antrea-configmap.yml

apiVersion: v1
data:
  antrea-agent.conf: |
    # FeatureGates is a map of feature names to bools that enable or disable experimental features.
    featureGates:
    # Enable AntreaProxy which provides ServiceLB for in-cluster Services in antrea-agent.
    # It should be enabled on Windows, otherwise NetworkPolicy will not take effect on
    # Service traffic.
    #  AntreaProxy: true

    # Enable traceflow which provides packet tracing feature to diagnose network issue.
    #  Traceflow: true

    # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
    # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
    # feature that supports priorities, rule actions and externalEntities in the future.
    #  AntreaPolicy: false

    # Enable flowexporter which exports polled conntrack connections as IPFIX flow records from each
    # agent to a configured collector.
      FlowExporter: true

    # Enable collecting and exposing NetworkPolicy statistics.
    #  NetworkPolicyStats: false

    # Name of the OpenVSwitch bridge antrea-agent will create and use.
    # Make sure it doesn't conflict with your existing OpenVSwitch bridges.
    #ovsBridge: br-int

    # Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are:
    # - system
    # - netdev
    # 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run
    # OVS in userspace mode. Userspace mode requires the tun device driver to be available.
    #ovsDatapathType: system

    # Name of the interface antrea-agent will create and use for host <--> pod communication.
    # Make sure it doesn't conflict with your existing interfaces.
    #hostGateway: antrea-gw0

    # Determines how traffic is encapsulated. It has the following options:
    # encap(default):    Inter-node Pod traffic is always encapsulated and Pod to external network
    #                    traffic is SNAT'd.
    # noEncap:           Inter-node Pod traffic is not encapsulated; Pod to external network traffic is
    #                    SNAT'd if noSNAT is not set to true. Underlying network must be capable of
    #                    supporting Pod traffic across IP subnets.
    # hybrid:            noEncap if source and destination Nodes are on the same subnet, otherwise encap.
    # networkPolicyOnly: Antrea enforces NetworkPolicy only, and utilizes CNI chaining and delegates Pod
    #                    IPAM and connectivity to the primary CNI.
    #
    #trafficEncapMode: encap

    # Whether or not to SNAT (using the Node IP) the egress traffic from a Pod to the external network.
    # This option is for the noEncap traffic mode only, and the default value is false. In the noEncap
    # mode, if the cluster's Pod CIDR is reachable from the external network, then the Pod traffic to
    # the external network needs not be SNAT'd. In the networkPolicyOnly mode, antrea-agent never
    # performs SNAT and this option will be ignored; for other modes it must be set to false.
    #noSNAT: false

    # Tunnel protocols used for encapsulating traffic across Nodes. Supported values:
    # - geneve (default)
    # - vxlan
    # - gre
    # - stt
    #tunnelType: geneve

    # Default MTU to use for the host gateway interface and the network interface of each Pod.
    # If omitted, antrea-agent will discover the MTU of the Node's primary interface and
    # also adjust MTU to accommodate for tunnel encapsulation overhead (if applicable).
    #defaultMTU: 1450

    # Whether or not to enable IPsec encryption of tunnel traffic. IPsec encryption is only supported
    # for the GRE tunnel type.
    #enableIPSecTunnel: false

    # ClusterIP CIDR range for Services. It's required when AntreaProxy is not enabled, and should be
    # set to the same value as the one specified by --service-cluster-ip-range for kube-apiserver. When
    # AntreaProxy is enabled, this parameter is not needed and will be ignored if provided.
    #serviceCIDR: 10.96.0.0/12

    # ClusterIP CIDR range for IPv6 Services. It's required when using kube-proxy to provide IPv6 Service in a Dual-Stack
    # cluster or an IPv6 only cluster. The value should be the same as the configuration for kube-apiserver specified by
    # --service-cluster-ip-range. When AntreaProxy is enabled, this parameter is not needed.
    # No default value for this field.
    #serviceCIDRv6:

    # The port for the antrea-agent APIServer to serve on.
    # Note that if it's set to another value, the `containerPort` of the `api` port of the
    # `antrea-agent` container must be set to the same value.
    #apiPort: 10350

    # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
    #enablePrometheusMetrics: true

    # Provide flow collector address as string with format <IP>:<port>[:<proto>], where proto is tcp or udp. This also enables
    # the flow exporter that sends IPFIX flow records of conntrack flows on OVS bridge. If no L4 transport proto is given,
    # we consider tcp as default.
    flowCollectorAddr: "10.104.53.86:4739:udp"

    # Provide flow poll interval as a duration string. This determines how often the flow exporter dumps connections from the conntrack module.
    # Flow poll interval should be greater than or equal to 1s (one second).
    # Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
    flowPollInterval: "5s"

    # Provide flow export frequency, which is the number of poll cycles elapsed before flow exporter exports flow records to
    # the flow collector.
    # Flow export frequency should be greater than or equal to 1.
    flowExportFrequency: 12
  antrea-cni.conflist: |
    {
        "cniVersion":"0.3.0",
        "name": "antrea",
        "plugins": [
            {
                "type": "antrea",
                "ipam": {
                    "type": "host-local"
                }
            },
            {
                "type": "portmap",
                "capabilities": {"portMappings": true}
            },
            {
                "type": "bandwidth",
                "capabilities": {"bandwidth": true}
            }
        ]
    }
  antrea-controller.conf: |
    # FeatureGates is a map of feature names to bools that enable or disable experimental features.
    featureGates:
    # Enable traceflow which provides packet tracing feature to diagnose network issue.
    #  Traceflow: true

    # Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
    # to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
    # feature that supports priorities, rule actions and externalEntities in the future.
    #  AntreaPolicy: false

    # Enable collecting and exposing NetworkPolicy statistics.
    #  NetworkPolicyStats: false

    # The port for the antrea-controller APIServer to serve on.
    # Note that if it's set to another value, the `containerPort` of the `api` port of the
    # `antrea-controller` container must be set to the same value.
    #apiPort: 10349

    # Enable metrics exposure via Prometheus. Initializes Prometheus metrics listener.
    #enablePrometheusMetrics: true

    # Indicates whether to use auto-generated self-signed TLS certificate.
    # If false, A Secret named "antrea-controller-tls" must be provided with the following keys:
    #   ca.crt: <CA certificate>
    #   tls.crt: <TLS certificate>
    #   tls.key: <TLS private key>
    # And the Secret must be mounted to directory "/var/run/antrea/antrea-controller-tls" of the
    # antrea-controller container.
    #selfSignedCert: true
kind: ConfigMap
metadata:
  annotations: {}
  labels:
    app: antrea
  name: antrea-config-9c7h568bgf
  namespace: kube-system