IPRuleSet
Scope: Cluster
Version: v1alpha1
ip rule) that will be created on nodes with the appropriate labels.-
objectspec
-
objectspec.nodeSelector
Required value
A set of labels that define the nodes on which these rules must be applied. -
array of objectsspec.rules
Required value
The desired set of rules (ip rule).-
objectspec.rules.actionsA set of actions that must be performed with a packet that has the attributes described in the `selectors’ section.
-
objectspec.rules.actions.lookup
Required value
Define the routing table in which the gateway address will be searched.-
integerspec.rules.actions.lookup.ipRoutingTableIDID of the routing table on the node
Allowed values:
1 <= X <= 4294967295 -
stringspec.rules.actions.lookup.routingTableNameThe name of kubernetes resource RoutingTable in which the routing table ID will be searched.
-
-
-
integerspec.rules.priority
The priority of the rule (the order of application depends on it).
When choosing a number, it is worth considering several nuances:
- All rules are sorted by node’s Linux network subsystem in order of priority (from lesser to greater) until a match is found.
- If the packet falls under some rule, and the corresponding action has been successfully performed, then the search for rules termitated.
- The default rule for searching the
mainrouting table is32766. In this case, if you specify a higher value, the rule will never be processed.
Allowed values:
0 <= X <= 4294967295 -
objectspec.rules.selectors
A set of package attributes.
If the package has the attributes described in the
selectorssection, then actions from theactionssection will be applied to it.-
objectspec.rules.selectors.dportRange
The range of destination ports.
If there is only one port, then you can either fill in only the
startfield, or specify the same value in thestartandendfields.-
integerspec.rules.selectors.dportRange.endThe end of the range.
Allowed values:
0 <= X <= 65535 -
integerspec.rules.selectors.dportRange.start
Required value
The beginning of the range.Allowed values:
0 <= X <= 65535
-
-
array of stringsspec.rules.selectors.fromAn array of subnets of the source.
-
stringspec.rules.selectors.from.Element of the arrayThe subnet of the source.
-
-
stringspec.rules.selectors.fwMarkThe traffic label exists only inside the Linux network subsystem on the node.
Pattern:
^0[xX][0-9a-fA-F]{1,8}(/0[xX][0-9a-fA-F]{1,8})?$ -
stringspec.rules.selectors.iifThe name of the incoming interface for the packet.
-
integerspec.rules.selectors.ipProto
The number of the L4 protocol that is encapsulated in the IP in packet. The numbers of the most popular protocols are:
ICMP— 1TCP— 6UDP— 17 All available values can be found [at the link](https://www.iana.org/assignments/protocol-numbers/protocol-numbers .xhtml), or in the /etc/protocols file on the node.
-
booleanspec.rules.selectors.notIf this flag is specified, the rule will be inverted, that is, all packets that do not have the specified attributes will fall under it.
Default:
false -
stringspec.rules.selectors.oifThe name of the outgoing interface for the packet.
-
objectspec.rules.selectors.sportRange
The range of source ports.
If there is only one port, then you can either fill in only the
startfield, or specify the same value in thestartandendfields.-
integerspec.rules.selectors.sportRange.endThe end of the range.
Allowed values:
0 <= X <= 65535 -
integerspec.rules.selectors.sportRange.start
Required value
The beginning of the range.Allowed values:
0 <= X <= 65535
-
-
array of stringsspec.rules.selectors.toAn array of subnets of the destination.
-
stringspec.rules.selectors.to.Element of the arrayThe subnet of the destination.
-
-
stringspec.rules.selectors.tosQOS traffic label (
TOS,diffserv,dscp) transmitted over the network in the IP headers of the packet. Available values stored in the file/etc/iproute2/rt_dsfield.Pattern:
^0[xX][0-9a-fA-F]{1,2}$ -
objectspec.rules.selectors.uidRange
The range of UIDs (UserID) of applications that transmitting traffic.
If there is only one UID, then you can either fill in only the
startfield, or specify the same value in thestartandendfields.-
integerspec.rules.selectors.uidRange.endThe end of the range.
Allowed values:
0 <= X <= 4294967295 -
integerspec.rules.selectors.uidRange.start
Required value
The beginning of the range.Allowed values:
0 <= X <= 4294967295
-
-
-
-
RoutingTable
Scope: Cluster
Version: v1alpha1
-
objectspec
-
integerspec.ipRoutingTableID
ID of the desired routing table.
If the value is not explicitly specified, it will be automatically generated and added to the
statusfield.Once a resource is created, you can only change the routing table ID by recreating the resource.
Allowed values:
1 <= X <= 4294967295 -
objectspec.nodeSelector
Required value
A set of labels that determine the nodes on which the desired routes should be created.
Format: the standard
nodeSelectorlist. -
array of objectsspec.routes
Required value
-
stringspec.routes.destinationDestination network.
-
stringspec.routes.devThe output device name.
Maximum length:
15Pattern:
^[^\s\\]{1,15}$ -
stringspec.routes.gatewayThe gateway through which the subnet is reachable.
-
-