forked from antrea-io/antrea
-
Notifications
You must be signed in to change notification settings - Fork 0
/
antrea-agent.conf
75 lines (64 loc) · 3.17 KB
/
antrea-agent.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# FeatureGates is a map of feature names to bools that enable or disable experimental features.
featureGates:
# Enable running agent on an unmanaged VM/BM.
ExternalNode: true
# Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
# to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
# feature that supports priorities, rule actions and externalEntities in the future.
AntreaPolicy: true
# Enable collecting and exposing NetworkPolicy statistics.
NetworkPolicyStats: true
# Enable collecting support bundle files with SupportBundleCollection CRD.
SupportBundleCollection: true
# Log rotation configuration for audit logs.
auditLogging:
# MaxSize is the maximum size in MB of a log file before it gets rotated.
maxSize: 500
# MaxBackups is the maximum number of old log files to retain. If set to 0,
# all log files will be retained (unless MaxAge causes them to be deleted).
maxBackups: 3
# MaxAge is the maximum number of days to retain old log files based on the
# timestamp encoded in their filename. If set to 0, old log files are not
# removed based on age.
maxAge: 28
# Compress enables gzip compression on rotated files.
compress: true
# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
#ovsBridge: br-int
# Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are:
# - system
# - netdev
# 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run
# OVS in userspace mode (not fully supported yet). Userspace mode requires the tun device driver to
# be available.
#ovsDatapathType: system
# The port for the antrea-agent APIServer to serve on.
# Note that if it's set to another value, the `containerPort` of the `api` port of the
# `antrea-agent` container must be set to the same value.
#apiPort: 10350
# NodeType is type of the Node where Antrea Agent is running.
# Defaults to "k8sNode". Valid values include "k8sNode", and "externalNode".
nodeType: externalNode
externalNode:
# The expected Namespace in which the ExternalNode is created.
# Defaults to "default".
#externalNodeNamespace: default
# The policyBypassRules describes the traffic that is expected to bypass NetworkPolicy rules.
# Each rule contains the following four attributes:
# direction (ingress|egress), protocol(tcp/udp/icmp/ip), remote CIDR, dst port (ICMP doesn't require).
# Here is an example:
# - direction: ingress
# protocol: tcp
# cidr: 1.1.1.1/32
# port: 22
# It is used only when NodeType is externalNode.
#policyBypassRules: []
# The path to access the kubeconfig file used in the connection to K8s APIServer. The file contains the K8s
# APIServer endpoint and the token of ServiceAccount required in the connection.
clientConnection:
kubeconfig: antrea-agent.kubeconfig
# The path to access the kubeconfig file used in the connection to Antrea Controller. The file contains the
# antrea-controller APIServer endpoint and the token of ServiceAccount required in the connection.
antreaClientConnection:
kubeconfig: antrea-agent.antrea.kubeconfig