This is the multi-page printable view of this section. Click here to print.
network
Package network provides network machine configuration documents.
1 - KubeSpanEndpointsConfig
KubeSpanEndpointsConfig is a config document to configure KubeSpan endpoints.
apiVersion: v1alpha1
kind: KubeSpanEndpointsConfig
# A list of extra Wireguard endpoints to announce from this machine.
extraAnnouncedEndpoints:
- 192.168.13.46:52000| Field | Type | Description | Value(s) |
|---|---|---|---|
extraAnnouncedEndpoints | []AddrPort | A list of extra Wireguard endpoints to announce from this machine.Talos automatically adds endpoints based on machine addresses, public IP, etc. This field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping. |
2 - NetworkDefaultActionConfig
NetworkDefaultActionConfig is a ingress firewall default action configuration document.
apiVersion: v1alpha1
kind: NetworkDefaultActionConfig
ingress: accept # Default action for all not explicitly configured ingress traffic: accept or block.| Field | Type | Description | Value(s) |
|---|---|---|---|
ingress | DefaultAction | Default action for all not explicitly configured ingress traffic: accept or block. | acceptblock |
3 - NetworkRuleConfig
NetworkRuleConfig is a network firewall rule config document.
apiVersion: v1alpha1
kind: NetworkRuleConfig
name: ingress-apid # Name of the config document.
# Port selector defines which ports and protocols on the host are affected by the rule.
portSelector:
# Ports defines a list of port ranges or single ports.
ports:
- 50000
protocol: tcp # Protocol defines traffic protocol (e.g. TCP or UDP).
# Ingress defines which source subnets are allowed to access the host ports/protocols defined by the `portSelector`.
ingress:
- subnet: 192.168.0.0/16 # Subnet defines a source subnet.| Field | Type | Description | Value(s) |
|---|---|---|---|
name | string | Name of the config document. | |
portSelector | RulePortSelector | Port selector defines which ports and protocols on the host are affected by the rule. | |
ingress | []IngressRule | Ingress defines which source subnets are allowed to access the host ports/protocols defined by the portSelector. |
portSelector
RulePortSelector is a port selector for the network rule.
| Field | Type | Description | Value(s) |
|---|---|---|---|
ports | PortRanges | Ports defines a list of port ranges or single ports.The port ranges are inclusive, and should not overlap.Show example(s) | |
protocol | Protocol | Protocol defines traffic protocol (e.g. TCP or UDP). | tcpudpicmpicmpv6 |
ingress[]
IngressRule is a ingress rule.
| Field | Type | Description | Value(s) |
|---|---|---|---|
subnet | Prefix | Subnet defines a source subnet. Show example(s) | |
except | Prefix | Except defines a source subnet to exclude from the rule, it gets excluded from the subnet. |