--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.14.0 creationTimestamp: null name: ciliumbgppeeringpolicies.cilium.io spec: group: cilium.io names: categories: - cilium - ciliumbgp kind: CiliumBGPPeeringPolicy listKind: CiliumBGPPeeringPolicyList plural: ciliumbgppeeringpolicies shortNames: - bgpp singular: ciliumbgppeeringpolicy scope: Cluster versions: - additionalPrinterColumns: - jsonPath: .metadata.creationTimestamp name: Age type: date name: v2alpha1 schema: openAPIV3Schema: description: CiliumBGPPeeringPolicy is a Kubernetes third-party resource for instructing Cilium's BGP control plane to create virtual BGP routers. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: Spec is a human readable description of a BGP peering policy properties: nodeSelector: description: "NodeSelector selects a group of nodes where this BGP Peering Policy applies. \n If empty / nil this policy applies to all nodes." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn - Exists - DoesNotExist type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the MatchLabels {key,value} pair. maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object virtualRouters: description: A list of CiliumBGPVirtualRouter(s) which instructs the BGP control plane how to instantiate virtual BGP routers. items: description: CiliumBGPVirtualRouter defines a discrete BGP virtual router configuration. properties: exportPodCIDR: default: false description: ExportPodCIDR determines whether to export the Node's private CIDR block to the configured neighbors. type: boolean localASN: description: LocalASN is the ASN of this virtual router. Supports extended 32bit ASNs format: int64 maximum: 4294967295 minimum: 0 type: integer neighbors: description: Neighbors is a list of neighboring BGP peers for this virtual router items: description: CiliumBGPNeighbor is a neighboring peer for use in a CiliumBGPVirtualRouter configuration. properties: advertisedPathAttributes: description: AdvertisedPathAttributes can be used to apply additional path attributes to selected routes when advertising them to the peer. If empty / nil, no additional path attributes are advertised. items: description: CiliumBGPPathAttributes can be used to apply additional path attributes to matched routes when advertising them to a BGP peer. properties: communities: description: Communities defines a set of community values advertised in the supported BGP Communities path attributes. If nil / not set, no BGP Communities path attribute will be advertised. properties: large: description: Large holds a list of the BGP Large Communities Attribute (RFC 8092) values. items: description: BGPLargeCommunity type represents a value of the BGP Large Communities Attribute (RFC 8092), as three 4-byte decimal numbers separated by colons. pattern: ^([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5]):([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5]):([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5])$ type: string type: array standard: description: Standard holds a list of "standard" 32-bit BGP Communities Attribute (RFC 1997) values defined as numeric values. items: description: BGPStandardCommunity type represents a value of the "standard" 32-bit BGP Communities Attribute (RFC 1997) as a 4-byte decimal number or two 2-byte decimal numbers separated by a colon (<0-65535>:<0-65535>). For example, no-export community value is 65553:65281. pattern: ^([0-9]|[1-9][0-9]{1,8}|[1-3][0-9]{9}|4[01][0-9]{8}|42[0-8][0-9]{7}|429[0-3][0-9]{6}|4294[0-8][0-9]{5}|42949[0-5][0-9]{4}|429496[0-6][0-9]{3}|4294967[01][0-9]{2}|42949672[0-8][0-9]|429496729[0-5])$|^([0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]):([0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ type: string type: array wellKnown: description: WellKnown holds a list "standard" 32-bit BGP Communities Attribute (RFC 1997) values defined as well-known string aliases to their numeric values. items: description: "BGPWellKnownCommunity type represents a value of the \"standard\" 32-bit BGP Communities Attribute (RFC 1997) as a well-known string alias to its numeric value. Allowed values and their mapping to the numeric values: \n internet = 0x00000000 (0:0) planned-shut = 0xffff0000 (65535:0) accept-own = 0xffff0001 (65535:1) route-filter-translated-v4 = 0xffff0002 (65535:2) route-filter-v4 = 0xffff0003 (65535:3) route-filter-translated-v6 = 0xffff0004 (65535:4) route-filter-v6 = 0xffff0005 (65535:5) llgr-stale = 0xffff0006 (65535:6) no-llgr = 0xffff0007 (65535:7) blackhole = 0xffff029a (65535:666) no-export = 0xffffff01\t(65535:65281) no-advertise = 0xffffff02 (65535:65282) no-export-subconfed \ = 0xffffff03 (65535:65283) no-peer \ = 0xffffff04 (65535:65284)" enum: - internet - planned-shut - accept-own - route-filter-translated-v4 - route-filter-v4 - route-filter-translated-v6 - route-filter-v6 - llgr-stale - no-llgr - blackhole - no-export - no-advertise - no-export-subconfed - no-peer type: string type: array type: object localPreference: description: LocalPreference defines the preference value advertised in the BGP Local Preference path attribute. As Local Preference is only valid for iBGP peers, this value will be ignored for eBGP peers (no Local Preference path attribute will be advertised). If nil / not set, the default Local Preference of 100 will be advertised in the Local Preference path attribute for iBGP peers. format: int64 maximum: 4294967295 minimum: 0 type: integer selector: description: Selector selects a group of objects of the SelectorType resulting into routes that will be announced with the configured Attributes. If nil / not set, all objects of the SelectorType are selected. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn - Exists - DoesNotExist type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the MatchLabels {key,value} pair. maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object selectorType: description: 'SelectorType defines the object type on which the Selector applies: - For "PodCIDR" the Selector matches k8s CiliumNode resources (path attributes apply to routes announced for PodCIDRs of selected CiliumNodes. Only affects routes of cluster scope / Kubernetes IPAM CIDRs, not Multi-Pool IPAM CIDRs. - For "CiliumLoadBalancerIPPool" the Selector matches CiliumLoadBalancerIPPool custom resources (path attributes apply to routes announced for selected CiliumLoadBalancerIPPools). - For "CiliumPodIPPool" the Selector matches CiliumPodIPPool custom resources (path attributes apply to routes announced for allocated CIDRs of selected CiliumPodIPPools).' enum: - PodCIDR - CiliumLoadBalancerIPPool - CiliumPodIPPool type: string required: - selectorType type: object type: array authSecretRef: description: AuthSecretRef is the name of the secret to use to fetch a TCP authentication password for this peer. type: string connectRetryTimeSeconds: default: 120 description: ConnectRetryTimeSeconds defines the initial value for the BGP ConnectRetryTimer (RFC 4271, Section 8). format: int32 maximum: 2147483647 minimum: 1 type: integer eBGPMultihopTTL: default: 1 description: EBGPMultihopTTL controls the multi-hop feature for eBGP peers. Its value defines the Time To Live (TTL) value used in BGP packets sent to the neighbor. The value 1 implies that eBGP multi-hop feature is disabled (only a single hop is allowed). This field is ignored for iBGP peers. format: int32 maximum: 255 minimum: 1 type: integer families: description: "Families, if provided, defines a set of AFI/SAFIs the speaker will negotiate with it's peer. \n If this slice is not provided the default families of IPv6 and IPv4 will be provided." items: description: CiliumBGPFamily represents a AFI/SAFI address family pair. properties: afi: description: Afi is the Address Family Identifier (AFI) of the family. enum: - ipv4 - ipv6 - l2vpn - ls - opaque type: string safi: description: Safi is the Subsequent Address Family Identifier (SAFI) of the family. enum: - unicast - multicast - mpls_label - encapsulation - vpls - evpn - ls - sr_policy - mup - mpls_vpn - mpls_vpn_multicast - route_target_constraints - flowspec_unicast - flowspec_vpn - key_value type: string required: - afi - safi type: object type: array gracefulRestart: description: GracefulRestart defines graceful restart parameters which are negotiated with this neighbor. If empty / nil, the graceful restart capability is disabled. properties: enabled: description: Enabled flag, when set enables graceful restart capability. type: boolean restartTimeSeconds: default: 120 description: RestartTimeSeconds is the estimated time it will take for the BGP session to be re-established with peer after a restart. After this period, peer will remove stale routes. This is described RFC 4724 section 4.2. format: int32 maximum: 4095 minimum: 1 type: integer required: - enabled type: object holdTimeSeconds: default: 90 description: HoldTimeSeconds defines the initial value for the BGP HoldTimer (RFC 4271, Section 4.2). Updating this value will cause a session reset. format: int32 maximum: 65535 minimum: 3 type: integer keepAliveTimeSeconds: default: 30 description: KeepaliveTimeSeconds defines the initial value for the BGP KeepaliveTimer (RFC 4271, Section 8). It can not be larger than HoldTimeSeconds. Updating this value will cause a session reset. format: int32 maximum: 65535 minimum: 1 type: integer peerASN: description: PeerASN is the ASN of the peer BGP router. Supports extended 32bit ASNs format: int64 maximum: 4294967295 minimum: 0 type: integer peerAddress: description: PeerAddress is the IP address of the peer. This must be in CIDR notation and use a /32 to express a single host. format: cidr type: string peerPort: default: 179 description: PeerPort is the TCP port of the peer. 1-65535 is the range of valid port numbers that can be specified. If unset, defaults to 179. format: int32 maximum: 65535 minimum: 1 type: integer required: - peerASN - peerAddress type: object minItems: 1 type: array podIPPoolSelector: description: "PodIPPoolSelector selects CiliumPodIPPools based on labels. The virtual router will announce allocated CIDRs of matching CiliumPodIPPools. \n If empty / nil no CiliumPodIPPools will be announced." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn - Exists - DoesNotExist type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the MatchLabels {key,value} pair. maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object serviceSelector: description: "ServiceSelector selects a group of load balancer services which this virtual router will announce. The loadBalancerClass for a service must be nil or specify a class supported by Cilium, e.g. \"io.cilium/bgp-control-plane\". Refer to the following document for additional details regarding load balancer classes: \n https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class \n If empty / nil no services will be announced." properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. enum: - In - NotIn - Exists - DoesNotExist type: string values: description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array matchLabels: additionalProperties: description: MatchLabelsValue represents the value from the MatchLabels {key,value} pair. maxLength: 63 pattern: ^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$ type: string description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object required: - localASN - neighbors type: object minItems: 1 type: array required: - virtualRouters type: object required: - metadata type: object served: true storage: true subresources: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []