Configure the Operator
This section will guide you through the steps you need to take to configure the CN-WAN Operator.
Table of Contents
Format
The CN-WAN Operator can be configured with the following YAML format.
Copygcloud:
serviceDirectory:
region: <region>
project: <project>
namespace:
listPolicy: allowlist
service:
annotations: []
Google Cloud Settings
Under gcloud you can specify Google Cloud data. For example, you can specify the project and the region where Service Directory is enabled and you want to be managed.
You can modify region and project with the appropriate values.
For example:
Copygcloud:
serviceDirectory:
region: us-central1
project: this-is-my-project
Set the Namespace List Policy
The operator will only monitor services that belong to a namespace that you have explicitly allowed.
if you haven't already, please take a look at this section to learn more about the default namespace list policy.
To set the list policy, change listPolicy value to either allowlist or blocklist like so:
Copynamespace:
listPolicy: allowlist
Allow Annotations
The operator will not register every annotation as metadata from a Kubernetes Service, but will only do so with the ones you have explicitly allowed.
if you haven't already, please take a look at Metadata, Allowed Annotations and Annotations vs Labels to learn more.
You can allow annotations by setting up service.annotations in the configuration. For example:
Copyservice:
annotations:
- version
- example.com/purpose
Values can also have wildcards. Example of accepted values are:
- Specific values, i.e.
example.prefix.com/nameorannotation-key - Name wildcards, i.e.
example.prefix.com/*: all annotations that have prefixexample.prefix.comwill be kept and registered, regardless of the name. For instance,example.prefix.com/my-nameandexample.prefix.com/another-namewill both match and therefore be included in the service's entry as metadata, along with their values. - Prefix wildcards, i.e.
*/name, all annotations that have namenamewill be stored and registered, regardless of the prefix.example.prefix.com/nameandanother.prefix.com/namewill both match. */*: all annotations will be registered. We discourage you from using this value, as you may potentially expose sensitive information about the service.
For instance, take a look at this service's annotations:
CopyapiVersion: v1
kind: Service
metadata:
name: my-service
annotations:
my.prefix.com/my-name: test-value
my.prefix.com/another-name: another-value
another.prefix.com/another-name: yet-another-value
name-with-no-prefix: simple-value
If you allow only the following annotations:
my.prefix.com/*name-with-no-prefix
The service will be registered with the following metadata:
Copymy.prefix.com/my-name: test-value
my.prefix.com/another-name: another-value
name-with-no-prefix: simple-value
Finally, if you leave this empty - as annotations: [], then no service will match this and, therefore, no service will be registered.
Deploy
To deploy these settings you will have to follow either Basic Installation or Advanced Installation.
Update
To update the settings, you can run
Copykubectl edit configmap cnwan-operator-settings -n cnwan-operator-system
This will open your default editor and you will be able to edit the settings inline.
If successful, you will have to restart the operator for it to be able to acknowledge the changes:
Copy# For Kubernetes 1.15+
kubectl rollout restart deployment cnwan-operator-controller-manager -n cnwan-operator-system
In case your Kubernetes version is lower, than you will have to either delete the pod or scale down the deployment:
CopyNAME=$(kubectl get pods -o jsonpath='{.items[0].metadata.name}' -n cnwan-operator-system)
kubectl delete pod $NAME