Last active
December 9, 2020 11:06
-
-
Save masanara/ee3f1b233a07651fa010640868f9bbf4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: v1 | |
data: | |
antrea-agent.conf: | | |
# FeatureGates is a map of feature names to bools that enable or disable experimental features. | |
featureGates: | |
# Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent. | |
# It should be enabled on Windows, otherwise NetworkPolicy will not take effect on | |
# Service traffic. | |
# AntreaProxy: true | |
# Enable traceflow which provides packet tracing feature to diagnose network issue. | |
# Traceflow: true | |
# Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins | |
# to define security policies which apply to the entire cluster, and Antrea NetworkPolicy | |
# feature that supports priorities, rule actions and externalEntities in the future. | |
# AntreaPolicy: false | |
# Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each | |
# agent to a configured collector. | |
FlowExporter: true | |
# Enable collecting and exposing NetworkPolicy statistics. | |
# NetworkPolicyStats: false | |
# Name of the OpenVSwitch bridge antrea-agent will create and use. | |
# Make sure it doesn't conflict with your existing OpenVSwitch bridges. | |
#ovsBridge: br-int | |
# Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are: | |
# - system | |
# - netdev | |
# 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run | |
# OVS in userspace mode. Userspace mode requires the tun device driver to be available. | |
#ovsDatapathType: system | |
# Name of the interface antrea-agent will create and use for host <--> pod communication. | |
# Make sure it doesn't conflict with your existing interfaces. | |
#hostGateway: antrea-gw0 | |
# Determines how traffic is encapsulated. It has the following options: | |
# encap(default): Inter-node Pod traffic is always encapsulated and Pod to external network | |
# traffic is SNAT'd. | |
# noEncap: Inter-node Pod traffic is not encapsulated; Pod to external network traffic is | |
# SNAT'd if noSNAT is not set to true. Underlying network must be capable of | |
# supporting Pod traffic across IP subnets. | |
# hybrid: noEncap if source and destination Nodes are on the same subnet, otherwise encap. | |
# networkPolicyOnly: Antrea enforces NetworkPolicy only, and utilizes CNI chaining and delegates Pod | |
# IPAM and connectivity to the primary CNI. | |
# | |
#trafficEncapMode: encap | |
# Whether or not to SNAT (using the Node IP) the egress traffic from a Pod to the external network. | |
# This option is for the noEncap traffic mode only, and the default value is false. In the noEncap | |
# mode, if the cluster's Pod CIDR is reachable from the external network, then the Pod traffic to | |
# the external network needs not be SNAT'd. In the networkPolicyOnly mode, antrea-agent never | |
# performs SNAT and this option will be ignored; for other modes it must be set to false. | |
#noSNAT: false | |
# Tunnel protocols used for encapsulating traffic across Nodes. Supported values: | |
# - geneve (default) | |
# - vxlan | |
# - gre | |
# - stt | |
#tunnelType: geneve | |
# Default MTU to use for the host gateway interface and the network interface of each Pod. | |
# If omitted, antrea-agent will discover the MTU of the Node's primary interface and | |
# also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable). | |
#defaultMTU: 1450 | |
# Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported | |
# for the GRE tunnel type. | |
#enableIPSecTunnel: false | |
# ClusterIP CIDR range for Services. It's required when AntreaProxy is not enabled, and should be | |
# set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver. When | |
# AntreaProxy is enabled, this parameter is not needed and will be ignored if provided. | |
#serviceCIDR: 10.96.0.0/12 | |
# ClusterIP CIDR range for IPv6 Services. It's required when using kube-proxy to provide IPv6 Service in a Dual-Stack | |
# cluster or an IPv6 only cluster. The value should be the same as the configuration for kube-apiserver specified by | |
# --service-cluster-ip-range. When AntreaProxy is enabled, this parameter is not needed. | |
# No default value for this field. | |
#serviceCIDRv6: | |
# The port for the antrea-agent APIServer to serve on. | |
# Note that if it's set to another value, the `containerPort` of the `api` port of the | |
# `antrea-agent` container must be set to the same value. | |
#apiPort: 10350 | |
# Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. | |
#enablePrometheusMetrics: true | |
# Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables | |
# the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given, | |
# we consider tcp as default. | |
flowCollectorAddr: "10.104.53.86:4739:udp" | |
# Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module. | |
# Flow poll interval should be greater than or equal to 1s (one second). | |
# Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". | |
flowPollInterval: "5s" | |
# Provide flow export frequency, which is the number of poll cycles elapsed before flow exporter exports flow records to | |
# the flow collector. | |
# Flow export frequency should be greater than or equal to 1. | |
flowExportFrequency: 12 | |
antrea-cni.conflist: | | |
{ | |
"cniVersion":"0.3.0", | |
"name": "antrea", | |
"plugins": [ | |
{ | |
"type": "antrea", | |
"ipam": { | |
"type": "host-local" | |
} | |
}, | |
{ | |
"type": "portmap", | |
"capabilities": {"portMappings": true} | |
}, | |
{ | |
"type": "bandwidth", | |
"capabilities": {"bandwidth": true} | |
} | |
] | |
} | |
antrea-controller.conf: | | |
# FeatureGates is a map of feature names to bools that enable or disable experimental features. | |
featureGates: | |
# Enable traceflow which provides packet tracing feature to diagnose network issue. | |
# Traceflow: true | |
# Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins | |
# to define security policies which apply to the entire cluster, and Antrea NetworkPolicy | |
# feature that supports priorities, rule actions and externalEntities in the future. | |
# AntreaPolicy: false | |
# Enable collecting and exposing NetworkPolicy statistics. | |
# NetworkPolicyStats: false | |
# The port for the antrea-controller APIServer to serve on. | |
# Note that if it's set to another value, the `containerPort` of the `api` port of the | |
# `antrea-controller` container must be set to the same value. | |
#apiPort: 10349 | |
# Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener. | |
#enablePrometheusMetrics: true | |
# Indicates whether to use auto-generated self-signed TLS certificate. | |
# If false, A Secret named "antrea-controller-tls" must be provided with the following keys: | |
# ca.crt: <CA certificate> | |
# tls.crt: <TLS certificate> | |
# tls.key: <TLS private key> | |
# And the Secret must be mounted to directory "/var/run/antrea/antrea-controller-tls" of the | |
# antrea-controller container. | |
#selfSignedCert: true | |
kind: ConfigMap | |
metadata: | |
annotations: {} | |
labels: | |
app: antrea | |
name: antrea-config-9c7h568bgf | |
namespace: kube-system |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment