Introduction
A namerd config example
storage:
kind: io.l5d.inMemory
namespaces:
galaxyquest: |
/host => /#/io.l5d.fs;
/svc => /host;
namers:
- kind: io.l5d.fs
rootDir: examples/disco
interfaces:
- kind: io.l5d.thriftNameInterpreter
port: 4100
ip: 0.0.0.0
retryBaseSecs: 600
retryJitterSecs: 60
- kind: io.l5d.httpController
port: 4321
Welcome to the Configuration Reference for namerd!
namerd’s configuration is controlled via config file, which must be provided
as a command-line argument. It may be a local file path or -
to
indicate that the configuration should be read from the standard input.
File Format
The configuration may be specified as a JSON or YAML object.
Key | Required | Description |
---|---|---|
admin | no | Configures namerd’s administrative interface. namerd admin has the same options as Linkerd admin. |
interfaces | no | Configures namerd’s published network interfaces. |
storage | yes | Configures namerd’s storage backend. |
namers | no | Configures namerd’s integration with various service discovery backends. namerd uses the same namers as linkerd. |
telemetry | no | Configures namerd’s metrics instrumentation. Namerd does not support tracing, so tracers provided by telemeters are ignored. |
Administrative interface
admin:
ip: 127.0.0.1
port: 9991
namerd supports an administrative interface. The exposed admin port and
IP are configurable via a top-level admin
section.
Key | Default Value | Description |
---|---|---|
ip | 0.0.0.0 |
IP for the admin interface. |
port | 9991 |
Port for the admin interface. |
Administrative endpoints
Namerd’s admin interface mirrors Linkerd’s, with one exception: the
/delegator.json
endpoint in Linkerd is served as /dtab/delegator.json
in
namerd.
For default admin endpoints have a look at linkerd’s administrative interface.
For metrics information, namerd also exposes linkerd’s CommonMetrics endpoints by default.
Interfaces
An interface is a published network interface to namerd. All of the interfaces
listed below provide Finage’s NameInterpreter
functionality for remote resolution of destinations using dtabs stored in
namerd. Additionally, the io.l5d.httpController
interface
provides a dtab read/write API that’s used by
namerctl.
Key | Default Value | Description |
---|---|---|
kind | required | Either io.l5d.thriftNameInterpreter , io.l5d.mesh , or io.l5d.httpController . |
ip | interface dependent | The local IP address on which to serve the namer interface. |
port | interface dependent | The port number on which to server the namer interface. |
Thrift Name Interpreter
kind: io.l5d.thriftNameInterpreter
A read-only interface providing NameInterpreter
functionality over the
ThriftMux protocol. Use Linkerd’s io.l5d.namerd
interpreter to resolve
destinations via this interface.
Key | Default Value | Description |
---|---|---|
ip | 0.0.0.0 |
The local IP address on which to serve the namer interface. |
port | 4100 |
The port number on which to server the namer interface. |
retryBaseSecs | 600 |
Base number of seconds to tell clients to wait before retrying after an error. |
retryJitterSecs | 60 |
Maximum number of seconds to jitter retry time by. |
cache | see cache | Binding and address cache size configuration. |
tls | no tls | The namer interface will serve over TLS if this parameter is provided. see TLS. |
Cache
Key | Default Value | Description |
---|---|---|
bindingCacheActive | 1000 |
The size of the binding active cache. |
bindingCacheInactive | 100 |
The size of the binding inactive cache. |
addrCacheActive | 1000 |
The size of the address active cache. |
addrCacheInactive | 100 |
The size of the address inactive cache. |
namerd server tls
In order to accept incoming tls traffic, the tls parameter must be defined.
Key | Default Value | Description |
---|---|---|
certPath | required | File path to the TLS certificate file. |
keyPath | required | File path to the TLS key file. |
gRPC Mesh Interface
kind: io.l5d.mesh
A read-only interface providing NameInterpreter
functionality over the gRCP
protocol. Use Linkerd’s io.l5d.mesh
interpreter to resolve destinations via
this interface.
Key | Default Value | Description |
---|---|---|
ip | 0.0.0.0 |
The local IP address on which to serve the namer interface. |
port | 4321 |
The port number on which to server the namer interface. |
Http Controller
kind: io.l5d.httpController
The HTTP controller provides APIs for reading and writing dtabs, as well as for
viewing how names are resolved. This API can also be accessed using the
namerctl command line tool.
Additionally, this API provides an HTTP implementation of the NameInterpreter
interface. Use Linkerd’s io.l5d.namerd.http
interpreter to resolve
destinations via this interface.
Key | Default Value | Description |
---|---|---|
ip | loopback | The local IP address on which to serve the namer interface. |
port | 4180 |
The port number on which to serve the namer interface. |
GET /api/1/dtabs
Sample request
curl :4180/api/1/dtabs
Sample response
["default"]
Returns a list of all dtab namespaces.
Response Code | Description |
---|---|
200 | Ok |
Content-types: application/json
GET /api/1/dtabs/<namespace>
Sample request
curl :4180/api/1/dtabs/default
Sample response
[{"prefix":"/svc","dst":"/#/io.l5d.fs"}]
Returns the requested dtab. The dtab version is returned in the Etag response header.
Parameter | Type | Description |
---|---|---|
namespace | path | The dtab namespace to retrieve. |
watch | uri | If true, updates are returned as a streaming response. |
Accept | header | The requested content type for the dtab (application/dtab or application/json ). |
Response Code | Description |
---|---|
200 | Ok |
404 | Dtab namespace does not exist |
Content-types: application/json, application/dtab
POST /api/1/dtabs/<namespace>
Sample request
curl :4180/api/1/dtabs/pandoracorn -X POST -d '/foo => /bar' -H 'Content-Type: application/dtab'
Sample response (204 NO CONTENT)
Creates a new dtab with the given namespace. The post body should contain the dtab to create and can be in json or dtab format.
Parameter | Type | Description |
---|---|---|
namespace | path | The dtab namespace to create. |
Content-Type | header | The content type of the provided dtab (application/dtab or application/json ). |
N/A | post-body | The dtab to create. |
Response Code | Description |
---|---|
204 | Created |
400 | Dtab is malformed |
409 | Dtab namespace already exists |
PUT /api/1/dtabs/<namespace>
Sample request
curl :4180/api/1/dtabs/pandoracorn -X PUT -d '/bar => /bas' -H 'Content-Type: application/dtab'
Sample response (204 NO CONTENT)
Modifies an existing dtab. The post body should contain the updated dtab.
Parameter | Type | Description |
---|---|---|
namespace | path | The dtab namespace to update. |
Content-Type | header | The content type of the provided dtab (application/dtab or application/json ). |
If-Match | header | If provided, the update will only be applied if the If-Match header matches the current dtab version. This can be used to prevent conflicting updates. |
N/A | post-body | The dtab to create. |
Response Code | Description |
---|---|
204 | Updated |
400 | Dtab is malformed |
404 | Dtab namespace does not exist |
412 | If-Match header is provided and does not match the current dtab version |
DELETE /api/1/dtabs/<namespace>
Sample request
curl :4180/api/1/dtabs/pandoracorn -X DELETE
Sample response (204 NO CONTENT)
Deletes an existing dtab with the given namespace. Returns status code 404 if the dtab namespace does not exist.
Parameter | Type | Description |
---|---|---|
namespace | path | The dtab namespace to delete. |
Response Code | Description |
---|---|
204 | Deleted |
404 | Dtab namespace does not exist |
GET /api/1/bind/<namespace>
Sample request
curl ':4180/api/1/bind/default?path=/http/1.1/GET/default'
Sample response
{
"bound" : {
"addr" : {
"type" : "bound",
"meta" : {},
"addrs" : [
{
"meta" : {},
"ip" : "127.0.0.1",
"port" : 9990
}
]
},
"id" : "/#/io.l5d.fs/default",
"path" : "/"
},
"type" : "leaf"
}
Returns the bound tree for the given logical name in the context of the given namespace.
Parameter | Type | Description |
---|---|---|
namespace | path | The dtab namespace to use. |
path | uri | The logical name to bind. |
dtab | uri | Additional dtab entries to use, in application/dtab format. |
watch | uri | If true, updates are returned as a streaming response. |
Response Code | Description |
---|---|
200 | Ok |
400 | Path is malformed |
Content-types: application/json
GET /api/1/addr/<namespace>
Sample request
curl ':4180/api/1/addr/default?path=/%23/io.l5d.fs/default'
Sample response
{
"addrs" : [
{
"meta" : {},
"ip" : "127.0.0.1",
"port" : 9990
}
],
"meta" : {},
"type" : "bound"
}
Returns the addresses for a given concrete name.
Parameter | Type | Description |
---|---|---|
namespace | path | The dtab namespace to use. |
path | uri | The logical name to bind. |
watch | uri | If true, updates are returned as a streaming response. |
Response Code | Description |
---|---|
200 | Ok |
400 | Path is malformed |
Content-types: application/json
GET /api/1/resolve/<namespace>
Sample request
curl ':4180/api/1/bind/resolve?path=/http/1.1/GET/default'
Sample response
{
"type" : "bound",
"meta" : {},
"addrs" : [
{
"ip" : "127.0.0.1",
"meta" : {},
"port" : 9990
}
]
}
Returns the addresses for a given logical name. This is effectively a combination of the bind and addr APIs.
Parameter | Type | Description |
---|---|---|
namespace | path | The dtab namespace to use. |
path | uri | The logical name to bind. |
dtab | uri | Additional dtab entries to use, in application/dtab format. |
watch | uri | If true, updates are returned as a streaming response. |
Response Code | Description |
---|---|
200 | Ok |
400 | Path is malformed |
Content-types: application/json
GET /api/1/delegate/<namespace>
Sample request
curl ':4180/api/1/bind/delegate?path=/svc/default'
Sample response
{
"path" : "/svc/default",
"type" : "delegate",
"delegate" : {
"bound" : {
"path" : "/",
"addr" : {
"type" : "bound",
"addrs" : [
{
"meta" : {},
"ip" : "127.0.0.1",
"port" : 9990
}
],
"meta" : {}
},
"id" : "/#/io.l5d.fs/default"
},
"type" : "leaf",
"dentry" : {
"prefix" : "/svc",
"dst" : "/#/io.l5d.fs"
},
"path" : "/#/io.l5d.fs/default"
}
}
Returns a delegation tree for a given logical name which shows each step of the delegation process.
Parameter | Type | Description |
---|---|---|
namespace | path | The dtab namespace to use. |
path | uri | The logical name to bind. |
dtab | uri | Additional dtab entries to use, in application/dtab format. |
watch | uri | If true, updates are returned as a streaming response. |
Response Code | Description |
---|---|
200 | Ok |
400 | Path is malformed |
Content-types: application/json
GET /api/1/bound-names
Sample Request
curl :4180/api/1/bound-names
Sample Response
[
"/#/io.l5d.fs/default"
]
Returns a list of concrete names that namerd knows about.
Parameter | Type | Description |
---|---|---|
watch | uri | If true, updates are returned as a streaming response. |
Response Code | Description |
---|---|
200 | Ok |
Content-types: application/json
Storage
A storage object configures the namerd dtabStore which stores and retrieves dtabs. This object supports the following params:
Key | Default Value | Description |
---|---|---|
kind | required | Either io.l5d.inMemory , io.l5d.k8s , io.l5d.zk , io.l5d.etcd or io.l5d.consul . |
experimental | false |
Set this to true to enable the storage if it is experimental. |
In Memory
kind: io.l5d.inMemory
Stores the dtab in memory. Not suitable for production use.
Key | Default Value | Description |
---|---|---|
namespaces | empty map | A map of namespaces to corresponding dtabs. |
Kubernetes
kind: io.l5d.k8s
Stores the dtab with the Kubernetes master via the ThirdPartyResource APIs. Requires a cluster running Kubernetes 1.2+ with the ThirdPartyResource feature enabled.
Key | Default Value | Description |
---|---|---|
host | localhost |
The Kubernetes master host. |
port | 8001 |
The Kubernetes master port. |
namespace | default |
The Kubernetes namespace in which dtabs will be stored. This should usually be the same namespace in which namerd is running. |
How to check ThirdPartyResource is enabled
- Open
extensions/v1beta1
api -https://<k8s-cluster-host>/apis/extensions/v1beta1
. - Check that kind
ThirdPartyResource
exists in the response.
Example ThirdPartyResource response
{
"kind": "APIResourceList",
"groupVersion": "extensions/v1beta1",
"resources": [
...
{
"name": "thirdpartyresources",
"namespaced": false,
"kind": "ThirdPartyResource"
}
]
}
Example of configuration for ThirdPartyResource in Kubernetes
Use this configuration to create the ThirdPartyResource if it does not exist.
metadata:
name: d-tab.l5d.io # the hyphen is required by the Kubernetes API. This will be converted to the CamelCase name "DTab".
apiVersion: extensions/v1beta1
kind: ThirdPartyResource
description: stores dtabs used by Buoyant's `namerd` service
versions:
- name: v1alpha1 # Do not change this value as it hardcoded in Namerd and doesn't work with other value.
For a complete example configuration for Namerd
configured with k8s
storage,
see the linkerd-examples repo.
ZooKeeper
kind: io.l5d.zk
Stores the dtab in ZooKeeper.
Key | Default Value | Description |
---|---|---|
zkAddrs | required | A list of ZooKeeper addresses, each of which have host and port parameters. |
pathPrefix | /dtabs |
The ZooKeeper path under which dtabs should be stored. |
sessionTimeoutMs | 10000 |
ZooKeeper session timeout in milliseconds. |
authInfo | no auth when logging | Configures the authentication information to use when logging. See authInfo. |
acls | an empty list | A list of ACLs to set on each dtab znode created. See acls. |
authInfo
Key | Default Value | Description |
---|---|---|
scheme | required | The ZooKeeper auth scheme to use. |
auth | required | The ZooKeeper auth value to use. |
acls
Key | Default Value | Description |
---|---|---|
scheme | required | The ACL auth scheme to use. |
id | required | The ACL id to use. |
perms | required | A subset of the string “crwda” representing the permissions of this ACL. The characters represent create, read, write, delete, and admin, respectively. |
Etcd
kind: io.l5d.etcd
Stores the dtab in Etcd.
Key | Default Value | Description |
---|---|---|
experimental | required | Because this storage is still considered experimental, you must set this to true to use it. |
host | localhost |
The location of the etcd API. |
port | 2379 |
The port used to connect to the etcd API. |
pathPrefix | /namerd/dtabs |
The key path under which dtabs should be stored. |
Consul
kind: io.l5d.consul
Stores the dtab in Consul KV storage.
Key | Default Value | Description |
---|---|---|
host | localhost |
The location of the consul API. |
port | 8500 |
The port used to connect to the consul API. |
pathPrefix | /namerd/dtabs |
The key path under which dtabs should be stored. |
token | no auth | The auth token to use when making API calls. |
datacenter | uses agent’s datacenter | The datacenter to forward requests to. |
readConsistencyMode | default |
Select between Consul API consistency modes such as default , stale and consistent for reads. |
writeConsistencyMode | default |
Select between Consul API consistency modes such as default , stale and consistent for writes. |
failFast | false |
If false , disable fail fast and failure accrual for Consul client. Keep it false when using a local agent but change it to true when talking directly to an HA Consul API. |