API Reference
Packages
- networking.metal.ironcore.dev/v1alpha1
- nx.cisco.networking.metal.ironcore.dev/v1alpha1
- xe.cisco.networking.metal.ironcore.dev/v1alpha1
- xr.cisco.networking.metal.ironcore.dev/v1alpha1
networking.metal.ironcore.dev/v1alpha1
Package v1alpha1 contains API Schema definitions for the networking.metal.ironcore.dev v1alpha1 API group.
SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors SPDX-License-Identifier: Apache-2.0
Resource Types
- BGP
- BGPPeer
- Banner
- Certificate
- DNS
- Device
- EVPNInstance
- ISIS
- Interface
- LLDP
- ManagementAccess
- NTP
- NetworkVirtualizationEdge
- OSPF
- PIM
- PrefixSet
- RoutingPolicy
- SNMP
- Syslog
- User
- VLAN
- VRF
ACLAction
Underlying type: string
ACLAction represents the type of action that can be taken by an ACL rule.
Validation:
- Enum: [Permit Deny]
Appears in:
| Field | Description |
|---|---|
Permit | ActionPermit allows traffic that matches the rule. |
Deny | ActionDeny blocks traffic that matches the rule. |
ACLEntry
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
sequence integer | The sequence number of the ACL entry. | Minimum: 1 Required: {} | |
action ACLAction | The forwarding action of the ACL entry. | Enum: [Permit Deny] Required: {} | |
protocol Protocol | The protocol to match. If not specified, defaults to "IP". Available options are: ICMP, IP, OSPF, PIM, TCP, UDP. | IP | Enum: [ICMP IP OSPF PIM TCP UDP] Optional: {} |
sourceAddress IPPrefix | Source IP address prefix. Can be IPv4 or IPv6. Use 0.0.0.0/0 (::/0) to represent 'any'. | Format: cidr Type: string Required: {} | |
destinationAddress IPPrefix | Destination IP address prefix. Can be IPv4 or IPv6. Use 0.0.0.0/0 (::/0) to represent 'any'. | Format: cidr Type: string Required: {} | |
description string | Description provides a human-readable description of the ACL entry. | MaxLength: 63 MinLength: 1 Optional: {} |
AddressFamily
Underlying type: string
AddressFamily represents the address family of an ISIS instance.
Validation:
- Enum: [IPv4Unicast IPv6Unicast]
Appears in:
| Field | Description |
|---|---|
IPv4Unicast | |
IPv6Unicast |
AddressFamilyStatus
AddressFamilyStatus defines the prefix exchange statistics for a single address family (e.g., IPv4-Unicast).
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
afiSafi BGPAddressFamilyType | AfiSafi identifies the address family and subsequent address family. | Enum: [IPv4Unicast IPv6Unicast L2vpnEvpn] Required: {} | |
acceptedPrefixes integer | AcceptedPrefixes is the number of prefixes received from the peer that have passed the inbound policy and are stored in the neighbor-specific table (Adj-RIB-In). | Minimum: 0 Optional: {} | |
advertisedPrefixes integer | AdvertisedPrefixes is the number of prefixes currently being advertised to the peer after passing the outbound policy. This reflects the state of the outbound routing table for the peer (Adj-RIB-Out). | Minimum: 0 Optional: {} |
AdminState
Underlying type: string
AdminState represents the administrative state of a resource. This type is used across multiple resources including interfaces, protocols (BGP, OSPF, ISIS, PIM), and system services (NTP, DNS) to indicate whether these are administratively enabled or disabled.
Validation:
- Enum: [Up Down]
Appears in:
- BGPPeerSpec
- BGPSpec
- BorderGatewaySpec
- DNSSpec
- ISISSpec
- InterfaceSpec
- LLDPInterface
- LLDPSpec
- NTPSpec
- NetworkVirtualizationEdgeSpec
- OSPFSpec
- PIMSpec
- Peer
- VLANSpec
- VPCDomainSpec
| Field | Description |
|---|---|
Up | AdminStateUp indicates that the resource is administratively enabled. |
Down | AdminStateDown indicates that the resource is administratively disabled. |
Aggregation
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
memberInterfaceRefs LocalObjectReference array | MemberInterfaceRefs is a list of interface references that are part of the aggregate interface. | MaxItems: 32 MinItems: 1 Required: {} | |
controlProtocol ControlProtocol | ControlProtocol defines the lacp configuration for the aggregate interface. | { mode:Active } | Optional: {} |
multichassis MultiChassis | Multichassis defines the multichassis configuration for the aggregate interface. | Optional: {} |
AnycastGateway
AnycastGateway defines distributed anycast gateway configuration. Multiple NVEs in the fabric share the same virtual MAC address, enabling active-active default gateway redundancy for hosts.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
virtualMAC string | VirtualMAC is the shared MAC address used by all NVEs in the fabric for anycast gateway functionality on RoutedVLAN (SVI) interfaces. All switches in the fabric must use the same MAC address. Format: IEEE 802 MAC-48 address (e.g., "00:00:5E:00:01:01") | Pattern: ^([0-9A-Fa-f]\{2\}:)\{5\}[0-9A-Fa-f]\{2\}$ Required: {} |
BFD
BFD defines the Bidirectional Forwarding Detection configuration for an interface.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled indicates whether BFD is enabled on the interface. | Required: {} | |
desiredMinimumTxInterval Duration | DesiredMinimumTxInterval is the minimum interval between transmission of BFD control packets that the operator desires. This value is advertised to the peer. The actual interval used is the maximum of this value and the remote required-minimum-receive interval value. | Pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ Type: string Optional: {} | |
requiredMinimumReceive Duration | RequiredMinimumReceive is the minimum interval between received BFD control packets that this system should support. This value is advertised to the remote peer to indicate the maximum frequency between BFD control packets that is acceptable to the local system. | Pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ Type: string Optional: {} | |
detectionMultiplier integer | DetectionMultiplier is the number of packets that must be missed to declare this session as down. The detection interval for the BFD session is calculated by multiplying the value of the negotiated transmission interval by this value. | Maximum: 255 Minimum: 1 Optional: {} |
BGP
BGP is the Schema for the bgp API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | BGP | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec BGPSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status BGPStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
BGPAddressFamilies
BGPAddressFamilies defines the configuration for supported BGP address families.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
ipv4Unicast BGPAddressFamily | Ipv4Unicast configures IPv4 unicast address family support. Enables exchange of IPv4 unicast routes between BGP peers. | Optional: {} | |
ipv6Unicast BGPAddressFamily | Ipv6Unicast configures IPv6 unicast address family support. Enables exchange of IPv6 unicast routes between BGP peers. | Optional: {} | |
l2vpnEvpn BGPL2vpnEvpn | L2vpnEvpn configures L2VPN EVPN address family support. Enables exchange of Ethernet VPN routes for overlay network services. | Optional: {} |
BGPAddressFamily
BGPAddressFamily defines common configuration for a BGP address family.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled determines whether this address family is activated for BGP sessions. When false, the address family is not negotiated with peers. | Optional: {} | |
multipath BGPMultipath | Multipath configures address family specific multipath behavior. When specified, overrides global multipath settings for this address family. | Optional: {} |
BGPAddressFamilyType
Underlying type: string
BGPAddressFamilyType represents the BGP address family identifier (AFI/SAFI combination).
Validation:
- Enum: [IPv4Unicast IPv6Unicast L2vpnEvpn]
Appears in:
| Field | Description |
|---|---|
IPv4Unicast | BGPAddressFamilyIpv4Unicast represents the IPv4 Unicast address family (AFI=1, SAFI=1). |
IPv6Unicast | BGPAddressFamilyIpv6Unicast represents the IPv6 Unicast address family (AFI=2, SAFI=1). |
L2vpnEvpn | BGPAddressFamilyL2vpnEvpn represents the L2VPN EVPN address family (AFI=25, SAFI=70). |
BGPCommunityType
Underlying type: string
BGPCommunityType represents the type of BGP community attributes that can be sent to peers.
Validation:
- Enum: [Standard Extended Both]
Appears in:
| Field | Description |
|---|---|
Standard | BGPCommunityTypeStandard sends only standard community attributes (RFC 1997) |
Extended | BGPCommunityTypeExtended sends only extended community attributes (RFC 4360) |
Both | BGPCommunityTypeBoth sends both standard and extended community attributes |
BGPL2vpnEvpn
BGPL2vpnEvpn defines the configuration for L2VPN EVPN address family.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled determines whether this address family is activated for BGP sessions. When false, the address family is not negotiated with peers. | Optional: {} | |
multipath BGPMultipath | Multipath configures address family specific multipath behavior. When specified, overrides global multipath settings for this address family. | Optional: {} | |
routeTargetPolicy BGPRouteTargetPolicy | RouteTargetPolicy configures route target filtering behavior for EVPN routes. Controls which routes are retained based on route target matching. | Optional: {} |
BGPMultipath
BGPMultipath defines the configuration for BGP multipath behavior.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled determines whether BGP is allowed to use multiple paths for forwarding. When false, BGP will only use a single best path regardless of multiple equal-cost paths. | Optional: {} | |
ebgp BGPMultipathEbgp | Ebgp configures multipath behavior for external BGP (eBGP) paths. | Optional: {} | |
ibgp BGPMultipathIbgp | Ibgp configures multipath behavior for internal BGP (iBGP) paths. | Optional: {} |
BGPMultipathEbgp
BGPMultipathEbgp defines the configuration for eBGP multipath behavior.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
allowMultipleAs boolean | AllowMultipleAs enables the use of multiple paths with different AS paths for eBGP. When true, relaxes the requirement that multipath candidates must have identical AS paths. This corresponds to the "RelaxAs" mode. | Optional: {} | |
maximumPaths integer | MaximumPaths sets the maximum number of eBGP paths that can be used for multipath load balancing. Valid range is 1-64 when specified. When omitted, no explicit limit is configured. | Maximum: 64 Minimum: 1 Optional: {} |
BGPMultipathIbgp
BGPMultipathIbgp defines the configuration for iBGP multipath behavior.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
maximumPaths integer | MaximumPaths sets the maximum number of iBGP paths that can be used for multipath load balancing. Valid range is 1-64 when specified. When omitted, no explicit limit is configured. | Maximum: 64 Minimum: 1 Optional: {} |
BGPPeer
BGPPeer is the Schema for the bgppeers API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | BGPPeer | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec BGPPeerSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status BGPPeerStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
BGPPeerAddressFamilies
BGPPeerAddressFamilies defines the address family specific configuration for a BGP peer.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
ipv4Unicast BGPPeerAddressFamily | Ipv4Unicast configures IPv4 unicast address family settings for this peer. Controls IPv4 unicast route exchange and peer-specific behavior. | Optional: {} | |
ipv6Unicast BGPPeerAddressFamily | Ipv6Unicast configures IPv6 unicast address family settings for this peer. Controls IPv6 unicast route exchange and peer-specific behavior. | Optional: {} | |
l2vpnEvpn BGPPeerAddressFamily | L2vpnEvpn configures L2VPN EVPN address family settings for this peer. Controls EVPN route exchange and peer-specific behavior. | Optional: {} |
BGPPeerAddressFamily
BGPPeerAddressFamily defines common configuration for a BGP peer's address family.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled determines whether this address family is activated for this specific peer. When false, the address family is not negotiated with this peer. Defaults to false. | Optional: {} | |
sendCommunity BGPCommunityType | SendCommunity specifies which community attributes should be sent to this BGP peer for this address family. If not specified, no community attributes are sent. | Enum: [Standard Extended Both] Optional: {} | |
routeReflectorClient boolean | RouteReflectorClient indicates whether this peer should be treated as a route reflector client for this specific address family. Defaults to false. | Optional: {} |
BGPPeerLocalAddress
BGPPeerLocalAddress defines the local address configuration for a BGP peer.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
interfaceRef LocalObjectReference | InterfaceRef is a reference to an Interface resource whose IP address will be used as the source address for BGP packets sent to this peer. The Interface object must exist in the same namespace. | Required: {} |
BGPPeerSessionState
Underlying type: string
BGPPeerSessionState represents the operational state of a BGP peer session.
Validation:
- Enum: [Idle Connect Active OpenSent OpenConfirm Established Unknown]
Appears in:
| Field | Description |
|---|---|
Idle | BGPPeerSessionStateIdle indicates the peer is down and in the idle state of the FSM. |
Connect | BGPPeerSessionStateConnect indicates the peer is down and the session is waiting for the underlying transport session to be established. |
Active | BGPPeerSessionStateActive indicates the peer is down and the local system is awaiting a connection from the remote peer. |
OpenSent | BGPPeerSessionStateOpenSent indicates the peer is in the process of being established. The local system has sent an OPEN message. |
OpenConfirm | BGPPeerSessionStateOpenConfirm indicates the peer is in the process of being established. The local system is awaiting a NOTIFICATION or KEEPALIVE message. |
Established | BGPPeerSessionStateEstablished indicates the peer is up - the BGP session with the peer is established. |
Unknown | BGPPeerSessionStateUnknown indicates the peer state is unknown. |
BGPPeerSpec
BGPPeerSpec defines the desired state of BGPPeer
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the BGP to its provider-specific configuration. | Optional: {} | |
adminState AdminState | AdminState indicates whether this BGP peer is administratively up or down. When Down, the BGP session with this peer is administratively shut down. | Up | Enum: [Up Down] Optional: {} |
address string | Address is the IPv4 address of the BGP peer. | Format: ipv4 Required: {} | |
asNumber IntOrString | ASNumber is the autonomous system number (ASN) of the BGP peer. Supports both plain format (1-4294967295) and dotted notation (1-65535.0-65535) as per RFC 5396. | Required: {} | |
description string | Description is an optional human-readable description for this BGP peer. This field is used for documentation purposes and may be displayed in management interfaces. | Optional: {} | |
localAddress BGPPeerLocalAddress | LocalAddress specifies the local address configuration for the BGP session with this peer. This determines the source address/interface for BGP packets sent to this peer. | Optional: {} | |
addressFamilies BGPPeerAddressFamilies | AddressFamilies configures address family specific settings for this BGP peer. Controls which address families are enabled and their specific configuration. | Optional: {} |
BGPPeerStatus
BGPPeerStatus defines the observed state of BGPPeer.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
sessionState BGPPeerSessionState | SessionState is the current operational state of the BGP session. | Enum: [Idle Connect Active OpenSent OpenConfirm Established Unknown] Optional: {} | |
lastEstablishedTime Time | LastEstablishedTime is the timestamp when the BGP session last transitioned to the ESTABLISHED state. A frequently changing timestamp indicates session instability (flapping). | Optional: {} | |
advertisedPrefixesSummary string | AdvertisedPrefixesSummary provides a human-readable summary of advertised prefixes across all address families (e.g., "10 (IPv4Unicast), 5 (IPv6Unicast)"). This field is computed by the controller from the AddressFamilies field. | Optional: {} | |
addressFamilies AddressFamilyStatus array | AddressFamilies contains per-address-family statistics for this peer. Only address families that are enabled and negotiated with the peer are included. | Optional: {} | |
observedGeneration integer | ObservedGeneration reflects the .metadata.generation that was last processed by the controller. | Optional: {} | |
conditions Condition array | The conditions are a list of status objects that describe the state of the BGP. | Optional: {} |
BGPRouteTargetPolicy
BGPRouteTargetPolicy defines the policy for route target filtering in EVPN.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
retainAll boolean | RetainAll controls whether all route targets are retained regardless of import policy. | Optional: {} |
BGPSpec
BGPSpec defines the desired state of BGP
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the BGP to its provider-specific configuration. | Optional: {} | |
adminState AdminState | AdminState indicates whether this BGP router is administratively up or down. | Up | Enum: [Up Down] Optional: {} |
asNumber IntOrString | ASNumber is the autonomous system number (ASN) for the BGP router. Supports both plain format (1-4294967295) and dotted notation (1-65535.0-65535) as per RFC 5396. | Required: {} | |
routerId string | RouterID is the BGP router identifier, used in BGP messages to identify the originating router. Follows dotted quad notation (IPv4 format). | Format: ipv4 Required: {} | |
addressFamilies BGPAddressFamilies | AddressFamilies configures supported BGP address families and their specific settings. | Optional: {} |
BGPStatus
BGPStatus defines the observed state of BGP.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the BGP. | Optional: {} |
Banner
Banner is the Schema for the banners API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | Banner | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec BannerSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status BannerStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
BannerSpec
BannerSpec defines the desired state of Banner
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Banner to its provider-specific configuration. | Optional: {} | |
type BannerType | Type specifies the banner type to configure, either PreLogin or PostLogin. Immutable. | PreLogin | Enum: [PreLogin PostLogin] Optional: {} |
message TemplateSource | Message is the banner message to display. | Required: {} |
BannerStatus
BannerStatus defines the observed state of Banner.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the Banner. | Optional: {} |
BannerType
Underlying type: string
BannerType represents the type of banner to configure
Validation:
- Enum: [PreLogin PostLogin]
Appears in:
| Field | Description |
|---|---|
PreLogin | BannerTypePreLogin represents the login banner displayed before user authentication. This corresponds to the openconfig-system login-banner leaf. |
PostLogin | BannerTypePostLogin represents the message banner displayed after user authentication. This corresponds to the openconfig-system motd-banner leaf. |
BgpActions
BgpActions defines BGP-specific actions for a policy statement.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
setCommunity SetCommunityAction | SetCommunity configures BGP standard community attributes. | Optional: {} | |
setExtCommunity SetExtCommunityAction | SetExtCommunity configures BGP extended community attributes. | Optional: {} |
Certificate
Certificate is the Schema for the certificates API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | Certificate | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec CertificateSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status CertificateStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
CertificateSource
CertificateSource represents a source for the value of a certificate.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
secretRef SecretReference | Secret containing the certificate. The secret must be of type kubernetes.io/tls and as such contain the following keys: 'tls.crt' and 'tls.key'. | Required: {} |
CertificateSpec
CertificateSpec defines the desired state of Certificate
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Certificate to its provider-specific configuration. | Optional: {} | |
id string | The certificate management id. Immutable. | MaxLength: 63 MinLength: 1 Required: {} | |
secretRef SecretReference | Secret containing the certificate source. The secret must be of type kubernetes.io/tls and as such contain the following keys: 'tls.crt' and 'tls.key'. | Required: {} |
CertificateStatus
CertificateStatus defines the observed state of Certificate.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the Certificate. | Optional: {} |
ChecksumType
Underlying type: string
ChecksumType defines the type of checksum used for image verification.
Validation:
- Enum: [SHA256 MD5]
Appears in:
| Field | Description |
|---|---|
SHA256 | |
MD5 |
ConfigMapKeySelector
ConfigMapKeySelector contains enough information to select a key of a ConfigMap.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is unique within a namespace to reference a configmap resource. | MaxLength: 253 MinLength: 1 Required: {} | |
namespace string | Namespace defines the space within which the configmap name must be unique. If omitted, the namespace of the object being reconciled will be used. | MaxLength: 63 MinLength: 1 Optional: {} | |
key string | Key is the of the entry in the configmap resource's data or binaryDatafield to be used. | MaxLength: 253 MinLength: 1 Required: {} |
ConfigMapReference
ConfigMapReference represents a ConfigMap Reference. It has enough information to retrieve a ConfigMap in any namespace.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is unique within a namespace to reference a configmap resource. | MaxLength: 253 MinLength: 1 Required: {} | |
namespace string | Namespace defines the space within which the configmap name must be unique. If omitted, the namespace of the object being reconciled will be used. | MaxLength: 63 MinLength: 1 Optional: {} |
ControlProtocol
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
mode LACPMode | Mode defines the LACP mode for the aggregate interface. | Enum: [Active Passive] Required: {} |
DNS
DNS is the Schema for the dns API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | DNS | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec DNSSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status DNSStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
DNSSpec
DNSSpec defines the desired state of DNS
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the DNS to its provider-specific configuration. | Optional: {} | |
adminState AdminState | AdminState indicates whether DNS is administratively up or down. | Up | Enum: [Up Down] Optional: {} |
domain string | Default domain name that the device uses to complete unqualified hostnames. | Format: hostname MaxLength: 253 MinLength: 1 Required: {} | |
servers NameServer array | A list of DNS servers to use for address resolution. | MaxItems: 6 MinItems: 1 Optional: {} | |
sourceInterfaceName string | Source interface for all DNS traffic. | MaxLength: 63 MinLength: 1 Optional: {} |
DNSStatus
DNSStatus defines the observed state of DNS.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the DNS. | Optional: {} |
Device
Device is the Schema for the devices API.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | Device | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec DeviceSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | ||
status DeviceStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status |
DevicePhase
Underlying type: string
DevicePhase represents the current phase of the Device as it's being provisioned and managed by the operator.
Validation:
- Enum: [Pending Provisioning Running Failed Provisioned]
Appears in:
| Field | Description |
|---|---|
Pending | DevicePhasePending indicates that the device is pending and has not yet been provisioned. |
Provisioning | DevicePhaseProvisioning indicates that the device is being provisioned. |
Provisioned | DevicePhaseProvisioned indicates that the device provisioning has completed and the operator is performing post-provisioning tasks. |
Running | DevicePhaseRunning indicates that the device has been successfully provisioned and is now ready for use. |
Failed | DevicePhaseFailed indicates that the device provisioning has failed. |
DevicePort
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is the name of the port. | Required: {} | |
type string | Type is the type of the port, e.g. "10g". | Optional: {} | |
supportedSpeedsGbps integer array | SupportedSpeedsGbps is the list of supported speeds in Gbps for this port. | Optional: {} | |
transceiver string | Transceiver is the type of transceiver plugged into the port, if any. | Optional: {} | |
interfaceName LocalObjectReference | InterfaceRef is the reference to the corresponding Interface resource configuring this port, if any. | Optional: {} |
DeviceSpec
DeviceSpec defines the desired state of Device.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
paused boolean | Paused can be used to prevent controllers from processing the Device and its associated objects. | Optional: {} | |
endpoint Endpoint | Endpoint contains the connection information for the device. | Required: {} | |
provisioning Provisioning | Provisioning is an optional configuration for the device provisioning process. It can be used to provide initial configuration templates or scripts that are applied during the device provisioning. | Optional: {} |
DeviceStatus
DeviceStatus defines the observed state of Device.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
phase DevicePhase | Phase represents the current phase of the Device. | Pending | Enum: [Pending Provisioning Running Failed Provisioned] Required: {} |
manufacturer string | Manufacturer is the manufacturer of the Device. | Optional: {} | |
model string | Model is the model identifier of the Device. | Optional: {} | |
serialNumber string | SerialNumber is the serial number of the Device. | Optional: {} | |
firmwareVersion string | FirmwareVersion is the firmware version running on the Device. | Optional: {} | |
provisioning ProvisioningInfo array | Provisioning is the list of provisioning attempts for the Device. | Optional: {} | |
ports DevicePort array | Ports is the list of ports on the Device. | Optional: {} | |
portSummary string | PostSummary shows a summary of the port configured, grouped by type, e.g. "1/4 (10g), 3/64 (100g)". | Optional: {} | |
conditions Condition array | The conditions are a list of status objects that describe the state of the Device. | Optional: {} |
EVPNInstance
EVPNInstance is the Schema for the evpninstances API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | EVPNInstance | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec EVPNInstanceSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status EVPNInstanceStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
EVPNInstanceSpec
EVPNInstanceSpec defines the desired state of EVPNInstance
It models an EVPN instance (EVI) context on a single network device based on VXLAN encapsulation and the VLAN-based service type defined in [RFC 8365]. [RFC 8365]: https://datatracker.ietf.org/doc/html/rfc8365
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the BGP to its provider-specific configuration. | Optional: {} | |
vni integer | VNI is the VXLAN Network Identifier. Immutable. | Maximum: 1.6777214e+07 Minimum: 1 Required: {} | |
type EVPNInstanceType | Type specifies the EVPN instance type. Immutable. | Enum: [Bridged Routed] Required: {} | |
multicastGroupAddress string | MulticastGroupAddress specifies the IPv4 multicast group address used for BUM (Broadcast, Unknown unicast, Multicast) traffic. The address must be in the valid multicast range (224.0.0.0 - 239.255.255.255). | Format: ipv4 Optional: {} | |
routeDistinguisher string | RouteDistinguisher is the route distinguisher for the EVI. Formats supported: - Type 0: ASN(0-65535):Number(0-4294967295) - Type 1: IPv4:Number(0-65535) - Type 2: ASN(65536-4294967295):Number(0-65535) | Optional: {} | |
routeTargets EVPNRouteTarget array | RouteTargets is the list of route targets for the EVI. | MinItems: 1 Optional: {} | |
vlanRef LocalObjectReference | VLANRef is a reference to a VLAN resource for which this EVPNInstance builds the MAC-VRF. This field is only applicable when Type is Bridged (L2VNI). The VLAN resource must exist in the same namespace. Immutable. | Optional: {} |
EVPNInstanceStatus
EVPNInstanceStatus defines the observed state of EVPNInstance.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the EVPNInstance. | Optional: {} |
EVPNInstanceType
Underlying type: string
EVPNInstanceType defines the type of EVPN instance.
Validation:
- Enum: [Bridged Routed]
Appears in:
| Field | Description |
|---|---|
Bridged | EVPNInstanceTypeBridged represents an L2VNI (MAC-VRF) EVPN instance. Corresponds to OpenConfig network-instance type L2VSI. |
Routed | EVPNInstanceTypeRouted represents an L3VNI (IP-VRF) EVPN instance. Corresponds to OpenConfig network-instance type L3VRF. |
EVPNRouteTarget
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
value string | Value is the route target value, must have the format as RouteDistinguisher. | MinLength: 1 Required: {} | |
action RouteTargetAction | Action defines whether the route target is imported, exported, or both. | Enum: [Import Export Both] Required: {} |
Endpoint
Endpoint contains the connection information for the device.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
address string | Address is the management address of the device provided in IP:Port format. | Pattern: ^(\d\{1,3\}\.)\{3\}\d\{1,3\}:\d\{1,5\}$ Required: {} | |
secretRef SecretReference | SecretRef is name of the authentication secret for the device containing the username and password. The secret must be of type kubernetes.io/basic-auth and as such contain the following keys: 'username' and 'password'. | Optional: {} | |
tls TLS | Transport credentials for grpc connection to the switch. | Optional: {} |
Ethernet
Ethernet defines the ethernet-specific configuration for physical interfaces.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
fecMode FECMode | FECMode specifies the Forward Error Correction mode for the interface. FEC provides error detection and correction at the physical layer, improving link reliability. When not specified, the FEC mode defaults to "auto" where the device negotiates the appropriate mode. | Enum: [FC RS528 Disabled] Optional: {} |
FECMode
Underlying type: string
FECMode represents the Forward Error Correction mode for Ethernet Interfaces.
Validation:
- Enum: [FC RS528 Disabled]
Appears in:
| Field | Description |
|---|---|
FC | FECModeFC indicates IEEE 802.3 Clause 74 Fire Code FEC for NRZ modulation (<100G). |
RS528 | FECModeRS528 indicates IEEE 802.3 Clause 91 Reed-Solomon FEC (528,514) for NRZ modulation. |
Disabled | FECModeDisabled indicates FEC is administratively disabled. |
GNMI
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
maxConcurrentCall integer | The maximum number of concurrent gNMI calls that can be made to the gRPC server on the switch for each VRF. Configure a limit from 1 through 16. The default limit is 8. | 8 | ExclusiveMaximum: false Maximum: 16 Minimum: 1 Optional: {} |
keepAliveTimeout Duration | Configure the keepalive timeout for inactive or unauthorized connections. The gRPC agent is expected to periodically send an empty response to the client, on which the client is expected to respond with an empty request. If the client does not respond within the keepalive timeout, the gRPC agent should close the connection. The default interval value is 10 minutes. | 10m | Pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ Type: string Optional: {} |
GRPC
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enable or disable the gRPC server on the device. If not specified, the gRPC server is enabled by default. | true | Optional: {} |
port integer | The TCP port on which the gRPC server should listen. The range of port-id is from 1024 to 65535. Port 9339 is the default. | 9339 | ExclusiveMaximum: false Maximum: 65535 Minimum: 1024 Optional: {} |
certificateId string | Name of the certificate that is associated with the gRPC service. The certificate is provisioned through other interfaces on the device, such as e.g. the gNOI certificate management service. | MaxLength: 63 MinLength: 1 Optional: {} | |
vrfName string | Enable the gRPC agent to accept incoming (dial-in) RPC requests from a given vrf. | MaxLength: 63 MinLength: 1 Optional: {} | |
gnmi GNMI | Additional gNMI configuration for the gRPC server. This may not be supported by all devices. | { keepAliveTimeout:10m maxConcurrentCall:8 } | Optional: {} |
HostReachabilityType
Underlying type: string
HostReachabilityType defines the method used for host reachability.
Validation:
- Enum: [FloodAndLearn BGP]
Appears in:
| Field | Description |
|---|---|
BGP | HostReachabilityTypeBGP uses BGP EVPN control-plane for MAC/IP advertisement. |
FloodAndLearn | HostReachabilityTypeFloodAndLearn uses data-plane learning for MAC addresses. |
IPPrefix
IPPrefix represents an IP prefix in CIDR notation. It is used to define a range of IP addresses in a network.
Validation:
- Format: cidr
- Type: string
Appears in:
ISIS
ISIS is the Schema for the isis API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | ISIS | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec ISISSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status ISISStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
ISISLevel
Underlying type: string
ISISLevel represents the level of an ISIS instance.
Validation:
- Enum: [Level1 Level2 Level1-2]
Appears in:
| Field | Description |
|---|---|
Level1 | |
Level2 | |
Level1-2 |
ISISSpec
ISISSpec defines the desired state of ISIS
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Interface to its provider-specific configuration. | Optional: {} | |
adminState AdminState | AdminState indicates whether the ISIS instance is administratively up or down. | Up | Enum: [Up Down] Optional: {} |
instance string | Instance is the name of the ISIS instance. | MaxLength: 63 MinLength: 1 Required: {} | |
networkEntityTitle string | NetworkEntityTitle is the NET of the ISIS instance. | Pattern: ^[a-fA-F0-9]\{2\}(\.[a-fA-F0-9]\{4\})\{3,9\}\.[a-fA-F0-9]\{2\}$ Required: {} | |
type ISISLevel | Type indicates the level of the ISIS instance. | Enum: [Level1 Level2 Level1-2] Required: {} | |
overloadBit OverloadBit | OverloadBit indicates the overload bit of the ISIS instance. | Never | Enum: [Always Never OnStartup] Optional: {} |
addressFamilies AddressFamily array | AddressFamilies is a list of address families for the ISIS instance. | Enum: [IPv4Unicast IPv6Unicast] MaxItems: 2 MinItems: 1 Required: {} | |
interfaceRefs LocalObjectReference array | InterfaceRefs is a list of interfaces that are part of the ISIS instance. | Optional: {} |
ISISStatus
ISISStatus defines the observed state of ISIS.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the ISIS. | Optional: {} |
Image
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
url string | URL is the location of the image to be used for provisioning. | Required: {} | |
checksum string | Checksum is the checksum of the image for verification. kubebuilder:validation:MinLength=1 | Required: {} | |
checksumType ChecksumType | ChecksumType is the type of the checksum (e.g., sha256, md5). | MD5 | Enum: [SHA256 MD5] Required: {} |
Interface
Interface is the Schema for the interfaces API.
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | Interface | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec InterfaceSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status InterfaceStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
InterfaceIPv4
InterfaceIPv4 defines the IPv4 configuration for an interface.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
addresses IPPrefix array | Addresses defines the list of IPv4 addresses assigned to the interface. The first address in the list is considered the primary address, and any additional addresses are considered secondary addresses. | Format: cidr MinItems: 1 Type: string Optional: {} | |
unnumbered InterfaceIPv4Unnumbered | Unnumbered defines the unnumbered interface configuration. When specified, the interface borrows the IP address from another interface. | Optional: {} | |
anycastGateway boolean | AnycastGateway enables distributed anycast gateway functionality. When enabled, this interface uses the virtual MAC configured in the device's NVE resource for active-active default gateway redundancy. Only applicable for RoutedVLAN interfaces in EVPN/VXLAN fabrics. | false | Optional: {} |
InterfaceIPv4Unnumbered
InterfaceIPv4Unnumbered defines the unnumbered interface configuration. An unnumbered interface borrows the IP address from another interface, allowing the interface to function without its own IP address assignment.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
interfaceRef LocalObjectReference | InterfaceRef is a reference to the interface from which to borrow the IP address. The referenced interface must exist and have at least one IPv4 address configured. | Required: {} |
InterfaceSpec
InterfaceSpec defines the desired state of Interface.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Interface to its provider-specific configuration. | Optional: {} | |
name string | Name is the name of the interface. | MaxLength: 255 MinLength: 1 Required: {} | |
adminState AdminState | AdminState indicates whether the interface is administratively up or down. | Up | Enum: [Up Down] Optional: {} |
description string | Description provides a human-readable description of the interface. | MaxLength: 255 Optional: {} | |
type InterfaceType | Type indicates the type of the interface. | Enum: [Physical Loopback Aggregate RoutedVLAN] Required: {} | |
mtu integer | MTU (Maximum Transmission Unit) specifies the size of the largest packet that can be sent over the interface. | Maximum: 9216 Minimum: 576 Optional: {} | |
switchport Switchport | Switchport defines the switchport configuration for the interface. This is only applicable for Ethernet and Aggregate interfaces. | Optional: {} | |
ipv4 InterfaceIPv4 | IPv4 defines the IPv4 configuration for the interface. | Optional: {} | |
aggregation Aggregation | Aggregation defines the aggregation (bundle) configuration for the interface. This is only applicable for interfaces of type Aggregate. | Optional: {} | |
vlanRef LocalObjectReference | VlanRef is a reference to the VLAN resource that this interface provides routing for. This is only applicable for interfaces of type RoutedVLAN. The referenced VLAN must exist in the same namespace. | Optional: {} | |
vrfRef LocalObjectReference | VrfRef is a reference to the VRF resource that this interface belongs to. If not specified, the interface will be part of the default VRF. This is only applicable for Layer 3 interfaces. The referenced VRF must exist in the same namespace. | Optional: {} | |
bfd BFD | BFD defines the Bidirectional Forwarding Detection configuration for the interface. BFD is only applicable for Layer 3 interfaces (Physical, Loopback, RoutedVLAN). | Optional: {} | |
ethernet Ethernet | Ethernet defines the ethernet-specific configuration for physical interfaces. This configuration is only applicable to Physical interfaces. When omitted, ethernet parameters use their default values (e.g., FEC mode defaults to auto). | Optional: {} |
InterfaceStatus
InterfaceStatus defines the observed state of Interface.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the Interface. | Optional: {} | |
memberOf LocalObjectReference | MemberOf references the aggregate interface this interface is a member of, if any. This field only applies to physical interfaces that are part of an aggregate interface. | Optional: {} |
InterfaceType
Underlying type: string
InterfaceType represents the type of the interface.
Validation:
- Enum: [Physical Loopback Aggregate RoutedVLAN]
Appears in:
| Field | Description |
|---|---|
Physical | InterfaceTypePhysical indicates that the interface is a physical/ethernet interface. |
Loopback | InterfaceTypeLoopback indicates that the interface is a loopback interface. |
Aggregate | InterfaceTypeAggregate indicates that the interface is an aggregate (bundle) interface. |
RoutedVLAN | InterfaceTypeRoutedVLAN indicates that the interface is a routed VLAN interface (SVI/IRB). |
LACPMode
Underlying type: string
LACPMode represents the LACP mode of an interface.
Validation:
- Enum: [Active Passive]
Appears in:
| Field | Description |
|---|---|
Active | LACPModeActive indicates that LACP is in active mode. |
Passive | LACPModePassive indicates that LACP is in passive mode. |
LLDP
LLDP is the Schema for the lldps API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | LLDP | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec LLDPSpec | Required: {} | ||
status LLDPStatus | Optional: {} |
LLDPInterface
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | MaxLength: 63 MinLength: 1 Required: {} | |
adminState AdminState | AdminState indicates whether LLDP is administratively up or down on this interface. This will be ignored if LLDP is configured to be administratively down system-wide. | Up | Enum: [Up Down] Optional: {} |
LLDPSpec
LLDPSpec defines the desired state of LLDP
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration for this LLDP. If not specified the provider applies the target platform's default settings. | Optional: {} | |
adminState AdminState | AdminState indicates whether LLDP is system-wide administratively up or down. | Enum: [Up Down] Required: {} | |
interfaceRefs LLDPInterface array | InterfaceRefs is a list of interfaces and their LLDP configuration. | Optional: {} |
LLDPStatus
LLDPStatus defines the observed state of LLDP.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | conditions represent the current state of the LLDP resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The status of each condition is one of True, False, or Unknown. | Optional: {} |
LocalObjectReference
LocalObjectReference contains enough information to locate a referenced object inside the same namespace.
Appears in:
- AccessControlListSpec
- Aggregation
- BGPPeerLocalAddress
- BGPPeerReference
- BGPPeerSpec
- BGPSpec
- BannerSpec
- BorderGatewaySpec
- CertificateSpec
- DNSSpec
- DevicePort
- EVPNInstanceSpec
- ISISSpec
- InterconnectInterfaceReference
- InterfaceIPv4Unnumbered
- InterfaceSpec
- InterfaceStatus
- KeepAlive
- LLDPInterface
- LLDPSpec
- ManagementAccessSpec
- NTPSpec
- NetworkVirtualizationEdgeSpec
- OSPFInterface
- OSPFNeighbor
- OSPFSpec
- PIMInterface
- PIMSpec
- Peer
- PrefixSetMatchCondition
- PrefixSetSpec
- RoutingPolicySpec
- SNMPSpec
- SyslogSpec
- SystemSpec
- UserSpec
- VLANSpec
- VLANStatus
- VPCDomainSpec
- VRFSpec
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | MaxLength: 63 MinLength: 1 Required: {} |
LogFacility
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | The name of the log facility. | MaxLength: 63 MinLength: 1 Required: {} | |
severity Severity | The severity level of the log messages for this facility. | Enum: [Debug Info Notice Warning Error Critical Alert Emergency] Required: {} |
LogServer
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
address string | IP address or hostname of the remote log server | MaxLength: 253 MinLength: 1 Required: {} | |
severity Severity | The servity level of the log messages sent to the server. | Enum: [Debug Info Notice Warning Error Critical Alert Emergency] Required: {} | |
vrfName string | The name of the vrf used to reach the log server. | MaxLength: 63 MinLength: 1 Required: {} | |
port integer | The destination port number for syslog UDP messages to the server. The default is 514. | 514 | Optional: {} |
ManagementAccess
ManagementAccess is the Schema for the managementaccesses API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | ManagementAccess | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec ManagementAccessSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status ManagementAccessStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
ManagementAccessSpec
ManagementAccessSpec defines the desired state of ManagementAccess
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Interface to its provider-specific configuration. | Optional: {} | |
grpc GRPC | Configuration for the gRPC server on the device. Currently, only a single "default" gRPC server is supported. | { enabled:true port:9339 } | Optional: {} |
ssh SSH | Configuration for the SSH server on the device. | { enabled:true sessionLimit:32 timeout:10m } | Optional: {} |
ManagementAccessStatus
ManagementAccessStatus defines the observed state of ManagementAccess.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the ManagementAccess. | Optional: {} |
MaskLengthRange
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
min integer | Minimum mask length. | Maximum: 128 Minimum: 0 Required: {} | |
max integer | Maximum mask length. | Maximum: 128 Minimum: 0 Required: {} |
MultiChassis
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled indicates whether the aggregate interface is part of a multichassis setup. | true | Required: {} |
id integer | ID is the multichassis identifier. | Maximum: 4094 Minimum: 1 Required: {} |
MulticastGroups
MulticastGroups defines multicast group addresses for overlay BUM traffic. Only supports IPv4 multicast addresses.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
l2 IPPrefix | L2 is the multicast group for Layer 2 VNIs (BUM traffic in bridged VLANs). | Format: cidr Type: string Optional: {} | |
l3 IPPrefix | L3 is the multicast group for Layer 3 VNIs (BUM traffic in routed VRFs). | Format: cidr Type: string Optional: {} |
NTP
NTP is the Schema for the ntp API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | NTP | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec NTPSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status NTPStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
NTPServer
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
address string | Hostname/IP address of the NTP server. | MaxLength: 253 MinLength: 1 Required: {} | |
prefer boolean | Indicates whether this server should be preferred or not. | false | Optional: {} |
vrfName string | The name of the vrf used to communicate with the NTP server. | MaxLength: 63 MinLength: 1 Optional: {} |
NTPSpec
NTPSpec defines the desired state of NTP
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the NTP to its provider-specific configuration. | Optional: {} | |
adminState AdminState | AdminState indicates whether NTP is administratively up or down. | Up | Enum: [Up Down] Optional: {} |
sourceInterfaceName string | Source interface for all NTP traffic. | MaxLength: 63 MinLength: 1 Required: {} | |
servers NTPServer array | NTP servers. | MinItems: 1 Required: {} |
NTPStatus
NTPStatus defines the observed state of NTP.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the NTP. | Optional: {} |
NameServer
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
address string | The Hostname or IP address of the DNS server. | MaxLength: 253 MinLength: 1 Required: {} | |
vrfName string | The name of the vrf used to communicate with the DNS server. | MaxLength: 63 MinLength: 1 Optional: {} |
NetworkVirtualizationEdge
NetworkVirtualizationEdge is the Schema for the networkvirtualizationedges API The NVE resource is the equivalent to an Endpoint for a Network Virtualization Overlay Object in OpenConfig (nvo:Ep).
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | NetworkVirtualizationEdge | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec NetworkVirtualizationEdgeSpec | Required: {} | ||
status NetworkVirtualizationEdgeStatus | Optional: {} |
NetworkVirtualizationEdgeSpec
NetworkVirtualizationEdgeSpec defines the desired state of a Network Virtualization Edge (NVE).
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration for this NVE. If not specified the provider applies the target platform's default settings. | Optional: {} | |
adminState AdminState | AdminState indicates whether the interface is administratively up or down. | Enum: [Up Down] Required: {} | |
sourceInterfaceRef LocalObjectReference | SourceInterface is the reference to the loopback interface used for the primary NVE IP address. | Required: {} | |
anycastSourceInterfaceRef LocalObjectReference | AnycastSourceInterfaceRef is the reference to the loopback interface used for anycast NVE IP address. | Optional: {} | |
suppressARP boolean | SuppressARP indicates whether ARP suppression is enabled for this NVE. | false | Optional: {} |
hostReachability HostReachabilityType | HostReachability specifies the method used for host reachability. | Enum: [FloodAndLearn BGP] Required: {} | |
multicastGroups MulticastGroups | MulticastGroups defines multicast group addresses for BUM traffic. | Optional: {} | |
anycastGateway AnycastGateway | AnycastGateway defines the distributed anycast gateway configuration. This enables multiple NVEs to share the same gateway IP and MAC for active-active first-hop redundancy. | Optional: {} |
NetworkVirtualizationEdgeStatus
NetworkVirtualizationEdgeStatus defines the observed state of the NVE.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | conditions represent the current state of the NVE resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The conditions are a list of status objects that describe the state of the NVE. | Optional: {} | |
sourceInterfaceName string | SourceInterfaceName is the resolved source interface IP address used for NVE encapsulation. | ||
anycastSourceInterfaceName string | AnycastSourceInterfaceName is the resolved anycast source interface IP address used for NVE encapsulation. | ||
hostReachability string | HostReachability indicates the actual method used for host reachability. |
OSPF
OSPF is the Schema for the ospf API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | OSPF | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec OSPFSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status OSPFStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
OSPFInterface
OSPFInterface defines the OSPF-specific configuration for an interface that is participating in an OSPF instance.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | MaxLength: 63 MinLength: 1 Required: {} | |
area string | Area is the OSPF area identifier for this interface. Must be specified in dotted-quad notation (e.g., "0.0.0.0" for the backbone area). This is semantically a 32-bit identifier displayed in IPv4 address format, not an actual IPv4 address. Area 0 (0.0.0.0) is the OSPF backbone area and is required for proper OSPF operation in multi-area configurations. | Format: ipv4 Required: {} | |
passive boolean | Passive indicates whether this interface should operate in passive mode. In passive mode, OSPF will advertise the interface's network in LSAs but will not send or receive OSPF protocol packets (Hello, LSU, etc.) on this interface. This is typically used for loopback interfaces where OSPF adjacencies should not be formed but the network should still be advertised. Defaults to false (active mode). | Optional: {} |
OSPFNeighbor
OSPFNeighbor represents an OSPF neighbor with its adjacency information.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
routerId string | RouterID is the router identifier of the remote OSPF neighbor. | Required: {} | |
address string | Address is the IP address of the remote OSPF neighbor. | Required: {} | |
interfaceRef LocalObjectReference | InterfaceRef is a reference to the local interface through which this neighbor is connected. | Required: {} | |
priority integer | Priority is the remote system's priority to become the designated router. Valid range is 0-255. | Optional: {} | |
lastEstablishedTime Time | LastEstablishedTime is the timestamp when the adjacency last transitioned to the FULL state. A frequently changing timestamp indicates adjacency instability (flapping). | Optional: {} | |
adjacencyState OSPFNeighborState | AdjacencyState is the current state of the adjacency with this neighbor. | Enum: [Down Attempt Init TwoWay ExStart Exchange Loading Full] Optional: {} |
OSPFNeighborState
Underlying type: string
OSPFNeighborState represents the state of an OSPF adjacency as defined in RFC 2328.
Validation:
- Enum: [Down Attempt Init TwoWay ExStart Exchange Loading Full]
Appears in:
| Field | Description |
|---|---|
Unknown | OSPFNeighborStateUnknown indicates an unknown or undefined state. |
Down | OSPFNeighborStateDown indicates the initial state of a neighbor. No recent information has been received from the neighbor. |
Attempt | OSPFNeighborStateAttempt is only valid for neighbors on NBMA networks. It indicates that no recent information has been received but effort should be made to contact the neighbor. |
Init | OSPFNeighborStateInit indicates a Hello packet has been received from the neighbor but bidirectional communication has not yet been established. |
TwoWay | OSPFNeighborStateTwoWay indicates bidirectional communication has been established. This is the most advanced state short of forming an adjacency. |
ExStart | OSPFNeighborStateExStart indicates the first step in creating an adjacency. The routers are determining the relationship and initial DD sequence number. |
Exchange | OSPFNeighborStateExchange indicates the routers are exchanging Database Description packets. |
Loading | OSPFNeighborStateLoading indicates Link State Request packets are being sent to the neighbor to obtain more recent LSAs that were discovered during the Exchange state. |
Full | OSPFNeighborStateFull indicates the neighboring routers are fully adjacent. LSDBs are synchronized and the adjacency will appear in Router and Network LSAs. |
OSPFSpec
OSPFSpec defines the desired state of OSPF
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Interface to its provider-specific configuration. | Optional: {} | |
adminState AdminState | AdminState indicates whether the OSPF instance is administratively up or down. | Up | Enum: [Up Down] Optional: {} |
instance string | Instance is the process tag of the OSPF instance. | MaxLength: 63 MinLength: 1 Required: {} | |
routerId string | RouterID is the OSPF router identifier, used in OSPF messages to identify the originating router. Follows dotted quad notation (IPv4 format). | Format: ipv4 Required: {} | |
logAdjacencyChanges boolean | LogAdjacencyChanges enables logging when the state of an OSPF neighbor changes. When true, a log message is generated for adjacency state transitions. | Optional: {} | |
interfaceRefs OSPFInterface array | InterfaceRefs is a list of interfaces that are part of the OSPF instance. | MinItems: 1 Optional: {} |
OSPFStatus
OSPFStatus defines the observed state of OSPF.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
adjacencySummary string | AdjacencySummary provides a human-readable summary of neighbor adjacencies by state (e.g., "3 Full, 1 ExStart, 1 Down"). This field is computed by the controller from the Neighbors field. | Optional: {} | |
observedGeneration integer | ObservedGeneration reflects the .metadata.generation that was last processed by the controller. | Optional: {} | |
neighbors OSPFNeighbor array | Neighbors is a list of OSPF neighbors and their adjacency states. | Optional: {} | |
conditions Condition array | The conditions are a list of status objects that describe the state of the OSPF. | Optional: {} |
OverloadBit
Underlying type: string
OverloadBit represents the overload bit of an ISIS instance.
Validation:
- Enum: [Always Never OnStartup]
Appears in:
| Field | Description |
|---|---|
Always | |
Never | |
OnStartup |
PIM
PIM is the Schema for the pim API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | PIM | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec PIMSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status PIMStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
PIMInterface
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | MaxLength: 63 MinLength: 1 Required: {} | |
mode PIMInterfaceMode | Mode is the PIM mode to use when delivering multicast traffic via this interface. | Sparse | Enum: [Sparse Dense] Optional: {} |
PIMInterfaceMode
Underlying type: string
PIMInterfaceMode represents the mode of a PIM interface.
Validation:
- Enum: [Sparse Dense]
Appears in:
| Field | Description |
|---|---|
Sparse | |
Dense |
PIMSpec
PIMSpec defines the desired state of PIM
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the PIM to its provider-specific configuration. | Optional: {} | |
adminState AdminState | AdminState indicates whether the PIM instance is administratively up or down. | Up | Enum: [Up Down] Optional: {} |
rendezvousPoints RendezvousPoint array | RendezvousPoints defines the list of rendezvous points for sparse mode multicast. | MinItems: 1 Optional: {} | |
interfaceRefs PIMInterface array | InterfaceRefs is a list of interfaces that are part of the PIM instance. | MinItems: 1 Optional: {} |
PIMStatus
PIMStatus defines the observed state of PIM.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the PIM. | Optional: {} |
PasswordSource
PasswordSource represents a source for the value of a password.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
secretKeyRef SecretKeySelector | Selects a key of a secret. | Required: {} |
PolicyActions
PolicyActions defines the actions to take when a policy statement matches.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
routeDisposition RouteDisposition | RouteDisposition specifies whether to accept or reject the route. | Enum: [AcceptRoute RejectRoute] Required: {} | |
bgpActions BgpActions | BgpActions specifies BGP-specific actions to apply when the route is accepted. Only applicable when RouteDisposition is AcceptRoute. | Optional: {} |
PolicyConditions
PolicyConditions defines the match criteria for a policy statement.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
matchPrefixSet PrefixSetMatchCondition | MatchPrefixSet matches routes against a PrefixSet resource. | Optional: {} |
PolicyStatement
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
sequence integer | The sequence number of the policy statement. | Minimum: 1 Required: {} | |
conditions PolicyConditions | Conditions define the match criteria for this statement. If no conditions are specified, the statement matches all routes. | Optional: {} | |
actions PolicyActions | Actions define what to do when conditions match. | Required: {} |
PrefixEntry
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
sequence integer | The sequence number of the Prefix entry. | Minimum: 1 Required: {} | |
prefix IPPrefix | IP prefix. Can be IPv4 or IPv6. Use 0.0.0.0/0 (::/0) to represent 'any'. | Format: cidr Type: string Required: {} | |
maskLengthRange MaskLengthRange | Optional mask length range for the prefix. If not specified, only the exact prefix length is matched. | Optional: {} |
PrefixSet
PrefixSet is the Schema for the prefixsets API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | PrefixSet | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec PrefixSetSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status PrefixSetStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
PrefixSetMatchCondition
PrefixSetMatchCondition defines the condition for matching against a PrefixSet.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
prefixSetRef LocalObjectReference | PrefixSetRef references a PrefixSet in the same namespace. The PrefixSet must exist and belong to the same device. | Required: {} |
PrefixSetSpec
PrefixSetSpec defines the desired state of PrefixSet
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Banner to its provider-specific configuration. | Optional: {} | |
name string | Name is the name of the PrefixSet. Immutable. | MaxLength: 32 MinLength: 1 Required: {} | |
entries PrefixEntry array | A list of entries to apply. The address families (IPv4, IPv6) of all prefixes in the list must match. | MaxItems: 100 MinItems: 1 Required: {} |
PrefixSetStatus
PrefixSetStatus defines the observed state of PrefixSet.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
entriesSummary string | EntriesSummary provides a human-readable summary of the number of prefix entries. | Optional: {} | |
conditions Condition array | The conditions are a list of status objects that describe the state of the PrefixSet. | Optional: {} |
Protocol
Underlying type: string
Protocol represents the protocol type for an ACL entry.
Validation:
- Enum: [ICMP IP OSPF PIM TCP UDP]
Appears in:
| Field | Description |
|---|---|
ICMP | |
IP | |
OSPF | |
PIM | |
TCP | |
UDP |
Provisioning
Provisioning defines the configuration for device bootstrap.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
image Image | Image defines the image to be used for provisioning the device. | Required: {} | |
bootScript TemplateSource | BootScript defines the script delivered by a TFTP server to the device during bootstrapping. | Optional: {} |
ProvisioningInfo
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
startTime Time | |||
token string | |||
endTime Time | Optional: {} | ||
reboot Time | Optional: {} | ||
error string | Optional: {} |
RendezvousPoint
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
address string | Address is the IPv4 address of the rendezvous point. | Format: ipv4 Required: {} | |
multicastGroups IPPrefix array | MulticastGroups defined the list of multicast IPv4 address ranges associated with the rendezvous point. If not specified, the rendezvous point will be used for all multicast groups. | Format: cidr Type: string Optional: {} | |
anycastAddresses string array | AnycastAddresses is a list of redundant anycast ipv4 addresses associated with the rendezvous point. | items:Format: ipv4 Optional: {} |
RouteDisposition
Underlying type: string
RouteDisposition defines the final disposition of a route.
Validation:
- Enum: [AcceptRoute RejectRoute]
Appears in:
| Field | Description |
|---|---|
AcceptRoute | AcceptRoute permits the route and applies any configured actions. |
RejectRoute | RejectRoute denies the route immediately. |
RouteTarget
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
value string | Value is the route target value, must have the format as VRFSpec.RouteDistinguisher. Validation via admission webhook. | Required: {} | |
addressFamilies RouteTargetAF array | AddressFamilies is the list of address families for the route target. | Enum: [IPv4 IPv6 IPv4EVPN IPv6EVPN] MinItems: 1 Required: {} | |
action RouteTargetAction | Action defines whether the route target is imported, exported, or both | Enum: [Import Export Both] Required: {} |
RouteTargetAF
Underlying type: string
RouteTargetAF represents a supported address family value.
Validation:
- Enum: [IPv4 IPv6 IPv4EVPN IPv6EVPN]
Appears in:
| Field | Description |
|---|---|
IPv4 | |
IPv6 | |
IPv4EVPN | |
IPv6EVPN |
RouteTargetAction
Underlying type: string
RouteTargetAction represents the action for a route target.
Validation:
- Enum: [Import Export Both]
Appears in:
| Field | Description |
|---|---|
Import | |
Export | |
Both |
RoutingPolicy
RoutingPolicy is the Schema for the routingpolicies API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | RoutingPolicy | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec RoutingPolicySpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status RoutingPolicyStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
RoutingPolicySpec
RoutingPolicySpec defines the desired state of RoutingPolicy
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Banner to its provider-specific configuration. | Optional: {} | |
name string | Name is the identifier of the RoutingPolicy on the device. Immutable. | MaxLength: 63 MinLength: 1 Required: {} | |
statements PolicyStatement array | A list of policy statements to apply. | MaxItems: 100 MinItems: 1 Required: {} |
RoutingPolicyStatus
RoutingPolicyStatus defines the observed state of RoutingPolicy.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
statementsSummary string | StatementsSummary provides a human-readable summary of the number of policy statements. | Optional: {} | |
conditions Condition array | The conditions are a list of status objects that describe the state of the RoutingPolicy. | Optional: {} |
SNMP
SNMP is the Schema for the snmp API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | SNMP | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec SNMPSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status SNMPStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
SNMPCommunity
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name of the community. | MaxLength: 63 MinLength: 1 Required: {} | |
group string | Group to which the community belongs. | MaxLength: 63 MinLength: 1 Optional: {} | |
aclName string | ACL name to filter SNMP requests. | MaxLength: 63 MinLength: 1 Optional: {} |
SNMPHosts
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
address string | The Hostname or IP address of the SNMP host to send notifications to. | MaxLength: 63 MinLength: 1 Required: {} | |
type string | Type of message to send to host. Default is traps. | Traps | Enum: [Traps Informs] Optional: {} |
version string | SNMP version. Default is v2c. | v2c | Enum: [v1 v2c v3] Optional: {} |
community string | SNMP community or user name. | MaxLength: 63 MinLength: 1 Optional: {} | |
vrfName string | The name of the vrf instance to use to source traffic. | MaxLength: 63 MinLength: 1 Optional: {} |
SNMPSpec
SNMPSpec defines the desired state of SNMP
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the SNMP to its provider-specific configuration. | Optional: {} | |
contact string | The contact information for the SNMP server. | MaxLength: 63 MinLength: 1 Optional: {} | |
location string | The location information for the SNMP server. | MaxLength: 63 MinLength: 1 Optional: {} | |
sourceInterfaceName string | The name of the interface to be used for sending out SNMP Trap/Inform notifications. | MaxLength: 63 MinLength: 1 Required: {} | |
communities SNMPCommunity array | SNMP communities for SNMPv1 or SNMPv2c. | MaxItems: 16 MinItems: 1 Optional: {} | |
hosts SNMPHosts array | SNMP destination hosts for SNMP traps or informs messages. | MaxItems: 16 MinItems: 1 Required: {} | |
traps string array | The list of trap notifications to enable. | MinItems: 1 Optional: {} |
SNMPStatus
SNMPStatus defines the observed state of SNMP.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the SNMP. | Optional: {} |
SSH
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enable or disable the SSH server on the device. If not specified, the SSH server is enabled by default. | true | Optional: {} |
timeout Duration | The timeout duration for SSH sessions. If not specified, the default timeout is 10 minutes. | 10m | Type: string Optional: {} |
sessionLimit integer | The maximum number of concurrent SSH sessions allowed. If not specified, the default limit is 32. | 32 | ExclusiveMaximum: false Maximum: 64 Minimum: 1 Optional: {} |
SSHPublicKeySource
SSHPublicKeySource represents a source for the value of an SSH public key.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
secretKeyRef SecretKeySelector | Selects a key of a secret. | Required: {} |
SecretKeySelector
SecretKeySelector contains enough information to select a key of a Secret.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is unique within a namespace to reference a secret resource. | MaxLength: 253 MinLength: 1 Required: {} | |
namespace string | Namespace defines the space within which the secret name must be unique. If omitted, the namespace of the object being reconciled will be used. | MaxLength: 63 MinLength: 1 Optional: {} | |
key string | Key is the of the entry in the secret resource's data or stringDatafield to be used. | MaxLength: 253 MinLength: 1 Required: {} |
SecretReference
SecretReference represents a Secret Reference. It has enough information to retrieve a Secret in any namespace.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name is unique within a namespace to reference a secret resource. | MaxLength: 253 MinLength: 1 Required: {} | |
namespace string | Namespace defines the space within which the secret name must be unique. If omitted, the namespace of the object being reconciled will be used. | MaxLength: 63 MinLength: 1 Optional: {} |
SetCommunityAction
SetCommunityAction defines the action to set BGP standard communities.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
communities string array | Communities is the list of BGP standard communities to set. The communities must be in the format defined by [RFC 1997]. [RFC 1997]: https://datatracker.ietf.org/doc/html/rfc1997 | MinItems: 1 Required: {} |
SetExtCommunityAction
SetExtCommunityAction defines the action to set BGP extended communities.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
communities string array | Communities is the list of BGP extended communities to set. The communities must be in the format defined by [RFC 4360]. [RFC 4360]: https://datatracker.ietf.org/doc/html/rfc4360 | MinItems: 1 Required: {} |
Severity
Underlying type: string
Severity represents the severity level of a log message.
Validation:
- Enum: [Debug Info Notice Warning Error Critical Alert Emergency]
Appears in:
| Field | Description |
|---|---|
Debug | |
Info | |
Notice | |
Warning | |
Error | |
Critical | |
Alert | |
Emergency |
Switchport
Switchport defines the switchport configuration for an interface.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
mode SwitchportMode | Mode defines the switchport mode, such as access or trunk. | Enum: [Access Trunk] Required: {} | |
accessVlan integer | AccessVlan specifies the VLAN ID for access mode switchports. Only applicable when Mode is set to "Access". | Maximum: 4094 Minimum: 1 Optional: {} | |
nativeVlan integer | NativeVlan specifies the native VLAN ID for trunk mode switchports. Only applicable when Mode is set to "Trunk". | Maximum: 4094 Minimum: 1 Optional: {} | |
allowedVlans integer array | AllowedVlans is a list of VLAN IDs that are allowed on the trunk port. If not specified, all VLANs (1-4094) are allowed. Only applicable when Mode is set to "Trunk". | MinItems: 1 items:Maximum: 4094 items:Minimum: 1 Optional: {} |
SwitchportMode
Underlying type: string
SwitchportMode represents the switchport mode of an interface.
Validation:
- Enum: [Access Trunk]
Appears in:
| Field | Description |
|---|---|
Access | SwitchportModeAccess indicates that the switchport is in access mode. |
Trunk | SwitchportModeTrunk indicates that the switchport is in trunk mode. |
Syslog
Syslog is the Schema for the syslogs API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | Syslog | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec SyslogSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status SyslogStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
SyslogSpec
SyslogSpec defines the desired state of Syslog
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Interface to its provider-specific configuration. | Optional: {} | |
servers LogServer array | Servers is a list of remote log servers to which the device will send logs. | MaxItems: 16 MinItems: 1 Required: {} | |
facilities LogFacility array | Facilities is a list of log facilities to configure on the device. | MaxItems: 64 MinItems: 1 Required: {} |
SyslogStatus
SyslogStatus defines the observed state of Syslog.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
serversSummary string | ServersSummary provides a human-readable summary of the number of log servers. | Optional: {} | |
conditions Condition array | The conditions are a list of status objects that describe the state of the Banner. | Optional: {} |
TLS
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
ca SecretKeySelector | The CA certificate to verify the server's identity. | Required: {} | |
certificate CertificateSource | The client certificate and private key to use for mutual TLS authentication. Leave empty if mTLS is not desired. | Optional: {} |
TemplateSource
TemplateSource defines a source for template content. It can be provided inline, or as a reference to a Secret or ConfigMap.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
inline string | Inline template content | MinLength: 1 Optional: {} | |
secretRef SecretKeySelector | Reference to a Secret containing the template | Optional: {} | |
configMapRef ConfigMapKeySelector | Reference to a ConfigMap containing the template | Optional: {} |
TypedLocalObjectReference
TypedLocalObjectReference contains enough information to locate a typed referenced object inside the same namespace.
Appears in:
- AccessControlListSpec
- BGPPeerSpec
- BGPSpec
- BannerSpec
- CertificateSpec
- DNSSpec
- EVPNInstanceSpec
- ISISSpec
- InterfaceSpec
- LLDPSpec
- ManagementAccessSpec
- NTPSpec
- NetworkVirtualizationEdgeSpec
- OSPFSpec
- PIMSpec
- PrefixSetSpec
- RoutingPolicySpec
- SNMPSpec
- SyslogSpec
- UserSpec
- VLANSpec
- VRFSpec
| Field | Description | Default | Validation |
|---|---|---|---|
kind string | Kind of the resource being referenced. Kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character. | MaxLength: 63 MinLength: 1 Pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ Required: {} | |
name string | Name of the resource being referenced. Name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. | MaxLength: 253 MinLength: 1 Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Required: {} | |
apiVersion string | APIVersion is the api group version of the resource being referenced. | MaxLength: 253 MinLength: 1 Pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/)?([a-z0-9]([-a-z0-9]*[a-z0-9])?)$ Required: {} |
User
User is the Schema for the users API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | User | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec UserSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status UserStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
UserRole
UserRole represents a role that can be assigned to a user.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | The name of the role. | MaxLength: 63 MinLength: 1 Required: {} |
UserSpec
UserSpec defines the desired state of User
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the User to its provider-specific configuration. | Optional: {} | |
username string | Assigned username for this user. Immutable. | MaxLength: 63 MinLength: 1 Required: {} | |
password PasswordSource | The user password, supplied in cleartext. | Required: {} | |
roles UserRole array | Role which the user is to be assigned to. | MaxItems: 64 MinItems: 1 Required: {} | |
sshPublicKey SSHPublicKeySource | SSH public key for this user. | Optional: {} |
UserStatus
UserStatus defines the observed state of User.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the User. | Optional: {} |
VLAN
VLAN is the Schema for the vlans API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | VLAN | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec VLANSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status VLANStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
VLANSpec
VLANSpec defines the desired state of VLAN
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this vlan. This reference is used to link the VLAN to its provider-specific configuration. | Optional: {} | |
id integer | ID is the VLAN ID. Valid values are between 1 and 4094. Immutable. | Maximum: 4094 Minimum: 1 Required: {} | |
name string | Name is the name of the VLAN. | MaxLength: 128 MinLength: 1 Pattern: ^[^\s]+$ Optional: {} | |
adminState AdminState | AdminState indicates whether the VLAN is administratively active or inactive/suspended. | Up | Enum: [Up Down] Optional: {} |
VLANStatus
VLANStatus defines the observed state of VLAN.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the VLAN. | Optional: {} | |
routedBy LocalObjectReference | RoutedBy references the interface that provides Layer 3 routing for this VLAN, if any. This field is set when an Interface of type RoutedVLAN references this VLAN. | Optional: {} | |
bridgedBy LocalObjectReference | BridgedBy references the EVPNInstance that provides a L2VNI for this VLAN, if any. This field is set when an EVPNInstance of type Bridged references this VLAN. | Optional: {} |
VRF
VRF is the Schema for the vrfs API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | networking.metal.ironcore.dev/v1alpha1 | ||
kind string | VRF | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec VRFSpec | spec defines the desired state of VRF More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status VRFStatus | status of the resource. This is set and updated automatically. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
VRFSpec
VRFSpec defines the desired state of VRF
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
providerConfigRef TypedLocalObjectReference | ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the VRF to its provider-specific configuration. | Optional: {} | |
name string | Name is the name of the VRF. Immutable. | MaxLength: 32 MinLength: 1 Required: {} | |
description string | Description provides a human-readable description of the VRF. | MaxLength: 255 MinLength: 1 Optional: {} | |
vni integer | VNI is the VXLAN Network Identifier for the VRF (always an L3). | Maximum: 1.6777215e+07 Minimum: 1 Optional: {} | |
routeDistinguisher string | RouteDistinguisher is the route distinguisher for the VRF. Formats supported: - Type 0: ASN(0-65535):Number(0-4294967295) - Type 1: IPv4:Number(0-65535) - Type 2: ASN(65536-4294967295):Number(0-65535) Validation via admission webhook for the VRF type. | Optional: {} | |
routeTargets RouteTarget array | RouteTargets is the list of route targets for the VRF. | Optional: {} |
VRFStatus
VRFStatus defines the observed state of VRF.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the VRF. | Optional: {} |
nx.cisco.networking.metal.ironcore.dev/v1alpha1
Package v1alpha1 contains API Schema definitions for the nx.cisco.networking.metal.ironcore.dev v1alpha1 API group.
Resource Types
- BGPConfig
- BorderGateway
- InterfaceConfig
- LLDPConfig
- ManagementAccessConfig
- NetworkVirtualizationEdgeConfig
- System
- VPCDomain
AutoRecovery
AutoRecovery holds settings to automatically restore vPC domain's operation after detecting that the peer is no longer reachable via the keepalive link.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled indicates whether auto-recovery is enabled. When enabled, the switch will wait for ReloadDelay seconds after peer failure before assuming the peer is dead and restoring the vPC's domain functionality. | Required: {} | |
reloadDelay integer | ReloadDelay is the time in seconds (60-3600) to wait before assuming the peer is dead and automatically attempting to restore the communication with the peer. | 240 | Maximum: 3600 Minimum: 60 Optional: {} |
BGPConfig
BGPConfig is the Schema for the bgpconfigs API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | nx.cisco.networking.metal.ironcore.dev/v1alpha1 | ||
kind string | BGPConfig | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec BGPConfigSpec | spec defines the desired state of BGPConfig | Required: {} |
BGPConfigAddressFamilies
BGPConfigAddressFamilies defines the Cisco NX-OS specific configuration for supported BGP address families.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
l2vpnEvpn BGPL2vpnEvpn | L2vpnEvpn configures L2VPN EVPN address family support. | Optional: {} |
BGPConfigSpec
BGPConfigSpec defines the Cisco NX-OS specific BGP configuration.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
addressFamilies BGPConfigAddressFamilies | AddressFamilies configures supported BGP address families and their Cisco NX-OS specific settings. | Optional: {} |
BGPL2vpnEvpn
BGPL2vpnEvpn defines the configuration for L2VPN EVPN address family.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
advertisePIP boolean | AdvertisePIP controls whether the BGP EVPN address-family should advertise the primary IP address (PIP) as the next-hop when advertising prefix routes or loopback interface routes in BGP on vPC enabled leaf or border leaf switches. | false | Optional: {} |
BGPPeerReference
BGPPeerReference defines a BGP peer used for border gateway with peer type configuration.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | MaxLength: 63 MinLength: 1 Required: {} | |
peerType BGPPeerType | PeerType specifies the role of this BGP peer in the EVPN multisite topology. FabricExternal is used for peers outside the fabric, while FabricBorderLeaf is used for border leaf peers within the fabric. | Enum: [FabricExternal FabricBorderLeaf] Required: {} |
BGPPeerType
Underlying type: string
BGPPeerType defines the peer type for border gateway BGP peers.
Validation:
- Enum: [FabricExternal FabricBorderLeaf]
Appears in:
| Field | Description |
|---|---|
FabricExternal | BGPPeerTypeFabricExternal represents a BGP peer outside the fabric. Used for external peers in EVPN multisite configurations. |
FabricBorderLeaf | BGPPeerTypeFabricBorderLeaf represents a BGP peer that is a border leaf within the fabric. Used for border leaf peers in EVPN multisite configurations. |
BorderGateway
BorderGateway is the Schema for the bordergateways API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | nx.cisco.networking.metal.ironcore.dev/v1alpha1 | ||
kind string | BorderGateway | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec BorderGatewaySpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status BorderGatewayStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
BorderGatewaySpec
BorderGatewaySpec defines the desired state of BorderGateway
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
adminState AdminState | AdminState indicates whether the BorderGateway instance is administratively up or down. | Up | Enum: [Up Down] Optional: {} |
multisiteId integer | MultisiteID is the identifier for the multisite border gateway. | ExclusiveMaximum: false Maximum: 2.81474976710655e+14 Minimum: 1 Required: {} | |
sourceInterfaceRef LocalObjectReference | SourceInterfaceRef is a reference to the loopback interface used as the source for the border gateway virtual IP address. A best practice is to use a separate loopback address for the NVE source interface and multi-site source interface. The loopback interface must be configured with a /32 IPv4 address. This /32 IP address needs be known by the transient devices in the transport network and the remote VTEPs. | Required: {} | |
delayRestoreTime Duration | DelayRestoreTime specifies the time to wait before restoring EVPN multisite border gateway functionality after a failure. This allows time for the network to stabilize before resuming traffic forwarding across sites. | 180s | Pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ Type: string Optional: {} |
interconnectInterfaceRefs InterconnectInterfaceReference array | InterconnectInterfaceRefs is a list of interfaces that provide connectivity to the border gateway. Each interface can be configured with object tracking to monitor its availability. | MinItems: 1 Optional: {} | |
bgpPeerRefs BGPPeerReference array | BGPPeerRefs is a list of BGP peers that are part of the border gateway configuration. Each peer can be configured with a peer type to specify its role in the EVPN multisite topology. | MinItems: 1 Optional: {} | |
stormControl StormControl array | StormControl is the storm control configuration for the border gateway, allowing to rate-limit BUM (Broadcast, Unknown unicast, Multicast) traffic on the border gateway interface. | MinItems: 1 Optional: {} |
BorderGatewayStatus
BorderGatewayStatus defines the observed state of BorderGateway.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the Banner. | Optional: {} |
BufferBoost
BufferBoost defines the buffer boost configuration for an interface.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled indicates whether buffer boost is enabled on the interface. Maps to CLI command: hardware profile buffer boost | Required: {} |
Console
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
timeout Duration | Timeout defines the inactivity timeout for console sessions. If a session is inactive for the specified duration, it will be automatically disconnected. The format is a string representing a duration (e.g., "10m" for 10 minutes). | 10m | Pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ Type: string Optional: {} |
Enabled
Enabled represents a simple enabled/disabled configuration.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean | Enabled indicates whether a configuration property is administratively enabled (true) or disabled (false). | Required: {} |
InterconnectInterfaceReference
InterconnectInterfaceReference defines an interface used for border gateway interconnectivity with optional object tracking configuration.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
name string | Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | MaxLength: 63 MinLength: 1 Required: {} | |
tracking InterconnectTrackingType | Tracking specifies the EVPN multisite tracking mode for this interconnect interface. | Enum: [DataCenterInterconnect Fabric] Required: {} |
InterconnectTrackingType
Underlying type: string
InterconnectTrackingType defines the tracking mode for border gateway interconnect interfaces.
Validation:
- Enum: [DataCenterInterconnect Fabric]
Appears in:
| Field | Description |
|---|---|
DataCenterInterconnect | InterconnectTrackingTypeDCI represents Data Center Interconnect tracking mode. Used for interfaces connecting to remote data centers. |
Fabric | InterconnectTrackingTypeFabric represents Fabric tracking mode. Used for interfaces connecting to the local fabric. |
InterfaceConfig
InterfaceConfig is the Schema for the interfaceconfigs API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | nx.cisco.networking.metal.ironcore.dev/v1alpha1 | ||
kind string | InterfaceConfig | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec InterfaceConfigSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} |
InterfaceConfigSpec
InterfaceConfigSpec defines the desired state of InterfaceConfig
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
spanningTree SpanningTree | SpanningTree defines the spanning tree configuration for the interface. | Optional: {} | |
bufferBoost BufferBoost | BufferBoost defines the buffer boost configuration for the interface. Buffer boost increases the shared buffer space allocation for the interface. | Optional: {} |
KeepAlive
KeepAlive defines the vPCDomain keepalive link configuration. The keep-alive is an out-of-band connection (often over mgmt0) used to monitor peer health. It does not carry data traffic.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
destination string | Destination is the destination IP address of the vPC's domain peer keepalive interface. This is the IP address the local switch will send keepalive messages to. | Format: ipv4 Required: {} | |
source string | Source is the source IP address for keepalive messages. This is the local IP address used to send keepalive packets to the peer. | Format: ipv4 Required: {} | |
vrfName string | The name of the vrf used to send keepalive packets to the peer. Mutually exclusive with VrfRef. | MaxLength: 63 MinLength: 1 Optional: {} | |
vrfRef LocalObjectReference | The reference to a VRF resource used to send keepalive packets to the peer. Mutually exclusive with VrfName. | Optional: {} |
LLDPConfig
LLDPConfig is the Schema for the LLDPConfig API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | nx.cisco.networking.metal.ironcore.dev/v1alpha1 | ||
kind string | LLDPConfig | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec LLDPConfigSpec | spec defines the desired state of LLDP | Required: {} |
LLDPConfigSpec
LLDPConfig defines the Cisco-specific configuration of an LLDP object.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
initDelay integer | InitDelay defines the delay in seconds before LLDP starts sending packets after interface comes up. | 2 | Maximum: 10 Minimum: 1 Optional: {} |
holdTime integer | HoldTime defines the time in seconds that the receiving device should hold the LLDP information before discarding it. | 120 | Maximum: 255 Minimum: 1 Optional: {} |
ManagementAccessConfig
ManagementAccessConfig is the Schema for the managementaccessconfigs API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | nx.cisco.networking.metal.ironcore.dev/v1alpha1 | ||
kind string | ManagementAccessConfig | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec ManagementAccessConfigSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} |
ManagementAccessConfigSpec
ManagementAccessConfigSpec defines the desired state of ManagementAccessConfig
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
console Console | Console defines the configuration for the terminal console access on the device. | { timeout:10m } | Optional: {} |
ssh SSH | SSH defines the SSH server configuration for the VTY terminal access on the device. | Optional: {} |
NetworkVirtualizationEdgeConfig
NetworkVirtualizationEdgeConfig is the Schema for the NetworkVirtualizationEdgeConfig API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | nx.cisco.networking.metal.ironcore.dev/v1alpha1 | ||
kind string | NetworkVirtualizationEdgeConfig | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec NetworkVirtualizationEdgeConfigSpec | spec defines the desired state of NVE | Required: {} |
NetworkVirtualizationEdgeConfigSpec
NetworkVirtualizationEdgeConfig defines the Cisco-specific configuration of a Network Virtualization Edge (NVE) object.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
advertiseVirtualMAC boolean | AdvertiseVirtualMAC controls if the NVE should advertise a virtual MAC address | false | Optional: {} |
holdDownTime integer | HoldDownTime defines the duration for which the switch suppresses the advertisement of the NVE loopback address. | 180 | Maximum: 1500 Minimum: 1 Optional: {} |
infraVLANs VLANListItem array | InfraVLANs specifies VLANs used by all SVI interfaces for uplink and vPC peer-links in VXLAN as infra-VLANs. The total number of VLANs configured must not exceed 512. Elements in the list must not overlap with each other. | MaxItems: 10 Optional: {} |
Peer
Peer defines settings to configure peer settings
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
adminState AdminState | AdminState defines the administrative state of the peer-link. | Up | Enum: [Up Down] Optional: {} |
interfaceRef LocalObjectReference | InterfaceRef is a reference to an Interface resource and identifies the interface to be used as the vPC domain's peer-link. This interface carries control and data traffic between the two vPC domain peers. It is usually dedicated port-channel, but it can also be a single physical interface. | Required: {} | |
keepalive KeepAlive | KeepAlive defines the out-of-band keepalive configuration. | Required: {} | |
autoRecovery AutoRecovery | AutoRecovery defines auto-recovery settings for restoring vPC domain after peer failure. | Optional: {} | |
switch Enabled | Switch enables peer-switch functionality on this peer. When enabled, both vPC domain peers use the same spanning-tree bridge ID, allowing both to forward traffic for all VLANs without blocking any ports. | { enabled:false } | Optional: {} |
gateway Enabled | Gateway enables peer-gateway functionality on this peer. When enabled, each vPC domain peer can act as the active gateway for packets destined to the peer's MAC address, improving convergence. | { enabled:false } | Optional: {} |
l3router Enabled | L3Router enables Layer 3 peer-router functionality on this peer. | { enabled:false } | Optional: {} |
SSH
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
accessControlListName string | AccessControlListName defines the name of the access control list (ACL) to apply for incoming SSH connections on the VTY terminal. The ACL must be configured separately on the device. | MaxLength: 63 MinLength: 1 Optional: {} |
SpanningTree
SpanningTree defines the spanning tree configuration for an interface.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
portType SpanningTreePortType | PortType defines the spanning tree port type. | Enum: [Normal Edge Network] Required: {} | |
bpduGuard boolean | BPDUGuard enables BPDU guard on the interface. When enabled, the port is shut down if a BPDU is received. | Optional: {} | |
bpduFilter boolean | BPDUFilter enables BPDU filter on the interface. When enabled, BPDUs are not sent or received on the port. | Optional: {} |
SpanningTreePortType
Underlying type: string
SpanningTreePortType represents the spanning tree port type.
Validation:
- Enum: [Normal Edge Network]
Appears in:
| Field | Description |
|---|---|
Normal | SpanningTreePortTypeNormal indicates a normal spanning tree port. |
Edge | SpanningTreePortTypeEdge indicates an edge port (connects to end devices). |
Network | SpanningTreePortTypeNetwork indicates a network port (connects to other switches). |
Status
Underlying type: string
Appears in:
| Field | Description |
|---|---|
Unknown | |
Up | |
Down |
StormControl
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
level string | Level is the suppression level as a percentage of the interface bandwidth. Must be a floating point number between 1.0 and 100.0. | Pattern: ^([1-9][0-9]?(\.[0-9]+)?|100(\.0+)?)$ Required: {} | |
traffic TrafficType | Traffic specifies the type of BUM traffic the storm control applies to. | Enum: [Broadcast Multicast Unicast] Required: {} |
System
System is the Schema for the systems API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | nx.cisco.networking.metal.ironcore.dev/v1alpha1 | ||
kind string | System | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec SystemSpec | Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Required: {} | |
status SystemStatus | Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status | Optional: {} |
SystemSpec
SystemSpec defines the desired state of System
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
jumboMtu integer | JumboMtu defines the system-wide jumbo MTU setting. Valid values are from 1501 to 9216. | 9216 | ExclusiveMaximum: false Maximum: 9216 Minimum: 1501 Optional: {} |
reservedVlan integer | ReservedVlan specifies the VLAN ID to be reserved for system use. Valid values are from 1 to 4032. | 3968 | ExclusiveMaximum: false Maximum: 4032 Minimum: 1 Optional: {} |
vlanLongName boolean | VlanLongName enables or disables 128-character VLAN names Disabled by default. | false | Optional: {} |
SystemStatus
SystemStatus defines the observed state of System.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | The conditions are a list of status objects that describe the state of the Banner. | Optional: {} |
TrafficType
Underlying type: string
TrafficType defines the type of traffic for storm control.
Validation:
- Enum: [Broadcast Multicast Unicast]
Appears in:
| Field | Description |
|---|---|
Broadcast | TrafficTypeBroadcast represents broadcast traffic. |
Multicast | TrafficTypeMulticast represents multicast traffic. |
Unicast | TrafficTypeUnicast represents unicast traffic. |
VLANListItem
VLANListItem represents a single VLAN ID or a range start-end. If ID is set, rangeMin and rangeMax must be absent. If ID is absent, both rangeMin and rangeMax must be set.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
id integer | Maximum: 3967 Minimum: 1 Optional: {} | ||
rangeMin integer | Maximum: 3967 Minimum: 1 Optional: {} | ||
rangeMax integer | Maximum: 3967 Minimum: 1 Optional: {} |
VPCDomain
VPCDomain is the Schema for the VPCDomains API
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string | nx.cisco.networking.metal.ironcore.dev/v1alpha1 | ||
kind string | VPCDomain | ||
metadata ObjectMeta | Refer to Kubernetes API documentation for fields of metadata. | ||
spec VPCDomainSpec | spec defines the desired state of VPCDomain resource | Required: {} | |
status VPCDomainStatus | status defines the observed state of VPCDomain resource | Optional: {} |
VPCDomainRole
Underlying type: string
The VPCDomainRole type represents the operational role of a vPC domain peer as returned by the device.
Appears in:
| Field | Description |
|---|---|
Primary | |
Primary/Secondary | |
Secondary | |
Secondary/Primary | |
Unknown |
VPCDomainSpec
VPCDomainSpec defines the desired state of a vPC domain (Virtual Port Channel Domain)
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
deviceRef LocalObjectReference | DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable. | Required: {} | |
domainId integer | DomainID is the vPC domain ID (1-1000). This uniquely identifies the vPC domain and must match on both peer switches. Changing this value will recreate the vPC domain and flap the peer-link. | Maximum: 1000 Minimum: 1 Required: {} | |
adminState AdminState | AdminState is the administrative state of the vPC domain (enabled/disabled). When disabled, the vPC domain is administratively shut down. | Up | Enum: [Up Down] Optional: {} |
rolePriority integer | RolePriority is the role priority for this vPC domain (1-65535). The switch with the lower role priority becomes the operational primary. | 32667 | Maximum: 65535 Minimum: 1 Optional: {} |
systemPriority integer | SystemPriority is the system priority for this vPC domain (1-65535). Used to ensure that the vPC domain devices are primary devices on LACP. Must match on both peers. | 32667 | Maximum: 65535 Minimum: 1 Optional: {} |
delayRestoreSVI integer | DelayRestoreSVI is the delay in seconds (1-3600) before bringing up interface-vlan (SVI) after peer-link comes up. This prevents traffic blackholing during convergence. | 10 | Maximum: 3600 Minimum: 1 Optional: {} |
delayRestoreVPC integer | DelayRestoreVPC is the delay in seconds (1-3600) before bringing up the member ports after the peer-link is restored. | 30 | Maximum: 3600 Minimum: 1 Optional: {} |
fastConvergence Enabled | FastConvergence ensures that both SVIs and member ports are shut down simultaneously when the peer-link goes down. This synchronization helps prevent traffic loss. | { enabled:false } | Optional: {} |
peer Peer | Peer contains the vPC's domain peer configuration including peer-link, keepalive. | Required: {} |
VPCDomainStatus
VPCDomainStatus defines the observed state of VPCDomain.
Appears in:
| Field | Description | Default | Validation |
|---|---|---|---|
conditions Condition array | Conditions represent the latest available observations about the vPCDomain state. Standard conditions include: - Ready: overall readiness of the vPC domain - Configured: whether the vPCDomain configuration was successfully applied to the device - Operational: whether the vPC domain is operationally up. This condition is true when the status fields PeerLinkIfOperStatus, KeepAliveStatus, and PeerStatus are all setto UP.For this Cisco model there is not one single unique operational property that reflects the operational status of the vPC domain. The combination of peer status, keepalive status, and the interface used as peer-link determine the overall health and operational condition of the vPC domain. | Optional: {} | |
role VPCDomainRole | Role indicates the current operational role of this vPC domain peer. | Optional: {} | |
keepaliveStatus Status | KeepAliveStatus indicates the status of the peer via the keepalive link. | Optional: {} | |
keepaliveStatusMsg string array | KeepAliveStatusMsg provides additional information about the keepalive status, a list of strings reported by the device. | Optional: {} | |
peerStatus Status | PeerStatus indicates the status of the vPC domain peer-link in the latest consistency check with the peer. This means that if the adjacency is lost, e.g., due to a shutdown link, the device will not be able to perform such check and the reported status will remain unchanged (with the value of the last check). | Optional: {} | |
peerStatusMsg string array | PeerStatusMsg provides additional information about the peer status, a list of strings reported by the device. | Optional: {} | |
peerUptime Duration | PeerUptime indicates how long the vPC domain peer has been up and reachable via keepalive. | Optional: {} | |
peerLinkIf string | PeerLinkIf is the name of the interface used as the vPC domain peer-link. | Optional: {} | |
peerLinkIfOperStatus Status | PeerLinkIfOperStatus is the Operational status of PeerLinkIf. | Optional: {} |
xe.cisco.networking.metal.ironcore.dev/v1alpha1
Package v1alpha1 contains API Schema definitions for the xe.cisco.networking.metal.ironcore.dev v1alpha1 API group.
xr.cisco.networking.metal.ironcore.dev/v1alpha1
Package v1alpha1 contains API Schema definitions for the xr.cisco.networking.metal.ironcore.dev v1alpha1 API group.