11144

Committed 22 Oct 2025 03:03PM UTC coverage: 65.289% (-0.6%) from 65.843%

Build # 11144

Build Type

push

travis-pro

Committed by

web-flow

Commit Message

Merge pull request #1597 from noironetworks/mmr-6.1.1-vmm_lite_bridge_nad

Add optional NAD bridge configuration fields to ControllerConfig

Run Details

0 of 46 new or added lines in 1 file covered. (0.0%)

333 existing lines in 5 files now uncovered.

13383 of 20498 relevant lines covered (65.29%)

0.75 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

96.3

/pkg/controller/config.go

// Copyright 2017 Cisco Systems, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package controller

import (
        "flag"

        "github.com/noironetworks/aci-containers/pkg/ipam"
)

type OpflexGroup struct {
        PolicySpace string `json:"policy-space,omitempty"`
        Name        string `json:"name,omitempty"`
}

type delayService struct {
        Delay     int    `json:"delay,omitempty"`
        Name      string `json:"name,omitempty"`
        Namespace string `json:"namespace,omitempty"`
}

type serviceGraphEpAddDelay struct {
        Delay    int            `json:"delay,omitempty"`
        Services []delayService `json:"services,omitempty"`
}

type NodeSnatRedirectExclude struct {
        Group  string   `json:"group"`
        Labels []string `json:"labels"`
}

// Configuration for the controller
type ControllerConfig struct {
        // Log level
        LogLevel string `json:"log-level,omitempty"`

        // Absolute path to a kubeconfig file
        KubeConfig string `json:"kubeconfig,omitempty"`

        // TCP port to run status server on (or 0 to disable)
        StatusPort int `json:"status-port,omitempty"`

        // Default endpoint group annotation value
        DefaultEg OpflexGroup `json:"default-endpoint-group,omitempty"`

        // Default security group annotation value
        DefaultSg []OpflexGroup `json:"default-security-group,omitempty"`

        // Override default endpoint group assignments for a namespace
        // map ns name -> group
        NamespaceDefaultEg map[string]OpflexGroup `json:"namespace-default-endpoint-group,omitempty"`

        // Override default security group assignments for namespaces
        // map ns name -> slice of groups
        NamespaceDefaultSg map[string][]OpflexGroup `json:"namespace-default-security-group,omitempty"`

        // The hostnames or IPs for connecting to apic
        ApicHosts []string `json:"apic-hosts,omitempty"`

        // The username for connecting to APIC
        ApicUsername string `json:"apic-username,omitempty"`

        // The password for connecting to APIC
        ApicPassword string `json:"apic-password,omitempty"`

        // The number of seconds that APIC should wait before timing
        // out a subscription on a websocket connection. If not
        // explicitly set, then a default of 1800 seconds will
        // be sent in websocket subscriptions. If it is set to 0,
        // then a timeout will not be sent in websocket
        // subscriptions, and APIC will use it's default timeout
        // of 80 seconds. If set to a non-zero value, then the
        // timeout value will be provided when we subscribe to
        // a URL on APIC. NOTE: the subscription timeout is not
        // supported by APIC versions before 3.2(3), so this
        // value must not be set when used with APIC versions
        // older than that release.
        // Also, note that this is a string.
        ApicRefreshTimer string `json:"apic-refreshtime,omitempty"`

        // Delay in milliseconds after each subscription query
        // Will be defaulted to 100ms.
        ApicSubscriptionDelay int `json:"apic-subscription-delay,omitempty"`

        // How early (seconds) the subscriptions to be refreshed than
        // actual subscription refresh-timeout. Will be defaulted to 150Seconds.
        ApicRefreshTickerAdjust string `json:"apic-refreshticker-adjust,omitempty"`

        // A path for a PEM-encoded private key for client certificate
        // authentication for APIC API
        ApicPrivateKeyPath string `json:"apic-private-key-path,omitempty"`

        // A path for a PEM-encoded public certificate for APIC server to
        // enable secure TLS server verifification
        ApicCertPath string `json:"apic-cert-path,omitempty"`

        // The type of the ACI VMM domain: either "kubernetes",
        // "openshift"
        AciVmmDomainType string `json:"aci-vmm-type,omitempty"`

        // The name of the ACI VMM domain
        AciVmmDomain string `json:"aci-vmm-domain,omitempty"`

        // The name of the ACI VMM domain controller instance
        AciVmmController string `json:"aci-vmm-controller,omitempty"`

        // Name prefix to use when creating policy to avoid namespace
        // collisions
        AciPrefix string `json:"aci-prefix,omitempty"`

        // Tenant to use when creating policy objects in APIC
        AciPolicyTenant string `json:"aci-policy-tenant,omitempty"`

        // Physical domain used for service device clusters
        AciServicePhysDom string `json:"aci-service-phys-dom,omitempty"`

        // Encap used for service device clusters
        AciServiceEncap string `json:"aci-service-encap,omitempty"`

        // Time in seconds between service node ICMP probes for more
        // quickly removing failed nodes from service pools
        // 0 (default) means don't monitor
        AciServiceMonitorInterval int `json:"aci-service-monitor-interval,omitempty"`

        // Whether to enable PBR tracking for non-SNAT services
        // when AciServiceMonitorInterval is set to non-zero, PBR tracking
        // is enabled for snat
        AciPbrTrackingNonSnat bool `json:"aci-pbr-tracking-non-snat,omitempty"`

        // By default, the Resilient Hashing Enabled field of vnsSvcRedirectPol is
        // set to "yes". If DisableResilientHashing is true, it will be set to "no"
        DisableResilientHashing bool `json:"disable-resilient-hashing,omitempty"`

        // To ignore the opflexODev which belongs to different vmmDomain
        FilterOpflexDevice bool `json:"filter-opflex-device,omitempty"`

        // The tenants related to AciVrf where BDs/EPGs/Subnets could exist.
        // Usually AciVrfTenant and AciPolicyTenant
        AciVrfRelatedTenants []string `json:"aci-vrf-related-tenants,omitempty"`

        // ACI Pod-BD for this kubernetes instance
        AciPodBdDn string `json:"aci-podbd-dn,omitempty"`

        // ACI Node-BD for this kubernetes instance
        AciNodeBdDn string `json:"aci-nodebd-dn,omitempty"`

        // ACI VRF for this kubernetes instance
        AciVrf string `json:"aci-vrf,omitempty"`

        // ACI VRF for this kubernetes instance
        AciVrfDn string `json:"aci-vrf-dn,omitempty"`

        // Tenant containing the ACI VRF for this kubernetes instance
        AciVrfTenant string `json:"aci-vrf-tenant,omitempty"`

        // L3 out to use for services, service device clusters need to be
        // created in this tenant
        AciL3Out string `json:"aci-l3out,omitempty"`

        // L3 external networks (within the l3out) that will be able to
        // access the service IPs
        AciExtNetworks []string `json:"aci-ext-networks,omitempty"`

        // IP addresses used for pod network
        PodIpPool []ipam.IpRange `json:"pod-ip-pool,omitempty"`

        // The number of IP addresses to allocate when a pod starts to run low
        PodIpPoolChunkSize int `json:"pod-subnet-chunk-size,omitempty"`

        // Pod subnet CIDRs in the form <gateway-address>/<prefix-length> that
        // cover all pod-ip-pools
        PodSubnet []string `json:"pod-subnet,omitempty"`

        // Whether to allocate service IPs or to assume they will be
        // allocated by another controller
        AllocateServiceIps *bool `json:"allocate-service-ips,omitempty"`

        // IP addresses used for externally exposed load balanced services
        ServiceIpPool []ipam.IpRange `json:"service-ip-pool,omitempty"`

        // IP addresses that can be requested as static service IPs in
        // service spec
        StaticServiceIpPool []ipam.IpRange `json:"static-service-ip-pool,omitempty"`

        // IP addresses to use for node service endpoints
        NodeServiceIpPool []ipam.IpRange `json:"node-service-ip-pool,omitempty"`

        // a list of subnet/gateway CIDR addresses that cover the
        // addresses in the node service IP pool
        NodeServiceSubnets []string `json:"node-service-subnets,omitempty"`

        // default port range to use for SNAT svc graph filter
        SnatDefaultPortRangeStart int `json:"snat-default-port-range-start,omitempty"`
        SnatDefaultPortRangeEnd   int `json:"snat-default-port-range-end,omitempty"`

        // Contract scope used for SNAT svc graph
        SnatSvcContractScope string `json:"snat-contract-scope,omitempty"`

        // Maximum number of nodes permitted in a svc graph
        MaxSvcGraphNodes int `json:"max-nodes-svc-graph,omitempty"`

        // Disable routine to sync snatglobalinfo with nodeinfo
        // periodically
        DisablePeriodicSnatGlobalInfoSync bool `json:"disable-periodic-snat-global-info-sync,omitempty"`

        // True when we dont want to wait for service ep to be ready
        // before adding it to service graph
        // Default is false
        NoWaitForServiceEpReadiness bool `json:"no-wait-for-service-ep-readiness,omitempty"`

        ServiceGraphEndpointAddDelay serviceGraphEpAddDelay `json:"service-graph-endpoint-add-delay,omitempty"`
        // True when to add extern_dynamic and extern_static subnets to rdconfig
        // Default is false
        AddExternalSubnetsToRdconfig bool `json:"add-external-subnets-to-rdconfig,omitempty"`

        ExternStatic []string `json:"extern-static,omitempty"`

        ExternDynamic []string `json:"extern-dynamic,omitempty"`

        // Default is false
        HppOptimization bool `json:"hpp-optimization,omitempty"`

        // Default is false
        AciMultipod bool `json:"aci-multipod,omitempty"`

        // If true, enable opflex agent reconnect after vm migration
        // Default is false
        EnableOpflexAgentReconnect bool `json:"enable-opflex-agent-reconnect,omitempty"`

        // Timeout in seconds to wait for reconnect when opflexOdev is diconnected for a node
        // before triggering a dhcp release and renew of vlan interface
        // Applicable only for multipod case
        // default is 5s
        OpflexDeviceReconnectWaitTimeout int `json:"opflex-device-reconnect-wait-timeout,omitempty"`

        // Install Istio ControlPlane components
        InstallIstio bool `json:"install-istio,omitempty"`

        // enable EndpointSlice
        EnabledEndpointSlice bool `json:"enable_endpointslice,omitempty"`

        // Cluster Flavour
        Flavor string `json:"flavor,omitempty"`

        // Enable creation of VmmInjectedLabel, default is false
        EnableVmmInjectedLabels bool `json:"enable-vmm-injected-labels,omitempty"`

        // Timeout to delete old opflex devices
        OpflexDeviceDeleteTimeout float64 `json:"opflex-device-delete-timeout,omitempty"`

        // Configure sleep time for global SNAT sync
        SleepTimeSnatGlobalInfoSync int `json:"sleep-time-snat-global-info-sync,omitempty"`

        // Configure unkMacUcastAct attribute of service BD
        // The forwarding method for unknown layer 2 destinations
        UnknownMacUnicastAction string `json:"unknown-mac-unicast-action,omitempty"`

        // To disable service vlan preprovisioning on OpenShift on OpenStack Clusters
        // By default the feature will be enabled
        DisableServiceVlanPreprovisioning bool `json:"disable-service-vlan-preprovisioning"`

        // PhysDom for additional networks in chained mode
        AciPhysDom string `json:"aci-phys-dom,omitempty"`

        // L3Dom for additional networks in chained mode
        AciL3Dom string `json:"aci-l3-dom,omitempty"`

        // CNI is in chained mode
        ChainedMode bool `json:"chained-mode,omitempty"`

        // AEP for additional networks in chained mode
        AciAdditionalAep string `json:"aci-additional-aep,omitempty"`

        //User can provision Static Objects separately, so have a knob
        ReconcileStaticObjects bool `json:"reconcileStaticObjects,omitempty"`

        //In chained mode, global l2 port policy has been configured, so enable shared vlan pool
        AciUseGlobalScopeVlan bool `json:"aci-use-global-scope-vlan,omitempty"`

        //In chained mode, use system-id for auto-generated names
        AciUseSystemIdForSecondaryNames bool `json:"aci-use-system-id-for-secondary-names,omitempty"`

        // Metrics
        EnableMetrics bool `json:"enable-metrics,omitempty"`
        MetricsPort   int  `json:"metrics-port,omitempty"`

        // Labels to filter nodes from SNAT redirect policy
        NodeSnatRedirectExclude []NodeSnatRedirectExclude `json:"node-snat-redirect-exclude,omitempty"`

        AEP string `json:"aep,omitempty"`
        // Application Profile
        AppProfile string `json:"app-profile,omitempty"`

        // Add external contract to default epg (contract is created for LoadBalancer Service type), default is false
        AddExternalContractToDefaultEPG bool `json:"add-external-contract-to-default-epg,omitempty"`

        // Number of times the connection to APIC should be retried before switching to another APIC
        ApicConnectionRetryLimit int `json:"apic-connection-retry-limit,omitempty"`

        // Timeout in minutes to wait in between retries before sending request to APIC
        ApicRequestRetryDelay int `json:"apic-request-retry-delay,omitempty"`

        // Enable retying request to APIC when a 503 error is encountered
        EnableApicRequestRetry bool `json:"enable-apic-request-retry-delay,omitempty"`

        // Disable hpp rendering if set to true
        DisableHppRendering bool `json:"disable-hpp-rendering,omitempty"`

        // Enable/disable making node unschedulable when it's not ready
        TaintNotReadyNode bool `json:"taint-not-ready-node,omitempty"`

        // Enable/disable local hpp distribution
        EnableHppDirect bool `json:"enable-hpp-direct,omitempty"`

        // Enable/disable proactive conf
        ProactiveConf bool `json:"proactive-conf,omitempty"`

        // Enable/disable aaep monitoring for vmm lite feature
        VmmLite bool `json:"aci-aaep-monitoring-enabled,omitempty"`

        // Name of linux-bridge for NAD creation in vmm lite feature
        BridgeName string `json:"bridge-name,omitempty"`

        // Optional fields for linux-bridge NAD creation in vmm lite feature
        IsGateway                 *bool                  `json:"isGateway,omitempty"`
        IsDefaultGateway          *bool                  `json:"isDefaultGateway,omitempty"`
        ForceAddress              *bool                  `json:"forceAddress,omitempty"`
        IpMasq                    *bool                  `json:"ipMasq,omitempty"`
        IpMasqBackend             string                 `json:"ipMasqBackend,omitempty"`
        Mtu                       *int                   `json:"mtu,omitempty"`
        HairpinMode               *bool                  `json:"hairpinMode,omitempty"`
        PromiscMode               *bool                  `json:"promiscMode,omitempty"`
        Enabledad                 *bool                  `json:"enabledad,omitempty"`
        Macspoofchk               *bool                  `json:"macspoofchk,omitempty"`
        DisableContainerInterface *bool                  `json:"disableContainerInterface,omitempty"`
        PortIsolation             *bool                  `json:"portIsolation,omitempty"`
        Ipam                      map[string]interface{} `json:"ipam,omitempty"`

        // Prefix for EPG annotation to identify CNO, default is "cno"
        CnoIdentifier string `json:"cno-identifier,omitempty"`

        KubeapiVlan int `json:"kubeapi-vlan,omitempty"`
}

type netIps struct {
        V4 *ipam.IpAlloc
        V6 *ipam.IpAlloc
}

func newNetIps() *netIps {
        return &netIps{
                V4: ipam.New(),
                V6: ipam.New(),
        }
}

func NewConfig() *ControllerConfig {
        t := true
        return &ControllerConfig{
                DefaultSg:          make([]OpflexGroup, 0),
                NamespaceDefaultEg: make(map[string]OpflexGroup),
                NamespaceDefaultSg: make(map[string][]OpflexGroup),
                AciVmmDomainType:   "Kubernetes",
                AciPolicyTenant:    "kubernetes",
                AciPrefix:          "kube",
                AllocateServiceIps: &t,
        }
}

func InitFlags(config *ControllerConfig) {
        flag.StringVar(&config.LogLevel, "log-level", "info", "Log level")

        flag.StringVar(&config.KubeConfig, "kube-config", "", "Absolute path to a kubeconfig file")

        flag.IntVar(&config.StatusPort, "status-port", 8091, " TCP port to run status server on (or 0 to disable)")
        flag.BoolVar(&config.EnableVmmInjectedLabels, "enable-vmm-injected-labels", false, "Enable creation of VmmInjectedLabel")
        flag.StringVar(&config.UnknownMacUnicastAction, "unkown-mac-unicast-action", "proxy", "Set the forwarding method for unknown mac for service BD")
        flag.BoolVar(&config.ChainedMode, "chained-mode", false, "CNI is in chained mode")
        flag.BoolVar(&config.VmmLite, "aci-aaep-monitoring-enabled", false, "Enables AAEP monitoring for VMM Lite mode")
        flag.BoolVar(&config.ReconcileStaticObjects, "reconcile-static-objects", false, "controller will reconcile implicit static objects")
        flag.BoolVar(&config.AciUseGlobalScopeVlan, "aci-use-global-scope-vlan", false, "Use global vlans for NADs in chained mode")
        flag.BoolVar(&config.AciUseSystemIdForSecondaryNames, "aci-use-system-id-for-secondary-names", false, "Use system id for auto-generated names in chained mode")
        flag.BoolVar(&config.EnableMetrics, "enable-metrics", false, "Enable metrics")
        flag.IntVar(&config.MetricsPort, "metrics-port", 8191, "Port to expose metrics on")
}

func (cont *AciController) loadIpRanges(v4, v6 *ipam.IpAlloc, ipranges []ipam.IpRange) {
        for _, r := range ipranges {
                if r.Start.To4() != nil && r.End.To4() != nil {
                        v4.AddRange(r.Start, r.End)
                } else if r.Start.To16() != nil && r.End.To16() != nil {
                        v6.AddRange(r.Start, r.End)
                } else {
                        cont.log.Warn("Range invalid: ", r)
                }
        }
}

func (cont *AciController) initIpam() {
        cont.loadIpRanges(cont.configuredPodNetworkIps.V4, cont.configuredPodNetworkIps.V6,
                cont.config.PodIpPool)
        cont.podNetworkIps.V4.AddAll(cont.configuredPodNetworkIps.V4)
        cont.podNetworkIps.V6.AddAll(cont.configuredPodNetworkIps.V6)
        cont.serviceIps.LoadRanges(cont.config.ServiceIpPool)
        cont.loadIpRanges(cont.staticServiceIps.V4, cont.staticServiceIps.V6,
                cont.config.StaticServiceIpPool)
        cont.loadIpRanges(cont.nodeServiceIps.V4, cont.nodeServiceIps.V6,
                cont.config.NodeServiceIpPool)
}

1	// Copyright 2017 Cisco Systems, Inc.
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	package controller
16
17	import (
18	"flag"
19
20	"github.com/noironetworks/aci-containers/pkg/ipam"
21	)
22
23	type OpflexGroup struct {
24	PolicySpace string `json:"policy-space,omitempty"`
25	Name string `json:"name,omitempty"`
26	}
27
28	type delayService struct {
29	Delay int `json:"delay,omitempty"`
30	Name string `json:"name,omitempty"`
31	Namespace string `json:"namespace,omitempty"`
32	}
33
34	type serviceGraphEpAddDelay struct {
35	Delay int `json:"delay,omitempty"`
36	Services []delayService `json:"services,omitempty"`
37	}
38
39	type NodeSnatRedirectExclude struct {
40	Group string `json:"group"`
41	Labels []string `json:"labels"`
42	}
43
44	// Configuration for the controller
45	type ControllerConfig struct {
46	// Log level
47	LogLevel string `json:"log-level,omitempty"`
48
49	// Absolute path to a kubeconfig file
50	KubeConfig string `json:"kubeconfig,omitempty"`
51
52	// TCP port to run status server on (or 0 to disable)
53	StatusPort int `json:"status-port,omitempty"`
54
55	// Default endpoint group annotation value
56	DefaultEg OpflexGroup `json:"default-endpoint-group,omitempty"`
57
58	// Default security group annotation value
59	DefaultSg []OpflexGroup `json:"default-security-group,omitempty"`
60
61	// Override default endpoint group assignments for a namespace
62	// map ns name -> group
63	NamespaceDefaultEg map[string]OpflexGroup `json:"namespace-default-endpoint-group,omitempty"`
64
65	// Override default security group assignments for namespaces
66	// map ns name -> slice of groups
67	NamespaceDefaultSg map[string][]OpflexGroup `json:"namespace-default-security-group,omitempty"`
68
69	// The hostnames or IPs for connecting to apic
70	ApicHosts []string `json:"apic-hosts,omitempty"`
71
72	// The username for connecting to APIC
73	ApicUsername string `json:"apic-username,omitempty"`
74
75	// The password for connecting to APIC
76	ApicPassword string `json:"apic-password,omitempty"`
77
78	// The number of seconds that APIC should wait before timing
79	// out a subscription on a websocket connection. If not
80	// explicitly set, then a default of 1800 seconds will
81	// be sent in websocket subscriptions. If it is set to 0,
82	// then a timeout will not be sent in websocket
83	// subscriptions, and APIC will use it's default timeout
84	// of 80 seconds. If set to a non-zero value, then the
85	// timeout value will be provided when we subscribe to
86	// a URL on APIC. NOTE: the subscription timeout is not
87	// supported by APIC versions before 3.2(3), so this
88	// value must not be set when used with APIC versions
89	// older than that release.
90	// Also, note that this is a string.
91	ApicRefreshTimer string `json:"apic-refreshtime,omitempty"`
92
93	// Delay in milliseconds after each subscription query
94	// Will be defaulted to 100ms.
95	ApicSubscriptionDelay int `json:"apic-subscription-delay,omitempty"`
96
97	// How early (seconds) the subscriptions to be refreshed than
98	// actual subscription refresh-timeout. Will be defaulted to 150Seconds.
99	ApicRefreshTickerAdjust string `json:"apic-refreshticker-adjust,omitempty"`
100
101	// A path for a PEM-encoded private key for client certificate
102	// authentication for APIC API
103	ApicPrivateKeyPath string `json:"apic-private-key-path,omitempty"`
104
105	// A path for a PEM-encoded public certificate for APIC server to
106	// enable secure TLS server verifification
107	ApicCertPath string `json:"apic-cert-path,omitempty"`
108
109	// The type of the ACI VMM domain: either "kubernetes",
110	// "openshift"
111	AciVmmDomainType string `json:"aci-vmm-type,omitempty"`
112
113	// The name of the ACI VMM domain
114	AciVmmDomain string `json:"aci-vmm-domain,omitempty"`
115
116	// The name of the ACI VMM domain controller instance
117	AciVmmController string `json:"aci-vmm-controller,omitempty"`
118
119	// Name prefix to use when creating policy to avoid namespace
120	// collisions
121	AciPrefix string `json:"aci-prefix,omitempty"`
122
123	// Tenant to use when creating policy objects in APIC
124	AciPolicyTenant string `json:"aci-policy-tenant,omitempty"`
125
126	// Physical domain used for service device clusters
127	AciServicePhysDom string `json:"aci-service-phys-dom,omitempty"`
128
129	// Encap used for service device clusters
130	AciServiceEncap string `json:"aci-service-encap,omitempty"`
131
132	// Time in seconds between service node ICMP probes for more
133	// quickly removing failed nodes from service pools
134	// 0 (default) means don't monitor
135	AciServiceMonitorInterval int `json:"aci-service-monitor-interval,omitempty"`
136
137	// Whether to enable PBR tracking for non-SNAT services
138	// when AciServiceMonitorInterval is set to non-zero, PBR tracking
139	// is enabled for snat
140	AciPbrTrackingNonSnat bool `json:"aci-pbr-tracking-non-snat,omitempty"`
141
142	// By default, the Resilient Hashing Enabled field of vnsSvcRedirectPol is
143	// set to "yes". If DisableResilientHashing is true, it will be set to "no"
144	DisableResilientHashing bool `json:"disable-resilient-hashing,omitempty"`
145
146	// To ignore the opflexODev which belongs to different vmmDomain
147	FilterOpflexDevice bool `json:"filter-opflex-device,omitempty"`
148
149	// The tenants related to AciVrf where BDs/EPGs/Subnets could exist.
150	// Usually AciVrfTenant and AciPolicyTenant
151	AciVrfRelatedTenants []string `json:"aci-vrf-related-tenants,omitempty"`
152
153	// ACI Pod-BD for this kubernetes instance
154	AciPodBdDn string `json:"aci-podbd-dn,omitempty"`
155
156	// ACI Node-BD for this kubernetes instance
157	AciNodeBdDn string `json:"aci-nodebd-dn,omitempty"`
158
159	// ACI VRF for this kubernetes instance
160	AciVrf string `json:"aci-vrf,omitempty"`
161
162	// ACI VRF for this kubernetes instance
163	AciVrfDn string `json:"aci-vrf-dn,omitempty"`
164
165	// Tenant containing the ACI VRF for this kubernetes instance
166	AciVrfTenant string `json:"aci-vrf-tenant,omitempty"`
167
168	// L3 out to use for services, service device clusters need to be
169	// created in this tenant
170	AciL3Out string `json:"aci-l3out,omitempty"`
171
172	// L3 external networks (within the l3out) that will be able to
173	// access the service IPs
174	AciExtNetworks []string `json:"aci-ext-networks,omitempty"`
175
176	// IP addresses used for pod network
177	PodIpPool []ipam.IpRange `json:"pod-ip-pool,omitempty"`
178
179	// The number of IP addresses to allocate when a pod starts to run low
180	PodIpPoolChunkSize int `json:"pod-subnet-chunk-size,omitempty"`
181
182	// Pod subnet CIDRs in the form <gateway-address>/<prefix-length> that
183	// cover all pod-ip-pools
184	PodSubnet []string `json:"pod-subnet,omitempty"`
185
186	// Whether to allocate service IPs or to assume they will be
187	// allocated by another controller
188	AllocateServiceIps *bool `json:"allocate-service-ips,omitempty"`
189
190	// IP addresses used for externally exposed load balanced services
191	ServiceIpPool []ipam.IpRange `json:"service-ip-pool,omitempty"`
192
193	// IP addresses that can be requested as static service IPs in
194	// service spec
195	StaticServiceIpPool []ipam.IpRange `json:"static-service-ip-pool,omitempty"`
196
197	// IP addresses to use for node service endpoints
198	NodeServiceIpPool []ipam.IpRange `json:"node-service-ip-pool,omitempty"`
199
200	// a list of subnet/gateway CIDR addresses that cover the
201	// addresses in the node service IP pool
202	NodeServiceSubnets []string `json:"node-service-subnets,omitempty"`
203
204	// default port range to use for SNAT svc graph filter
205	SnatDefaultPortRangeStart int `json:"snat-default-port-range-start,omitempty"`
206	SnatDefaultPortRangeEnd int `json:"snat-default-port-range-end,omitempty"`
207
208	// Contract scope used for SNAT svc graph
209	SnatSvcContractScope string `json:"snat-contract-scope,omitempty"`
210
211	// Maximum number of nodes permitted in a svc graph
212	MaxSvcGraphNodes int `json:"max-nodes-svc-graph,omitempty"`
213
214	// Disable routine to sync snatglobalinfo with nodeinfo
215	// periodically
216	DisablePeriodicSnatGlobalInfoSync bool `json:"disable-periodic-snat-global-info-sync,omitempty"`
217
218	// True when we dont want to wait for service ep to be ready
219	// before adding it to service graph
220	// Default is false
221	NoWaitForServiceEpReadiness bool `json:"no-wait-for-service-ep-readiness,omitempty"`
222
223	ServiceGraphEndpointAddDelay serviceGraphEpAddDelay `json:"service-graph-endpoint-add-delay,omitempty"`
224	// True when to add extern_dynamic and extern_static subnets to rdconfig
225	// Default is false
226	AddExternalSubnetsToRdconfig bool `json:"add-external-subnets-to-rdconfig,omitempty"`
227
228	ExternStatic []string `json:"extern-static,omitempty"`
229
230	ExternDynamic []string `json:"extern-dynamic,omitempty"`
231
232	// Default is false
233	HppOptimization bool `json:"hpp-optimization,omitempty"`
234
235	// Default is false
236	AciMultipod bool `json:"aci-multipod,omitempty"`
237
238	// If true, enable opflex agent reconnect after vm migration
239	// Default is false
240	EnableOpflexAgentReconnect bool `json:"enable-opflex-agent-reconnect,omitempty"`
241
242	// Timeout in seconds to wait for reconnect when opflexOdev is diconnected for a node
243	// before triggering a dhcp release and renew of vlan interface
244	// Applicable only for multipod case
245	// default is 5s
246	OpflexDeviceReconnectWaitTimeout int `json:"opflex-device-reconnect-wait-timeout,omitempty"`
247
248	// Install Istio ControlPlane components
249	InstallIstio bool `json:"install-istio,omitempty"`
250
251	// enable EndpointSlice
252	EnabledEndpointSlice bool `json:"enable_endpointslice,omitempty"`
253
254	// Cluster Flavour
255	Flavor string `json:"flavor,omitempty"`
256
257	// Enable creation of VmmInjectedLabel, default is false
258	EnableVmmInjectedLabels bool `json:"enable-vmm-injected-labels,omitempty"`
259
260	// Timeout to delete old opflex devices
261	OpflexDeviceDeleteTimeout float64 `json:"opflex-device-delete-timeout,omitempty"`
262
263	// Configure sleep time for global SNAT sync
264	SleepTimeSnatGlobalInfoSync int `json:"sleep-time-snat-global-info-sync,omitempty"`
265
266	// Configure unkMacUcastAct attribute of service BD
267	// The forwarding method for unknown layer 2 destinations
268	UnknownMacUnicastAction string `json:"unknown-mac-unicast-action,omitempty"`
269
270	// To disable service vlan preprovisioning on OpenShift on OpenStack Clusters
271	// By default the feature will be enabled
272	DisableServiceVlanPreprovisioning bool `json:"disable-service-vlan-preprovisioning"`
273
274	// PhysDom for additional networks in chained mode
275	AciPhysDom string `json:"aci-phys-dom,omitempty"`
276
277	// L3Dom for additional networks in chained mode
278	AciL3Dom string `json:"aci-l3-dom,omitempty"`
279
280	// CNI is in chained mode
281	ChainedMode bool `json:"chained-mode,omitempty"`
282
283	// AEP for additional networks in chained mode
284	AciAdditionalAep string `json:"aci-additional-aep,omitempty"`
285
286	//User can provision Static Objects separately, so have a knob
287	ReconcileStaticObjects bool `json:"reconcileStaticObjects,omitempty"`
288
289	//In chained mode, global l2 port policy has been configured, so enable shared vlan pool
290	AciUseGlobalScopeVlan bool `json:"aci-use-global-scope-vlan,omitempty"`
291
292	//In chained mode, use system-id for auto-generated names
293	AciUseSystemIdForSecondaryNames bool `json:"aci-use-system-id-for-secondary-names,omitempty"`
294
295	// Metrics
296	EnableMetrics bool `json:"enable-metrics,omitempty"`
297	MetricsPort int `json:"metrics-port,omitempty"`
298
299	// Labels to filter nodes from SNAT redirect policy
300	NodeSnatRedirectExclude []NodeSnatRedirectExclude `json:"node-snat-redirect-exclude,omitempty"`
301
302	AEP string `json:"aep,omitempty"`
303	// Application Profile
304	AppProfile string `json:"app-profile,omitempty"`
305
306	// Add external contract to default epg (contract is created for LoadBalancer Service type), default is false
307	AddExternalContractToDefaultEPG bool `json:"add-external-contract-to-default-epg,omitempty"`
308
309	// Number of times the connection to APIC should be retried before switching to another APIC
310	ApicConnectionRetryLimit int `json:"apic-connection-retry-limit,omitempty"`
311
312	// Timeout in minutes to wait in between retries before sending request to APIC
313	ApicRequestRetryDelay int `json:"apic-request-retry-delay,omitempty"`
314
315	// Enable retying request to APIC when a 503 error is encountered
316	EnableApicRequestRetry bool `json:"enable-apic-request-retry-delay,omitempty"`
317
318	// Disable hpp rendering if set to true
319	DisableHppRendering bool `json:"disable-hpp-rendering,omitempty"`
320
321	// Enable/disable making node unschedulable when it's not ready
322	TaintNotReadyNode bool `json:"taint-not-ready-node,omitempty"`
323
324	// Enable/disable local hpp distribution
325	EnableHppDirect bool `json:"enable-hpp-direct,omitempty"`
326
327	// Enable/disable proactive conf
328	ProactiveConf bool `json:"proactive-conf,omitempty"`
329
330	// Enable/disable aaep monitoring for vmm lite feature
331	VmmLite bool `json:"aci-aaep-monitoring-enabled,omitempty"`
332
333	// Name of linux-bridge for NAD creation in vmm lite feature
334	BridgeName string `json:"bridge-name,omitempty"`
335
336	// Optional fields for linux-bridge NAD creation in vmm lite feature
337	IsGateway *bool `json:"isGateway,omitempty"`
338	IsDefaultGateway *bool `json:"isDefaultGateway,omitempty"`
339	ForceAddress *bool `json:"forceAddress,omitempty"`
340	IpMasq *bool `json:"ipMasq,omitempty"`
341	IpMasqBackend string `json:"ipMasqBackend,omitempty"`
342	Mtu *int `json:"mtu,omitempty"`
343	HairpinMode *bool `json:"hairpinMode,omitempty"`
344	PromiscMode *bool `json:"promiscMode,omitempty"`
345	Enabledad *bool `json:"enabledad,omitempty"`
346	Macspoofchk *bool `json:"macspoofchk,omitempty"`
347	DisableContainerInterface *bool `json:"disableContainerInterface,omitempty"`
348	PortIsolation *bool `json:"portIsolation,omitempty"`
349	Ipam map[string]interface{} `json:"ipam,omitempty"`
350
351	// Prefix for EPG annotation to identify CNO, default is "cno"
352	CnoIdentifier string `json:"cno-identifier,omitempty"`
353
354	KubeapiVlan int `json:"kubeapi-vlan,omitempty"`
355	}
356
357	type netIps struct {
358	V4 *ipam.IpAlloc
359	V6 *ipam.IpAlloc
360	}
361
362	func newNetIps() *netIps {	1✔
363	return &netIps{	1✔
364	V4: ipam.New(),	1✔
365	V6: ipam.New(),	1✔
366	}	1✔
367	}	1✔
368
369	func NewConfig() *ControllerConfig {	1✔
370	t := true	1✔
371	return &ControllerConfig{	1✔
372	DefaultSg: make([]OpflexGroup, 0),	1✔
373	NamespaceDefaultEg: make(map[string]OpflexGroup),	1✔
374	NamespaceDefaultSg: make(map[string][]OpflexGroup),	1✔
375	AciVmmDomainType: "Kubernetes",	1✔
376	AciPolicyTenant: "kubernetes",	1✔
377	AciPrefix: "kube",	1✔
378	AllocateServiceIps: &t,	1✔
379	}	1✔
380	}	1✔
381
382	func InitFlags(config *ControllerConfig) {	1✔
383	flag.StringVar(&config.LogLevel, "log-level", "info", "Log level")	1✔
384		1✔
385	flag.StringVar(&config.KubeConfig, "kube-config", "", "Absolute path to a kubeconfig file")	1✔
386		1✔
387	flag.IntVar(&config.StatusPort, "status-port", 8091, " TCP port to run status server on (or 0 to disable)")	1✔
388	flag.BoolVar(&config.EnableVmmInjectedLabels, "enable-vmm-injected-labels", false, "Enable creation of VmmInjectedLabel")	1✔
389	flag.StringVar(&config.UnknownMacUnicastAction, "unkown-mac-unicast-action", "proxy", "Set the forwarding method for unknown mac for service BD")	1✔
390	flag.BoolVar(&config.ChainedMode, "chained-mode", false, "CNI is in chained mode")	1✔
391	flag.BoolVar(&config.VmmLite, "aci-aaep-monitoring-enabled", false, "Enables AAEP monitoring for VMM Lite mode")	1✔
392	flag.BoolVar(&config.ReconcileStaticObjects, "reconcile-static-objects", false, "controller will reconcile implicit static objects")	1✔
393	flag.BoolVar(&config.AciUseGlobalScopeVlan, "aci-use-global-scope-vlan", false, "Use global vlans for NADs in chained mode")	1✔
394	flag.BoolVar(&config.AciUseSystemIdForSecondaryNames, "aci-use-system-id-for-secondary-names", false, "Use system id for auto-generated names in chained mode")	1✔
395	flag.BoolVar(&config.EnableMetrics, "enable-metrics", false, "Enable metrics")	1✔
396	flag.IntVar(&config.MetricsPort, "metrics-port", 8191, "Port to expose metrics on")	1✔
397	}	1✔
398
399	func (cont AciController) loadIpRanges(v4, v6 ipam.IpAlloc, ipranges []ipam.IpRange) {	1✔
400	for _, r := range ipranges {	2✔
401	if r.Start.To4() != nil && r.End.To4() != nil {	2✔
402	v4.AddRange(r.Start, r.End)	1✔
403	} else if r.Start.To16() != nil && r.End.To16() != nil {	3✔
404	v6.AddRange(r.Start, r.End)	1✔
405	} else {	1✔
UNCOV 406	cont.log.Warn("Range invalid: ", r)	×
UNCOV 407	}	×
408	}
409	}
410
411	func (cont *AciController) initIpam() {	1✔
412	cont.loadIpRanges(cont.configuredPodNetworkIps.V4, cont.configuredPodNetworkIps.V6,	1✔
413	cont.config.PodIpPool)	1✔
414	cont.podNetworkIps.V4.AddAll(cont.configuredPodNetworkIps.V4)	1✔
415	cont.podNetworkIps.V6.AddAll(cont.configuredPodNetworkIps.V6)	1✔
416	cont.serviceIps.LoadRanges(cont.config.ServiceIpPool)	1✔
417	cont.loadIpRanges(cont.staticServiceIps.V4, cont.staticServiceIps.V6,	1✔
418	cont.config.StaticServiceIpPool)	1✔
419	cont.loadIpRanges(cont.nodeServiceIps.V4, cont.nodeServiceIps.V6,	1✔
420	cont.config.NodeServiceIpPool)	1✔
421	}	1✔

noironetworks / aci-containers / 11144

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous