{ "$schema": "http://json-schema.org/draft-07/schema#", "properties": { "apiVersion": { "type": "string" }, "kind": { "type": "string" }, "metadata": { "type": "object" }, "spec": { "properties": { "allowIPIPPacketsFromWorkloads": { "type": "boolean" }, "allowVXLANPacketsFromWorkloads": { "type": "boolean" }, "awsSrcDstCheck": { "enum": [ "DoNothing", "Enable", "Disable" ], "type": "string" }, "bpfCTLBLogFilter": { "type": "string" }, "bpfConnectTimeLoadBalancing": { "enum": [ "TCP", "Enabled", "Disabled" ], "type": "string" }, "bpfConnectTimeLoadBalancingEnabled": { "type": "boolean" }, "bpfConntrackLogLevel": { "enum": [ "Off", "Debug" ], "type": "string" }, "bpfConntrackMode": { "enum": [ "Auto", "Userspace", "BPFProgram" ], "type": "string" }, "bpfConntrackTimeouts": { "properties": { "creationGracePeriod": { "pattern": "^(([0-9]*(\\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$", "type": "string" }, "genericTimeout": { "pattern": "^(([0-9]*(\\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$", "type": "string" }, "icmpTimeout": { "pattern": "^(([0-9]*(\\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$", "type": "string" }, "tcpEstablished": { "pattern": "^(([0-9]*(\\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$", "type": "string" }, "tcpFinsSeen": { "pattern": "^(([0-9]*(\\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$", "type": "string" }, "tcpResetSeen": { "pattern": "^(([0-9]*(\\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$", "type": "string" }, "tcpSynSent": { "pattern": "^(([0-9]*(\\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$", "type": "string" }, "udpTimeout": { "pattern": "^(([0-9]*(\\.[0-9]*)?(ms|s|h|m|us)+)+|Auto)$", "type": "string" } }, "type": "object" }, "bpfDSROptoutCIDRs": { "items": { "type": "string" }, "type": "array" }, "bpfDataIfacePattern": { "type": "string" }, "bpfDisableGROForIfaces": { "type": "string" }, "bpfDisableUnprivileged": { "type": "boolean" }, "bpfEnabled": { "type": "boolean" }, "bpfEnforceRPF": { "pattern": "^(?i)(Disabled|Strict|Loose)?$", "type": "string" }, "bpfExcludeCIDRsFromNAT": { "items": { "type": "string" }, "type": "array" }, "bpfExportBufferSizeMB": { "type": "integer" }, "bpfExtToServiceConnmark": { "type": "integer" }, "bpfExternalServiceMode": { "pattern": "^(?i)(Tunnel|DSR)?$", "type": "string" }, "bpfForceTrackPacketsFromIfaces": { "items": { "type": "string" }, "type": "array" }, "bpfHostConntrackBypass": { "type": "boolean" }, "bpfHostNetworkedNATWithoutCTLB": { "enum": [ "Enabled", "Disabled" ], "type": "string" }, "bpfKubeProxyEndpointSlicesEnabled": { "type": "boolean" }, "bpfKubeProxyIptablesCleanupEnabled": { "type": "boolean" }, "bpfKubeProxyMinSyncPeriod": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "bpfL3IfacePattern": { "type": "string" }, "bpfLogFilters": { "additionalProperties": { "type": "string" }, "type": "object" }, "bpfLogLevel": { "pattern": "^(?i)(Off|Info|Debug)?$", "type": "string" }, "bpfMapSizeConntrack": { "type": "integer" }, "bpfMapSizeConntrackCleanupQueue": { "minimum": 1, "type": "integer" }, "bpfMapSizeConntrackScaling": { "pattern": "^(?i)(Disabled|DoubleIfFull)?$", "type": "string" }, "bpfMapSizeIPSets": { "type": "integer" }, "bpfMapSizeIfState": { "type": "integer" }, "bpfMapSizeNATAffinity": { "type": "integer" }, "bpfMapSizeNATBackend": { "type": "integer" }, "bpfMapSizeNATFrontend": { "type": "integer" }, "bpfMapSizePerCpuConntrack": { "type": "integer" }, "bpfMapSizeRoute": { "type": "integer" }, "bpfPSNATPorts": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^.*", "x-kubernetes-int-or-string": true }, "bpfPolicyDebugEnabled": { "type": "boolean" }, "bpfProfiling": { "enum": [ "Enabled", "Disabled" ], "type": "string" }, "bpfRedirectToPeer": { "enum": [ "Enabled", "Disabled", "L2Only" ], "type": "string" }, "chainInsertMode": { "pattern": "^(?i)(Insert|Append)?$", "type": "string" }, "dataplaneDriver": { "type": "string" }, "dataplaneWatchdogTimeout": { "type": "string" }, "debugDisableLogDropping": { "type": "boolean" }, "debugHost": { "type": "string" }, "debugMemoryProfilePath": { "type": "string" }, "debugPort": { "type": "integer" }, "debugSimulateCalcGraphHangAfter": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "debugSimulateDataplaneApplyDelay": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "debugSimulateDataplaneHangAfter": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "defaultEndpointToHostAction": { "pattern": "^(?i)(Drop|Accept|Return)?$", "type": "string" }, "deviceRouteProtocol": { "type": "integer" }, "deviceRouteSourceAddress": { "type": "string" }, "deviceRouteSourceAddressIPv6": { "type": "string" }, "disableConntrackInvalidCheck": { "type": "boolean" }, "endpointReportingDelay": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "endpointReportingEnabled": { "type": "boolean" }, "endpointStatusPathPrefix": { "type": "string" }, "externalNodesList": { "items": { "type": "string" }, "type": "array" }, "failsafeInboundHostPorts": { "items": { "properties": { "net": { "type": "string" }, "port": { "type": "integer" }, "protocol": { "type": "string" } }, "required": [ "port" ], "type": "object" }, "type": "array" }, "failsafeOutboundHostPorts": { "items": { "properties": { "net": { "type": "string" }, "port": { "type": "integer" }, "protocol": { "type": "string" } }, "required": [ "port" ], "type": "object" }, "type": "array" }, "featureDetectOverride": { "pattern": "^([a-zA-Z0-9-_]+=(true|false|),)*([a-zA-Z0-9-_]+=(true|false|))?$", "type": "string" }, "featureGates": { "pattern": "^([a-zA-Z0-9-_]+=([^=]+),)*([a-zA-Z0-9-_]+=([^=]+))?$", "type": "string" }, "floatingIPs": { "enum": [ "Enabled", "Disabled" ], "type": "string" }, "flowLogsCollectorDebugTrace": { "type": "boolean" }, "flowLogsFlushInterval": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "flowLogsGoldmaneServer": { "type": "string" }, "flowLogsLocalReporter": { "enum": [ "Disabled", "Enabled" ], "type": "string" }, "flowLogsPolicyEvaluationMode": { "enum": [ "None", "Continuous" ], "type": "string" }, "genericXDPEnabled": { "type": "boolean" }, "goGCThreshold": { "type": "integer" }, "goMaxProcs": { "type": "integer" }, "goMemoryLimitMB": { "type": "integer" }, "healthEnabled": { "type": "boolean" }, "healthHost": { "type": "string" }, "healthPort": { "type": "integer" }, "healthTimeoutOverrides": { "items": { "properties": { "name": { "type": "string" }, "timeout": { "type": "string" } }, "required": [ "name", "timeout" ], "type": "object" }, "type": "array" }, "interfaceExclude": { "type": "string" }, "interfacePrefix": { "type": "string" }, "interfaceRefreshInterval": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "ipForwarding": { "enum": [ "Enabled", "Disabled" ], "type": "string" }, "ipipEnabled": { "type": "boolean" }, "ipipMTU": { "type": "integer" }, "ipsetsRefreshInterval": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "iptablesBackend": { "pattern": "^(?i)(Auto|Legacy|NFT)?$", "type": "string" }, "iptablesFilterAllowAction": { "pattern": "^(?i)(Accept|Return)?$", "type": "string" }, "iptablesFilterDenyAction": { "pattern": "^(?i)(Drop|Reject)?$", "type": "string" }, "iptablesLockFilePath": { "type": "string" }, "iptablesLockProbeInterval": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "iptablesLockTimeout": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "iptablesMangleAllowAction": { "pattern": "^(?i)(Accept|Return)?$", "type": "string" }, "iptablesMarkMask": { "format": "int32", "type": "integer" }, "iptablesNATOutgoingInterfaceFilter": { "type": "string" }, "iptablesPostWriteCheckInterval": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "iptablesRefreshInterval": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "ipv6Support": { "type": "boolean" }, "kubeNodePortRanges": { "items": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^.*", "x-kubernetes-int-or-string": true }, "type": "array" }, "logDebugFilenameRegex": { "type": "string" }, "logFilePath": { "type": "string" }, "logPrefix": { "type": "string" }, "logSeverityFile": { "pattern": "^(?i)(Trace|Debug|Info|Warning|Error|Fatal)?$", "type": "string" }, "logSeverityScreen": { "pattern": "^(?i)(Trace|Debug|Info|Warning|Error|Fatal)?$", "type": "string" }, "logSeveritySys": { "pattern": "^(?i)(Trace|Debug|Info|Warning|Error|Fatal)?$", "type": "string" }, "maxIpsetSize": { "type": "integer" }, "metadataAddr": { "type": "string" }, "metadataPort": { "type": "integer" }, "mtuIfacePattern": { "type": "string" }, "natOutgoingAddress": { "type": "string" }, "natPortRange": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "pattern": "^.*", "x-kubernetes-int-or-string": true }, "netlinkTimeout": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "nftablesFilterAllowAction": { "pattern": "^(?i)(Accept|Return)?$", "type": "string" }, "nftablesFilterDenyAction": { "pattern": "^(?i)(Drop|Reject)?$", "type": "string" }, "nftablesMangleAllowAction": { "pattern": "^(?i)(Accept|Return)?$", "type": "string" }, "nftablesMarkMask": { "format": "int32", "type": "integer" }, "nftablesMode": { "enum": [ "Disabled", "Enabled", "Auto" ], "type": "string" }, "nftablesRefreshInterval": { "type": "string" }, "openstackRegion": { "type": "string" }, "policySyncPathPrefix": { "type": "string" }, "prometheusGoMetricsEnabled": { "type": "boolean" }, "prometheusMetricsEnabled": { "type": "boolean" }, "prometheusMetricsHost": { "type": "string" }, "prometheusMetricsPort": { "type": "integer" }, "prometheusProcessMetricsEnabled": { "type": "boolean" }, "prometheusWireGuardMetricsEnabled": { "type": "boolean" }, "removeExternalRoutes": { "type": "boolean" }, "reportingInterval": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "reportingTTL": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "routeRefreshInterval": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "routeSource": { "pattern": "^(?i)(WorkloadIPs|CalicoIPAM)?$", "type": "string" }, "routeSyncDisabled": { "type": "boolean" }, "routeTableRange": { "properties": { "max": { "type": "integer" }, "min": { "type": "integer" } }, "required": [ "max", "min" ], "type": "object" }, "routeTableRanges": { "items": { "properties": { "max": { "type": "integer" }, "min": { "type": "integer" } }, "required": [ "max", "min" ], "type": "object" }, "type": "array" }, "serviceLoopPrevention": { "pattern": "^(?i)(Drop|Reject|Disabled)?$", "type": "string" }, "sidecarAccelerationEnabled": { "type": "boolean" }, "usageReportingEnabled": { "type": "boolean" }, "usageReportingInitialDelay": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "usageReportingInterval": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "useInternalDataplaneDriver": { "type": "boolean" }, "vxlanEnabled": { "type": "boolean" }, "vxlanMTU": { "type": "integer" }, "vxlanMTUV6": { "type": "integer" }, "vxlanPort": { "type": "integer" }, "vxlanVNI": { "type": "integer" }, "windowsManageFirewallRules": { "enum": [ "Enabled", "Disabled" ], "type": "string" }, "wireguardEnabled": { "type": "boolean" }, "wireguardEnabledV6": { "type": "boolean" }, "wireguardHostEncryptionEnabled": { "type": "boolean" }, "wireguardInterfaceName": { "type": "string" }, "wireguardInterfaceNameV6": { "type": "string" }, "wireguardKeepAlive": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" }, "wireguardListeningPort": { "type": "integer" }, "wireguardListeningPortV6": { "type": "integer" }, "wireguardMTU": { "type": "integer" }, "wireguardMTUV6": { "type": "integer" }, "wireguardRoutingRulePriority": { "type": "integer" }, "wireguardThreadingEnabled": { "type": "boolean" }, "workloadSourceSpoofing": { "pattern": "^(?i)(Disabled|Any)?$", "type": "string" }, "xdpEnabled": { "type": "boolean" }, "xdpRefreshInterval": { "pattern": "^([0-9]+(\\\\.[0-9]+)?(ms|s|m|h))*$", "type": "string" } }, "type": "object" } }, "type": "object" }