mirror of
https://github.com/siderolabs/talos.git
synced 2025-11-03 09:51:32 +01:00
862c76001b
This PR adds the support for CoreDNS forwarding to host DNS. We try to bind on 9th address on the first element from `serviceSubnets` and create a simple service so k8s will not attempt to rebind it. Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com> Co-authored-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com> Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>
428 lines
12 KiB
Protocol Buffer
Executable File
428 lines
12 KiB
Protocol Buffer
Executable File
syntax = "proto3";
|
|
|
|
package talos.resource.definitions.network;
|
|
|
|
option go_package = "github.com/siderolabs/talos/pkg/machinery/api/resource/definitions/network";
|
|
|
|
import "common/common.proto";
|
|
import "google/protobuf/duration.proto";
|
|
import "resource/definitions/enums/enums.proto";
|
|
|
|
// AddressSpecSpec describes status of rendered secrets.
|
|
message AddressSpecSpec {
|
|
common.NetIPPrefix address = 1;
|
|
string link_name = 2;
|
|
talos.resource.definitions.enums.NethelpersFamily family = 3;
|
|
talos.resource.definitions.enums.NethelpersScope scope = 4;
|
|
uint32 flags = 5;
|
|
bool announce_with_arp = 6;
|
|
talos.resource.definitions.enums.NetworkConfigLayer config_layer = 7;
|
|
}
|
|
|
|
// AddressStatusSpec describes status of rendered secrets.
|
|
message AddressStatusSpec {
|
|
common.NetIPPrefix address = 1;
|
|
common.NetIP local = 2;
|
|
common.NetIP broadcast = 3;
|
|
common.NetIP anycast = 4;
|
|
common.NetIP multicast = 5;
|
|
uint32 link_index = 6;
|
|
string link_name = 7;
|
|
talos.resource.definitions.enums.NethelpersFamily family = 8;
|
|
talos.resource.definitions.enums.NethelpersScope scope = 9;
|
|
uint32 flags = 10;
|
|
}
|
|
|
|
// BondMasterSpec describes bond settings if Kind == "bond".
|
|
message BondMasterSpec {
|
|
talos.resource.definitions.enums.NethelpersBondMode mode = 1;
|
|
talos.resource.definitions.enums.NethelpersBondXmitHashPolicy hash_policy = 2;
|
|
talos.resource.definitions.enums.NethelpersLACPRate lacp_rate = 3;
|
|
talos.resource.definitions.enums.NethelpersARPValidate arp_validate = 4;
|
|
talos.resource.definitions.enums.NethelpersARPAllTargets arp_all_targets = 5;
|
|
uint32 primary_index = 6;
|
|
talos.resource.definitions.enums.NethelpersPrimaryReselect primary_reselect = 7;
|
|
talos.resource.definitions.enums.NethelpersFailOverMAC fail_over_mac = 8;
|
|
talos.resource.definitions.enums.NethelpersADSelect ad_select = 9;
|
|
uint32 mii_mon = 10;
|
|
uint32 up_delay = 11;
|
|
uint32 down_delay = 12;
|
|
uint32 arp_interval = 13;
|
|
uint32 resend_igmp = 14;
|
|
uint32 min_links = 15;
|
|
uint32 lp_interval = 16;
|
|
uint32 packets_per_slave = 17;
|
|
fixed32 num_peer_notif = 18;
|
|
fixed32 tlb_dynamic_lb = 19;
|
|
fixed32 all_slaves_active = 20;
|
|
bool use_carrier = 21;
|
|
fixed32 ad_actor_sys_prio = 22;
|
|
fixed32 ad_user_port_key = 23;
|
|
uint32 peer_notify_delay = 24;
|
|
}
|
|
|
|
// BondSlave contains a bond's master name and slave index.
|
|
message BondSlave {
|
|
string master_name = 1;
|
|
int64 slave_index = 2;
|
|
}
|
|
|
|
// BridgeMasterSpec describes bridge settings if Kind == "bridge".
|
|
message BridgeMasterSpec {
|
|
STPSpec stp = 1;
|
|
}
|
|
|
|
// BridgeSlave contains a bond's master name and slave index.
|
|
message BridgeSlave {
|
|
string master_name = 1;
|
|
}
|
|
|
|
// DHCP4OperatorSpec describes DHCP4 operator options.
|
|
message DHCP4OperatorSpec {
|
|
uint32 route_metric = 1;
|
|
bool skip_hostname_request = 2;
|
|
}
|
|
|
|
// DHCP6OperatorSpec describes DHCP6 operator options.
|
|
message DHCP6OperatorSpec {
|
|
string duid = 1;
|
|
uint32 route_metric = 2;
|
|
bool skip_hostname_request = 3;
|
|
}
|
|
|
|
// DNSResolveCacheSpec describes DNS servers status.
|
|
message DNSResolveCacheSpec {
|
|
string status = 1;
|
|
}
|
|
|
|
// HardwareAddrSpec describes spec for the link.
|
|
message HardwareAddrSpec {
|
|
string name = 1;
|
|
bytes hardware_addr = 2;
|
|
}
|
|
|
|
// HostDNSConfigSpec describes host DNS config.
|
|
message HostDNSConfigSpec {
|
|
bool enabled = 1;
|
|
repeated common.NetIPPort listen_addresses = 2;
|
|
common.NetIP service_host_dns_address = 3;
|
|
}
|
|
|
|
// HostnameSpecSpec describes node hostname.
|
|
message HostnameSpecSpec {
|
|
string hostname = 1;
|
|
string domainname = 2;
|
|
talos.resource.definitions.enums.NetworkConfigLayer config_layer = 3;
|
|
}
|
|
|
|
// HostnameStatusSpec describes node hostname.
|
|
message HostnameStatusSpec {
|
|
string hostname = 1;
|
|
string domainname = 2;
|
|
}
|
|
|
|
// LinkRefreshSpec describes status of rendered secrets.
|
|
message LinkRefreshSpec {
|
|
int64 generation = 1;
|
|
}
|
|
|
|
// LinkSpecSpec describes spec for the link.
|
|
message LinkSpecSpec {
|
|
string name = 1;
|
|
bool logical = 2;
|
|
bool up = 3;
|
|
uint32 mtu = 4;
|
|
string kind = 5;
|
|
talos.resource.definitions.enums.NethelpersLinkType type = 6;
|
|
string parent_name = 7;
|
|
BondSlave bond_slave = 8;
|
|
BridgeSlave bridge_slave = 9;
|
|
VLANSpec vlan = 10;
|
|
BondMasterSpec bond_master = 11;
|
|
BridgeMasterSpec bridge_master = 12;
|
|
WireguardSpec wireguard = 13;
|
|
talos.resource.definitions.enums.NetworkConfigLayer config_layer = 14;
|
|
}
|
|
|
|
// LinkStatusSpec describes status of rendered secrets.
|
|
message LinkStatusSpec {
|
|
uint32 index = 1;
|
|
talos.resource.definitions.enums.NethelpersLinkType type = 2;
|
|
uint32 link_index = 3;
|
|
uint32 flags = 4;
|
|
bytes hardware_addr = 5;
|
|
bytes broadcast_addr = 6;
|
|
uint32 mtu = 7;
|
|
string queue_disc = 8;
|
|
uint32 master_index = 9;
|
|
talos.resource.definitions.enums.NethelpersOperationalState operational_state = 10;
|
|
string kind = 11;
|
|
string slave_kind = 12;
|
|
string bus_path = 13;
|
|
string pciid = 14;
|
|
string driver = 15;
|
|
string driver_version = 16;
|
|
string firmware_version = 17;
|
|
string product_id = 18;
|
|
string vendor_id = 19;
|
|
string product = 20;
|
|
string vendor = 21;
|
|
bool link_state = 22;
|
|
int64 speed_megabits = 23;
|
|
talos.resource.definitions.enums.NethelpersPort port = 24;
|
|
talos.resource.definitions.enums.NethelpersDuplex duplex = 25;
|
|
VLANSpec vlan = 26;
|
|
BridgeMasterSpec bridge_master = 27;
|
|
BondMasterSpec bond_master = 28;
|
|
WireguardSpec wireguard = 29;
|
|
bytes permanent_addr = 30;
|
|
}
|
|
|
|
// NfTablesAddressMatch describes the match on the IP address.
|
|
message NfTablesAddressMatch {
|
|
repeated common.NetIPPrefix include_subnets = 1;
|
|
repeated common.NetIPPrefix exclude_subnets = 2;
|
|
bool invert = 3;
|
|
}
|
|
|
|
// NfTablesChainSpec describes status of rendered secrets.
|
|
message NfTablesChainSpec {
|
|
string type = 1;
|
|
talos.resource.definitions.enums.NethelpersNfTablesChainHook hook = 2;
|
|
talos.resource.definitions.enums.NethelpersNfTablesChainPriority priority = 3;
|
|
repeated NfTablesRule rules = 4;
|
|
talos.resource.definitions.enums.NethelpersNfTablesVerdict policy = 5;
|
|
}
|
|
|
|
// NfTablesClampMSS describes the TCP MSS clamping operation.
|
|
//
|
|
// MSS is limited by the `MaxMTU` so that:
|
|
// - IPv4: MSS = MaxMTU - 40
|
|
// - IPv6: MSS = MaxMTU - 60.
|
|
message NfTablesClampMSS {
|
|
fixed32 mtu = 1;
|
|
}
|
|
|
|
// NfTablesConntrackStateMatch describes the match on the connection tracking state.
|
|
message NfTablesConntrackStateMatch {
|
|
repeated talos.resource.definitions.enums.NethelpersConntrackState states = 1;
|
|
}
|
|
|
|
// NfTablesIfNameMatch describes the match on the interface name.
|
|
message NfTablesIfNameMatch {
|
|
talos.resource.definitions.enums.NethelpersMatchOperator operator = 2;
|
|
repeated string interface_names = 3;
|
|
}
|
|
|
|
// NfTablesLayer4Match describes the match on the transport layer protocol.
|
|
message NfTablesLayer4Match {
|
|
talos.resource.definitions.enums.NethelpersProtocol protocol = 1;
|
|
NfTablesPortMatch match_source_port = 2;
|
|
NfTablesPortMatch match_destination_port = 3;
|
|
}
|
|
|
|
// NfTablesLimitMatch describes the match on the packet rate.
|
|
message NfTablesLimitMatch {
|
|
uint64 packet_rate_per_second = 1;
|
|
}
|
|
|
|
// NfTablesMark encodes packet mark match/update operation.
|
|
//
|
|
// When used as a match computes the following condition:
|
|
// (mark & mask) ^ xor == value
|
|
//
|
|
// When used as an update computes the following operation:
|
|
// mark = (mark & mask) ^ xor.
|
|
message NfTablesMark {
|
|
uint32 mask = 1;
|
|
uint32 xor = 2;
|
|
uint32 value = 3;
|
|
}
|
|
|
|
// NfTablesPortMatch describes the match on the transport layer port.
|
|
message NfTablesPortMatch {
|
|
repeated PortRange ranges = 1;
|
|
}
|
|
|
|
// NfTablesRule describes a single rule in the nftables chain.
|
|
message NfTablesRule {
|
|
NfTablesIfNameMatch match_o_if_name = 1;
|
|
talos.resource.definitions.enums.NethelpersNfTablesVerdict verdict = 2;
|
|
NfTablesMark match_mark = 3;
|
|
NfTablesMark set_mark = 4;
|
|
NfTablesAddressMatch match_source_address = 5;
|
|
NfTablesAddressMatch match_destination_address = 6;
|
|
NfTablesLayer4Match match_layer4 = 7;
|
|
NfTablesIfNameMatch match_i_if_name = 8;
|
|
NfTablesClampMSS clamp_mss = 9;
|
|
NfTablesLimitMatch match_limit = 10;
|
|
NfTablesConntrackStateMatch match_conntrack_state = 11;
|
|
bool anon_counter = 12;
|
|
}
|
|
|
|
// NodeAddressFilterSpec describes a filter for NodeAddresses.
|
|
message NodeAddressFilterSpec {
|
|
repeated common.NetIPPrefix include_subnets = 1;
|
|
repeated common.NetIPPrefix exclude_subnets = 2;
|
|
}
|
|
|
|
// NodeAddressSpec describes a set of node addresses.
|
|
message NodeAddressSpec {
|
|
repeated common.NetIPPrefix addresses = 1;
|
|
}
|
|
|
|
// OperatorSpecSpec describes DNS resolvers.
|
|
message OperatorSpecSpec {
|
|
talos.resource.definitions.enums.NetworkOperator operator = 1;
|
|
string link_name = 2;
|
|
bool require_up = 3;
|
|
DHCP4OperatorSpec dhcp4 = 4;
|
|
DHCP6OperatorSpec dhcp6 = 5;
|
|
VIPOperatorSpec vip = 6;
|
|
talos.resource.definitions.enums.NetworkConfigLayer config_layer = 7;
|
|
}
|
|
|
|
// PortRange describes a range of ports.
|
|
//
|
|
// Range is [lo, hi].
|
|
message PortRange {
|
|
fixed32 lo = 1;
|
|
fixed32 hi = 2;
|
|
}
|
|
|
|
// ProbeSpecSpec describes the Probe.
|
|
message ProbeSpecSpec {
|
|
google.protobuf.Duration interval = 1;
|
|
int64 failure_threshold = 2;
|
|
TCPProbeSpec tcp = 3;
|
|
talos.resource.definitions.enums.NetworkConfigLayer config_layer = 4;
|
|
}
|
|
|
|
// ProbeStatusSpec describes the Probe.
|
|
message ProbeStatusSpec {
|
|
bool success = 1;
|
|
string last_error = 2;
|
|
}
|
|
|
|
// ResolverSpecSpec describes DNS resolvers.
|
|
message ResolverSpecSpec {
|
|
repeated common.NetIP dns_servers = 1;
|
|
talos.resource.definitions.enums.NetworkConfigLayer config_layer = 2;
|
|
}
|
|
|
|
// ResolverStatusSpec describes DNS resolvers.
|
|
message ResolverStatusSpec {
|
|
repeated common.NetIP dns_servers = 1;
|
|
}
|
|
|
|
// RouteSpecSpec describes the route.
|
|
message RouteSpecSpec {
|
|
talos.resource.definitions.enums.NethelpersFamily family = 1;
|
|
common.NetIPPrefix destination = 2;
|
|
common.NetIP source = 3;
|
|
common.NetIP gateway = 4;
|
|
string out_link_name = 5;
|
|
talos.resource.definitions.enums.NethelpersRoutingTable table = 6;
|
|
uint32 priority = 7;
|
|
talos.resource.definitions.enums.NethelpersScope scope = 8;
|
|
talos.resource.definitions.enums.NethelpersRouteType type = 9;
|
|
uint32 flags = 10;
|
|
talos.resource.definitions.enums.NethelpersRouteProtocol protocol = 11;
|
|
talos.resource.definitions.enums.NetworkConfigLayer config_layer = 12;
|
|
uint32 mtu = 13;
|
|
}
|
|
|
|
// RouteStatusSpec describes status of rendered secrets.
|
|
message RouteStatusSpec {
|
|
talos.resource.definitions.enums.NethelpersFamily family = 1;
|
|
common.NetIPPrefix destination = 2;
|
|
common.NetIP source = 3;
|
|
common.NetIP gateway = 4;
|
|
uint32 out_link_index = 5;
|
|
string out_link_name = 6;
|
|
talos.resource.definitions.enums.NethelpersRoutingTable table = 7;
|
|
uint32 priority = 8;
|
|
talos.resource.definitions.enums.NethelpersScope scope = 9;
|
|
talos.resource.definitions.enums.NethelpersRouteType type = 10;
|
|
uint32 flags = 11;
|
|
talos.resource.definitions.enums.NethelpersRouteProtocol protocol = 12;
|
|
uint32 mtu = 13;
|
|
}
|
|
|
|
// STPSpec describes Spanning Tree Protocol (STP) settings of a bridge.
|
|
message STPSpec {
|
|
bool enabled = 1;
|
|
}
|
|
|
|
// StatusSpec describes network state.
|
|
message StatusSpec {
|
|
bool address_ready = 1;
|
|
bool connectivity_ready = 2;
|
|
bool hostname_ready = 3;
|
|
bool etc_files_ready = 4;
|
|
}
|
|
|
|
// TCPProbeSpec describes the TCP Probe.
|
|
message TCPProbeSpec {
|
|
string endpoint = 1;
|
|
google.protobuf.Duration timeout = 2;
|
|
}
|
|
|
|
// TimeServerSpecSpec describes NTP servers.
|
|
message TimeServerSpecSpec {
|
|
repeated string ntp_servers = 1;
|
|
talos.resource.definitions.enums.NetworkConfigLayer config_layer = 2;
|
|
}
|
|
|
|
// TimeServerStatusSpec describes NTP servers.
|
|
message TimeServerStatusSpec {
|
|
repeated string ntp_servers = 1;
|
|
}
|
|
|
|
// VIPEquinixMetalSpec describes virtual (elastic) IP settings for Equinix Metal.
|
|
message VIPEquinixMetalSpec {
|
|
string project_id = 1;
|
|
string device_id = 2;
|
|
string api_token = 3;
|
|
}
|
|
|
|
// VIPHCloudSpec describes virtual (elastic) IP settings for Hetzner Cloud.
|
|
message VIPHCloudSpec {
|
|
int64 device_id = 1;
|
|
int64 network_id = 2;
|
|
string api_token = 3;
|
|
}
|
|
|
|
// VIPOperatorSpec describes virtual IP operator options.
|
|
message VIPOperatorSpec {
|
|
common.NetIP ip = 1;
|
|
bool gratuitous_arp = 2;
|
|
VIPEquinixMetalSpec equinix_metal = 3;
|
|
VIPHCloudSpec h_cloud = 4;
|
|
}
|
|
|
|
// VLANSpec describes VLAN settings if Kind == "vlan".
|
|
message VLANSpec {
|
|
fixed32 vid = 1;
|
|
talos.resource.definitions.enums.NethelpersVLANProtocol protocol = 2;
|
|
}
|
|
|
|
// WireguardPeer describes a single peer.
|
|
message WireguardPeer {
|
|
string public_key = 1;
|
|
string preshared_key = 2;
|
|
string endpoint = 3;
|
|
google.protobuf.Duration persistent_keepalive_interval = 4;
|
|
repeated common.NetIPPrefix allowed_ips = 5;
|
|
}
|
|
|
|
// WireguardSpec describes Wireguard settings if Kind == "wireguard".
|
|
message WireguardSpec {
|
|
string private_key = 1;
|
|
string public_key = 2;
|
|
int64 listen_port = 3;
|
|
int64 firewall_mark = 4;
|
|
repeated WireguardPeer peers = 5;
|
|
}
|
|
|