CiliumBGPPeeringPolicy

cilium.io / v2alpha1

apiVersion: cilium.io/v2alpha1 kind: CiliumBGPPeeringPolicy metadata: name: example

apiVersion string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata object required

spec object

Spec is a human readable description of a BGP peering policy

nodeSelector object

NodeSelector selects a group of nodes where this BGP Peering Policy applies. If empty / nil this policy applies to all nodes.

matchExpressions []object

matchExpressions is a list of label selector requirements. The requirements are ANDed.

key string required

key is the label key that the selector applies to.

operator string required

operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

enum: In, NotIn, Exists, DoesNotExist

values []string

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

matchLabels object

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

virtualRouters []object required

A list of CiliumBGPVirtualRouter(s) which instructs the BGP control plane how to instantiate virtual BGP routers.

minItems: 1

exportPodCIDR boolean

ExportPodCIDR determines whether to export the Node's private CIDR block to the configured neighbors.

localASN integer required

LocalASN is the ASN of this virtual router. Supports extended 32bit ASNs

format: int64

minimum: 0

maximum: 4.294967295e+09

neighbors []object required

Neighbors is a list of neighboring BGP peers for this virtual router

minItems: 1

advertisedPathAttributes []object

AdvertisedPathAttributes can be used to apply additional path attributes to selected routes when advertising them to the peer. If empty / nil, no additional path attributes are advertised.

communities object

Communities defines a set of community values advertised in the supported BGP Communities path attributes. If nil / not set, no BGP Communities path attribute will be advertised.

large []string

Large holds a list of the BGP Large Communities Attribute (RFC 8092) values.

standard []string

Standard holds a list of "standard" 32-bit BGP Communities Attribute (RFC 1997) values defined as numeric values.

wellKnown []string

WellKnown holds a list "standard" 32-bit BGP Communities Attribute (RFC 1997) values defined as well-known string aliases to their numeric values.

localPreference integer

LocalPreference defines the preference value advertised in the BGP Local Preference path attribute. As Local Preference is only valid for iBGP peers, this value will be ignored for eBGP peers (no Local Preference path attribute will be advertised). If nil / not set, the default Local Preference of 100 will be advertised in the Local Preference path attribute for iBGP peers.

format: int64

minimum: 0

maximum: 4.294967295e+09

selector object

Selector selects a group of objects of the SelectorType resulting into routes that will be announced with the configured Attributes. If nil / not set, all objects of the SelectorType are selected.

matchExpressions []object

matchExpressions is a list of label selector requirements. The requirements are ANDed.

key string required

key is the label key that the selector applies to.

operator string required

operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

enum: In, NotIn, Exists, DoesNotExist

values []string

matchLabels object

selectorType string required

SelectorType defines the object type on which the Selector applies: - For "PodCIDR" the Selector matches k8s CiliumNode resources (path attributes apply to routes announced for PodCIDRs of selected CiliumNodes. Only affects routes of cluster scope / Kubernetes IPAM CIDRs, not Multi-Pool IPAM CIDRs. - For "CiliumLoadBalancerIPPool" the Selector matches CiliumLoadBalancerIPPool custom resources (path attributes apply to routes announced for selected CiliumLoadBalancerIPPools). - For "CiliumPodIPPool" the Selector matches CiliumPodIPPool custom resources (path attributes apply to routes announced for allocated CIDRs of selected CiliumPodIPPools).

enum: PodCIDR, CiliumLoadBalancerIPPool, CiliumPodIPPool

authSecretRef string

AuthSecretRef is the name of the secret to use to fetch a TCP authentication password for this peer.

connectRetryTimeSeconds integer

ConnectRetryTimeSeconds defines the initial value for the BGP ConnectRetryTimer (RFC 4271, Section 8).

format: int32

minimum: 1

maximum: 2.147483647e+09

eBGPMultihopTTL integer

EBGPMultihopTTL controls the multi-hop feature for eBGP peers. Its value defines the Time To Live (TTL) value used in BGP packets sent to the neighbor. The value 1 implies that eBGP multi-hop feature is disabled (only a single hop is allowed). This field is ignored for iBGP peers.

format: int32

minimum: 1

maximum: 255

families []object

Families, if provided, defines a set of AFI/SAFIs the speaker will negotiate with it's peer. If this slice is not provided the default families of IPv6 and IPv4 will be provided.

afi string required

Afi is the Address Family Identifier (AFI) of the family.

enum: ipv4, ipv6, l2vpn, ls, opaque

safi string required

Safi is the Subsequent Address Family Identifier (SAFI) of the family.

enum:

unicast, multicast, mpls_label, encapsulation, vpls, evpn, ls, sr_policy, mup, mpls_vpn, mpls_vpn_multicast, route_target_constraints, flowspec_unicast, flowspec_vpn, key_value

gracefulRestart object

GracefulRestart defines graceful restart parameters which are negotiated with this neighbor. If empty / nil, the graceful restart capability is disabled.

enabled boolean required

Enabled flag, when set enables graceful restart capability.

restartTimeSeconds integer

RestartTimeSeconds is the estimated time it will take for the BGP session to be re-established with peer after a restart. After this period, peer will remove stale routes. This is described RFC 4724 section 4.2.

format: int32

minimum: 1

maximum: 4095

holdTimeSeconds integer

HoldTimeSeconds defines the initial value for the BGP HoldTimer (RFC 4271, Section 4.2). Updating this value will cause a session reset.

format: int32

minimum: 3

maximum: 65535

keepAliveTimeSeconds integer

KeepaliveTimeSeconds defines the initial value for the BGP KeepaliveTimer (RFC 4271, Section 8). It can not be larger than HoldTimeSeconds. Updating this value will cause a session reset.

format: int32

minimum: 1

maximum: 65535

peerASN integer required

PeerASN is the ASN of the peer BGP router. Supports extended 32bit ASNs

format: int64

minimum: 0

maximum: 4.294967295e+09

peerAddress string required

PeerAddress is the IP address of the peer. This must be in CIDR notation and use a /32 to express a single host.

format: cidr

peerPort integer

PeerPort is the TCP port of the peer. 1-65535 is the range of valid port numbers that can be specified. If unset, defaults to 179.

format: int32

minimum: 1

maximum: 65535

podIPPoolSelector object

PodIPPoolSelector selects CiliumPodIPPools based on labels. The virtual router will announce allocated CIDRs of matching CiliumPodIPPools. If empty / nil no CiliumPodIPPools will be announced.

matchExpressions []object

matchExpressions is a list of label selector requirements. The requirements are ANDed.

key string required

key is the label key that the selector applies to.

operator string required

operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

enum: In, NotIn, Exists, DoesNotExist

values []string

matchLabels object

serviceAdvertisements []string

ServiceAdvertisements selects a group of BGP Advertisement(s) to advertise for the selected services.

serviceSelector object

ServiceSelector selects a group of load balancer services which this virtual router will announce. The loadBalancerClass for a service must be nil or specify a class supported by Cilium, e.g. "io.cilium/bgp-control-plane". Refer to the following document for additional details regarding load balancer classes: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class If empty / nil no services will be announced.

matchExpressions []object

matchExpressions is a list of label selector requirements. The requirements are ANDed.

key string required

key is the label key that the selector applies to.

operator string required

operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

enum: In, NotIn, Exists, DoesNotExist

values []string

matchLabels object

No matches. Try .spec.nodeSelector for an exact path