This is the multi-page printable view of this section. Click here to print.
network
Package network provides network machine configuration documents.
1 - EthernetConfig
EthernetConfig is a config document to configure Ethernet interfaces.
apiVersion: v1alpha1
kind: EthernetConfig
name: enp0s2 # Name of the link (interface).
# Configuration for Ethernet features.
features:
tx-tcp-segmentation: false
# Configuration for Ethernet link rings.
rings:
rx: 256 # Number of RX rings.
# Configuration for Ethernet link channels.
channels:
rx: 4 # Number of RX channels.| Field | Type | Description | Value(s) |
|---|---|---|---|
name | string | Name of the link (interface). | |
features | map[string]bool | Configuration for Ethernet features.Set of features available and whether they can be enabled or disabled is driver specific. Use talosctl get ethernetstatus <link> -o yaml to get the list of available features andtheir current status. | |
rings | EthernetRingsConfig | Configuration for Ethernet link rings.This is similar to ethtool -G command. | |
channels | EthernetChannelsConfig | Configuration for Ethernet link channels.This is similar to ethtool -L command. |
rings
EthernetRingsConfig is a configuration for Ethernet link rings.
| Field | Type | Description | Value(s) |
|---|---|---|---|
rx | uint32 | Number of RX rings. | |
tx | uint32 | Number of TX rings. | |
rx-mini | uint32 | Number of RX mini rings. | |
rx-jumbo | uint32 | Number of RX jumbo rings. | |
rx-buf-len | uint32 | RX buffer length. | |
cqe-size | uint32 | CQE size. | |
tx-push | bool | TX push enabled. | |
rx-push | bool | RX push enabled. | |
tx-push-buf-len | uint32 | TX push buffer length. | |
tcp-data-split | bool | TCP data split enabled. |
channels
EthernetChannelsConfig is a configuration for Ethernet link channels.
| Field | Type | Description | Value(s) |
|---|---|---|---|
rx | uint32 | Number of RX channels. | |
tx | uint32 | Number of TX channels. | |
other | uint32 | Number of other channels. | |
combined | uint32 | Number of combined channels. |
2 - KubeSpanEndpointsConfig
KubeSpanEndpointsConfig is a config document to configure KubeSpan endpoints.
apiVersion: v1alpha1
kind: KubeSpanEndpointsConfig
# A list of extra Wireguard endpoints to announce from this machine.
extraAnnouncedEndpoints:
- 192.168.13.46:52000| Field | Type | Description | Value(s) |
|---|---|---|---|
extraAnnouncedEndpoints | []AddrPort | A list of extra Wireguard endpoints to announce from this machine.Talos automatically adds endpoints based on machine addresses, public IP, etc. This field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping. |
3 - NetworkDefaultActionConfig
NetworkDefaultActionConfig is a ingress firewall default action configuration document.
apiVersion: v1alpha1
kind: NetworkDefaultActionConfig
ingress: accept # Default action for all not explicitly configured ingress traffic: accept or block.| Field | Type | Description | Value(s) |
|---|---|---|---|
ingress | DefaultAction | Default action for all not explicitly configured ingress traffic: accept or block. | acceptblock |
4 - NetworkRuleConfig
NetworkRuleConfig is a network firewall rule config document.
apiVersion: v1alpha1
kind: NetworkRuleConfig
name: ingress-apid # Name of the config document.
# Port selector defines which ports and protocols on the host are affected by the rule.
portSelector:
# Ports defines a list of port ranges or single ports.
ports:
- 50000
protocol: tcp # Protocol defines traffic protocol (e.g. TCP or UDP).
# Ingress defines which source subnets are allowed to access the host ports/protocols defined by the `portSelector`.
ingress:
- subnet: 192.168.0.0/16 # Subnet defines a source subnet.| Field | Type | Description | Value(s) |
|---|---|---|---|
name | string | Name of the config document. | |
portSelector | RulePortSelector | Port selector defines which ports and protocols on the host are affected by the rule. | |
ingress | []IngressRule | Ingress defines which source subnets are allowed to access the host ports/protocols defined by the portSelector. |
portSelector
RulePortSelector is a port selector for the network rule.
| Field | Type | Description | Value(s) |
|---|---|---|---|
ports | PortRanges | Ports defines a list of port ranges or single ports.The port ranges are inclusive, and should not overlap.Show example(s) | |
protocol | Protocol | Protocol defines traffic protocol (e.g. TCP or UDP). | tcpudpicmpicmpv6 |
ingress[]
IngressRule is a ingress rule.
| Field | Type | Description | Value(s) |
|---|---|---|---|
subnet | Prefix | Subnet defines a source subnet. Show example(s) | |
except | Prefix | Except defines a source subnet to exclude from the rule, it gets excluded from the subnet. |