Donavan Fritz
a6202a36bd
Build flock Image / build (push) Has been cancelled
BuiltinFamilyDefaults() now returns {WantV6: true, WantV4: true}. Pods
that want a single family explicitly opt out via the
flock.fritzlab.net/ipv4 (or ipv6) annotation, or the operator narrows
the default at the node level via NodeConfig.Spec.Defaults.
Annotation precedence is unchanged: pod annotation > NodeConfig defaults
> built-in baseline. Tests updated to reflect the new baseline; the
"opt out of v4" path now has explicit coverage.
Docs updated:
- NodeConfig.Spec.Defaults Go doc + CRD descriptions reflect the new
baseline and its overrides
- README opening framing softened from "IPv6-first" to "dual-stack,
IPv6-friendly"; example pods + spec.defaults table flipped to
treat dual-stack as the default and v6/v4-only as overrides
- README NetworkPolicy line in the comparison table flipped to
"yes (nftables)" since v1 enforcement shipped
- Limitations note about IPv4-only destinations rewritten — every
pod has v4 by default now, so the question is whether your IPv4
pool is routable beyond your network
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
101 lines
3.5 KiB
YAML
101 lines
3.5 KiB
YAML
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: nodeconfigs.flock.fritzlab.net
|
|
spec:
|
|
group: flock.fritzlab.net
|
|
scope: Cluster
|
|
names:
|
|
kind: NodeConfig
|
|
listKind: NodeConfigList
|
|
singular: nodeconfig
|
|
plural: nodeconfigs
|
|
shortNames:
|
|
- fnc
|
|
versions:
|
|
- name: v1alpha1
|
|
served: true
|
|
storage: true
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
required: [spec]
|
|
description: |
|
|
NodeConfig is the per-node operator-supplied configuration for the
|
|
flock CNI agent. Its name MUST equal the Kubernetes node name.
|
|
properties:
|
|
spec:
|
|
type: object
|
|
required: [bgp]
|
|
properties:
|
|
cidr6:
|
|
type: array
|
|
items:
|
|
type: string
|
|
description: IPv6 CIDR owned and aggregate-advertised by this node.
|
|
cidr4:
|
|
type: array
|
|
items:
|
|
type: string
|
|
description: IPv4 CIDR owned and aggregate-advertised by this node.
|
|
defaults:
|
|
type: object
|
|
description: |
|
|
Per-node baseline for which address families a pod receives
|
|
when its own annotations don't specify. Pod annotations
|
|
flock.fritzlab.net/ipv6 and flock.fritzlab.net/ipv4 always
|
|
override these defaults. Built-in fallback (when this block
|
|
or any field is omitted) is IPv6=true, IPv4=true (dual-stack).
|
|
properties:
|
|
ipv6:
|
|
type: boolean
|
|
description: |
|
|
Default IPv6 inclusion for pods on this node. Omit to
|
|
inherit the built-in baseline (true).
|
|
ipv4:
|
|
type: boolean
|
|
description: |
|
|
Default IPv4 inclusion for pods on this node. Omit to
|
|
inherit the built-in baseline (true).
|
|
bgp:
|
|
type: object
|
|
required: [asn, peers]
|
|
properties:
|
|
asn:
|
|
type: integer
|
|
format: int64
|
|
minimum: 1
|
|
maximum: 4294967295
|
|
description: This node's local ASN.
|
|
peers:
|
|
type: array
|
|
minItems: 1
|
|
items:
|
|
type: object
|
|
required: [address, asn]
|
|
properties:
|
|
address:
|
|
type: string
|
|
description: Peer IP (IPv6 or IPv4).
|
|
asn:
|
|
type: integer
|
|
format: int64
|
|
minimum: 1
|
|
maximum: 4294967295
|
|
additionalPrinterColumns:
|
|
- name: ASN
|
|
type: integer
|
|
jsonPath: .spec.bgp.asn
|
|
- name: CIDR6
|
|
type: string
|
|
jsonPath: .spec.cidr6
|
|
- name: CIDR4
|
|
type: string
|
|
jsonPath: .spec.cidr4
|
|
- name: DefV6
|
|
type: boolean
|
|
jsonPath: .spec.defaults.ipv6
|
|
- name: DefV4
|
|
type: boolean
|
|
jsonPath: .spec.defaults.ipv4
|