github.com/cilium/cilium@v1.16.2/operator/cmd/flags.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package cmd 5 6 import ( 7 "fmt" 8 "time" 9 10 "github.com/spf13/cobra" 11 "github.com/spf13/pflag" 12 "github.com/spf13/viper" 13 14 operatorOption "github.com/cilium/cilium/operator/option" 15 "github.com/cilium/cilium/pkg/defaults" 16 ipamOption "github.com/cilium/cilium/pkg/ipam/option" 17 "github.com/cilium/cilium/pkg/option" 18 ) 19 20 func InitGlobalFlags(cmd *cobra.Command, vp *viper.Viper) { 21 flags := cmd.Flags() 22 23 flags.Int(operatorOption.IPAMAPIBurst, defaults.IPAMAPIBurst, "Upper burst limit when accessing external APIs") 24 option.BindEnv(vp, operatorOption.IPAMAPIBurst) 25 26 flags.Float64(operatorOption.IPAMAPIQPSLimit, defaults.IPAMAPIQPSLimit, "Queries per second limit when accessing external IPAM APIs") 27 option.BindEnv(vp, operatorOption.IPAMAPIQPSLimit) 28 29 flags.Var(option.NewNamedMapOptions(operatorOption.IPAMSubnetsTags, &operatorOption.Config.IPAMSubnetsTags, nil), 30 operatorOption.IPAMSubnetsTags, "Subnets tags in the form of k1=v1,k2=v2 (multiple k/v pairs can also be passed by repeating the CLI flag") 31 option.BindEnv(vp, operatorOption.IPAMSubnetsTags) 32 33 flags.StringSliceVar(&operatorOption.Config.IPAMSubnetsIDs, operatorOption.IPAMSubnetsIDs, operatorOption.Config.IPAMSubnetsIDs, 34 "Subnets IDs (separated by commas)") 35 option.BindEnv(vp, operatorOption.IPAMSubnetsIDs) 36 37 flags.Var(option.NewNamedMapOptions(operatorOption.IPAMInstanceTags, &operatorOption.Config.IPAMInstanceTags, nil), operatorOption.IPAMInstanceTags, 38 "EC2 Instance tags in the form of k1=v1,k2=v2 (multiple k/v pairs can also be passed by repeating the CLI flag") 39 option.BindEnv(vp, operatorOption.IPAMInstanceTags) 40 41 flags.Var(option.NewNamedMapOptions(operatorOption.IPAMAutoCreateCiliumPodIPPools, &operatorOption.Config.IPAMAutoCreateCiliumPodIPPools, nil), 42 operatorOption.IPAMAutoCreateCiliumPodIPPools, 43 "Automatically create CiliumPodIPPool resources on startup. "+ 44 "Specify pools in the form of <pool>=ipv4-cidrs:<cidr>,[<cidr>...];ipv4-mask-size:<size> (multiple pools can also be passed by repeating the CLI flag)") 45 option.BindEnv(vp, operatorOption.IPAMAutoCreateCiliumPodIPPools) 46 47 flags.Int64(operatorOption.ParallelAllocWorkers, defaults.ParallelAllocWorkers, "Maximum number of parallel IPAM workers") 48 option.BindEnv(vp, operatorOption.ParallelAllocWorkers) 49 50 // Operator-specific flags 51 flags.String(option.ConfigFile, "", `Configuration file (default "$HOME/ciliumd.yaml")`) 52 option.BindEnv(vp, option.ConfigFile) 53 54 flags.String(option.ConfigDir, "", `Configuration directory that contains a file for each option`) 55 option.BindEnv(vp, option.ConfigDir) 56 57 flags.BoolP(option.DebugArg, "D", false, "Enable debugging mode") 58 option.BindEnv(vp, option.DebugArg) 59 60 // We need to obtain from Cilium ConfigMap if these options are enabled 61 // or disabled. These options are marked as hidden because having it 62 // being printed by operator --help could confuse users. 63 flags.Bool(option.DisableCiliumEndpointCRDName, false, "") 64 flags.MarkHidden(option.DisableCiliumEndpointCRDName) 65 option.BindEnv(vp, option.DisableCiliumEndpointCRDName) 66 67 flags.Bool(option.EnableIPv4EgressGateway, false, "") 68 flags.MarkHidden(option.EnableIPv4EgressGateway) 69 option.BindEnv(vp, option.EnableIPv4EgressGateway) 70 71 flags.Bool(option.EnableLocalRedirectPolicy, false, "") 72 flags.MarkHidden(option.EnableLocalRedirectPolicy) 73 option.BindEnv(vp, option.EnableLocalRedirectPolicy) 74 75 flags.Bool(option.EnableSRv6, false, "") 76 flags.MarkHidden(option.EnableSRv6) 77 option.BindEnv(vp, option.EnableSRv6) 78 79 flags.Duration(operatorOption.EndpointGCInterval, operatorOption.EndpointGCIntervalDefault, "GC interval for cilium endpoints") 80 option.BindEnv(vp, operatorOption.EndpointGCInterval) 81 82 flags.Bool(operatorOption.EnableMetrics, false, "Enable Prometheus metrics") 83 option.BindEnv(vp, operatorOption.EnableMetrics) 84 85 // Logging flags 86 flags.StringSlice(option.LogDriver, []string{}, "Logging endpoints to use for example syslog") 87 option.BindEnv(vp, option.LogDriver) 88 89 flags.Var(option.NewNamedMapOptions(option.LogOpt, &option.Config.LogOpt, nil), 90 option.LogOpt, `Log driver options for cilium-operator, `+ 91 `configmap example for syslog driver: {"syslog.level":"info","syslog.facility":"local4"}`) 92 option.BindEnv(vp, option.LogOpt) 93 94 var defaultIPAM string 95 switch binaryName { 96 case "cilium-operator": 97 defaultIPAM = ipamOption.IPAMClusterPool 98 case "cilium-operator-aws": 99 defaultIPAM = ipamOption.IPAMENI 100 case "cilium-operator-azure": 101 defaultIPAM = ipamOption.IPAMAzure 102 case "cilium-operator-alibabacloud": 103 defaultIPAM = ipamOption.IPAMAlibabaCloud 104 case "cilium-operator-generic": 105 defaultIPAM = ipamOption.IPAMClusterPool 106 } 107 108 flags.String(option.IPAM, defaultIPAM, "Backend to use for IPAM") 109 option.BindEnv(vp, option.IPAM) 110 111 cmd.PreRunE = func(cmd *cobra.Command, args []string) error { 112 ipamFlag := cmd.Flag(option.IPAM) 113 if !ipamFlag.Changed { 114 return nil 115 } 116 ipamFlagValue := ipamFlag.Value.String() 117 118 recommendInstead := func() string { 119 switch ipamFlagValue { 120 case ipamOption.IPAMENI: 121 return "cilium-operator-aws" 122 case ipamOption.IPAMAzure: 123 return "cilium-operator-azure" 124 case ipamOption.IPAMAlibabaCloud: 125 return "cilium-operator-alibabacloud" 126 case ipamOption.IPAMKubernetes, ipamOption.IPAMClusterPool, ipamOption.IPAMCRD: 127 return "cilium-operator-generic" 128 default: 129 return "" 130 } 131 } 132 133 unsupporterErr := func() error { 134 errMsg := fmt.Sprintf("%s doesn't support --%s=%s", binaryName, option.IPAM, ipamFlagValue) 135 if recommendation := recommendInstead(); recommendation != "" { 136 return fmt.Errorf("%s (use %s)", errMsg, recommendation) 137 } 138 return fmt.Errorf(errMsg) 139 } 140 141 switch binaryName { 142 case "cilium-operator": 143 if recommendation := recommendInstead(); recommendation != "" { 144 log.Warnf("cilium-operator will be deprecated in the future, for --%s=%s use %s as it has lower memory footprint", option.IPAM, ipamFlagValue, recommendation) 145 } 146 case "cilium-operator-aws": 147 if ipamFlagValue != ipamOption.IPAMENI { 148 return unsupporterErr() 149 } 150 case "cilium-operator-azure": 151 if ipamFlagValue != ipamOption.IPAMAzure { 152 return unsupporterErr() 153 } 154 case "cilium-operator-alibabacloud": 155 if ipamFlagValue != ipamOption.IPAMAlibabaCloud { 156 return unsupporterErr() 157 } 158 case "cilium-operator-generic": 159 switch ipamFlagValue { 160 case ipamOption.IPAMENI, ipamOption.IPAMAzure, ipamOption.IPAMAlibabaCloud: 161 return unsupporterErr() 162 } 163 } 164 165 return nil 166 } 167 168 flags.Bool(option.EnableIPv4Name, defaults.EnableIPv4, "Enable IPv4 support") 169 option.BindEnv(vp, option.EnableIPv4Name) 170 171 flags.StringSlice(operatorOption.ClusterPoolIPv4CIDR, []string{}, 172 fmt.Sprintf("IPv4 CIDR Range for Pods in cluster. Requires '%s=%s' and '%s=%s'", 173 option.IPAM, ipamOption.IPAMClusterPool, 174 option.EnableIPv4Name, "true")) 175 option.BindEnv(vp, operatorOption.ClusterPoolIPv4CIDR) 176 177 flags.Int(operatorOption.NodeCIDRMaskSizeIPv4, 24, 178 fmt.Sprintf("Mask size for each IPv4 podCIDR per node. Requires '%s=%s' and '%s=%s'", 179 option.IPAM, ipamOption.IPAMClusterPool, 180 option.EnableIPv4Name, "true")) 181 option.BindEnv(vp, operatorOption.NodeCIDRMaskSizeIPv4) 182 183 flags.Bool(option.EnableIPv6Name, defaults.EnableIPv6, "Enable IPv6 support") 184 option.BindEnv(vp, option.EnableIPv6Name) 185 186 flags.StringSlice(operatorOption.ClusterPoolIPv6CIDR, []string{}, 187 fmt.Sprintf("IPv6 CIDR Range for Pods in cluster. Requires '%s=%s' and '%s=%s'", 188 option.IPAM, ipamOption.IPAMClusterPool, 189 option.EnableIPv6Name, "true")) 190 option.BindEnv(vp, operatorOption.ClusterPoolIPv6CIDR) 191 192 flags.Int(operatorOption.NodeCIDRMaskSizeIPv6, 112, 193 fmt.Sprintf("Mask size for each IPv6 podCIDR per node. Requires '%s=%s' and '%s=%s'", 194 option.IPAM, ipamOption.IPAMClusterPool, 195 option.EnableIPv6Name, "true")) 196 option.BindEnv(vp, operatorOption.NodeCIDRMaskSizeIPv6) 197 198 flags.String(option.IdentityAllocationMode, option.IdentityAllocationModeKVstore, "Method to use for identity allocation") 199 option.BindEnv(vp, option.IdentityAllocationMode) 200 201 flags.String(option.KVStore, "", "Key-value store type") 202 option.BindEnv(vp, option.KVStore) 203 204 flags.Var(option.NewNamedMapOptions(option.KVStoreOpt, &option.Config.KVStoreOpt, nil), 205 option.KVStoreOpt, "Key-value store options e.g. etcd.address=127.0.0.1:4001") 206 option.BindEnv(vp, option.KVStoreOpt) 207 208 flags.String(option.K8sNamespaceName, "", "Name of the Kubernetes namespace in which Cilium Operator is deployed in") 209 option.BindEnv(vp, option.K8sNamespaceName) 210 211 flags.Duration(operatorOption.NodesGCInterval, 5*time.Minute, "GC interval for CiliumNodes") 212 option.BindEnv(vp, operatorOption.NodesGCInterval) 213 214 flags.Bool(operatorOption.SyncK8sServices, true, "Synchronize Kubernetes services to kvstore") 215 option.BindEnv(vp, operatorOption.SyncK8sServices) 216 217 flags.Bool(operatorOption.SyncK8sNodes, true, "Synchronize Kubernetes nodes to kvstore and perform CNP GC") 218 option.BindEnv(vp, operatorOption.SyncK8sNodes) 219 220 flags.Int(operatorOption.UnmanagedPodWatcherInterval, 15, "Interval to check for unmanaged kube-dns pods (0 to disable)") 221 option.BindEnv(vp, operatorOption.UnmanagedPodWatcherInterval) 222 223 flags.Bool(option.Version, false, "Print version information") 224 option.BindEnv(vp, option.Version) 225 226 flags.String(option.CMDRef, "", "Path to cmdref output directory") 227 flags.MarkHidden(option.CMDRef) 228 option.BindEnv(vp, option.CMDRef) 229 230 flags.Duration(operatorOption.LeaderElectionLeaseDuration, 15*time.Second, 231 "Duration that non-leader operator candidates will wait before forcing to acquire leadership") 232 option.BindEnv(vp, operatorOption.LeaderElectionLeaseDuration) 233 234 flags.Duration(operatorOption.LeaderElectionRenewDeadline, 10*time.Second, 235 "Duration that current acting master will retry refreshing leadership in before giving up the lock") 236 option.BindEnv(vp, operatorOption.LeaderElectionRenewDeadline) 237 238 flags.Duration(operatorOption.LeaderElectionRetryPeriod, 2*time.Second, 239 "Duration that LeaderElector clients should wait between retries of the actions") 240 option.BindEnv(vp, operatorOption.LeaderElectionRetryPeriod) 241 242 flags.Bool(option.BGPAnnounceLBIP, false, "Announces service IPs of type LoadBalancer via BGP") 243 option.BindEnv(vp, option.BGPAnnounceLBIP) 244 245 flags.String(option.BGPConfigPath, "/var/lib/cilium/bgp/config.yaml", "Path to file containing the BGP configuration") 246 option.BindEnv(vp, option.BGPConfigPath) 247 248 flags.Bool(option.EnableCiliumEndpointSlice, false, "If set to true, the CiliumEndpointSlice feature is enabled. If any CiliumEndpoints resources are created, updated, or deleted in the cluster, all those changes are broadcast as CiliumEndpointSlice updates to all of the Cilium agents.") 249 option.BindEnv(vp, option.EnableCiliumEndpointSlice) 250 251 flags.String(operatorOption.CiliumK8sNamespace, "", fmt.Sprintf("Name of the Kubernetes namespace in which Cilium is deployed in. Defaults to the same namespace defined in %s", option.K8sNamespaceName)) 252 option.BindEnv(vp, operatorOption.CiliumK8sNamespace) 253 254 flags.String(operatorOption.CiliumPodLabels, "k8s-app=cilium", "Cilium Pod's labels. Used to detect if a Cilium pod is running to remove the node taints where its running and set NetworkUnavailable to false") 255 option.BindEnv(vp, operatorOption.CiliumPodLabels) 256 257 flags.Bool(operatorOption.RemoveCiliumNodeTaints, true, fmt.Sprintf("Remove node taint %q from Kubernetes nodes once Cilium is up and running", option.Config.AgentNotReadyNodeTaintValue())) 258 option.BindEnv(vp, operatorOption.RemoveCiliumNodeTaints) 259 260 flags.Bool(operatorOption.SetCiliumNodeTaints, false, fmt.Sprintf("Set node taint %q from Kubernetes nodes if Cilium is scheduled but not up and running", option.Config.AgentNotReadyNodeTaintValue())) 261 option.BindEnv(vp, operatorOption.SetCiliumNodeTaints) 262 263 flags.Bool(operatorOption.SetCiliumIsUpCondition, true, "Set CiliumIsUp Node condition to mark a Kubernetes Node that a Cilium pod is up and running in that node") 264 option.BindEnv(vp, operatorOption.SetCiliumIsUpCondition) 265 266 flags.String(operatorOption.PodRestartSelector, "k8s-app=kube-dns", "cilium-operator will delete/restart any pods with these labels if the pod is not managed by Cilium. If this option is empty, then all pods may be restarted") 267 option.BindEnv(vp, operatorOption.PodRestartSelector) 268 269 flags.Duration(option.KVstoreLeaseTTL, defaults.KVstoreLeaseTTL, "Time-to-live for the KVstore lease.") 270 flags.MarkHidden(option.KVstoreLeaseTTL) 271 option.BindEnv(vp, option.KVstoreLeaseTTL) 272 273 vp.BindPFlags(flags) 274 } 275 276 const ( 277 // pprofOperator enables pprof debugging endpoint for the operator 278 pprofOperator = "operator-pprof" 279 280 // pprofAddress is the port that the pprof listens on 281 pprofAddress = "operator-pprof-address" 282 283 // pprofPort is the port that the pprof listens on 284 pprofPort = "operator-pprof-port" 285 ) 286 287 // operatorPprofConfig holds the configuration for the operator pprof cell. 288 // Differently from the agent and the clustermesh-apiserver, the operator prefixes 289 // the pprof related flags with the string "operator-". 290 // To reuse the same cell, we need a different config type to map the same fields 291 // to the operator-specific pprof flag names. 292 type operatorPprofConfig struct { 293 OperatorPprof bool 294 OperatorPprofAddress string 295 OperatorPprofPort uint16 296 } 297 298 func (def operatorPprofConfig) Flags(flags *pflag.FlagSet) { 299 flags.Bool(pprofOperator, def.OperatorPprof, "Enable serving pprof debugging API") 300 flags.String(pprofAddress, def.OperatorPprofAddress, "Address that pprof listens on") 301 flags.Uint16(pprofPort, def.OperatorPprofPort, "Port that pprof listens on") 302 }