Class NetworkOptions
Describes the network options for a cluster.
Namespace: Neon.Kube.ClusterDef
Assembly: Neon.Kube.dll
Syntax
public class NetworkOptionsConstructors
NetworkOptions()
Default constructor.
Declaration
public NetworkOptions()Properties
AcmeOptions
Specifies the ACME (Let's Encrypt,...) options.
Declaration
[JsonProperty(PropertyName = "Acme", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "acme", ApplyNamingConventions = false)]
public AcmeOptions AcmeOptions { get; set; }Property Value
| Type | Description |
|---|---|
| AcmeOptions |
EgressAddressRules
Optionally specifies whitelisted and/or blacklisted external addresses for
outbound traffic. This defaults to allowing outbound traffic to anywhere
when the property is null or empty.
note
Address rules are processed in order from first to last, so you may consider putting your blacklist rules before your whitelist rules.
note
These rules currently apply to all network ports.
note
This is not currently supported on AWS.
Declaration
[JsonProperty(PropertyName = "EgressAddressRules", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "egressAddressRules", ApplyNamingConventions = false)]
public List<AddressRule> EgressAddressRules { get; set; }Property Value
| Type | Description |
|---|---|
| List<AddressRule> |
Gateway
Specifies the default network gateway address to be configured for hosts. This defaults to the first usable address in the PremiseSubnet. For example, for the 10.0.0.0/24 subnet, this will be set to 10.0.0.1. This is ignored for cloud hosting environments.
Declaration
[JsonProperty(PropertyName = "Gateway", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "gateway", ApplyNamingConventions = false)]
public string Gateway { get; set; }Property Value
| Type | Description |
|---|---|
| string |
IngressHealthCheck
Optionally specifies the default cluster load balancer health check settings for the IngressRules. This defaults to reasonable values and can be overriden for specific rules.
Declaration
[JsonProperty(PropertyName = "IngressHealthCheck", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "ingressHealthCheck", ApplyNamingConventions = false)]
public HealthCheckOptions IngressHealthCheck { get; set; }Property Value
| Type | Description |
|---|---|
| HealthCheckOptions |
IngressRules
Optionally sets the ingress routing rules external traffic received by nodes with Ingress enabled into one or more Istio ingress gateway services which are then responsible for routing to the target Kubernetes services.
This defaults to allowing inbound HTTP/HTTPS traffic and cluster setup also adds a TCP rule for the Kubernetes API server on port 6442.
Declaration
[JsonProperty(PropertyName = "IngressRules", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "ingressRules", ApplyNamingConventions = false)]
public List<IngressRule> IngressRules { get; set; }Property Value
| Type | Description |
|---|---|
| List<IngressRule> |
ManagementAddressRules
Optionally specifies whitelisted and/or blacklisted external addresses for
node management via SSH NAT rules as well as cluster management via the
Kubernetes API via port 6443. This defaults to allowing inbound traffic
from anywhere when the property is null or empty.
note
Address rules are processed in order from first to last, so you may consider putting your blacklist rules before your whitelist rules.
note
This is currently supported only for clusters hosted on Azure. AWS doesn't support this scenario and we currently don't support automatic router configuration for on-premise environments.
Declaration
[JsonProperty(PropertyName = "ManagementAddressRules", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "managementAddressRules", ApplyNamingConventions = false)]
public List<AddressRule> ManagementAddressRules { get; set; }Property Value
| Type | Description |
|---|---|
| List<AddressRule> |
MutualPodTLS
Optionally enable Istio mutual TLS support for cross pod communication.
This defaults to false.
Declaration
[JsonProperty(PropertyName = "MutualPodTLS", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "mutualPodTLS", ApplyNamingConventions = false)]
public bool MutualPodTLS { get; set; }Property Value
| Type | Description |
|---|---|
| bool |
Nameservers
The IP addresses of the DNS nameservers to be used by the cluster.
For cloud environments, this defaults the name servers provided by the cloud. For on-premise environments, this defaults to the Google Public DNS servers: ["8.8.8.8", "8.8.4.4" ].
Declaration
[JsonProperty(PropertyName = "Nameservers", Required = Required.Default)]
[YamlMember(Alias = "nameservers", ApplyNamingConventions = false)]
public List<string> Nameservers { get; set; }Property Value
| Type | Description |
|---|---|
| List<string> |
NodeMtu
Optionally overrides the default MTU (maximum transmission unit) configured for
cluster node network interfaces. The default MTU for the hosting environment
will be used when NodeMtu=0, otherwise this can be configured
as a value between 512-9000.
note
WARNING: This is an advanced feature. Only people who really know networking and their network environment should modify this.
Declaration
[JsonProperty(PropertyName = "NodeMtu", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "nodeMtu", ApplyNamingConventions = false)]
public int NodeMtu { get; set; }Property Value
| Type | Description |
|---|---|
| int |
PodSubnet
Specifies the pod subnet to be used for the cluster. This subnet will be split so that each node will be allocated its own subnet. This defaults to 10.254.0.0/16.
note
WARNING: This subnet must not conflict with any other subnets provisioned within the premise network.
Declaration
[JsonProperty(PropertyName = "PodSubnet", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "podSubnet", ApplyNamingConventions = false)]
public string PodSubnet { get; set; }Property Value
| Type | Description |
|---|---|
| string |
PremiseSubnet
Specifies the subnet for entire host network for on-premise environments like BareMetal, HyperV and XenServer. This is required for those environments and ignored for other environments which specify network subnets in their related hosting options.
Declaration
[JsonProperty(PropertyName = "PremiseSubnet", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "premiseSubnet", ApplyNamingConventions = false)]
public string PremiseSubnet { get; set; }Property Value
| Type | Description |
|---|---|
| string |
PublicAddresses
Optionally specifies the public IP addresses for the cluster. This is useful for documenting the public IP address for a router that directs traffic into the cluster.
Declaration
[JsonProperty(PropertyName = "PublicAddresses", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "publicAddresses", ApplyNamingConventions = false)]
public List<string> PublicAddresses { get; set; }Property Value
| Type | Description |
|---|---|
| List<string> |
ReservedIngressEndPort
Specifies the end of a range of ingress load balancer ports reserved by NEONKUBE. These are reserved for temporarily exposing SSH from individual cluster nodes to the Internet during cluster setup as well as afterwards so that a cluster node can be accessed remotely by a cluster operator as well as for other purposes and for potential future features such as an integrated
note
The number ports between ReservedIngressStartPort and ReservedIngressEndPort must include at least as many ports as there will be nodes deployed to the cluster for the temporary SSH NAT rules plus another 100 ports reserved for other purposes. This range defaults to 64000-64999 which will support a cluster with up to 900 nodes. This default range is unlikely to conflict with ports a cluster is likely to need expose to the Internet like HTTP/HTTPS (80/443). You can change this range for your cluster to resolve any conflicts when necessary.
Declaration
[JsonProperty(PropertyName = "ReservedIngressEndPort", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "reservedIngressEndPort", ApplyNamingConventions = false)]
public int ReservedIngressEndPort { get; set; }Property Value
| Type | Description |
|---|---|
| int |
ReservedIngressStartPort
Specifies the start of a range of ingress load balancer ports reserved by NEONKUBE. These are reserved for temporarily exposing SSH from individual cluster nodes to the Internet during cluster setup as well as afterwards so that a cluster node can be accessed remotely by a cluster operator as well as for other purposes and for potential future features such as an integrated VPN.
note
The number ports between ReservedIngressStartPort and ReservedIngressEndPort must include at least as many ports as there will be nodes deployed to the cluster for the temporary SSH NAT rules plus another 100 ports reserved for other purposes. This range defaults to 64000-64999 which will support a cluster with up to 900 nodes. This default range is unlikely to conflict with ports a cluster is likely to need expose to the Internet like HTTP/HTTPS (80/443). You can change this range for your cluster to resolve any conflicts when necessary.
Declaration
[JsonProperty(PropertyName = "ReservedIngressStartPort", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "reservedIngressStartPort", ApplyNamingConventions = false)]
public int ReservedIngressStartPort { get; set; }Property Value
| Type | Description |
|---|---|
| int |
ServiceSubnet
Specifies the subnet subnet to be used for the allocating service addresses within the cluster. This defaults to 10.253.0.0/16.
Declaration
[JsonProperty(PropertyName = "ServiceSubnet", Required = Required.Default, DefaultValueHandling = DefaultValueHandling.IgnoreAndPopulate)]
[YamlMember(Alias = "serviceSubnet", ApplyNamingConventions = false)]
public string ServiceSubnet { get; set; }Property Value
| Type | Description |
|---|---|
| string |
Methods
Validate(ClusterDefinition)
Validates the options and also ensures that all null properties are
initialized to their default values.
Declaration
public void Validate(ClusterDefinition clusterDefinition)Parameters
| Type | Name | Description |
|---|---|---|
| ClusterDefinition | clusterDefinition | The cluster definition. |
Exceptions
| Type | Condition |
|---|---|
| ClusterDefinitionException | Thrown if the definition is not valid. |