v1alpha1

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 30, 2025 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the networking v1alpha1 API group +kubebuilder:object:generate=true +groupName=networking.k8s.aws

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "networking.k8s.aws", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type ApplicationNetworkPolicy added in v1.1.0 

type ApplicationNetworkPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ApplicationNetworkPolicySpec   `json:"spec,omitempty"`
	Status ApplicationNetworkPolicyStatus `json:"status,omitempty"`
}

ApplicationNetworkPolicy is the Schema for the applicationnetworkpolicies API

func (*ApplicationNetworkPolicy) DeepCopy added in v1.1.0 

func (in *ApplicationNetworkPolicy) DeepCopy() *ApplicationNetworkPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationNetworkPolicy.

func (*ApplicationNetworkPolicy) DeepCopyInto added in v1.1.0 

func (in *ApplicationNetworkPolicy) DeepCopyInto(out *ApplicationNetworkPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ApplicationNetworkPolicy) DeepCopyObject added in v1.1.0 

func (in *ApplicationNetworkPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ApplicationNetworkPolicyEgressRule added in v1.1.0 

type ApplicationNetworkPolicyEgressRule struct {
	// Ports is a list of destination ports for outgoing traffic.
	// Each item in this list is combined using a logical OR. If this field is
	// empty or missing, this rule matches all ports (traffic not restricted by port).
	// If this field is present and contains at least one item, then this rule allows
	// traffic only if the traffic matches at least one port in the list.
	// +optional
	Ports []networking.NetworkPolicyPort `json:"ports,omitempty"`

	// To is a list of destinations for outgoing traffic of pods selected for this rule.
	// Items in this list are combined using a logical OR operation. If this field is
	// empty or missing, this rule matches all destinations (traffic not restricted by
	// destination). If this field is present and contains at least one item, this rule
	// allows traffic only if the traffic matches at least one item in the to list.
	// +optional
	To []ApplicationNetworkPolicyPeer `json:"to,omitempty"`
}

ApplicationNetworkPolicyEgressRule describes a particular set of traffic that is allowed out of pods matched by an ApplicationNetworkPolicySpec's podSelector. The traffic must match both ports and to.

func (*ApplicationNetworkPolicyEgressRule) DeepCopy added in v1.1.0 

func (in *ApplicationNetworkPolicyEgressRule) DeepCopy() *ApplicationNetworkPolicyEgressRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationNetworkPolicyEgressRule.

func (*ApplicationNetworkPolicyEgressRule) DeepCopyInto added in v1.1.0 

func (in *ApplicationNetworkPolicyEgressRule) DeepCopyInto(out *ApplicationNetworkPolicyEgressRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ApplicationNetworkPolicyList added in v1.1.0 

type ApplicationNetworkPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ApplicationNetworkPolicy `json:"items"`
}

ApplicationNetworkPolicyList contains a list of ApplicationNetworkPolicy

func (*ApplicationNetworkPolicyList) DeepCopy added in v1.1.0 

func (in *ApplicationNetworkPolicyList) DeepCopy() *ApplicationNetworkPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationNetworkPolicyList.

func (*ApplicationNetworkPolicyList) DeepCopyInto added in v1.1.0 

func (in *ApplicationNetworkPolicyList) DeepCopyInto(out *ApplicationNetworkPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ApplicationNetworkPolicyList) DeepCopyObject added in v1.1.0 

func (in *ApplicationNetworkPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ApplicationNetworkPolicyPeer added in v1.1.0 

type ApplicationNetworkPolicyPeer struct {
	// PodSelector is a label selector which selects pods. This field follows standard label
	// selector semantics; if present but empty, it selects all pods.
	//
	// If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
	// the pods matching podSelector in the Namespaces selected by NamespaceSelector.
	// Otherwise it selects the pods matching podSelector in the policy's own namespace.
	// +optional
	PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"`

	// NamespaceSelector selects namespaces using cluster-scoped labels. This field follows
	// standard label selector semantics; if present but empty, it selects all namespaces.
	//
	// If podSelector is also set, then the NetworkPolicyPeer as a whole selects
	// the pods matching podSelector in the namespaces selected by namespaceSelector.
	// Otherwise it selects all pods in the namespaces selected by namespaceSelector.
	// +optional
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`

	// IPBlock defines policy on a particular IPBlock. If this field is set then
	// neither of the other fields can be.
	// +optional
	IPBlock *networking.IPBlock `json:"ipBlock,omitempty"`

	// DomainNames provides a way to specify domain names as peers.
	//
	// DomainNames is only supported for Allow rules. In order to control
	// access, DomainNames Allow rules should be used with a lower priority
	// egress deny -- this allows the admin to maintain an explicit "allowlist"
	// of reachable domains.
	//
	// This field is mutually exclusive with PodSelector, NamespaceSelector, and IPBlock.
	// FQDN rules are ALLOW-only and do not support DENY semantics.
	//
	// +optional
	// +listType=set
	// +kubebuilder:validation:MinItems=1
	DomainNames []DomainName `json:"domainNames,omitempty"`
}

ApplicationNetworkPolicyPeer describes a peer to allow traffic to/from. Only certain combinations of fields are allowed +kubebuilder:validation:XValidation:rule="!(has(self.ipBlock) && has(self.domainNames))",message="ipBlock and domainNames are mutually exclusive" +kubebuilder:validation:XValidation:rule="!(has(self.podSelector) && has(self.domainNames))",message="podSelector and domainNames are mutually exclusive" +kubebuilder:validation:XValidation:rule="!(has(self.namespaceSelector) && has(self.domainNames))",message="namespaceSelector and domainNames are mutually exclusive"

func (*ApplicationNetworkPolicyPeer) DeepCopy added in v1.1.0 

func (in *ApplicationNetworkPolicyPeer) DeepCopy() *ApplicationNetworkPolicyPeer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationNetworkPolicyPeer.

func (*ApplicationNetworkPolicyPeer) DeepCopyInto added in v1.1.0 

func (in *ApplicationNetworkPolicyPeer) DeepCopyInto(out *ApplicationNetworkPolicyPeer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ApplicationNetworkPolicySpec added in v1.1.0 

type ApplicationNetworkPolicySpec struct {
	// PodSelector selects the pods to which this ApplicationNetworkPolicy object applies.
	PodSelector metav1.LabelSelector `json:"podSelector"`

	// PolicyTypes is a list of rule types that the ApplicationNetworkPolicy relates to.
	// Valid options are ["Ingress"], ["Egress"], or ["Ingress", "Egress"].
	// If this field is not specified, it will default based on the existence of ingress or egress rules.
	// +optional
	PolicyTypes []networking.PolicyType `json:"policyTypes,omitempty"`

	// Ingress is a list of ingress rules to be applied to the selected pods.
	// Traffic is allowed to a pod if there are no ApplicationNetworkPolicies selecting the pod
	// (and cluster policy otherwise allows the traffic), OR if the traffic source is
	// the pod's local node, OR if the traffic matches at least one ingress rule
	// across all of the ApplicationNetworkPolicy objects whose podSelector matches the pod.
	// +optional
	Ingress []networking.NetworkPolicyIngressRule `json:"ingress,omitempty"`

	// Egress is a list of egress rules to be applied to the selected pods. Outgoing traffic
	// is allowed if there are no ApplicationNetworkPolicies selecting the pod (and cluster policy
	// otherwise allows the traffic), OR if the traffic matches at least one egress rule
	// across all of the ApplicationNetworkPolicy objects whose podSelector matches the pod.
	// +optional
	Egress []ApplicationNetworkPolicyEgressRule `json:"egress,omitempty"`
}

ApplicationNetworkPolicySpec defines the desired state of ApplicationNetworkPolicy

func (*ApplicationNetworkPolicySpec) DeepCopy added in v1.1.0 

func (in *ApplicationNetworkPolicySpec) DeepCopy() *ApplicationNetworkPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationNetworkPolicySpec.

func (*ApplicationNetworkPolicySpec) DeepCopyInto added in v1.1.0 

func (in *ApplicationNetworkPolicySpec) DeepCopyInto(out *ApplicationNetworkPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ApplicationNetworkPolicyStatus added in v1.1.0 

type ApplicationNetworkPolicyStatus struct {
	// Conditions represent the latest available observations of the ApplicationNetworkPolicy's current state.
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`
}

ApplicationNetworkPolicyStatus defines the observed state of ApplicationNetworkPolicy

func (*ApplicationNetworkPolicyStatus) DeepCopy added in v1.1.0 

func (in *ApplicationNetworkPolicyStatus) DeepCopy() *ApplicationNetworkPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationNetworkPolicyStatus.

func (*ApplicationNetworkPolicyStatus) DeepCopyInto added in v1.1.0 

func (in *ApplicationNetworkPolicyStatus) DeepCopyInto(out *ApplicationNetworkPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CIDR added in v1.1.0 

type CIDR string

CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). +kubebuilder:validation:MaxLength=43

type CNPPort added in v1.1.0 

type CNPPort struct {
	// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
	// match. If not specified, this field defaults to TCP.
	// +kubebuilder:default=TCP
	Protocol corev1.Protocol `json:"protocol"`

	// Port defines a network port value.
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	Port int32 `json:"port"`
}

func (*CNPPort) DeepCopy added in v1.1.0 

func (in *CNPPort) DeepCopy() *CNPPort

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNPPort.

func (*CNPPort) DeepCopyInto added in v1.1.0 

func (in *CNPPort) DeepCopyInto(out *CNPPort)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CNPPortRange added in v1.1.0 

type CNPPortRange struct {
	// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
	// match. If not specified, this field defaults to TCP.
	// +kubebuilder:default=TCP
	Protocol corev1.Protocol `json:"protocol,omitempty"`

	// Start defines a network port that is the start of a port range, the Start
	// value must be less than End.
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	Start int32 `json:"start"`

	// End defines a network port that is the end of a port range, the End value
	// must be greater than Start.
	// +kubebuilder:validation:Minimum=1
	// +kubebuilder:validation:Maximum=65535
	End int32 `json:"end"`
}

CNPPortRange defines an inclusive range of ports from the assigned Start value to End value. +kubebuilder:validation:XValidation:rule="self.start < self.end", message="Start port must be less than End port"

func (*CNPPortRange) DeepCopy added in v1.1.0 

func (in *CNPPortRange) DeepCopy() *CNPPortRange

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNPPortRange.

func (*CNPPortRange) DeepCopyInto added in v1.1.0 

func (in *CNPPortRange) DeepCopyInto(out *CNPPortRange)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterEndpointInfo added in v1.1.0 

type ClusterEndpointInfo struct {
	// CIDR is the network address(s) of the endpoint
	CIDR NetworkAddress `json:"cidr,omitempty"`

	// Ports is the list of ports
	Ports []Port `json:"ports,omitempty"`

	// DomainName is the FQDN for the endpoint (egress-only)
	DomainName DomainName `json:"domainName,omitempty"`

	// Action from the CNP rule
	Action ClusterNetworkPolicyRuleAction `json:"action"`
}

ClusterEndpointInfo defines the network endpoint information for the cluster policy ingress/egress

func (*ClusterEndpointInfo) DeepCopy added in v1.1.0 

func (in *ClusterEndpointInfo) DeepCopy() *ClusterEndpointInfo

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterEndpointInfo.

func (*ClusterEndpointInfo) DeepCopyInto added in v1.1.0 

func (in *ClusterEndpointInfo) DeepCopyInto(out *ClusterEndpointInfo)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterNetworkPolicy added in v1.1.0 

type ClusterNetworkPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ClusterNetworkPolicySpec   `json:"spec,omitempty"`
	Status ClusterNetworkPolicyStatus `json:"status,omitempty"`
}

ClusterNetworkPolicy is the Schema for the clusternetworkpolicies API

func (*ClusterNetworkPolicy) DeepCopy added in v1.1.0 

func (in *ClusterNetworkPolicy) DeepCopy() *ClusterNetworkPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicy.

func (*ClusterNetworkPolicy) DeepCopyInto added in v1.1.0 

func (in *ClusterNetworkPolicy) DeepCopyInto(out *ClusterNetworkPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterNetworkPolicy) DeepCopyObject added in v1.1.0 

func (in *ClusterNetworkPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterNetworkPolicyEgressPeer added in v1.1.0 

type ClusterNetworkPolicyEgressPeer struct {
	// Namespaces defines a way to select all pods within a set of Namespaces.
	// Note that host-networked pods are not included in this type of peer.
	//
	// +optional
	Namespaces *metav1.LabelSelector `json:"namespaces,omitempty"`
	// Pods defines a way to select a set of pods in
	// a set of namespaces. Note that host-networked pods
	// are not included in this type of peer.
	//
	// +optional
	Pods *NamespacedPod `json:"pods,omitempty"`
	// Networks defines a way to select peers via CIDR blocks.
	//
	// +optional
	// +listType=set
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=25
	Networks []CIDR `json:"networks,omitempty"`

	// DomainNames provides a way to specify domain names as peers.
	// DomainNames support Accept and Pass actions (our extension from upstream)
	// Upstream CNP only supports Accept for domainNames, we add Pass support
	//
	// +optional
	// +listType=set
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=25
	DomainNames []DomainName `json:"domainNames,omitempty"`
}

ClusterNetworkPolicyEgressPeer defines a peer to allow traffic to.

Exactly one of the fields must be set for a given peer and this is enforced by the validation rules on the CRD. If an implementation sees no fields are set then it can infer that the deployed CRD is of an incompatible version with an unknown field. In that case it should fail closed.

+kubebuilder:validation:MaxProperties=1 +kubebuilder:validation:MinProperties=1

func (*ClusterNetworkPolicyEgressPeer) DeepCopy added in v1.1.0 

func (in *ClusterNetworkPolicyEgressPeer) DeepCopy() *ClusterNetworkPolicyEgressPeer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicyEgressPeer.

func (*ClusterNetworkPolicyEgressPeer) DeepCopyInto added in v1.1.0 

func (in *ClusterNetworkPolicyEgressPeer) DeepCopyInto(out *ClusterNetworkPolicyEgressPeer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterNetworkPolicyEgressRule added in v1.1.0 

type ClusterNetworkPolicyEgressRule struct {
	// Name is an identifier for this rule, that may be no more than
	// 100 characters in length. This field should be used by the implementation
	// to help improve observability, readability and error-reporting
	// for any applied AdminNetworkPolicies.
	//
	// +optional
	// +kubebuilder:validation:MaxLength=100
	Name string `json:"name,omitempty"`

	// Action specifies the effect this rule will have on matching traffic.
	Action ClusterNetworkPolicyRuleAction `json:"action"`

	// To is the List of destinations whose traffic this rule applies to.
	// If any element matches the destination of outgoing
	// traffic then the specified action is applied.
	// This field must be defined and contain at least one item.
	//
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=100
	To []ClusterNetworkPolicyEgressPeer `json:"to"`

	// Ports allows for matching traffic based on port and protocols.
	// This field is a list of destination ports for the outgoing egress traffic.
	// If Ports is not set then the rule does not filter traffic via port.
	//
	// +optional
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=100
	Ports *[]ClusterNetworkPolicyPort `json:"ports,omitempty"`
}

+kubebuilder:validation:XValidation:rule="!(self.action != 'Accept' && self.to.exists(peer, has(peer.domainNames)))",message="domainNames peer can only be used with Accept action"

func (*ClusterNetworkPolicyEgressRule) DeepCopy added in v1.1.0 

func (in *ClusterNetworkPolicyEgressRule) DeepCopy() *ClusterNetworkPolicyEgressRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicyEgressRule.

func (*ClusterNetworkPolicyEgressRule) DeepCopyInto added in v1.1.0 

func (in *ClusterNetworkPolicyEgressRule) DeepCopyInto(out *ClusterNetworkPolicyEgressRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterNetworkPolicyIngressPeer added in v1.1.0 

type ClusterNetworkPolicyIngressPeer struct {
	// Namespaces defines a way to select all pods within a set of Namespaces.
	// Note that host-networked pods are not included in this type of peer.
	//
	// +optional
	Namespaces *metav1.LabelSelector `json:"namespaces,omitempty"`
	// Pods defines a way to select a set of pods in
	// a set of namespaces. Note that host-networked pods
	// are not included in this type of peer.
	//
	// +optional
	Pods *NamespacedPod `json:"pods,omitempty"`
}

ClusterNetworkPolicyIngressPeer defines a peer to allow traffic from.

Exactly one of the fields must be set for a given peer and this is enforced by the validation rules on the CRD. If an implementation sees no fields are set then it can infer that the deployed CRD is of an incompatible version with an unknown field. In that case it should fail closed.

+kubebuilder:validation:MaxProperties=1 +kubebuilder:validation:MinProperties=1

func (*ClusterNetworkPolicyIngressPeer) DeepCopy added in v1.1.0 

func (in *ClusterNetworkPolicyIngressPeer) DeepCopy() *ClusterNetworkPolicyIngressPeer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicyIngressPeer.

func (*ClusterNetworkPolicyIngressPeer) DeepCopyInto added in v1.1.0 

func (in *ClusterNetworkPolicyIngressPeer) DeepCopyInto(out *ClusterNetworkPolicyIngressPeer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterNetworkPolicyIngressRule added in v1.1.0 

type ClusterNetworkPolicyIngressRule struct {
	// Name is an identifier for this rule, that may be no more than
	// 100 characters in length. This field should be used by the implementation
	// to help improve observability, readability and error-reporting
	// for any applied AdminNetworkPolicies.
	//
	// +optional
	// +kubebuilder:validation:MaxLength=100
	Name string `json:"name,omitempty"`

	// Action specifies the effect this rule will have on matching traffic.
	Action ClusterNetworkPolicyRuleAction `json:"action"`

	// From is the list of sources whose traffic this rule applies to.
	// If any element matches the source of incoming
	// traffic then the specified action is applied.
	// This field must be defined and contain at least one item.
	//
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=100
	From []ClusterNetworkPolicyIngressPeer `json:"from"`

	// Ports allows for matching traffic based on port and protocols.
	// This field is a list of ports which should be matched on
	// the pods selected for this policy i.e the subject of the policy.
	// So it matches on the destination port for the ingress traffic.
	// If Ports is not set then the rule does not filter traffic via port.
	//
	// +optional
	// +kubebuilder:validation:MinItems=1
	// +kubebuilder:validation:MaxItems=100
	Ports *[]ClusterNetworkPolicyPort `json:"ports,omitempty"`
}

func (*ClusterNetworkPolicyIngressRule) DeepCopy added in v1.1.0 

func (in *ClusterNetworkPolicyIngressRule) DeepCopy() *ClusterNetworkPolicyIngressRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicyIngressRule.

func (*ClusterNetworkPolicyIngressRule) DeepCopyInto added in v1.1.0 

func (in *ClusterNetworkPolicyIngressRule) DeepCopyInto(out *ClusterNetworkPolicyIngressRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterNetworkPolicyList added in v1.1.0 

type ClusterNetworkPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterNetworkPolicy `json:"items"`
}

ClusterNetworkPolicyList contains a list of ClusterNetworkPolicy

func (*ClusterNetworkPolicyList) DeepCopy added in v1.1.0 

func (in *ClusterNetworkPolicyList) DeepCopy() *ClusterNetworkPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicyList.

func (*ClusterNetworkPolicyList) DeepCopyInto added in v1.1.0 

func (in *ClusterNetworkPolicyList) DeepCopyInto(out *ClusterNetworkPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterNetworkPolicyList) DeepCopyObject added in v1.1.0 

func (in *ClusterNetworkPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterNetworkPolicyPort added in v1.1.0 

type ClusterNetworkPolicyPort struct {
	// +optional
	PortNumber *CNPPort `json:"portNumber,omitempty"`
	// +optional
	PortRange *CNPPortRange `json:"portRange,omitempty"`
	// +optional
	NamedPort *string `json:"namedPort,omitempty"`
}

func (*ClusterNetworkPolicyPort) DeepCopy added in v1.1.0 

func (in *ClusterNetworkPolicyPort) DeepCopy() *ClusterNetworkPolicyPort

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicyPort.

func (*ClusterNetworkPolicyPort) DeepCopyInto added in v1.1.0 

func (in *ClusterNetworkPolicyPort) DeepCopyInto(out *ClusterNetworkPolicyPort)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterNetworkPolicyRuleAction added in v1.1.0 

type ClusterNetworkPolicyRuleAction string

+kubebuilder:validation:Enum={"Accept", "Deny", "Pass"} 

const (
	ClusterNetworkPolicyRuleActionAccept ClusterNetworkPolicyRuleAction = "Accept"
	ClusterNetworkPolicyRuleActionDeny   ClusterNetworkPolicyRuleAction = "Deny"
	ClusterNetworkPolicyRuleActionPass   ClusterNetworkPolicyRuleAction = "Pass"
)

type ClusterNetworkPolicySpec added in v1.1.0 

type ClusterNetworkPolicySpec struct {
	// Tier specifies the policy tier (Admin, Baseline)
	// +kubebuilder:validation:Enum={"Admin", "Baseline"}
	Tier Tier `json:"tier"`

	// Priority within the tier (0-1000, lower = higher precedence)
	// +kubebuilder:validation:Minimum=0
	// +kubebuilder:validation:Maximum=1000
	Priority int32 `json:"priority"`

	// Subject defines which pods this policy applies to
	Subject ClusterNetworkPolicySubject `json:"subject"`

	// Ingress rules
	// +optional
	// +kubebuilder:validation:MaxItems=100
	Ingress []ClusterNetworkPolicyIngressRule `json:"ingress,omitempty"`

	// Egress rules
	// +optional
	// +kubebuilder:validation:MaxItems=100
	Egress []ClusterNetworkPolicyEgressRule `json:"egress,omitempty"`
}

ClusterNetworkPolicySpec defines the desired state of ClusterNetworkPolicy

func (*ClusterNetworkPolicySpec) DeepCopy added in v1.1.0 

func (in *ClusterNetworkPolicySpec) DeepCopy() *ClusterNetworkPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicySpec.

func (*ClusterNetworkPolicySpec) DeepCopyInto added in v1.1.0 

func (in *ClusterNetworkPolicySpec) DeepCopyInto(out *ClusterNetworkPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterNetworkPolicyStatus added in v1.1.0 

type ClusterNetworkPolicyStatus struct {
	// Conditions represent the latest available observations of the ClusterNetworkPolicy's current state.
	// +optional
	Conditions []metav1.Condition `json:"conditions,omitempty"`
}

ClusterNetworkPolicyStatus defines the observed state of ClusterNetworkPolicy

func (*ClusterNetworkPolicyStatus) DeepCopy added in v1.1.0 

func (in *ClusterNetworkPolicyStatus) DeepCopy() *ClusterNetworkPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicyStatus.

func (*ClusterNetworkPolicyStatus) DeepCopyInto added in v1.1.0 

func (in *ClusterNetworkPolicyStatus) DeepCopyInto(out *ClusterNetworkPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterNetworkPolicySubject added in v1.1.0 

type ClusterNetworkPolicySubject struct {
	// Namespaces is used to select pods via namespace selectors.
	// +optional
	Namespaces *metav1.LabelSelector `json:"namespaces,omitempty"`
	// Pods is used to select pods via namespace AND pod selectors.
	// +optional
	Pods *NamespacedPod `json:"pods,omitempty"`
}

ClusterNetworkPolicySubject defines what resources the policy applies to. Exactly one field must be set. +kubebuilder:validation:MaxProperties=1 +kubebuilder:validation:MinProperties=1

func (*ClusterNetworkPolicySubject) DeepCopy added in v1.1.0 

func (in *ClusterNetworkPolicySubject) DeepCopy() *ClusterNetworkPolicySubject

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicySubject.

func (*ClusterNetworkPolicySubject) DeepCopyInto added in v1.1.0 

func (in *ClusterNetworkPolicySubject) DeepCopyInto(out *ClusterNetworkPolicySubject)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterPolicyEndpoint added in v1.1.0 

type ClusterPolicyEndpoint struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   ClusterPolicyEndpointSpec   `json:"spec,omitempty"`
	Status ClusterPolicyEndpointStatus `json:"status,omitempty"`
}

ClusterPolicyEndpoint is the Schema for the clusterpolicyendpoints API

func (*ClusterPolicyEndpoint) DeepCopy added in v1.1.0 

func (in *ClusterPolicyEndpoint) DeepCopy() *ClusterPolicyEndpoint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyEndpoint.

func (*ClusterPolicyEndpoint) DeepCopyInto added in v1.1.0 

func (in *ClusterPolicyEndpoint) DeepCopyInto(out *ClusterPolicyEndpoint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterPolicyEndpoint) DeepCopyObject added in v1.1.0 

func (in *ClusterPolicyEndpoint) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterPolicyEndpointList added in v1.1.0 

type ClusterPolicyEndpointList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []ClusterPolicyEndpoint `json:"items"`
}

ClusterPolicyEndpointList contains a list of ClusterPolicyEndpoint

func (*ClusterPolicyEndpointList) DeepCopy added in v1.1.0 

func (in *ClusterPolicyEndpointList) DeepCopy() *ClusterPolicyEndpointList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyEndpointList.

func (*ClusterPolicyEndpointList) DeepCopyInto added in v1.1.0 

func (in *ClusterPolicyEndpointList) DeepCopyInto(out *ClusterPolicyEndpointList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterPolicyEndpointList) DeepCopyObject added in v1.1.0 

func (in *ClusterPolicyEndpointList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterPolicyEndpointSpec added in v1.1.0 

type ClusterPolicyEndpointSpec struct {
	// PolicyRef is a reference to the Kubernetes ClusterNetworkPolicy resource.
	PolicyRef ClusterPolicyReference `json:"policyRef"`

	// Tier from the CNP
	Tier Tier `json:"tier"`

	// Priority from the CNP
	Priority int32 `json:"priority"`

	// PodSelectorEndpoints contains information about the pods
	// matching the policy across all namespaces
	PodSelectorEndpoints []PodEndpoint `json:"podSelectorEndpoints,omitempty"`

	// Ingress is the list of ingress rules containing resolved network addresses
	Ingress []ClusterEndpointInfo `json:"ingress,omitempty"`

	// Egress is the list of egress rules containing resolved network addresses
	Egress []ClusterEndpointInfo `json:"egress,omitempty"`
}

ClusterPolicyEndpointSpec defines the desired state of ClusterPolicyEndpoint

func (*ClusterPolicyEndpointSpec) DeepCopy added in v1.1.0 

func (in *ClusterPolicyEndpointSpec) DeepCopy() *ClusterPolicyEndpointSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyEndpointSpec.

func (*ClusterPolicyEndpointSpec) DeepCopyInto added in v1.1.0 

func (in *ClusterPolicyEndpointSpec) DeepCopyInto(out *ClusterPolicyEndpointSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterPolicyEndpointStatus added in v1.1.0 

type ClusterPolicyEndpointStatus struct {
}

ClusterPolicyEndpointStatus defines the observed state of ClusterPolicyEndpoint

func (*ClusterPolicyEndpointStatus) DeepCopy added in v1.1.0 

func (in *ClusterPolicyEndpointStatus) DeepCopy() *ClusterPolicyEndpointStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyEndpointStatus.

func (*ClusterPolicyEndpointStatus) DeepCopyInto added in v1.1.0 

func (in *ClusterPolicyEndpointStatus) DeepCopyInto(out *ClusterPolicyEndpointStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterPolicyReference added in v1.1.0 

type ClusterPolicyReference struct {
	// Name is the name of the ClusterNetworkPolicy
	Name string `json:"name"`
}

ClusterPolicyReference is the reference to the cluster network policy resource

func (*ClusterPolicyReference) DeepCopy added in v1.1.0 

func (in *ClusterPolicyReference) DeepCopy() *ClusterPolicyReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterPolicyReference.

func (*ClusterPolicyReference) DeepCopyInto added in v1.1.0 

func (in *ClusterPolicyReference) DeepCopyInto(out *ClusterPolicyReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DomainName added in v1.1.0 

type DomainName string

DomainName describes one or more domain names to be used as a peer.

DomainName can be an exact match, or use the wildcard specifier '*' to match one or more labels.

'*', the wildcard specifier, matches one or more entire labels. It does not support partial matches. '*' may only be specified as a prefix. 

Examples:
  - `kubernetes.io` matches only `kubernetes.io`.
    It does not match "www.kubernetes.io", "blog.kubernetes.io",
    "my-kubernetes.io", or "wikipedia.org".
  - `blog.kubernetes.io` matches only "blog.kubernetes.io".
    It does not match "www.kubernetes.io" or "kubernetes.io".
  - `*.kubernetes.io` matches subdomains of kubernetes.io.
    "www.kubernetes.io", "blog.kubernetes.io", and
    "latest.blog.kubernetes.io" match, however "kubernetes.io", and
    "wikipedia.org" do not.

+kubebuilder:validation:Pattern=`^(\*\.)?([a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.)+[a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.?$`

type EndpointInfo 

type EndpointInfo struct {
	// CIDR is the network address(s) of the endpoint
	CIDR NetworkAddress `json:"cidr,omitempty"`

	// Except is the exceptions to the CIDR ranges mentioned above.
	Except []NetworkAddress `json:"except,omitempty"`

	// Ports is the list of ports
	Ports []Port `json:"ports,omitempty"`

	// DomainName is the FQDN for the endpoint (mutually exclusive with CIDR, egress-only)
	// Note: This field should only be used in egress rules, not ingress
	DomainName DomainName `json:"domainName,omitempty"`
}

EndpointInfo defines the network endpoint information for the policy ingress/egress

func (*EndpointInfo) DeepCopy 

func (in *EndpointInfo) DeepCopy() *EndpointInfo

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointInfo.

func (*EndpointInfo) DeepCopyInto 

func (in *EndpointInfo) DeepCopyInto(out *EndpointInfo)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NamespacedPod added in v1.1.0 

type NamespacedPod struct {
	// NamespaceSelector follows standard label selector semantics; if empty,
	// it selects all Namespaces.
	NamespaceSelector metav1.LabelSelector `json:"namespaceSelector"`

	// PodSelector is used to explicitly select pods within a namespace;
	// if empty, it selects all Pods.
	PodSelector metav1.LabelSelector `json:"podSelector"`
}

NamespacedPod allows the user to select a given set of pod(s) in selected namespace(s).

func (*NamespacedPod) DeepCopy added in v1.1.0 

func (in *NamespacedPod) DeepCopy() *NamespacedPod

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespacedPod.

func (*NamespacedPod) DeepCopyInto added in v1.1.0 

func (in *NamespacedPod) DeepCopyInto(out *NamespacedPod)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkAddress 

type NetworkAddress string

type PodEndpoint 

type PodEndpoint struct {
	// HostIP is the IP address of the host the pod is currently running on
	HostIP NetworkAddress `json:"hostIP"`
	// PodIP is the IP address of the pod
	PodIP NetworkAddress `json:"podIP"`
	// Name is the pod name
	Name string `json:"name"`
	// Namespace is the pod namespace
	Namespace string `json:"namespace"`
}

PodEndpoint defines the summary information for the pods

func (*PodEndpoint) DeepCopy 

func (in *PodEndpoint) DeepCopy() *PodEndpoint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodEndpoint.

func (*PodEndpoint) DeepCopyInto 

func (in *PodEndpoint) DeepCopyInto(out *PodEndpoint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyEndpoint 

type PolicyEndpoint struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   PolicyEndpointSpec   `json:"spec,omitempty"`
	Status PolicyEndpointStatus `json:"status,omitempty"`
}

PolicyEndpoint is the Schema for the policyendpoints API

func (*PolicyEndpoint) DeepCopy 

func (in *PolicyEndpoint) DeepCopy() *PolicyEndpoint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyEndpoint.

func (*PolicyEndpoint) DeepCopyInto 

func (in *PolicyEndpoint) DeepCopyInto(out *PolicyEndpoint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyEndpoint) DeepCopyObject 

func (in *PolicyEndpoint) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PolicyEndpointList 

type PolicyEndpointList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []PolicyEndpoint `json:"items"`
}

PolicyEndpointList contains a list of PolicyEndpoint

func (*PolicyEndpointList) DeepCopy 

func (in *PolicyEndpointList) DeepCopy() *PolicyEndpointList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyEndpointList.

func (*PolicyEndpointList) DeepCopyInto 

func (in *PolicyEndpointList) DeepCopyInto(out *PolicyEndpointList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*PolicyEndpointList) DeepCopyObject 

func (in *PolicyEndpointList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type PolicyEndpointSpec 

type PolicyEndpointSpec struct {
	// PodSelector is the podSelector from the policy resource
	PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"`

	// PolicyRef is a reference to the Kubernetes NetworkPolicy resource.
	PolicyRef PolicyReference `json:"policyRef"`

	// PodIsolation specifies whether the pod needs to be isolated for a
	// particular traffic direction Ingress or Egress, or both. If default isolation is not
	// specified, and there are no ingress/egress rules, then the pod is not isolated
	// from the point of view of this policy. This follows the NetworkPolicy spec.PolicyTypes.
	PodIsolation []networking.PolicyType `json:"podIsolation,omitempty"`

	// PodSelectorEndpoints contains information about the pods
	// matching the podSelector
	PodSelectorEndpoints []PodEndpoint `json:"podSelectorEndpoints,omitempty"`

	// Ingress is the list of ingress rules containing resolved network addresses
	Ingress []EndpointInfo `json:"ingress,omitempty"`

	// Egress is the list of egress rules containing resolved network addresses
	Egress []EndpointInfo `json:"egress,omitempty"`
}

PolicyEndpointSpec defines the desired state of PolicyEndpoint

func (*PolicyEndpointSpec) DeepCopy 

func (in *PolicyEndpointSpec) DeepCopy() *PolicyEndpointSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyEndpointSpec.

func (*PolicyEndpointSpec) DeepCopyInto 

func (in *PolicyEndpointSpec) DeepCopyInto(out *PolicyEndpointSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyEndpointStatus 

type PolicyEndpointStatus struct {
}

PolicyEndpointStatus defines the observed state of PolicyEndpoint

func (*PolicyEndpointStatus) DeepCopy 

func (in *PolicyEndpointStatus) DeepCopy() *PolicyEndpointStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyEndpointStatus.

func (*PolicyEndpointStatus) DeepCopyInto 

func (in *PolicyEndpointStatus) DeepCopyInto(out *PolicyEndpointStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyReference 

type PolicyReference struct {
	// Name is the name of the Policy
	Name string `json:"name"`

	// Namespace is the namespace of the Policy
	Namespace string `json:"namespace"`
}

PolicyReference is the reference to the network policy resource

func (*PolicyReference) DeepCopy 

func (in *PolicyReference) DeepCopy() *PolicyReference

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyReference.

func (*PolicyReference) DeepCopyInto 

func (in *PolicyReference) DeepCopyInto(out *PolicyReference)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Port 

type Port struct {
	// Protocol specifies the transport protocol, default TCP
	// +default="TCP"
	Protocol *corev1.Protocol `json:"protocol,omitempty"`

	// Port specifies the numerical port for the protocol. If empty applies to all ports
	Port *int32 `json:"port,omitempty"`

	// Endport specifies the port range port to endPort
	// port must be defined and an integer, endPort > port
	EndPort *int32 `json:"endPort,omitempty"`
}

Port contains information about the transport port/protocol

func (*Port) DeepCopy 

func (in *Port) DeepCopy() *Port

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Port.

func (*Port) DeepCopyInto 

func (in *Port) DeepCopyInto(out *Port)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Tier added in v1.1.0 

type Tier string

+kubebuilder:validation:Enum={"Admin", "Baseline"} 

const (
	AdminTier    Tier = "Admin"
	BaselineTier Tier = "Baseline"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.