index.md

API Reference

Packages

• networking.metal.ironcore.dev/v1alpha1
• nx.cisco.networking.metal.ironcore.dev/v1alpha1
• xe.cisco.networking.metal.ironcore.dev/v1alpha1
• xr.cisco.networking.metal.ironcore.dev/v1alpha1

networking.metal.ironcore.dev/v1alpha1

Package v1alpha1 contains API Schema definitions for the networking.metal.ironcore.dev v1alpha1 API group.

SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors SPDX-License-Identifier: Apache-2.0

Resource Types

• BGP
• BGPPeer
• Banner
• Certificate
• DNS
• Device
• EVPNInstance
• ISIS
• Interface
• LLDP
• ManagementAccess
• NTP
• NetworkVirtualizationEdge
• OSPF
• PIM
• PrefixSet
• RoutingPolicy
• SNMP
• Syslog
• User
• VLAN
• VRF

ACLAction

Underlying type: string

ACLAction represents the type of action that can be taken by an ACL rule.

Validation:

• Enum: [Permit Deny]

Appears in:

• ACLEntry

Field	Description
Permit	ActionPermit allows traffic that matches the rule.
Deny	ActionDeny blocks traffic that matches the rule.

ACLEntry

Appears in:

• AccessControlListSpec

Field	Description	Default	Validation
sequence integer	The sequence number of the ACL entry.		Minimum: 1 Required: {}
action ACLAction	The forwarding action of the ACL entry.		Enum: [Permit Deny] Required: {}
protocol Protocol	The protocol to match. If not specified, defaults to "IP". Available options are: ICMP, IP, OSPF, PIM, TCP, UDP.	IP	Enum: [ICMP IP OSPF PIM TCP UDP] Optional: {}
sourceAddress IPPrefix	Source IP address prefix. Can be IPv4 or IPv6. Use 0.0.0.0/0 (::/0) to represent 'any'.		Format: cidr Type: string Required: {}
destinationAddress IPPrefix	Destination IP address prefix. Can be IPv4 or IPv6. Use 0.0.0.0/0 (::/0) to represent 'any'.		Format: cidr Type: string Required: {}
description string	Description provides a human-readable description of the ACL entry.		MaxLength: 63 MinLength: 1 Optional: {}

AddressFamily

Underlying type: string

AddressFamily represents the address family of an ISIS instance.

Validation:

• Enum: [IPv4Unicast IPv6Unicast]

Appears in:

• ISISSpec

Field	Description
IPv4Unicast
IPv6Unicast

AddressFamilyStatus

AddressFamilyStatus defines the prefix exchange statistics for a single address family (e.g., IPv4-Unicast).

Appears in:

• BGPPeerStatus

Field	Description	Default	Validation
afiSafi BGPAddressFamilyType	AfiSafi identifies the address family and subsequent address family.		Enum: [IPv4Unicast IPv6Unicast L2vpnEvpn] Required: {}
acceptedPrefixes integer	AcceptedPrefixes is the number of prefixes received from the peer that have passed the inbound policy and are stored in the neighbor-specific table (Adj-RIB-In).		Minimum: 0 Optional: {}
advertisedPrefixes integer	AdvertisedPrefixes is the number of prefixes currently being advertised to the peer after passing the outbound policy. This reflects the state of the outbound routing table for the peer (Adj-RIB-Out).		Minimum: 0 Optional: {}

AdminState

Underlying type: string

AdminState represents the administrative state of a resource. This type is used across multiple resources including interfaces, protocols (BGP, OSPF, ISIS, PIM), and system services (NTP, DNS) to indicate whether these are administratively enabled or disabled.

Validation:

• Enum: [Up Down]

Appears in:

• BGPPeerSpec
• BGPSpec
• BorderGatewaySpec
• DNSSpec
• ISISSpec
• InterfaceSpec
• LLDPInterface
• LLDPSpec
• NTPSpec
• NetworkVirtualizationEdgeSpec
• OSPFSpec
• PIMSpec
• Peer
• VLANSpec
• VPCDomainSpec

Field	Description
Up	AdminStateUp indicates that the resource is administratively enabled.
Down	AdminStateDown indicates that the resource is administratively disabled.

Aggregation

Appears in:

• InterfaceSpec

Field	Description	Default	Validation
memberInterfaceRefs LocalObjectReference array	MemberInterfaceRefs is a list of interface references that are part of the aggregate interface.		MaxItems: 32 MinItems: 1 Required: {}
controlProtocol ControlProtocol	ControlProtocol defines the lacp configuration for the aggregate interface.	{ mode:Active }	Optional: {}
multichassis MultiChassis	Multichassis defines the multichassis configuration for the aggregate interface.		Optional: {}

AnycastGateway

AnycastGateway defines distributed anycast gateway configuration. Multiple NVEs in the fabric share the same virtual MAC address, enabling active-active default gateway redundancy for hosts.

Appears in:

• NetworkVirtualizationEdgeSpec

Field	Description	Default	Validation
virtualMAC string	VirtualMAC is the shared MAC address used by all NVEs in the fabric for anycast gateway functionality on RoutedVLAN (SVI) interfaces. All switches in the fabric must use the same MAC address. Format: IEEE 802 MAC-48 address (e.g., "00:00:5E:00:01:01")		Pattern: ^([0-9A-Fa-f]\{2\}:)\{5\}[0-9A-Fa-f]\{2\}$ Required: {}

BFD

BFD defines the Bidirectional Forwarding Detection configuration for an interface.

Appears in:

• InterfaceSpec

Field	Description	Default	Validation
enabled boolean	Enabled indicates whether BFD is enabled on the interface.		Required: {}
desiredMinimumTxInterval Duration	DesiredMinimumTxInterval is the minimum interval between transmission of BFD control packets that the operator desires. This value is advertised to the peer. The actual interval used is the maximum of this value and the remote required-minimum-receive interval value.		Pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ Type: string Optional: {}
requiredMinimumReceive Duration	RequiredMinimumReceive is the minimum interval between received BFD control packets that this system should support. This value is advertised to the remote peer to indicate the maximum frequency between BFD control packets that is acceptable to the local system.		Pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ Type: string Optional: {}
detectionMultiplier integer	DetectionMultiplier is the number of packets that must be missed to declare this session as down. The detection interval for the BFD session is calculated by multiplying the value of the negotiated transmission interval by this value.		Maximum: 255 Minimum: 1 Optional: {}

BGP

BGP is the Schema for the bgp API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	BGP
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec BGPSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status BGPStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

BGPAddressFamilies

BGPAddressFamilies defines the configuration for supported BGP address families.

Appears in:

• BGPSpec

Field	Description	Default	Validation
ipv4Unicast BGPAddressFamily	Ipv4Unicast configures IPv4 unicast address family support. Enables exchange of IPv4 unicast routes between BGP peers.		Optional: {}
ipv6Unicast BGPAddressFamily	Ipv6Unicast configures IPv6 unicast address family support. Enables exchange of IPv6 unicast routes between BGP peers.		Optional: {}
l2vpnEvpn BGPL2vpnEvpn	L2vpnEvpn configures L2VPN EVPN address family support. Enables exchange of Ethernet VPN routes for overlay network services.		Optional: {}

BGPAddressFamily

BGPAddressFamily defines common configuration for a BGP address family.

Appears in:

• BGPAddressFamilies
• BGPL2vpnEvpn

Field	Description	Default	Validation
enabled boolean	Enabled determines whether this address family is activated for BGP sessions. When false, the address family is not negotiated with peers.		Optional: {}
multipath BGPMultipath	Multipath configures address family specific multipath behavior. When specified, overrides global multipath settings for this address family.		Optional: {}

BGPAddressFamilyType

Underlying type: string

BGPAddressFamilyType represents the BGP address family identifier (AFI/SAFI combination).

Validation:

• Enum: [IPv4Unicast IPv6Unicast L2vpnEvpn]

Appears in:

• AddressFamilyStatus

Field	Description
IPv4Unicast	BGPAddressFamilyIpv4Unicast represents the IPv4 Unicast address family (AFI=1, SAFI=1).
IPv6Unicast	BGPAddressFamilyIpv6Unicast represents the IPv6 Unicast address family (AFI=2, SAFI=1).
L2vpnEvpn	BGPAddressFamilyL2vpnEvpn represents the L2VPN EVPN address family (AFI=25, SAFI=70).

BGPCommunityType

Underlying type: string

BGPCommunityType represents the type of BGP community attributes that can be sent to peers.

Validation:

• Enum: [Standard Extended Both]

Appears in:

• BGPPeerAddressFamily

Field	Description
Standard	BGPCommunityTypeStandard sends only standard community attributes (RFC 1997)
Extended	BGPCommunityTypeExtended sends only extended community attributes (RFC 4360)
Both	BGPCommunityTypeBoth sends both standard and extended community attributes

BGPL2vpnEvpn

BGPL2vpnEvpn defines the configuration for L2VPN EVPN address family.

Appears in:

• BGPAddressFamilies

Field	Description	Default	Validation
enabled boolean	Enabled determines whether this address family is activated for BGP sessions. When false, the address family is not negotiated with peers.		Optional: {}
multipath BGPMultipath	Multipath configures address family specific multipath behavior. When specified, overrides global multipath settings for this address family.		Optional: {}
routeTargetPolicy BGPRouteTargetPolicy	RouteTargetPolicy configures route target filtering behavior for EVPN routes. Controls which routes are retained based on route target matching.		Optional: {}

BGPMultipath

BGPMultipath defines the configuration for BGP multipath behavior.

Appears in:

• BGPAddressFamily
• BGPL2vpnEvpn

Field	Description	Default	Validation
enabled boolean	Enabled determines whether BGP is allowed to use multiple paths for forwarding. When false, BGP will only use a single best path regardless of multiple equal-cost paths.		Optional: {}
ebgp BGPMultipathEbgp	Ebgp configures multipath behavior for external BGP (eBGP) paths.		Optional: {}
ibgp BGPMultipathIbgp	Ibgp configures multipath behavior for internal BGP (iBGP) paths.		Optional: {}

BGPMultipathEbgp

BGPMultipathEbgp defines the configuration for eBGP multipath behavior.

Appears in:

• BGPMultipath

Field	Description	Default	Validation
allowMultipleAs boolean	AllowMultipleAs enables the use of multiple paths with different AS paths for eBGP. When true, relaxes the requirement that multipath candidates must have identical AS paths. This corresponds to the "RelaxAs" mode.		Optional: {}
maximumPaths integer	MaximumPaths sets the maximum number of eBGP paths that can be used for multipath load balancing. Valid range is 1-64 when specified. When omitted, no explicit limit is configured.		Maximum: 64 Minimum: 1 Optional: {}

BGPMultipathIbgp

BGPMultipathIbgp defines the configuration for iBGP multipath behavior.

Appears in:

• BGPMultipath

Field	Description	Default	Validation
maximumPaths integer	MaximumPaths sets the maximum number of iBGP paths that can be used for multipath load balancing. Valid range is 1-64 when specified. When omitted, no explicit limit is configured.		Maximum: 64 Minimum: 1 Optional: {}

BGPPeer

BGPPeer is the Schema for the bgppeers API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	BGPPeer
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec BGPPeerSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status BGPPeerStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

BGPPeerAddressFamilies

BGPPeerAddressFamilies defines the address family specific configuration for a BGP peer.

Appears in:

• BGPPeerSpec

Field	Description	Default	Validation
ipv4Unicast BGPPeerAddressFamily	Ipv4Unicast configures IPv4 unicast address family settings for this peer. Controls IPv4 unicast route exchange and peer-specific behavior.		Optional: {}
ipv6Unicast BGPPeerAddressFamily	Ipv6Unicast configures IPv6 unicast address family settings for this peer. Controls IPv6 unicast route exchange and peer-specific behavior.		Optional: {}
l2vpnEvpn BGPPeerAddressFamily	L2vpnEvpn configures L2VPN EVPN address family settings for this peer. Controls EVPN route exchange and peer-specific behavior.		Optional: {}

BGPPeerAddressFamily

BGPPeerAddressFamily defines common configuration for a BGP peer's address family.

Appears in:

• BGPPeerAddressFamilies

Field	Description	Default	Validation
enabled boolean	Enabled determines whether this address family is activated for this specific peer. When false, the address family is not negotiated with this peer. Defaults to false.		Optional: {}
sendCommunity BGPCommunityType	SendCommunity specifies which community attributes should be sent to this BGP peer for this address family. If not specified, no community attributes are sent.		Enum: [Standard Extended Both] Optional: {}
routeReflectorClient boolean	RouteReflectorClient indicates whether this peer should be treated as a route reflector client for this specific address family. Defaults to false.		Optional: {}

BGPPeerLocalAddress

BGPPeerLocalAddress defines the local address configuration for a BGP peer.

Appears in:

• BGPPeerSpec

Field	Description	Default	Validation
interfaceRef LocalObjectReference	InterfaceRef is a reference to an Interface resource whose IP address will be used as the source address for BGP packets sent to this peer. The Interface object must exist in the same namespace.		Required: {}

BGPPeerSessionState

Underlying type: string

BGPPeerSessionState represents the operational state of a BGP peer session.

Validation:

• Enum: [Idle Connect Active OpenSent OpenConfirm Established Unknown]

Appears in:

• BGPPeerStatus

Field	Description
Idle	BGPPeerSessionStateIdle indicates the peer is down and in the idle state of the FSM.
Connect	BGPPeerSessionStateConnect indicates the peer is down and the session is waiting for the underlying transport session to be established.
Active	BGPPeerSessionStateActive indicates the peer is down and the local system is awaiting a connection from the remote peer.
OpenSent	BGPPeerSessionStateOpenSent indicates the peer is in the process of being established. The local system has sent an OPEN message.
OpenConfirm	BGPPeerSessionStateOpenConfirm indicates the peer is in the process of being established. The local system is awaiting a NOTIFICATION or KEEPALIVE message.
Established	BGPPeerSessionStateEstablished indicates the peer is up - the BGP session with the peer is established.
Unknown	BGPPeerSessionStateUnknown indicates the peer state is unknown.

BGPPeerSpec

BGPPeerSpec defines the desired state of BGPPeer

Appears in:

• BGPPeer

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the BGP to its provider-specific configuration.		Optional: {}
adminState AdminState	AdminState indicates whether this BGP peer is administratively up or down. When Down, the BGP session with this peer is administratively shut down.	Up	Enum: [Up Down] Optional: {}
address string	Address is the IPv4 address of the BGP peer.		Format: ipv4 Required: {}
asNumber IntOrString	ASNumber is the autonomous system number (ASN) of the BGP peer. Supports both plain format (1-4294967295) and dotted notation (1-65535.0-65535) as per RFC 5396.		Required: {}
description string	Description is an optional human-readable description for this BGP peer. This field is used for documentation purposes and may be displayed in management interfaces.		Optional: {}
localAddress BGPPeerLocalAddress	LocalAddress specifies the local address configuration for the BGP session with this peer. This determines the source address/interface for BGP packets sent to this peer.		Optional: {}
addressFamilies BGPPeerAddressFamilies	AddressFamilies configures address family specific settings for this BGP peer. Controls which address families are enabled and their specific configuration.		Optional: {}

BGPPeerStatus

BGPPeerStatus defines the observed state of BGPPeer.

Appears in:

• BGPPeer

Field	Description	Default	Validation
sessionState BGPPeerSessionState	SessionState is the current operational state of the BGP session.		Enum: [Idle Connect Active OpenSent OpenConfirm Established Unknown] Optional: {}
lastEstablishedTime Time	LastEstablishedTime is the timestamp when the BGP session last transitioned to the ESTABLISHED state. A frequently changing timestamp indicates session instability (flapping).		Optional: {}
advertisedPrefixesSummary string	AdvertisedPrefixesSummary provides a human-readable summary of advertised prefixes across all address families (e.g., "10 (IPv4Unicast), 5 (IPv6Unicast)"). This field is computed by the controller from the AddressFamilies field.		Optional: {}
addressFamilies AddressFamilyStatus array	AddressFamilies contains per-address-family statistics for this peer. Only address families that are enabled and negotiated with the peer are included.		Optional: {}
observedGeneration integer	ObservedGeneration reflects the .metadata.generation that was last processed by the controller.		Optional: {}
conditions Condition array	The conditions are a list of status objects that describe the state of the BGP.		Optional: {}

BGPRouteTargetPolicy

BGPRouteTargetPolicy defines the policy for route target filtering in EVPN.

Appears in:

• BGPL2vpnEvpn

Field	Description	Default	Validation
retainAll boolean	RetainAll controls whether all route targets are retained regardless of import policy.		Optional: {}

BGPSpec

BGPSpec defines the desired state of BGP

Appears in:

• BGP

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the BGP to its provider-specific configuration.		Optional: {}
adminState AdminState	AdminState indicates whether this BGP router is administratively up or down.	Up	Enum: [Up Down] Optional: {}
asNumber IntOrString	ASNumber is the autonomous system number (ASN) for the BGP router. Supports both plain format (1-4294967295) and dotted notation (1-65535.0-65535) as per RFC 5396.		Required: {}
routerId string	RouterID is the BGP router identifier, used in BGP messages to identify the originating router. Follows dotted quad notation (IPv4 format).		Format: ipv4 Required: {}
addressFamilies BGPAddressFamilies	AddressFamilies configures supported BGP address families and their specific settings.		Optional: {}

BGPStatus

BGPStatus defines the observed state of BGP.

Appears in:

• BGP

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the BGP.		Optional: {}

Banner

Banner is the Schema for the banners API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	Banner
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec BannerSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status BannerStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

BannerSpec

BannerSpec defines the desired state of Banner

Appears in:

• Banner

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Banner to its provider-specific configuration.		Optional: {}
type BannerType	Type specifies the banner type to configure, either PreLogin or PostLogin. Immutable.	PreLogin	Enum: [PreLogin PostLogin] Optional: {}
message TemplateSource	Message is the banner message to display.		Required: {}

BannerStatus

BannerStatus defines the observed state of Banner.

Appears in:

• Banner

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the Banner.		Optional: {}

BannerType

Underlying type: string

BannerType represents the type of banner to configure

Validation:

• Enum: [PreLogin PostLogin]

Appears in:

• BannerSpec

Field	Description
PreLogin	BannerTypePreLogin represents the login banner displayed before user authentication. This corresponds to the openconfig-system login-banner leaf.
PostLogin	BannerTypePostLogin represents the message banner displayed after user authentication. This corresponds to the openconfig-system motd-banner leaf.

BgpActions

BgpActions defines BGP-specific actions for a policy statement.

Appears in:

• PolicyActions

Field	Description	Default	Validation
setCommunity SetCommunityAction	SetCommunity configures BGP standard community attributes.		Optional: {}
setExtCommunity SetExtCommunityAction	SetExtCommunity configures BGP extended community attributes.		Optional: {}

Certificate

Certificate is the Schema for the certificates API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	Certificate
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec CertificateSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status CertificateStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

CertificateSource

CertificateSource represents a source for the value of a certificate.

Appears in:

• TLS

Field	Description	Default	Validation
secretRef SecretReference	Secret containing the certificate. The secret must be of type kubernetes.io/tls and as such contain the following keys: 'tls.crt' and 'tls.key'.		Required: {}

CertificateSpec

CertificateSpec defines the desired state of Certificate

Appears in:

• Certificate

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Certificate to its provider-specific configuration.		Optional: {}
id string	The certificate management id. Immutable.		MaxLength: 63 MinLength: 1 Required: {}
secretRef SecretReference	Secret containing the certificate source. The secret must be of type kubernetes.io/tls and as such contain the following keys: 'tls.crt' and 'tls.key'.		Required: {}

CertificateStatus

CertificateStatus defines the observed state of Certificate.

Appears in:

• Certificate

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the Certificate.		Optional: {}

ChecksumType

Underlying type: string

ChecksumType defines the type of checksum used for image verification.

Validation:

• Enum: [SHA256 MD5]

Appears in:

• Image

Field	Description
SHA256
MD5

ConfigMapKeySelector

ConfigMapKeySelector contains enough information to select a key of a ConfigMap.

Appears in:

• TemplateSource

Field	Description	Default	Validation
name string	Name is unique within a namespace to reference a configmap resource.		MaxLength: 253 MinLength: 1 Required: {}
namespace string	Namespace defines the space within which the configmap name must be unique. If omitted, the namespace of the object being reconciled will be used.		MaxLength: 63 MinLength: 1 Optional: {}
key string	Key is the of the entry in the configmap resource's data or binaryData field to be used.		MaxLength: 253 MinLength: 1 Required: {}

ConfigMapReference

ConfigMapReference represents a ConfigMap Reference. It has enough information to retrieve a ConfigMap in any namespace.

Appears in:

• ConfigMapKeySelector

Field	Description	Default	Validation
name string	Name is unique within a namespace to reference a configmap resource.		MaxLength: 253 MinLength: 1 Required: {}
namespace string	Namespace defines the space within which the configmap name must be unique. If omitted, the namespace of the object being reconciled will be used.		MaxLength: 63 MinLength: 1 Optional: {}

ControlProtocol

Appears in:

• Aggregation

Field	Description	Default	Validation
mode LACPMode	Mode defines the LACP mode for the aggregate interface.		Enum: [Active Passive] Required: {}

DNS

DNS is the Schema for the dns API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	DNS
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec DNSSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status DNSStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

DNSSpec

DNSSpec defines the desired state of DNS

Appears in:

• DNS

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the DNS to its provider-specific configuration.		Optional: {}
adminState AdminState	AdminState indicates whether DNS is administratively up or down.	Up	Enum: [Up Down] Optional: {}
domain string	Default domain name that the device uses to complete unqualified hostnames.		Format: hostname MaxLength: 253 MinLength: 1 Required: {}
servers NameServer array	A list of DNS servers to use for address resolution.		MaxItems: 6 MinItems: 1 Optional: {}
sourceInterfaceName string	Source interface for all DNS traffic.		MaxLength: 63 MinLength: 1 Optional: {}

DNSStatus

DNSStatus defines the observed state of DNS.

Appears in:

• DNS

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the DNS.		Optional: {}

Device

Device is the Schema for the devices API.

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	Device
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec DeviceSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status DeviceStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

DevicePhase

Underlying type: string

DevicePhase represents the current phase of the Device as it's being provisioned and managed by the operator.

Validation:

• Enum: [Pending Provisioning Running Failed Provisioned]

Appears in:

• DeviceStatus

Field	Description
Pending	DevicePhasePending indicates that the device is pending and has not yet been provisioned.
Provisioning	DevicePhaseProvisioning indicates that the device is being provisioned.
Provisioned	DevicePhaseProvisioned indicates that the device provisioning has completed and the operator is performing post-provisioning tasks.
Running	DevicePhaseRunning indicates that the device has been successfully provisioned and is now ready for use.
Failed	DevicePhaseFailed indicates that the device provisioning has failed.

DevicePort

Appears in:

• DeviceStatus

Field	Description	Default	Validation
name string	Name is the name of the port.		Required: {}
type string	Type is the type of the port, e.g. "10g".		Optional: {}
supportedSpeedsGbps integer array	SupportedSpeedsGbps is the list of supported speeds in Gbps for this port.		Optional: {}
transceiver string	Transceiver is the type of transceiver plugged into the port, if any.		Optional: {}
interfaceName LocalObjectReference	InterfaceRef is the reference to the corresponding Interface resource configuring this port, if any.		Optional: {}

DeviceSpec

DeviceSpec defines the desired state of Device.

Appears in:

• Device

Field	Description	Default	Validation
paused boolean	Paused can be used to prevent controllers from processing the Device and its associated objects.		Optional: {}
endpoint Endpoint	Endpoint contains the connection information for the device.		Required: {}
provisioning Provisioning	Provisioning is an optional configuration for the device provisioning process. It can be used to provide initial configuration templates or scripts that are applied during the device provisioning.		Optional: {}

DeviceStatus

DeviceStatus defines the observed state of Device.

Appears in:

• Device

Field	Description	Default	Validation
phase DevicePhase	Phase represents the current phase of the Device.	Pending	Enum: [Pending Provisioning Running Failed Provisioned] Required: {}
manufacturer string	Manufacturer is the manufacturer of the Device.		Optional: {}
model string	Model is the model identifier of the Device.		Optional: {}
serialNumber string	SerialNumber is the serial number of the Device.		Optional: {}
firmwareVersion string	FirmwareVersion is the firmware version running on the Device.		Optional: {}
provisioning ProvisioningInfo array	Provisioning is the list of provisioning attempts for the Device.		Optional: {}
ports DevicePort array	Ports is the list of ports on the Device.		Optional: {}
portSummary string	PostSummary shows a summary of the port configured, grouped by type, e.g. "1/4 (10g), 3/64 (100g)".		Optional: {}
conditions Condition array	The conditions are a list of status objects that describe the state of the Device.		Optional: {}

EVPNInstance

EVPNInstance is the Schema for the evpninstances API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	EVPNInstance
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec EVPNInstanceSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status EVPNInstanceStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

EVPNInstanceSpec

EVPNInstanceSpec defines the desired state of EVPNInstance

It models an EVPN instance (EVI) context on a single network device based on VXLAN encapsulation and the VLAN-based service type defined in [RFC 8365]. [RFC 8365]: https://datatracker.ietf.org/doc/html/rfc8365

Appears in:

• EVPNInstance

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the BGP to its provider-specific configuration.		Optional: {}
vni integer	VNI is the VXLAN Network Identifier. Immutable.		Maximum: 1.6777214e+07 Minimum: 1 Required: {}
type EVPNInstanceType	Type specifies the EVPN instance type. Immutable.		Enum: [Bridged Routed] Required: {}
multicastGroupAddress string	MulticastGroupAddress specifies the IPv4 multicast group address used for BUM (Broadcast, Unknown unicast, Multicast) traffic. The address must be in the valid multicast range (224.0.0.0 - 239.255.255.255).		Format: ipv4 Optional: {}
routeDistinguisher string	RouteDistinguisher is the route distinguisher for the EVI. Formats supported: - Type 0: ASN(0-65535):Number(0-4294967295) - Type 1: IPv4:Number(0-65535) - Type 2: ASN(65536-4294967295):Number(0-65535)		Optional: {}
routeTargets EVPNRouteTarget array	RouteTargets is the list of route targets for the EVI.		MinItems: 1 Optional: {}
vlanRef LocalObjectReference	VLANRef is a reference to a VLAN resource for which this EVPNInstance builds the MAC-VRF. This field is only applicable when Type is Bridged (L2VNI). The VLAN resource must exist in the same namespace. Immutable.		Optional: {}

EVPNInstanceStatus

EVPNInstanceStatus defines the observed state of EVPNInstance.

Appears in:

• EVPNInstance

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the EVPNInstance.		Optional: {}

EVPNInstanceType

Underlying type: string

EVPNInstanceType defines the type of EVPN instance.

Validation:

• Enum: [Bridged Routed]

Appears in:

• EVPNInstanceSpec

Field	Description
Bridged	EVPNInstanceTypeBridged represents an L2VNI (MAC-VRF) EVPN instance. Corresponds to OpenConfig network-instance type L2VSI.
Routed	EVPNInstanceTypeRouted represents an L3VNI (IP-VRF) EVPN instance. Corresponds to OpenConfig network-instance type L3VRF.

EVPNRouteTarget

Appears in:

• EVPNInstanceSpec

Field	Description	Default	Validation
value string	Value is the route target value, must have the format as RouteDistinguisher.		MinLength: 1 Required: {}
action RouteTargetAction	Action defines whether the route target is imported, exported, or both.		Enum: [Import Export Both] Required: {}

Endpoint

Endpoint contains the connection information for the device.

Appears in:

• DeviceSpec

Field	Description	Default	Validation
address string	Address is the management address of the device provided in IP:Port format.		Pattern: ^(\d\{1,3\}\.)\{3\}\d\{1,3\}:\d\{1,5\}$ Required: {}
secretRef SecretReference	SecretRef is name of the authentication secret for the device containing the username and password. The secret must be of type kubernetes.io/basic-auth and as such contain the following keys: 'username' and 'password'.		Optional: {}
tls TLS	Transport credentials for grpc connection to the switch.		Optional: {}

Ethernet

Ethernet defines the ethernet-specific configuration for physical interfaces.

Appears in:

• InterfaceSpec

Field	Description	Default	Validation
fecMode FECMode	FECMode specifies the Forward Error Correction mode for the interface. FEC provides error detection and correction at the physical layer, improving link reliability. When not specified, the FEC mode defaults to "auto" where the device negotiates the appropriate mode.		Enum: [FC RS528 Disabled] Optional: {}

FECMode

Underlying type: string

FECMode represents the Forward Error Correction mode for Ethernet Interfaces.

Validation:

• Enum: [FC RS528 Disabled]

Appears in:

• Ethernet

Field	Description
FC	FECModeFC indicates IEEE 802.3 Clause 74 Fire Code FEC for NRZ modulation (<100G).
RS528	FECModeRS528 indicates IEEE 802.3 Clause 91 Reed-Solomon FEC (528,514) for NRZ modulation.
Disabled	FECModeDisabled indicates FEC is administratively disabled.

GNMI

Appears in:

• GRPC

Field	Description	Default	Validation
maxConcurrentCall integer	The maximum number of concurrent gNMI calls that can be made to the gRPC server on the switch for each VRF. Configure a limit from 1 through 16. The default limit is 8.	8	ExclusiveMaximum: false Maximum: 16 Minimum: 1 Optional: {}
keepAliveTimeout Duration	Configure the keepalive timeout for inactive or unauthorized connections. The gRPC agent is expected to periodically send an empty response to the client, on which the client is expected to respond with an empty request. If the client does not respond within the keepalive timeout, the gRPC agent should close the connection. The default interval value is 10 minutes.	10m	Pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ Type: string Optional: {}

GRPC

Appears in:

• ManagementAccessSpec

Field	Description	Default	Validation
enabled boolean	Enable or disable the gRPC server on the device. If not specified, the gRPC server is enabled by default.	true	Optional: {}
port integer	The TCP port on which the gRPC server should listen. The range of port-id is from 1024 to 65535. Port 9339 is the default.	9339	ExclusiveMaximum: false Maximum: 65535 Minimum: 1024 Optional: {}
certificateId string	Name of the certificate that is associated with the gRPC service. The certificate is provisioned through other interfaces on the device, such as e.g. the gNOI certificate management service.		MaxLength: 63 MinLength: 1 Optional: {}
vrfName string	Enable the gRPC agent to accept incoming (dial-in) RPC requests from a given vrf.		MaxLength: 63 MinLength: 1 Optional: {}
gnmi GNMI	Additional gNMI configuration for the gRPC server. This may not be supported by all devices.	{ keepAliveTimeout:10m maxConcurrentCall:8 }	Optional: {}

HostReachabilityType

Underlying type: string

HostReachabilityType defines the method used for host reachability.

Validation:

• Enum: [FloodAndLearn BGP]

Appears in:

• NetworkVirtualizationEdgeSpec

Field	Description
BGP	HostReachabilityTypeBGP uses BGP EVPN control-plane for MAC/IP advertisement.
FloodAndLearn	HostReachabilityTypeFloodAndLearn uses data-plane learning for MAC addresses.

IPPrefix

IPPrefix represents an IP prefix in CIDR notation. It is used to define a range of IP addresses in a network.

Validation:

• Format: cidr
• Type: string

Appears in:

• ACLEntry
• InterfaceIPv4
• MulticastGroups
• PrefixEntry
• RendezvousPoint

ISIS

ISIS is the Schema for the isis API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	ISIS
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec ISISSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status ISISStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

ISISLevel

Underlying type: string

ISISLevel represents the level of an ISIS instance.

Validation:

• Enum: [Level1 Level2 Level1-2]

Appears in:

• ISISSpec

Field	Description
Level1
Level2
Level1-2

ISISSpec

ISISSpec defines the desired state of ISIS

Appears in:

• ISIS

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Interface to its provider-specific configuration.		Optional: {}
adminState AdminState	AdminState indicates whether the ISIS instance is administratively up or down.	Up	Enum: [Up Down] Optional: {}
instance string	Instance is the name of the ISIS instance.		MaxLength: 63 MinLength: 1 Required: {}
networkEntityTitle string	NetworkEntityTitle is the NET of the ISIS instance.		Pattern: ^[a-fA-F0-9]\{2\}(\.[a-fA-F0-9]\{4\})\{3,9\}\.[a-fA-F0-9]\{2\}$ Required: {}
type ISISLevel	Type indicates the level of the ISIS instance.		Enum: [Level1 Level2 Level1-2] Required: {}
overloadBit OverloadBit	OverloadBit indicates the overload bit of the ISIS instance.	Never	Enum: [Always Never OnStartup] Optional: {}
addressFamilies AddressFamily array	AddressFamilies is a list of address families for the ISIS instance.		Enum: [IPv4Unicast IPv6Unicast] MaxItems: 2 MinItems: 1 Required: {}
interfaceRefs LocalObjectReference array	InterfaceRefs is a list of interfaces that are part of the ISIS instance.		Optional: {}

ISISStatus

ISISStatus defines the observed state of ISIS.

Appears in:

• ISIS

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the ISIS.		Optional: {}

Image

Appears in:

• Provisioning

Field	Description	Default	Validation
url string	URL is the location of the image to be used for provisioning.		Required: {}
checksum string	Checksum is the checksum of the image for verification. kubebuilder:validation:MinLength=1		Required: {}
checksumType ChecksumType	ChecksumType is the type of the checksum (e.g., sha256, md5).	MD5	Enum: [SHA256 MD5] Required: {}

Interface

Interface is the Schema for the interfaces API.

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	Interface
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec InterfaceSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status InterfaceStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

InterfaceIPv4

InterfaceIPv4 defines the IPv4 configuration for an interface.

Appears in:

• InterfaceSpec

Field	Description	Default	Validation
addresses IPPrefix array	Addresses defines the list of IPv4 addresses assigned to the interface. The first address in the list is considered the primary address, and any additional addresses are considered secondary addresses.		Format: cidr MinItems: 1 Type: string Optional: {}
unnumbered InterfaceIPv4Unnumbered	Unnumbered defines the unnumbered interface configuration. When specified, the interface borrows the IP address from another interface.		Optional: {}
anycastGateway boolean	AnycastGateway enables distributed anycast gateway functionality. When enabled, this interface uses the virtual MAC configured in the device's NVE resource for active-active default gateway redundancy. Only applicable for RoutedVLAN interfaces in EVPN/VXLAN fabrics.	false	Optional: {}

InterfaceIPv4Unnumbered

InterfaceIPv4Unnumbered defines the unnumbered interface configuration. An unnumbered interface borrows the IP address from another interface, allowing the interface to function without its own IP address assignment.

Appears in:

• InterfaceIPv4

Field	Description	Default	Validation
interfaceRef LocalObjectReference	InterfaceRef is a reference to the interface from which to borrow the IP address. The referenced interface must exist and have at least one IPv4 address configured.		Required: {}

InterfaceSpec

InterfaceSpec defines the desired state of Interface.

Appears in:

• Interface

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Interface to its provider-specific configuration.		Optional: {}
name string	Name is the name of the interface.		MaxLength: 255 MinLength: 1 Required: {}
adminState AdminState	AdminState indicates whether the interface is administratively up or down.	Up	Enum: [Up Down] Optional: {}
description string	Description provides a human-readable description of the interface.		MaxLength: 255 Optional: {}
type InterfaceType	Type indicates the type of the interface.		Enum: [Physical Loopback Aggregate RoutedVLAN] Required: {}
mtu integer	MTU (Maximum Transmission Unit) specifies the size of the largest packet that can be sent over the interface.		Maximum: 9216 Minimum: 576 Optional: {}
switchport Switchport	Switchport defines the switchport configuration for the interface. This is only applicable for Ethernet and Aggregate interfaces.		Optional: {}
ipv4 InterfaceIPv4	IPv4 defines the IPv4 configuration for the interface.		Optional: {}
aggregation Aggregation	Aggregation defines the aggregation (bundle) configuration for the interface. This is only applicable for interfaces of type Aggregate.		Optional: {}
vlanRef LocalObjectReference	VlanRef is a reference to the VLAN resource that this interface provides routing for. This is only applicable for interfaces of type RoutedVLAN. The referenced VLAN must exist in the same namespace.		Optional: {}
vrfRef LocalObjectReference	VrfRef is a reference to the VRF resource that this interface belongs to. If not specified, the interface will be part of the default VRF. This is only applicable for Layer 3 interfaces. The referenced VRF must exist in the same namespace.		Optional: {}
bfd BFD	BFD defines the Bidirectional Forwarding Detection configuration for the interface. BFD is only applicable for Layer 3 interfaces.		Optional: {}
ethernet Ethernet	Ethernet defines the ethernet-specific configuration for physical interfaces. This configuration is only applicable to Physical interfaces. When omitted, ethernet parameters use their default values (e.g., FEC mode defaults to auto).		Optional: {}

InterfaceStatus

InterfaceStatus defines the observed state of Interface.

Appears in:

• Interface

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the Interface.		Optional: {}
memberOf LocalObjectReference	MemberOf references the aggregate interface this interface is a member of, if any. This field only applies to physical interfaces that are part of an aggregate interface.		Optional: {}

InterfaceType

Underlying type: string

InterfaceType represents the type of the interface.

Validation:

• Enum: [Physical Loopback Aggregate RoutedVLAN]

Appears in:

• InterfaceSpec

Field	Description
Physical	InterfaceTypePhysical indicates that the interface is a physical/ethernet interface.
Loopback	InterfaceTypeLoopback indicates that the interface is a loopback interface.
Aggregate	InterfaceTypeAggregate indicates that the interface is an aggregate (bundle) interface.
RoutedVLAN	InterfaceTypeRoutedVLAN indicates that the interface is a routed VLAN interface (SVI/IRB).

LACPMode

Underlying type: string

LACPMode represents the LACP mode of an interface.

Validation:

• Enum: [Active Passive]

Appears in:

• ControlProtocol

Field	Description
Active	LACPModeActive indicates that LACP is in active mode.
Passive	LACPModePassive indicates that LACP is in passive mode.

LLDP

LLDP is the Schema for the lldps API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	LLDP
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec LLDPSpec			Required: {}
status LLDPStatus			Optional: {}

LLDPInterface

Appears in:

• LLDPSpec

Field	Description	Default	Validation
name string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names		MaxLength: 63 MinLength: 1 Required: {}
adminState AdminState	AdminState indicates whether LLDP is administratively up or down on this interface. This will be ignored if LLDP is configured to be administratively down system-wide.	Up	Enum: [Up Down] Optional: {}

LLDPSpec

LLDPSpec defines the desired state of LLDP

Appears in:

• LLDP

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration for this LLDP. If not specified the provider applies the target platform's default settings.		Optional: {}
adminState AdminState	AdminState indicates whether LLDP is system-wide administratively up or down.		Enum: [Up Down] Required: {}
interfaceRefs LLDPInterface array	InterfaceRefs is a list of interfaces and their LLDP configuration.		Optional: {}

LLDPStatus

LLDPStatus defines the observed state of LLDP.

Appears in:

• LLDP

Field	Description	Default	Validation
conditions Condition array	conditions represent the current state of the LLDP resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The status of each condition is one of True, False, or Unknown.		Optional: {}

LocalObjectReference

LocalObjectReference contains enough information to locate a referenced object inside the same namespace.

Appears in:

• AccessControlListSpec
• Aggregation
• BGPPeerLocalAddress
• BGPPeerReference
• BGPPeerSpec
• BGPSpec
• BannerSpec
• BorderGatewaySpec
• CertificateSpec
• DNSSpec
• DevicePort
• EVPNInstanceSpec
• ISISSpec
• InterconnectInterfaceReference
• InterfaceIPv4Unnumbered
• InterfaceSpec
• InterfaceStatus
• KeepAlive
• LLDPInterface
• LLDPSpec
• ManagementAccessSpec
• NTPSpec
• NetworkVirtualizationEdgeSpec
• OSPFInterface
• OSPFNeighbor
• OSPFSpec
• PIMInterface
• PIMSpec
• Peer
• PrefixSetMatchCondition
• PrefixSetSpec
• RoutingPolicySpec
• SNMPSpec
• SyslogSpec
• SystemSpec
• UserSpec
• VLANSpec
• VLANStatus
• VPCDomainSpec
• VRFSpec

Field	Description	Default	Validation
name string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names		MaxLength: 63 MinLength: 1 Required: {}

LogFacility

Appears in:

• SyslogSpec

Field	Description	Default	Validation
name string	The name of the log facility.		MaxLength: 63 MinLength: 1 Required: {}
severity Severity	The severity level of the log messages for this facility.		Enum: [Debug Info Notice Warning Error Critical Alert Emergency] Required: {}

LogServer

Appears in:

• SyslogSpec

Field	Description	Default	Validation
address string	IP address or hostname of the remote log server		MaxLength: 253 MinLength: 1 Required: {}
severity Severity	The servity level of the log messages sent to the server.		Enum: [Debug Info Notice Warning Error Critical Alert Emergency] Required: {}
vrfName string	The name of the vrf used to reach the log server.		MaxLength: 63 MinLength: 1 Required: {}
port integer	The destination port number for syslog UDP messages to the server. The default is 514.	514	Optional: {}

ManagementAccess

ManagementAccess is the Schema for the managementaccesses API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	ManagementAccess
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec ManagementAccessSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status ManagementAccessStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

ManagementAccessSpec

ManagementAccessSpec defines the desired state of ManagementAccess

Appears in:

• ManagementAccess

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Interface to its provider-specific configuration.		Optional: {}
grpc GRPC	Configuration for the gRPC server on the device. Currently, only a single "default" gRPC server is supported.	{ enabled:true port:9339 }	Optional: {}
ssh SSH	Configuration for the SSH server on the device.	{ enabled:true sessionLimit:32 timeout:10m }	Optional: {}

ManagementAccessStatus

ManagementAccessStatus defines the observed state of ManagementAccess.

Appears in:

• ManagementAccess

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the ManagementAccess.		Optional: {}

MaskLengthRange

Appears in:

• PrefixEntry

Field	Description	Default	Validation
min integer	Minimum mask length.		Maximum: 128 Minimum: 0 Required: {}
max integer	Maximum mask length.		Maximum: 128 Minimum: 0 Required: {}

MultiChassis

Appears in:

• Aggregation

Field	Description	Default	Validation
enabled boolean	Enabled indicates whether the aggregate interface is part of a multichassis setup.	true	Required: {}
id integer	ID is the multichassis identifier.		Maximum: 4094 Minimum: 1 Required: {}

MulticastGroups

MulticastGroups defines multicast group addresses for overlay BUM traffic. Only supports IPv4 multicast addresses.

Appears in:

• NetworkVirtualizationEdgeSpec

Field	Description	Default	Validation
l2 IPPrefix	L2 is the multicast group for Layer 2 VNIs (BUM traffic in bridged VLANs).		Format: cidr Type: string Optional: {}
l3 IPPrefix	L3 is the multicast group for Layer 3 VNIs (BUM traffic in routed VRFs).		Format: cidr Type: string Optional: {}

NTP

NTP is the Schema for the ntp API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	NTP
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec NTPSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status NTPStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

NTPServer

Appears in:

• NTPSpec

Field	Description	Default	Validation
address string	Hostname/IP address of the NTP server.		MaxLength: 253 MinLength: 1 Required: {}
prefer boolean	Indicates whether this server should be preferred or not.	false	Optional: {}
vrfName string	The name of the vrf used to communicate with the NTP server.		MaxLength: 63 MinLength: 1 Optional: {}

NTPSpec

NTPSpec defines the desired state of NTP

Appears in:

• NTP

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the NTP to its provider-specific configuration.		Optional: {}
adminState AdminState	AdminState indicates whether NTP is administratively up or down.	Up	Enum: [Up Down] Optional: {}
sourceInterfaceName string	Source interface for all NTP traffic.		MaxLength: 63 MinLength: 1 Required: {}
servers NTPServer array	NTP servers.		MinItems: 1 Required: {}

NTPStatus

NTPStatus defines the observed state of NTP.

Appears in:

• NTP

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the NTP.		Optional: {}

NameServer

Appears in:

• DNSSpec

Field	Description	Default	Validation
address string	The Hostname or IP address of the DNS server.		MaxLength: 253 MinLength: 1 Required: {}
vrfName string	The name of the vrf used to communicate with the DNS server.		MaxLength: 63 MinLength: 1 Optional: {}

NetworkVirtualizationEdge

NetworkVirtualizationEdge is the Schema for the networkvirtualizationedges API The NVE resource is the equivalent to an Endpoint for a Network Virtualization Overlay Object in OpenConfig (nvo:Ep).

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	NetworkVirtualizationEdge
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec NetworkVirtualizationEdgeSpec			Required: {}
status NetworkVirtualizationEdgeStatus			Optional: {}

NetworkVirtualizationEdgeSpec

NetworkVirtualizationEdgeSpec defines the desired state of a Network Virtualization Edge (NVE).

Appears in:

• NetworkVirtualizationEdge

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration for this NVE. If not specified the provider applies the target platform's default settings.		Optional: {}
adminState AdminState	AdminState indicates whether the interface is administratively up or down.		Enum: [Up Down] Required: {}
sourceInterfaceRef LocalObjectReference	SourceInterface is the reference to the loopback interface used for the primary NVE IP address.		Required: {}
anycastSourceInterfaceRef LocalObjectReference	AnycastSourceInterfaceRef is the reference to the loopback interface used for anycast NVE IP address.		Optional: {}
suppressARP boolean	SuppressARP indicates whether ARP suppression is enabled for this NVE.	false	Optional: {}
hostReachability HostReachabilityType	HostReachability specifies the method used for host reachability.		Enum: [FloodAndLearn BGP] Required: {}
multicastGroups MulticastGroups	MulticastGroups defines multicast group addresses for BUM traffic.		Optional: {}
anycastGateway AnycastGateway	AnycastGateway defines the distributed anycast gateway configuration. This enables multiple NVEs to share the same gateway IP and MAC for active-active first-hop redundancy.		Optional: {}

NetworkVirtualizationEdgeStatus

NetworkVirtualizationEdgeStatus defines the observed state of the NVE.

Appears in:

• NetworkVirtualizationEdge

Field	Description	Default	Validation
conditions Condition array	conditions represent the current state of the NVE resource. Each condition has a unique type and reflects the status of a specific aspect of the resource. Standard condition types include: - "Available": the resource is fully functional - "Progressing": the resource is being created or updated - "Degraded": the resource failed to reach or maintain its desired state The conditions are a list of status objects that describe the state of the NVE.		Optional: {}
sourceInterfaceName string	SourceInterfaceName is the resolved source interface IP address used for NVE encapsulation.
anycastSourceInterfaceName string	AnycastSourceInterfaceName is the resolved anycast source interface IP address used for NVE encapsulation.
hostReachability string	HostReachability indicates the actual method used for host reachability.

OSPF

OSPF is the Schema for the ospf API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	OSPF
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec OSPFSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status OSPFStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

OSPFInterface

OSPFInterface defines the OSPF-specific configuration for an interface that is participating in an OSPF instance.

Appears in:

• OSPFSpec

Field	Description	Default	Validation
name string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names		MaxLength: 63 MinLength: 1 Required: {}
area string	Area is the OSPF area identifier for this interface. Must be specified in dotted-quad notation (e.g., "0.0.0.0" for the backbone area). This is semantically a 32-bit identifier displayed in IPv4 address format, not an actual IPv4 address. Area 0 (0.0.0.0) is the OSPF backbone area and is required for proper OSPF operation in multi-area configurations.		Format: ipv4 Required: {}
passive boolean	Passive indicates whether this interface should operate in passive mode. In passive mode, OSPF will advertise the interface's network in LSAs but will not send or receive OSPF protocol packets (Hello, LSU, etc.) on this interface. This is typically used for loopback interfaces where OSPF adjacencies should not be formed but the network should still be advertised. Defaults to false (active mode).		Optional: {}

OSPFNeighbor

OSPFNeighbor represents an OSPF neighbor with its adjacency information.

Appears in:

• OSPFStatus

Field	Description	Default	Validation
routerId string	RouterID is the router identifier of the remote OSPF neighbor.		Required: {}
address string	Address is the IP address of the remote OSPF neighbor.		Required: {}
interfaceRef LocalObjectReference	InterfaceRef is a reference to the local interface through which this neighbor is connected.		Required: {}
priority integer	Priority is the remote system's priority to become the designated router. Valid range is 0-255.		Optional: {}
lastEstablishedTime Time	LastEstablishedTime is the timestamp when the adjacency last transitioned to the FULL state. A frequently changing timestamp indicates adjacency instability (flapping).		Optional: {}
adjacencyState OSPFNeighborState	AdjacencyState is the current state of the adjacency with this neighbor.		Enum: [Down Attempt Init TwoWay ExStart Exchange Loading Full] Optional: {}

OSPFNeighborState

Underlying type: string

OSPFNeighborState represents the state of an OSPF adjacency as defined in RFC 2328.

Validation:

• Enum: [Down Attempt Init TwoWay ExStart Exchange Loading Full]

Appears in:

• OSPFNeighbor

Field	Description
Unknown	OSPFNeighborStateUnknown indicates an unknown or undefined state.
Down	OSPFNeighborStateDown indicates the initial state of a neighbor. No recent information has been received from the neighbor.
Attempt	OSPFNeighborStateAttempt is only valid for neighbors on NBMA networks. It indicates that no recent information has been received but effort should be made to contact the neighbor.
Init	OSPFNeighborStateInit indicates a Hello packet has been received from the neighbor but bidirectional communication has not yet been established.
TwoWay	OSPFNeighborStateTwoWay indicates bidirectional communication has been established. This is the most advanced state short of forming an adjacency.
ExStart	OSPFNeighborStateExStart indicates the first step in creating an adjacency. The routers are determining the relationship and initial DD sequence number.
Exchange	OSPFNeighborStateExchange indicates the routers are exchanging Database Description packets.
Loading	OSPFNeighborStateLoading indicates Link State Request packets are being sent to the neighbor to obtain more recent LSAs that were discovered during the Exchange state.
Full	OSPFNeighborStateFull indicates the neighboring routers are fully adjacent. LSDBs are synchronized and the adjacency will appear in Router and Network LSAs.

OSPFSpec

OSPFSpec defines the desired state of OSPF

Appears in:

• OSPF

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Interface to its provider-specific configuration.		Optional: {}
adminState AdminState	AdminState indicates whether the OSPF instance is administratively up or down.	Up	Enum: [Up Down] Optional: {}
instance string	Instance is the process tag of the OSPF instance.		MaxLength: 63 MinLength: 1 Required: {}
routerId string	RouterID is the OSPF router identifier, used in OSPF messages to identify the originating router. Follows dotted quad notation (IPv4 format).		Format: ipv4 Required: {}
logAdjacencyChanges boolean	LogAdjacencyChanges enables logging when the state of an OSPF neighbor changes. When true, a log message is generated for adjacency state transitions.		Optional: {}
interfaceRefs OSPFInterface array	InterfaceRefs is a list of interfaces that are part of the OSPF instance.		MinItems: 1 Optional: {}

OSPFStatus

OSPFStatus defines the observed state of OSPF.

Appears in:

• OSPF

Field	Description	Default	Validation
adjacencySummary string	AdjacencySummary provides a human-readable summary of neighbor adjacencies by state (e.g., "3 Full, 1 ExStart, 1 Down"). This field is computed by the controller from the Neighbors field.		Optional: {}
observedGeneration integer	ObservedGeneration reflects the .metadata.generation that was last processed by the controller.		Optional: {}
neighbors OSPFNeighbor array	Neighbors is a list of OSPF neighbors and their adjacency states.		Optional: {}
conditions Condition array	The conditions are a list of status objects that describe the state of the OSPF.		Optional: {}

OverloadBit

Underlying type: string

OverloadBit represents the overload bit of an ISIS instance.

Validation:

• Enum: [Always Never OnStartup]

Appears in:

• ISISSpec

Field	Description
Always
Never
OnStartup

PIM

PIM is the Schema for the pim API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	PIM
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec PIMSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status PIMStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

PIMInterface

Appears in:

• PIMSpec

Field	Description	Default	Validation
name string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names		MaxLength: 63 MinLength: 1 Required: {}
mode PIMInterfaceMode	Mode is the PIM mode to use when delivering multicast traffic via this interface.	Sparse	Enum: [Sparse Dense] Optional: {}

PIMInterfaceMode

Underlying type: string

PIMInterfaceMode represents the mode of a PIM interface.

Validation:

• Enum: [Sparse Dense]

Appears in:

• PIMInterface

Field	Description
Sparse
Dense

PIMSpec

PIMSpec defines the desired state of PIM

Appears in:

• PIM

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the PIM to its provider-specific configuration.		Optional: {}
adminState AdminState	AdminState indicates whether the PIM instance is administratively up or down.	Up	Enum: [Up Down] Optional: {}
rendezvousPoints RendezvousPoint array	RendezvousPoints defines the list of rendezvous points for sparse mode multicast.		MinItems: 1 Optional: {}
interfaceRefs PIMInterface array	InterfaceRefs is a list of interfaces that are part of the PIM instance.		MinItems: 1 Optional: {}

PIMStatus

PIMStatus defines the observed state of PIM.

Appears in:

• PIM

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the PIM.		Optional: {}

PasswordSource

PasswordSource represents a source for the value of a password.

Appears in:

• UserSpec

Field	Description	Default	Validation
secretKeyRef SecretKeySelector	Selects a key of a secret.		Required: {}

PolicyActions

PolicyActions defines the actions to take when a policy statement matches.

Appears in:

• PolicyStatement

Field	Description	Default	Validation
routeDisposition RouteDisposition	RouteDisposition specifies whether to accept or reject the route.		Enum: [AcceptRoute RejectRoute] Required: {}
bgpActions BgpActions	BgpActions specifies BGP-specific actions to apply when the route is accepted. Only applicable when RouteDisposition is AcceptRoute.		Optional: {}

PolicyConditions

PolicyConditions defines the match criteria for a policy statement.

Appears in:

• PolicyStatement

Field	Description	Default	Validation
matchPrefixSet PrefixSetMatchCondition	MatchPrefixSet matches routes against a PrefixSet resource.		Optional: {}

PolicyStatement

Appears in:

• RoutingPolicySpec

Field	Description	Default	Validation
sequence integer	The sequence number of the policy statement.		Minimum: 1 Required: {}
conditions PolicyConditions	Conditions define the match criteria for this statement. If no conditions are specified, the statement matches all routes.		Optional: {}
actions PolicyActions	Actions define what to do when conditions match.		Required: {}

PrefixEntry

Appears in:

• PrefixSetSpec

Field	Description	Default	Validation
sequence integer	The sequence number of the Prefix entry.		Minimum: 1 Required: {}
prefix IPPrefix	IP prefix. Can be IPv4 or IPv6. Use 0.0.0.0/0 (::/0) to represent 'any'.		Format: cidr Type: string Required: {}
maskLengthRange MaskLengthRange	Optional mask length range for the prefix. If not specified, only the exact prefix length is matched.		Optional: {}

PrefixSet

PrefixSet is the Schema for the prefixsets API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	PrefixSet
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec PrefixSetSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status PrefixSetStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

PrefixSetMatchCondition

PrefixSetMatchCondition defines the condition for matching against a PrefixSet.

Appears in:

• PolicyConditions

Field	Description	Default	Validation
prefixSetRef LocalObjectReference	PrefixSetRef references a PrefixSet in the same namespace. The PrefixSet must exist and belong to the same device.		Required: {}

PrefixSetSpec

PrefixSetSpec defines the desired state of PrefixSet

Appears in:

• PrefixSet

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Banner to its provider-specific configuration.		Optional: {}
name string	Name is the name of the PrefixSet. Immutable.		MaxLength: 32 MinLength: 1 Required: {}
entries PrefixEntry array	A list of entries to apply. The address families (IPv4, IPv6) of all prefixes in the list must match.		MaxItems: 100 MinItems: 1 Required: {}

PrefixSetStatus

PrefixSetStatus defines the observed state of PrefixSet.

Appears in:

• PrefixSet

Field	Description	Default	Validation
entriesSummary string	EntriesSummary provides a human-readable summary of the number of prefix entries.		Optional: {}
conditions Condition array	The conditions are a list of status objects that describe the state of the PrefixSet.		Optional: {}

Protocol

Underlying type: string

Protocol represents the protocol type for an ACL entry.

Validation:

• Enum: [ICMP IP OSPF PIM TCP UDP]

Appears in:

• ACLEntry

Field	Description
ICMP
IP
OSPF
PIM
TCP
UDP

Provisioning

Provisioning defines the configuration for device bootstrap.

Appears in:

• DeviceSpec

Field	Description	Default	Validation
image Image	Image defines the image to be used for provisioning the device.		Required: {}
bootScript TemplateSource	BootScript defines the script delivered by a TFTP server to the device during bootstrapping.		Optional: {}

ProvisioningInfo

Appears in:

• DeviceStatus

Field	Description	Default	Validation
startTime Time
token string
endTime Time			Optional: {}
reboot Time			Optional: {}
error string			Optional: {}

RendezvousPoint

Appears in:

• PIMSpec

Field	Description	Default	Validation
address string	Address is the IPv4 address of the rendezvous point.		Format: ipv4 Required: {}
multicastGroups IPPrefix array	MulticastGroups defined the list of multicast IPv4 address ranges associated with the rendezvous point. If not specified, the rendezvous point will be used for all multicast groups.		Format: cidr Type: string Optional: {}
anycastAddresses string array	AnycastAddresses is a list of redundant anycast ipv4 addresses associated with the rendezvous point.		items:Format: ipv4 Optional: {}

RouteDisposition

Underlying type: string

RouteDisposition defines the final disposition of a route.

Validation:

• Enum: [AcceptRoute RejectRoute]

Appears in:

• PolicyActions

Field	Description
AcceptRoute	AcceptRoute permits the route and applies any configured actions.
RejectRoute	RejectRoute denies the route immediately.

RouteTarget

Appears in:

• VRFSpec

Field	Description	Default	Validation
value string	Value is the route target value, must have the format as VRFSpec.RouteDistinguisher. Validation via admission webhook.		Required: {}
addressFamilies RouteTargetAF array	AddressFamilies is the list of address families for the route target.		Enum: [IPv4 IPv6 IPv4EVPN IPv6EVPN] MinItems: 1 Required: {}
action RouteTargetAction	Action defines whether the route target is imported, exported, or both		Enum: [Import Export Both] Required: {}

RouteTargetAF

Underlying type: string

RouteTargetAF represents a supported address family value.

Validation:

• Enum: [IPv4 IPv6 IPv4EVPN IPv6EVPN]

Appears in:

• RouteTarget

Field	Description
IPv4
IPv6
IPv4EVPN
IPv6EVPN

RouteTargetAction

Underlying type: string

RouteTargetAction represents the action for a route target.

Validation:

• Enum: [Import Export Both]

Appears in:

• EVPNRouteTarget
• RouteTarget

Field	Description
Import
Export
Both

RoutingPolicy

RoutingPolicy is the Schema for the routingpolicies API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	RoutingPolicy
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec RoutingPolicySpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status RoutingPolicyStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

RoutingPolicySpec

RoutingPolicySpec defines the desired state of RoutingPolicy

Appears in:

• RoutingPolicy

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Banner to its provider-specific configuration.		Optional: {}
name string	Name is the identifier of the RoutingPolicy on the device. Immutable.		MaxLength: 63 MinLength: 1 Required: {}
statements PolicyStatement array	A list of policy statements to apply.		MaxItems: 100 MinItems: 1 Required: {}

RoutingPolicyStatus

RoutingPolicyStatus defines the observed state of RoutingPolicy.

Appears in:

• RoutingPolicy

Field	Description	Default	Validation
statementsSummary string	StatementsSummary provides a human-readable summary of the number of policy statements.		Optional: {}
conditions Condition array	The conditions are a list of status objects that describe the state of the RoutingPolicy.		Optional: {}

SNMP

SNMP is the Schema for the snmp API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	SNMP
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec SNMPSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status SNMPStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

SNMPCommunity

Appears in:

• SNMPSpec

Field	Description	Default	Validation
name string	Name of the community.		MaxLength: 63 MinLength: 1 Required: {}
group string	Group to which the community belongs.		MaxLength: 63 MinLength: 1 Optional: {}
aclName string	ACL name to filter SNMP requests.		MaxLength: 63 MinLength: 1 Optional: {}

SNMPHosts

Appears in:

• SNMPSpec

Field	Description	Default	Validation
address string	The Hostname or IP address of the SNMP host to send notifications to.		MaxLength: 63 MinLength: 1 Required: {}
type string	Type of message to send to host. Default is traps.	Traps	Enum: [Traps Informs] Optional: {}
version string	SNMP version. Default is v2c.	v2c	Enum: [v1 v2c v3] Optional: {}
community string	SNMP community or user name.		MaxLength: 63 MinLength: 1 Optional: {}
vrfName string	The name of the vrf instance to use to source traffic.		MaxLength: 63 MinLength: 1 Optional: {}

SNMPSpec

SNMPSpec defines the desired state of SNMP

Appears in:

• SNMP

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the SNMP to its provider-specific configuration.		Optional: {}
contact string	The contact information for the SNMP server.		MaxLength: 63 MinLength: 1 Optional: {}
location string	The location information for the SNMP server.		MaxLength: 63 MinLength: 1 Optional: {}
sourceInterfaceName string	The name of the interface to be used for sending out SNMP Trap/Inform notifications.		MaxLength: 63 MinLength: 1 Required: {}
communities SNMPCommunity array	SNMP communities for SNMPv1 or SNMPv2c.		MaxItems: 16 MinItems: 1 Optional: {}
hosts SNMPHosts array	SNMP destination hosts for SNMP traps or informs messages.		MaxItems: 16 MinItems: 1 Required: {}
traps string array	The list of trap notifications to enable.		MinItems: 1 Optional: {}

SNMPStatus

SNMPStatus defines the observed state of SNMP.

Appears in:

• SNMP

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the SNMP.		Optional: {}

SSH

Appears in:

• ManagementAccessSpec

Field	Description	Default	Validation
enabled boolean	Enable or disable the SSH server on the device. If not specified, the SSH server is enabled by default.	true	Optional: {}
timeout Duration	The timeout duration for SSH sessions. If not specified, the default timeout is 10 minutes.	10m	Type: string Optional: {}
sessionLimit integer	The maximum number of concurrent SSH sessions allowed. If not specified, the default limit is 32.	32	ExclusiveMaximum: false Maximum: 64 Minimum: 1 Optional: {}

SSHPublicKeySource

SSHPublicKeySource represents a source for the value of an SSH public key.

Appears in:

• UserSpec

Field	Description	Default	Validation
secretKeyRef SecretKeySelector	Selects a key of a secret.		Required: {}

SecretKeySelector

SecretKeySelector contains enough information to select a key of a Secret.

Appears in:

• PasswordSource
• SSHPublicKeySource
• TLS
• TemplateSource

Field	Description	Default	Validation
name string	Name is unique within a namespace to reference a secret resource.		MaxLength: 253 MinLength: 1 Required: {}
namespace string	Namespace defines the space within which the secret name must be unique. If omitted, the namespace of the object being reconciled will be used.		MaxLength: 63 MinLength: 1 Optional: {}
key string	Key is the of the entry in the secret resource's data or stringData field to be used.		MaxLength: 253 MinLength: 1 Required: {}

SecretReference

SecretReference represents a Secret Reference. It has enough information to retrieve a Secret in any namespace.

Appears in:

• CertificateSource
• CertificateSpec
• Endpoint
• SecretKeySelector

Field	Description	Default	Validation
name string	Name is unique within a namespace to reference a secret resource.		MaxLength: 253 MinLength: 1 Required: {}
namespace string	Namespace defines the space within which the secret name must be unique. If omitted, the namespace of the object being reconciled will be used.		MaxLength: 63 MinLength: 1 Optional: {}

SetCommunityAction

SetCommunityAction defines the action to set BGP standard communities.

Appears in:

• BgpActions

Field	Description	Default	Validation
communities string array	Communities is the list of BGP standard communities to set. The communities must be in the format defined by [RFC 1997]. [RFC 1997]: https://datatracker.ietf.org/doc/html/rfc1997		MinItems: 1 Required: {}

SetExtCommunityAction

SetExtCommunityAction defines the action to set BGP extended communities.

Appears in:

• BgpActions

Field	Description	Default	Validation
communities string array	Communities is the list of BGP extended communities to set. The communities must be in the format defined by [RFC 4360]. [RFC 4360]: https://datatracker.ietf.org/doc/html/rfc4360		MinItems: 1 Required: {}

Severity

Underlying type: string

Severity represents the severity level of a log message.

Validation:

• Enum: [Debug Info Notice Warning Error Critical Alert Emergency]

Appears in:

• LogFacility
• LogServer

Field	Description
Debug
Info
Notice
Warning
Error
Critical
Alert
Emergency

Switchport

Switchport defines the switchport configuration for an interface.

Appears in:

• InterfaceSpec

Field	Description	Default	Validation
mode SwitchportMode	Mode defines the switchport mode, such as access or trunk.		Enum: [Access Trunk] Required: {}
accessVlan integer	AccessVlan specifies the VLAN ID for access mode switchports. Only applicable when Mode is set to "Access".		Maximum: 4094 Minimum: 1 Optional: {}
nativeVlan integer	NativeVlan specifies the native VLAN ID for trunk mode switchports. Only applicable when Mode is set to "Trunk".		Maximum: 4094 Minimum: 1 Optional: {}
allowedVlans integer array	AllowedVlans is a list of VLAN IDs that are allowed on the trunk port. If not specified, all VLANs (1-4094) are allowed. Only applicable when Mode is set to "Trunk".		MinItems: 1 items:Maximum: 4094 items:Minimum: 1 Optional: {}

SwitchportMode

Underlying type: string

SwitchportMode represents the switchport mode of an interface.

Validation:

• Enum: [Access Trunk]

Appears in:

• Switchport

Field	Description
Access	SwitchportModeAccess indicates that the switchport is in access mode.
Trunk	SwitchportModeTrunk indicates that the switchport is in trunk mode.

Syslog

Syslog is the Schema for the syslogs API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	Syslog
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec SyslogSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status SyslogStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

SyslogSpec

SyslogSpec defines the desired state of Syslog

Appears in:

• Syslog

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the Interface to its provider-specific configuration.		Optional: {}
servers LogServer array	Servers is a list of remote log servers to which the device will send logs.		MaxItems: 16 MinItems: 1 Required: {}
facilities LogFacility array	Facilities is a list of log facilities to configure on the device.		MaxItems: 64 MinItems: 1 Required: {}

SyslogStatus

SyslogStatus defines the observed state of Syslog.

Appears in:

• Syslog

Field	Description	Default	Validation
serversSummary string	ServersSummary provides a human-readable summary of the number of log servers.		Optional: {}
conditions Condition array	The conditions are a list of status objects that describe the state of the Banner.		Optional: {}

TLS

Appears in:

• Endpoint

Field	Description	Default	Validation
ca SecretKeySelector	The CA certificate to verify the server's identity.		Required: {}
certificate CertificateSource	The client certificate and private key to use for mutual TLS authentication. Leave empty if mTLS is not desired.		Optional: {}

TemplateSource

TemplateSource defines a source for template content. It can be provided inline, or as a reference to a Secret or ConfigMap.

Appears in:

• BannerSpec
• Provisioning

Field	Description	Default	Validation
inline string	Inline template content		MinLength: 1 Optional: {}
secretRef SecretKeySelector	Reference to a Secret containing the template		Optional: {}
configMapRef ConfigMapKeySelector	Reference to a ConfigMap containing the template		Optional: {}

TypedLocalObjectReference

TypedLocalObjectReference contains enough information to locate a typed referenced object inside the same namespace.

Appears in:

• AccessControlListSpec
• BGPPeerSpec
• BGPSpec
• BannerSpec
• CertificateSpec
• DNSSpec
• EVPNInstanceSpec
• ISISSpec
• InterfaceSpec
• LLDPSpec
• ManagementAccessSpec
• NTPSpec
• NetworkVirtualizationEdgeSpec
• OSPFSpec
• PIMSpec
• PrefixSetSpec
• RoutingPolicySpec
• SNMPSpec
• SyslogSpec
• UserSpec
• VLANSpec
• VRFSpec

Field	Description	Default	Validation
kind string	Kind of the resource being referenced. Kind must consist of alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character.		MaxLength: 63 MinLength: 1 Pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ Required: {}
name string	Name of the resource being referenced. Name must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character.		MaxLength: 253 MinLength: 1 Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Required: {}
apiVersion string	APIVersion is the api group version of the resource being referenced.		MaxLength: 253 MinLength: 1 Pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/)?([a-z0-9]([-a-z0-9]*[a-z0-9])?)$ Required: {}

User

User is the Schema for the users API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	User
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec UserSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status UserStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

UserRole

UserRole represents a role that can be assigned to a user.

Appears in:

• UserSpec

Field	Description	Default	Validation
name string	The name of the role.		MaxLength: 63 MinLength: 1 Required: {}

UserSpec

UserSpec defines the desired state of User

Appears in:

• User

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the User to its provider-specific configuration.		Optional: {}
username string	Assigned username for this user. Immutable.		MaxLength: 63 MinLength: 1 Required: {}
password PasswordSource	The user password, supplied in cleartext.		Required: {}
roles UserRole array	Role which the user is to be assigned to.		MaxItems: 64 MinItems: 1 Required: {}
sshPublicKey SSHPublicKeySource	SSH public key for this user.		Optional: {}

UserStatus

UserStatus defines the observed state of User.

Appears in:

• User

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the User.		Optional: {}

VLAN

VLAN is the Schema for the vlans API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	VLAN
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec VLANSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status VLANStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

VLANSpec

VLANSpec defines the desired state of VLAN

Appears in:

• VLAN

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this vlan. This reference is used to link the VLAN to its provider-specific configuration.		Optional: {}
id integer	ID is the VLAN ID. Valid values are between 1 and 4094. Immutable.		Maximum: 4094 Minimum: 1 Required: {}
name string	Name is the name of the VLAN.		MaxLength: 128 MinLength: 1 Pattern: ^[^\s]+$ Optional: {}
adminState AdminState	AdminState indicates whether the VLAN is administratively active or inactive/suspended.	Up	Enum: [Up Down] Optional: {}

VLANStatus

VLANStatus defines the observed state of VLAN.

Appears in:

• VLAN

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the VLAN.		Optional: {}
routedBy LocalObjectReference	RoutedBy references the interface that provides Layer 3 routing for this VLAN, if any. This field is set when an Interface of type RoutedVLAN references this VLAN.		Optional: {}
bridgedBy LocalObjectReference	BridgedBy references the EVPNInstance that provides a L2VNI for this VLAN, if any. This field is set when an EVPNInstance of type Bridged references this VLAN.		Optional: {}

VRF

VRF is the Schema for the vrfs API

Field	Description	Default	Validation
apiVersion string	networking.metal.ironcore.dev/v1alpha1
kind string	VRF
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec VRFSpec	spec defines the desired state of VRF More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status VRFStatus	status of the resource. This is set and updated automatically. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

VRFSpec

VRFSpec defines the desired state of VRF

Appears in:

• VRF

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
providerConfigRef TypedLocalObjectReference	ProviderConfigRef is a reference to a resource holding the provider-specific configuration of this interface. This reference is used to link the VRF to its provider-specific configuration.		Optional: {}
name string	Name is the name of the VRF. Immutable.		MaxLength: 32 MinLength: 1 Required: {}
description string	Description provides a human-readable description of the VRF.		MaxLength: 255 MinLength: 1 Optional: {}
vni integer	VNI is the VXLAN Network Identifier for the VRF (always an L3).		Maximum: 1.6777215e+07 Minimum: 1 Optional: {}
routeDistinguisher string	RouteDistinguisher is the route distinguisher for the VRF. Formats supported: - Type 0: ASN(0-65535):Number(0-4294967295) - Type 1: IPv4:Number(0-65535) - Type 2: ASN(65536-4294967295):Number(0-65535) Validation via admission webhook for the VRF type.		Optional: {}
routeTargets RouteTarget array	RouteTargets is the list of route targets for the VRF.		Optional: {}

VRFStatus

VRFStatus defines the observed state of VRF.

Appears in:

• VRF

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the VRF.		Optional: {}

nx.cisco.networking.metal.ironcore.dev/v1alpha1

Package v1alpha1 contains API Schema definitions for the nx.cisco.networking.metal.ironcore.dev v1alpha1 API group.

Resource Types

• BGPConfig
• BorderGateway
• InterfaceConfig
• LLDPConfig
• ManagementAccessConfig
• NetworkVirtualizationEdgeConfig
• System
• VPCDomain

AutoRecovery

AutoRecovery holds settings to automatically restore vPC domain's operation after detecting that the peer is no longer reachable via the keepalive link.

Appears in:

• Peer

Field	Description	Default	Validation
enabled boolean	Enabled indicates whether auto-recovery is enabled. When enabled, the switch will wait for ReloadDelay seconds after peer failure before assuming the peer is dead and restoring the vPC's domain functionality.		Required: {}
reloadDelay integer	ReloadDelay is the time in seconds (60-3600) to wait before assuming the peer is dead and automatically attempting to restore the communication with the peer.	240	Maximum: 3600 Minimum: 60 Optional: {}

BGPConfig

BGPConfig is the Schema for the bgpconfigs API

Field	Description	Default	Validation
apiVersion string	nx.cisco.networking.metal.ironcore.dev/v1alpha1
kind string	BGPConfig
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec BGPConfigSpec	spec defines the desired state of BGPConfig		Required: {}

BGPConfigAddressFamilies

BGPConfigAddressFamilies defines the Cisco NX-OS specific configuration for supported BGP address families.

Appears in:

• BGPConfigSpec

Field	Description	Default	Validation
l2vpnEvpn BGPL2vpnEvpn	L2vpnEvpn configures L2VPN EVPN address family support.		Optional: {}

BGPConfigSpec

BGPConfigSpec defines the Cisco NX-OS specific BGP configuration.

Appears in:

• BGPConfig

Field	Description	Default	Validation
addressFamilies BGPConfigAddressFamilies	AddressFamilies configures supported BGP address families and their Cisco NX-OS specific settings.		Optional: {}

BGPL2vpnEvpn

BGPL2vpnEvpn defines the configuration for L2VPN EVPN address family.

Appears in:

• BGPConfigAddressFamilies

Field	Description	Default	Validation
advertisePIP boolean	AdvertisePIP controls whether the BGP EVPN address-family should advertise the primary IP address (PIP) as the next-hop when advertising prefix routes or loopback interface routes in BGP on vPC enabled leaf or border leaf switches.	false	Optional: {}

BGPPeerReference

BGPPeerReference defines a BGP peer used for border gateway with peer type configuration.

Appears in:

• BorderGatewaySpec

Field	Description	Default	Validation
name string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names		MaxLength: 63 MinLength: 1 Required: {}
peerType BGPPeerType	PeerType specifies the role of this BGP peer in the EVPN multisite topology. FabricExternal is used for peers outside the fabric, while FabricBorderLeaf is used for border leaf peers within the fabric.		Enum: [FabricExternal FabricBorderLeaf] Required: {}

BGPPeerType

Underlying type: string

BGPPeerType defines the peer type for border gateway BGP peers.

Validation:

• Enum: [FabricExternal FabricBorderLeaf]

Appears in:

• BGPPeerReference

Field	Description
FabricExternal	BGPPeerTypeFabricExternal represents a BGP peer outside the fabric. Used for external peers in EVPN multisite configurations.
FabricBorderLeaf	BGPPeerTypeFabricBorderLeaf represents a BGP peer that is a border leaf within the fabric. Used for border leaf peers in EVPN multisite configurations.

BorderGateway

BorderGateway is the Schema for the bordergateways API

Field	Description	Default	Validation
apiVersion string	nx.cisco.networking.metal.ironcore.dev/v1alpha1
kind string	BorderGateway
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec BorderGatewaySpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status BorderGatewayStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

BorderGatewaySpec

BorderGatewaySpec defines the desired state of BorderGateway

Appears in:

• BorderGateway

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
adminState AdminState	AdminState indicates whether the BorderGateway instance is administratively up or down.	Up	Enum: [Up Down] Optional: {}
multisiteId integer	MultisiteID is the identifier for the multisite border gateway.		ExclusiveMaximum: false Maximum: 2.81474976710655e+14 Minimum: 1 Required: {}
sourceInterfaceRef LocalObjectReference	SourceInterfaceRef is a reference to the loopback interface used as the source for the border gateway virtual IP address. A best practice is to use a separate loopback address for the NVE source interface and multi-site source interface. The loopback interface must be configured with a /32 IPv4 address. This /32 IP address needs be known by the transient devices in the transport network and the remote VTEPs.		Required: {}
delayRestoreTime Duration	DelayRestoreTime specifies the time to wait before restoring EVPN multisite border gateway functionality after a failure. This allows time for the network to stabilize before resuming traffic forwarding across sites.	180s	Pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ Type: string Optional: {}
interconnectInterfaceRefs InterconnectInterfaceReference array	InterconnectInterfaceRefs is a list of interfaces that provide connectivity to the border gateway. Each interface can be configured with object tracking to monitor its availability.		MinItems: 1 Optional: {}
bgpPeerRefs BGPPeerReference array	BGPPeerRefs is a list of BGP peers that are part of the border gateway configuration. Each peer can be configured with a peer type to specify its role in the EVPN multisite topology.		MinItems: 1 Optional: {}
stormControl StormControl array	StormControl is the storm control configuration for the border gateway, allowing to rate-limit BUM (Broadcast, Unknown unicast, Multicast) traffic on the border gateway interface.		MinItems: 1 Optional: {}

BorderGatewayStatus

BorderGatewayStatus defines the observed state of BorderGateway.

Appears in:

• BorderGateway

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the Banner.		Optional: {}

BufferBoost

BufferBoost defines the buffer boost configuration for an interface.

Appears in:

• InterfaceConfigSpec

Field	Description	Default	Validation
enabled boolean	Enabled indicates whether buffer boost is enabled on the interface. Maps to CLI command: hardware profile buffer boost		Required: {}

Console

Appears in:

• ManagementAccessConfigSpec

Field	Description	Default	Validation
timeout Duration	Timeout defines the inactivity timeout for console sessions. If a session is inactive for the specified duration, it will be automatically disconnected. The format is a string representing a duration (e.g., "10m" for 10 minutes).	10m	Pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ Type: string Optional: {}

Enabled

Enabled represents a simple enabled/disabled configuration.

Appears in:

• Peer
• VPCDomainSpec

Field	Description	Default	Validation
enabled boolean	Enabled indicates whether a configuration property is administratively enabled (true) or disabled (false).		Required: {}

InterconnectInterfaceReference

InterconnectInterfaceReference defines an interface used for border gateway interconnectivity with optional object tracking configuration.

Appears in:

• BorderGatewaySpec

Field	Description	Default	Validation
name string	Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names		MaxLength: 63 MinLength: 1 Required: {}
tracking InterconnectTrackingType	Tracking specifies the EVPN multisite tracking mode for this interconnect interface.		Enum: [DataCenterInterconnect Fabric] Required: {}

InterconnectTrackingType

Underlying type: string

InterconnectTrackingType defines the tracking mode for border gateway interconnect interfaces.

Validation:

• Enum: [DataCenterInterconnect Fabric]

Appears in:

• InterconnectInterfaceReference

Field	Description
DataCenterInterconnect	InterconnectTrackingTypeDCI represents Data Center Interconnect tracking mode. Used for interfaces connecting to remote data centers.
Fabric	InterconnectTrackingTypeFabric represents Fabric tracking mode. Used for interfaces connecting to the local fabric.

InterfaceConfig

InterfaceConfig is the Schema for the interfaceconfigs API

Field	Description	Default	Validation
apiVersion string	nx.cisco.networking.metal.ironcore.dev/v1alpha1
kind string	InterfaceConfig
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec InterfaceConfigSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}

InterfaceConfigSpec

InterfaceConfigSpec defines the desired state of InterfaceConfig

Appears in:

• InterfaceConfig

Field	Description	Default	Validation
spanningTree SpanningTree	SpanningTree defines the spanning tree configuration for the interface.		Optional: {}
bufferBoost BufferBoost	BufferBoost defines the buffer boost configuration for the interface. Buffer boost increases the shared buffer space allocation for the interface.		Optional: {}

KeepAlive

KeepAlive defines the vPCDomain keepalive link configuration. The keep-alive is an out-of-band connection (often over mgmt0) used to monitor peer health. It does not carry data traffic.

Appears in:

• Peer

Field	Description	Default	Validation
destination string	Destination is the destination IP address of the vPC's domain peer keepalive interface. This is the IP address the local switch will send keepalive messages to.		Format: ipv4 Required: {}
source string	Source is the source IP address for keepalive messages. This is the local IP address used to send keepalive packets to the peer.		Format: ipv4 Required: {}
vrfName string	The name of the vrf used to send keepalive packets to the peer. Mutually exclusive with VrfRef.		MaxLength: 63 MinLength: 1 Optional: {}
vrfRef LocalObjectReference	The reference to a VRF resource used to send keepalive packets to the peer. Mutually exclusive with VrfName.		Optional: {}

LLDPConfig

LLDPConfig is the Schema for the LLDPConfig API

Field	Description	Default	Validation
apiVersion string	nx.cisco.networking.metal.ironcore.dev/v1alpha1
kind string	LLDPConfig
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec LLDPConfigSpec	spec defines the desired state of LLDP		Required: {}

LLDPConfigSpec

LLDPConfig defines the Cisco-specific configuration of an LLDP object.

Appears in:

• LLDPConfig

Field	Description	Default	Validation
initDelay integer	InitDelay defines the delay in seconds before LLDP starts sending packets after interface comes up.	2	Maximum: 10 Minimum: 1 Optional: {}
holdTime integer	HoldTime defines the time in seconds that the receiving device should hold the LLDP information before discarding it.	120	Maximum: 255 Minimum: 1 Optional: {}

ManagementAccessConfig

ManagementAccessConfig is the Schema for the managementaccessconfigs API

Field	Description	Default	Validation
apiVersion string	nx.cisco.networking.metal.ironcore.dev/v1alpha1
kind string	ManagementAccessConfig
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec ManagementAccessConfigSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}

ManagementAccessConfigSpec

ManagementAccessConfigSpec defines the desired state of ManagementAccessConfig

Appears in:

• ManagementAccessConfig

Field	Description	Default	Validation
console Console	Console defines the configuration for the terminal console access on the device.	{ timeout:10m }	Optional: {}
ssh SSH	SSH defines the SSH server configuration for the VTY terminal access on the device.		Optional: {}

NetworkVirtualizationEdgeConfig

NetworkVirtualizationEdgeConfig is the Schema for the NetworkVirtualizationEdgeConfig API

Field	Description	Default	Validation
apiVersion string	nx.cisco.networking.metal.ironcore.dev/v1alpha1
kind string	NetworkVirtualizationEdgeConfig
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec NetworkVirtualizationEdgeConfigSpec	spec defines the desired state of NVE		Required: {}

NetworkVirtualizationEdgeConfigSpec

NetworkVirtualizationEdgeConfig defines the Cisco-specific configuration of a Network Virtualization Edge (NVE) object.

Appears in:

• NetworkVirtualizationEdgeConfig

Field	Description	Default	Validation
advertiseVirtualMAC boolean	AdvertiseVirtualMAC controls if the NVE should advertise a virtual MAC address	false	Optional: {}
holdDownTime integer	HoldDownTime defines the duration for which the switch suppresses the advertisement of the NVE loopback address.	180	Maximum: 1500 Minimum: 1 Optional: {}
infraVLANs VLANListItem array	InfraVLANs specifies VLANs used by all SVI interfaces for uplink and vPC peer-links in VXLAN as infra-VLANs. The total number of VLANs configured must not exceed 512. Elements in the list must not overlap with each other.		MaxItems: 10 Optional: {}

Peer

Peer defines settings to configure peer settings

Appears in:

• VPCDomainSpec

Field	Description	Default	Validation
adminState AdminState	AdminState defines the administrative state of the peer-link.	Up	Enum: [Up Down] Optional: {}
interfaceRef LocalObjectReference	InterfaceRef is a reference to an Interface resource and identifies the interface to be used as the vPC domain's peer-link. This interface carries control and data traffic between the two vPC domain peers. It is usually dedicated port-channel, but it can also be a single physical interface.		Required: {}
keepalive KeepAlive	KeepAlive defines the out-of-band keepalive configuration.		Required: {}
autoRecovery AutoRecovery	AutoRecovery defines auto-recovery settings for restoring vPC domain after peer failure.		Optional: {}
switch Enabled	Switch enables peer-switch functionality on this peer. When enabled, both vPC domain peers use the same spanning-tree bridge ID, allowing both to forward traffic for all VLANs without blocking any ports.	{ enabled:false }	Optional: {}
gateway Enabled	Gateway enables peer-gateway functionality on this peer. When enabled, each vPC domain peer can act as the active gateway for packets destined to the peer's MAC address, improving convergence.	{ enabled:false }	Optional: {}
l3router Enabled	L3Router enables Layer 3 peer-router functionality on this peer.	{ enabled:false }	Optional: {}

SSH

Appears in:

• ManagementAccessConfigSpec

Field	Description	Default	Validation
accessControlListName string	AccessControlListName defines the name of the access control list (ACL) to apply for incoming SSH connections on the VTY terminal. The ACL must be configured separately on the device.		MaxLength: 63 MinLength: 1 Optional: {}

SpanningTree

SpanningTree defines the spanning tree configuration for an interface.

Appears in:

• InterfaceConfigSpec

Field	Description	Default	Validation
portType SpanningTreePortType	PortType defines the spanning tree port type.		Enum: [Normal Edge Network] Required: {}
bpduGuard boolean	BPDUGuard enables BPDU guard on the interface. When enabled, the port is shut down if a BPDU is received.		Optional: {}
bpduFilter boolean	BPDUFilter enables BPDU filter on the interface. When enabled, BPDUs are not sent or received on the port.		Optional: {}

SpanningTreePortType

Underlying type: string

SpanningTreePortType represents the spanning tree port type.

Validation:

• Enum: [Normal Edge Network]

Appears in:

• SpanningTree

Field	Description
Normal	SpanningTreePortTypeNormal indicates a normal spanning tree port.
Edge	SpanningTreePortTypeEdge indicates an edge port (connects to end devices).
Network	SpanningTreePortTypeNetwork indicates a network port (connects to other switches).

Status

Underlying type: string

Appears in:

• VPCDomainStatus

Field	Description
Unknown
Up
Down

StormControl

Appears in:

• BorderGatewaySpec

Field	Description	Default	Validation
level string	Level is the suppression level as a percentage of the interface bandwidth. Must be a floating point number between 1.0 and 100.0.		Pattern: ^([1-9][0-9]?(\.[0-9]+)?|100(\.0+)?)$ Required: {}
traffic TrafficType	Traffic specifies the type of BUM traffic the storm control applies to.		Enum: [Broadcast Multicast Unicast] Required: {}

System

System is the Schema for the systems API

Field	Description	Default	Validation
apiVersion string	nx.cisco.networking.metal.ironcore.dev/v1alpha1
kind string	System
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec SystemSpec	Specification of the desired state of the resource. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Required: {}
status SystemStatus	Status of the resource. This is set and updated automatically. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status		Optional: {}

SystemSpec

SystemSpec defines the desired state of System

Appears in:

• System

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
jumboMtu integer	JumboMtu defines the system-wide jumbo MTU setting. Valid values are from 1501 to 9216.	9216	ExclusiveMaximum: false Maximum: 9216 Minimum: 1501 Optional: {}
reservedVlan integer	ReservedVlan specifies the VLAN ID to be reserved for system use. Valid values are from 1 to 4032.	3968	ExclusiveMaximum: false Maximum: 4032 Minimum: 1 Optional: {}
vlanLongName boolean	VlanLongName enables or disables 128-character VLAN names Disabled by default.	false	Optional: {}

SystemStatus

SystemStatus defines the observed state of System.

Appears in:

• System

Field	Description	Default	Validation
conditions Condition array	The conditions are a list of status objects that describe the state of the Banner.		Optional: {}

TrafficType

Underlying type: string

TrafficType defines the type of traffic for storm control.

Validation:

• Enum: [Broadcast Multicast Unicast]

Appears in:

• StormControl

Field	Description
Broadcast	TrafficTypeBroadcast represents broadcast traffic.
Multicast	TrafficTypeMulticast represents multicast traffic.
Unicast	TrafficTypeUnicast represents unicast traffic.

VLANListItem

VLANListItem represents a single VLAN ID or a range start-end. If ID is set, rangeMin and rangeMax must be absent. If ID is absent, both rangeMin and rangeMax must be set.

Appears in:

• NetworkVirtualizationEdgeConfigSpec

Field	Description	Default	Validation
id integer			Maximum: 3967 Minimum: 1 Optional: {}
rangeMin integer			Maximum: 3967 Minimum: 1 Optional: {}
rangeMax integer			Maximum: 3967 Minimum: 1 Optional: {}

VPCDomain

VPCDomain is the Schema for the VPCDomains API

Field	Description	Default	Validation
apiVersion string	nx.cisco.networking.metal.ironcore.dev/v1alpha1
kind string	VPCDomain
metadata ObjectMeta	Refer to Kubernetes API documentation for fields of metadata.
spec VPCDomainSpec	spec defines the desired state of VPCDomain resource		Required: {}
status VPCDomainStatus	status defines the observed state of VPCDomain resource		Optional: {}

VPCDomainRole

Underlying type: string

The VPCDomainRole type represents the operational role of a vPC domain peer as returned by the device.

Appears in:

• VPCDomainStatus

Field	Description
Primary
Primary/Secondary
Secondary
Secondary/Primary
Unknown

VPCDomainSpec

VPCDomainSpec defines the desired state of a vPC domain (Virtual Port Channel Domain)

Appears in:

• VPCDomain

Field	Description	Default	Validation
deviceRef LocalObjectReference	DeviceName is the name of the Device this object belongs to. The Device object must exist in the same namespace. Immutable.		Required: {}
domainId integer	DomainID is the vPC domain ID (1-1000). This uniquely identifies the vPC domain and must match on both peer switches. Changing this value will recreate the vPC domain and flap the peer-link.		Maximum: 1000 Minimum: 1 Required: {}
adminState AdminState	AdminState is the administrative state of the vPC domain (enabled/disabled). When disabled, the vPC domain is administratively shut down.	Up	Enum: [Up Down] Optional: {}
rolePriority integer	RolePriority is the role priority for this vPC domain (1-65535). The switch with the lower role priority becomes the operational primary.	32667	Maximum: 65535 Minimum: 1 Optional: {}
systemPriority integer	SystemPriority is the system priority for this vPC domain (1-65535). Used to ensure that the vPC domain devices are primary devices on LACP. Must match on both peers.	32667	Maximum: 65535 Minimum: 1 Optional: {}
delayRestoreSVI integer	DelayRestoreSVI is the delay in seconds (1-3600) before bringing up interface-vlan (SVI) after peer-link comes up. This prevents traffic blackholing during convergence.	10	Maximum: 3600 Minimum: 1 Optional: {}
delayRestoreVPC integer	DelayRestoreVPC is the delay in seconds (1-3600) before bringing up the member ports after the peer-link is restored.	30	Maximum: 3600 Minimum: 1 Optional: {}
fastConvergence Enabled	FastConvergence ensures that both SVIs and member ports are shut down simultaneously when the peer-link goes down. This synchronization helps prevent traffic loss.	{ enabled:false }	Optional: {}
peer Peer	Peer contains the vPC's domain peer configuration including peer-link, keepalive.		Required: {}

VPCDomainStatus

VPCDomainStatus defines the observed state of VPCDomain.

Appears in:

• VPCDomain

Field	Description	Default	Validation
conditions Condition array	Conditions represent the latest available observations about the vPCDomain state. Standard conditions include: - Ready: overall readiness of the vPC domain - Configured: whether the vPCDomain configuration was successfully applied to the device - Operational: whether the vPC domain is operationally up. This condition is true when the status fields PeerLinkIfOperStatus, KeepAliveStatus, and PeerStatus are all set to UP. For this Cisco model there is not one single unique operational property that reflects the operational status of the vPC domain. The combination of peer status, keepalive status, and the interface used as peer-link determine the overall health and operational condition of the vPC domain.		Optional: {}
role VPCDomainRole	Role indicates the current operational role of this vPC domain peer.		Optional: {}
keepaliveStatus Status	KeepAliveStatus indicates the status of the peer via the keepalive link.		Optional: {}
keepaliveStatusMsg string array	KeepAliveStatusMsg provides additional information about the keepalive status, a list of strings reported by the device.		Optional: {}
peerStatus Status	PeerStatus indicates the status of the vPC domain peer-link in the latest consistency check with the peer. This means that if the adjacency is lost, e.g., due to a shutdown link, the device will not be able to perform such check and the reported status will remain unchanged (with the value of the last check).		Optional: {}
peerStatusMsg string array	PeerStatusMsg provides additional information about the peer status, a list of strings reported by the device.		Optional: {}
peerUptime Duration	PeerUptime indicates how long the vPC domain peer has been up and reachable via keepalive.		Optional: {}
peerLinkIf string	PeerLinkIf is the name of the interface used as the vPC domain peer-link.		Optional: {}
peerLinkIfOperStatus Status	PeerLinkIfOperStatus is the Operational status of PeerLinkIf.		Optional: {}

xe.cisco.networking.metal.ironcore.dev/v1alpha1

Package v1alpha1 contains API Schema definitions for the xe.cisco.networking.metal.ironcore.dev v1alpha1 API group.

xr.cisco.networking.metal.ironcore.dev/v1alpha1

Package v1alpha1 contains API Schema definitions for the xr.cisco.networking.metal.ironcore.dev v1alpha1 API group.