "unix:file" -> for using the UNIX domain socket directly - "null" -> to discard all messages logged to syslog The default is "null"'
263 type: string
264 default: "null"
265 maxFileSize:
266 description: maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB
267 type: integer
268 format: int32
269 default: 50
270 minimum: 1
271 rateLimit:
272 description: rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used.
273 type: integer
274 format: int32
275 default: 20
276 minimum: 1
277 syslogFacility:
278 description: syslogFacility the RFC5424 facility for generated messages, e.g. "kern". Default is "local0"
279 type: string
280 default: local0
281 v4InternalSubnet:
282 description: v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is 100.64.0.0/16
283 type: string
284 v6InternalSubnet:
285 description: v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is fd98::/48
286 type: string
287 type:
288 description: type is the type of network All NetworkTypes are supported except for NetworkTypeRaw
289 type: string
290 deployKubeProxy:
291 description: deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when OpenShift SDN and ovn-kubernetes are used and true otherwise.
292 type: boolean
293 disableMultiNetwork:
294 description: disableMultiNetwork specifies whether or not multiple pod network support should be disabled. If unset, this property defaults to 'false' and multiple network support is enabled.
295 type: boolean
296 disableNetworkDiagnostics:
297 description: disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.
298 type: boolean
299 default: false
300 exportNetworkFlows:
301 description: exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.
302 type: object
303 properties:
304 ipfix:
305 description: ipfix defines IPFIX configuration.
306 type: object
307 properties:
308 collectors:
309 description: ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items
310 type: array
311 maxItems: 10
312 minItems: 1
313 items:
314 type: string
315 pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
316 netFlow:
317 description: netFlow defines the NetFlow configuration.
318 type: object
319 properties:
320 collectors:
321 description: netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. It is a list of strings formatted as ip:port with a maximum of ten items
322 type: array
323 maxItems: 10
324 minItems: 1
325 items:
326 type: string
327 pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
328 sFlow:
329 description: sFlow defines the SFlow configuration.
330 type: object
331 properties:
332 collectors:
333 description: sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items
334 type: array
335 maxItems: 10
336 minItems: 1
337 items:
338 type: string
339 pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$
340 kubeProxyConfig:
341 description: kubeProxyConfig lets us configure desired proxy configuration. If not specified, sensible defaults will be chosen by OpenShift directly. Not consumed by all network providers - currently only openshift-sdn.
342 type: object
343 properties:
344 bindAddress:
345 description: The address to "bind" on Defaults to 0.0.0.0
346 type: string
347 iptablesSyncPeriod:
348 description: 'An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s'
349 type: string
350 proxyArguments:
351 description: Any additional arguments to pass to the kubeproxy process
352 type: object
353 additionalProperties:
354 description: ProxyArgumentList is a list of arguments to pass to the kubeproxy process
355 type: array
356 items:
357 type: string
358 logLevel:
359 description: "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"."
360 type: string
361 default: Normal
362 enum:
363 - ""
364 - Normal
365 - Debug
366 - Trace
367 - TraceAll
368 managementState:
369 description: managementState indicates whether and how the operator should manage the component
370 type: string
371 pattern: ^(Managed|Unmanaged|Force|Removed)$
372 migration:
373 description: migration enables and configures the cluster network migration. The migration procedure allows to change the network type and the MTU.
374 type: object
375 properties:
376 features:
377 description: features contains the features migration configuration. Set this to migrate feature configuration when changing the cluster default network provider. if unset, the default operation is to migrate all the configuration of supported features.
378 type: object
379 properties:
380 egressFirewall:
381 description: egressFirewall specifies whether or not the Egress Firewall configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and Egress Firewall configure is migrated.
382 type: boolean
383 default: true
384 egressIP:
385 description: egressIP specifies whether or not the Egress IP configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and Egress IP configure is migrated.
386 type: boolean
387 default: true
388 multicast:
389 description: multicast specifies whether or not the multicast configuration is migrated automatically when changing the cluster default network provider. If unset, this property defaults to 'true' and multicast configure is migrated.
390 type: boolean
391 default: true
392 mtu:
393 description: mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.
394 type: object
395 properties:
396 machine:
397 description: machine contains MTU migration configuration for the machine's uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.
398 type: object
399 properties:
400 from:
401 description: from is the MTU to migrate from.
402 type: integer
403 format: int32
404 minimum: 0
405 to:
406 description: to is the MTU to migrate to.
407 type: integer
408 format: int32
409 minimum: 0
410 network:
411 description: network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine's uplink MTU by the minimum appropriate offset.
412 type: object
413 properties:
414 from:
415 description: from is the MTU to migrate from.
416 type: integer
417 format: int32
418 minimum: 0
419 to:
420 description: to is the MTU to migrate to.
421 type: integer
422 format: int32
423 minimum: 0
424 networkType:
425 description: networkType is the target type of network migration. Set this to the target network type to allow changing the default network. If unset, the operation of changing cluster default network plugin will be rejected. The supported values are OpenShiftSDN, OVNKubernetes
426 type: string
427 observedConfig:
428 description: observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator
429 type: object
430 nullable: true
431 x-kubernetes-preserve-unknown-fields: true
432 operatorLogLevel:
433 description: "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves. \n Valid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"."
434 type: string
435 default: Normal
436 enum:
437 - ""
438 - Normal
439 - Debug
440 - Trace
441 - TraceAll
442 serviceNetwork:
443 description: serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.
444 type: array
445 items:
446 type: string
447 unsupportedConfigOverrides:
448 description: unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.
449 type: object
450 nullable: true
451 x-kubernetes-preserve-unknown-fields: true
452 useMultiNetworkPolicy:
453 description: useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.
454 type: boolean
455 status:
456 description: NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.
457 type: object
458 properties:
459 conditions:
460 description: conditions is a list of conditions and their status
461 type: array
462 items:
463 description: OperatorCondition is just the standard condition fields.
464 type: object
465 properties:
466 lastTransitionTime:
467 type: string
468 format: date-time
469 message:
470 type: string
471 reason:
472 type: string
473 status:
474 type: string
475 type:
476 type: string
477 generations:
478 description: generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.
479 type: array
480 items:
481 description: GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.
482 type: object
483 properties:
484 group:
485 description: group is the group of the thing you're tracking
486 type: string
487 hash:
488 description: hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps
489 type: string
490 lastGeneration:
491 description: lastGeneration is the last generation of the workload controller involved
492 type: integer
493 format: int64
494 name:
495 description: name is the name of the thing you're tracking
496 type: string
497 namespace:
498 description: namespace is where the thing you're tracking is
499 type: string
500 resource:
501 description: resource is the resource type of the thing you're tracking
502 type: string
503 observedGeneration:
504 description: observedGeneration is the last generation change you've dealt with
505 type: integer
506 format: int64
507 readyReplicas:
508 description: readyReplicas indicates how many replicas are ready and at the desired state
509 type: integer
510 format: int32
511 version:
512 description: version is the level this availability applies to
513 type: string
514 served: true
515 storage: true
View as plain text