IPRuleSet

Scope: Cluster
Version: v1alpha1

This resource describes a set of rules (ip rule) that will be created on nodes with the appropriate labels.

  • specobject

    Required value

    • spec.nodeSelectorobject

      Required value

      A set of labels that define the nodes on which these rules must be applied.

    • spec.rulesarray of objects

      Required value

      The desired set of rules (`ip rule’).

      • spec.rules.actionsobject

        Required value

        A set of actions that must be performed with a packet that has the attributes described in the `selectors’ section.

        • spec.rules.actions.lookupobject

          Required value

          Define the routing table in which the gateway address will be searched.

          • spec.rules.actions.lookup.ipRoutingTableIDinteger

            ID of the routing table on the node

            Allowed values: 1 <= X <= 4294967295

          • spec.rules.actions.lookup.routingTableNamestring

            The name of kubernetes resource RoutingTable in which the routing table ID will be searched.

      • spec.rules.priorityinteger

        Required value

        The priority of the rule (the order of application depends on it).

        When choosing a number, it is worth considering several nuances:

        • All rules are sorted by node’s linux network subsystem in order of priority (from lesser to greater) until a match is found.
        • If the packet falls under some rule, and the corresponding action has been successfully performed, then the search for rules termitated.
        • The default rule for searching the main routing table is 32766. In this case, if you specify a higher value, the rule will never be processed.

        Allowed values: 0 <= X <= 4294967295

      • spec.rules.selectorsobject

        Required value

        A set of package attributes.

        If the package has the attributes described in the selectors section, then actions from the actions section will be applied to it.

        • spec.rules.selectors.dportRangeobject

          The range of destination ports.

          If there is only one port, then you can either fill in only the start field, or specify the same value in the start and end fields.

          • spec.rules.selectors.dportRange.endinteger

            The end of the range.

            Allowed values: 0 <= X <= 65535

          • spec.rules.selectors.dportRange.startinteger

            Required value

            The beginning of the range.

            Allowed values: 0 <= X <= 65535

        • spec.rules.selectors.fromarray of strings

          An array of subnets of the source.

          • Element of the arraystring

            The subnet of the source.

        • spec.rules.selectors.fwMarkstring

          The traffic label exists only inside the linux network subsystem on the node.

          Pattern: ^0[xX][0-9a-fA-F]{1,8}(/0[xX][0-9a-fA-F]{1,8})?$

        • spec.rules.selectors.iifstring

          The name of the incoming interface for the packet.

        • spec.rules.selectors.ipProtointeger

          The number of the L4 protocol that is encapsulated in the IP in packet. The numbers of the most popular protocols are:

          • ICMP — 1
          • TCP — 6
          • UDP — 17 All available values can be found [at the link] (https://www.iana.org/assignments/protocol-numbers/protocol-numbers .xhtml), or in the /etc/protocols file on the node.
        • spec.rules.selectors.notboolean

          If this flag is specified, the rule will be inverted, that is, all packets that do not have the specified attributes will fall under it.

          Default: false

        • spec.rules.selectors.oifstring

          The name of the outgoing interface for the packet.

        • spec.rules.selectors.sportRangeobject

          The range of source ports.

          If there is only one port, then you can either fill in only the start field, or specify the same value in the start and end fields.

          • spec.rules.selectors.sportRange.endinteger

            The end of the range.

            Allowed values: 0 <= X <= 65535

          • spec.rules.selectors.sportRange.startinteger

            Required value

            The beginning of the range.

            Allowed values: 0 <= X <= 65535

        • spec.rules.selectors.toarray of strings

          An array of subnets of the destination.

          • Element of the arraystring

            The subnet of the destination.

        • spec.rules.selectors.tosstring

          QOS traffic label (TOS/diffserv/dscp) transmitted over the network in the IP headers of the packet. Available values stored in the file /etc/iproute2/rt_dsfield.

          Pattern: ^0[xX][0-9a-fA-F]{1,2}$

        • spec.rules.selectors.uidRangeobject

          The range of UIDs (UserID) of applications that transmitting traffic.

          If there is only one UID, then you can either fill in only the start field, or specify the same value in the start and end fields.

          • spec.rules.selectors.uidRange.endinteger

            The end of the range.

            Allowed values: 0 <= X <= 4294967295

          • spec.rules.selectors.uidRange.startinteger

            Required value

            The beginning of the range.

            Allowed values: 0 <= X <= 4294967295

RoutingTable

Scope: Cluster
Version: v1alpha1

A resource describing the desired routing table and the routes it contains.

  • specobject

    Required value

    • spec.ipRoutingTableIDinteger

      ID of the desired routing table.

      If the value is not explicitly specified, it will be generated automatically.

      Once a resource is created, you can only change the routing table ID by recreating the resource.

      Allowed values: 1 <= X <= 4294967295

    • spec.nodeSelectorobject

      Required value

      A set of labels that determine the nodes on which the desired routes should be created.

    • spec.routesarray of objects

      Required value

      • spec.routes.destinationstring

        Required value

        Destination network.

      • spec.routes.gatewaystring

        Required value

        Nexthop.