| Field | Type | Description | Value(s) |
|---|---|---|---|
| `enabled` | bool | Enable the KubeSpan feature. Cluster discovery should be enabled with cluster.discovery.enabled for KubeSpan to be enabled. |
|
| `advertiseKubernetesNetworks` | bool | Control whether Kubernetes pod CIDRs are announced over KubeSpan from the node. If disabled, CNI handles pod-to-pod traffic encapsulation. If enabled, KubeSpan takes over pod-to-pod traffic directly. |
|
| `allowDownPeerBypass` | bool | Skip sending traffic via KubeSpan if the peer connection state is not up. This provides configurable choice between connectivity and security. |
|
| `harvestExtraEndpoints` | bool | KubeSpan can collect and publish extra endpoints for each member of the cluster based on Wireguard endpoint information for each peer. Disabled by default. Do not enable with high peer counts (>50). |
|
| `mtu` | uint32 | KubeSpan link MTU size. Default value is 1420. |
|
| `filters` | KubeSpanFiltersConfig | KubeSpan advanced filtering of network addresses. Settings are optional and apply only to this node. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `endpoints` | \[]string | Filter node addresses which will be advertised as KubeSpan endpoints for peer-to-peer Wireguard connections. By default, all addresses are advertised, and KubeSpan cycles through all endpoints until it finds one that works. Default value: no filtering. |
|
| `excludeAdvertisedNetworks` | \[]Prefix | Filter networks (e.g., host addresses, pod CIDRs if enabled) which will be advertised over KubeSpan. By default, all networks are advertised. Use this filter to exclude some networks from being advertised. Note: excluded networks will not be reachable over KubeSpan, so make sure these networks are still reachable via some other route (e.g., direct connection). Default value: no filtering. |