admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
35027a346bfba2c83285fb1ccf89df042b4e646a
kubesphere/config/crds/network.kubesphere.io_namespacenetworkpolicies.yaml
Xinzhao Xu 57f51b7ca1 Update automatically generated files
2022-02-14 16:30:58 +08:00

287 lines
15 KiB
YAML
Generated
Raw Blame History

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
creationTimestamp: null
name: namespacenetworkpolicies.network.kubesphere.io
spec:
group: network.kubesphere.io
names:
categories:
- networking
kind: NamespaceNetworkPolicy
listKind: NamespaceNetworkPolicyList
plural: namespacenetworkpolicies
shortNames:
- nsnp
singular: namespacenetworkpolicy
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NamespaceNetworkPolicy is the Schema for the namespacenetworkpolicies
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: NamespaceNetworkPolicySpec provides the specification of
a NamespaceNetworkPolicy
properties:
egress:
description: List of egress rules to be applied to the selected pods.
Outgoing traffic is allowed if there are no NetworkPolicies selecting
the pod (and cluster policy otherwise allows the traffic), OR if
the traffic matches at least one egress rule across all of the NetworkPolicy
objects whose podSelector matches the pod. If this field is empty
then this NetworkPolicy limits all outgoing traffic (and serves
solely to ensure that the pods it selects are isolated by default).
This field is beta-level in 1.8
items:
description: NetworkPolicyEgressRule describes a particular set
of traffic that is allowed out of pods matched by a NetworkPolicySpec's
podSelector. The traffic must match both ports and to. This type
is beta-level in 1.8
properties:
ports:
description: List of destination ports for outgoing traffic.
Each item in this list is combined using a logical OR. If
this field is empty or missing, this rule matches all ports
(traffic not restricted by port). If this field is present
and contains at least one item, then this rule allows traffic
only if the traffic matches at least one port in the list.
items:
description: NetworkPolicyPort describes a port to allow traffic
on
properties:
endPort:
description: If set, indicates that the range of ports
from port to endPort, inclusive, should be allowed by
the policy. This field cannot be defined if the port
field is not defined or if the port field is defined
as a named (string) port. The endPort must be equal
or greater than port. This feature is in Alpha state
and should be enabled using the Feature Gate "NetworkPolicyEndPort".
format: int32
type: integer
port:
anyOf:
- type: integer
- type: string
description: The port on the given protocol. This can
either be a numerical or named port on a pod. If this
field is not provided, this matches all port names and
numbers. If present, only traffic on the specified protocol
AND port will be matched.
x-kubernetes-int-or-string: true
protocol:
default: TCP
description: The protocol (TCP, UDP, or SCTP) which traffic
must match. If not specified, this field defaults to
TCP.
type: string
type: object
type: array
to:
description: List of destinations for outgoing traffic of pods
selected for this rule. Items in this list are combined using
a logical OR operation. If this field is empty or missing,
this rule matches all destinations (traffic not restricted
by destination). If this field is present and contains at
least one item, this rule allows traffic only if the traffic
matches at least one item in the to list.
items:
description: NetworkPolicyPeer describes a peer to allow traffic
from. Only certain combinations of fields are allowed
properties:
ipBlock:
description: IPBlock defines policy on a particular IPBlock.
If this field is set then neither of the other fields
can be.
properties:
cidr:
description: CIDR is a string representing the IP
Block Valid examples are "192.168.1.1/24" or "2001:db9::/64"
type: string
except:
description: Except is a slice of CIDRs that should
not be included within an IP Block Valid examples
are "192.168.1.1/24" or "2001:db9::/64" Except values
will be rejected if they are outside the CIDR range
items:
type: string
type: array
required:
- cidr
type: object
namespace:
properties:
name:
type: string
required:
- name
type: object
service:
properties:
name:
type: string
namespace:
type: string
required:
- name
- namespace
type: object
type: object
type: array
type: object
type: array
ingress:
description: List of ingress rules to be applied to the selected pods.
Traffic is allowed to a pod if there are no NetworkPolicies selecting
the pod (and cluster policy otherwise allows the traffic), OR if
the traffic source is the pod's local node, OR if the traffic matches
at least one ingress rule across all of the NetworkPolicy objects
whose podSelector matches the pod. If this field is empty then this
NetworkPolicy does not allow any traffic (and serves solely to ensure
that the pods it selects are isolated by default)
items:
description: NetworkPolicyIngressRule describes a particular set
of traffic that is allowed to the pods matched by a NetworkPolicySpec's
podSelector. The traffic must match both ports and from.
properties:
from:
description: List of sources which should be able to access
the pods selected for this rule. Items in this list are combined
using a logical OR operation. If this field is empty or missing,
this rule matches all sources (traffic not restricted by source).
If this field is present and contains at least one item, this
rule allows traffic only if the traffic matches at least one
item in the from list.
items:
description: NetworkPolicyPeer describes a peer to allow traffic
from. Only certain combinations of fields are allowed
properties:
ipBlock:
description: IPBlock defines policy on a particular IPBlock.
If this field is set then neither of the other fields
can be.
properties:
cidr:
description: CIDR is a string representing the IP
Block Valid examples are "192.168.1.1/24" or "2001:db9::/64"
type: string
except:
description: Except is a slice of CIDRs that should
not be included within an IP Block Valid examples
are "192.168.1.1/24" or "2001:db9::/64" Except values
will be rejected if they are outside the CIDR range
items:
type: string
type: array
required:
- cidr
type: object
namespace:
properties:
name:
type: string
required:
- name
type: object
service:
properties:
name:
type: string
namespace:
type: string
required:
- name
- namespace
type: object
type: object
type: array
ports:
description: List of ports which should be made accessible on
the pods selected for this rule. Each item in this list is
combined using a logical OR. If this field is empty or missing,
this rule matches all ports (traffic not restricted by port).
If this field is present and contains at least one item, then
this rule allows traffic only if the traffic matches at least
one port in the list.
items:
description: NetworkPolicyPort describes a port to allow traffic
on
properties:
endPort:
description: If set, indicates that the range of ports
from port to endPort, inclusive, should be allowed by
the policy. This field cannot be defined if the port
field is not defined or if the port field is defined
as a named (string) port. The endPort must be equal
or greater than port. This feature is in Alpha state
and should be enabled using the Feature Gate "NetworkPolicyEndPort".
format: int32
type: integer
port:
anyOf:
- type: integer
- type: string
description: The port on the given protocol. This can
either be a numerical or named port on a pod. If this
field is not provided, this matches all port names and
numbers. If present, only traffic on the specified protocol
AND port will be matched.
x-kubernetes-int-or-string: true
protocol:
default: TCP
description: The protocol (TCP, UDP, or SCTP) which traffic
must match. If not specified, this field defaults to
TCP.
type: string
type: object
type: array
type: object
type: array
policyTypes:
description: List of rule types that the NetworkPolicy relates to.
Valid options are "Ingress", "Egress", or "Ingress,Egress". If this
field is not specified, it will default based on the existence of
Ingress or Egress rules; policies that contain an Egress section
are assumed to affect Egress, and all policies (whether or not they
contain an Ingress section) are assumed to affect Ingress. If you
want to write an egress-only policy, you must explicitly specify
policyTypes [ "Egress" ]. Likewise, if you want to write a policy
that specifies that no egress is allowed, you must specify a policyTypes
value that include "Egress" (since such a policy would not include
an Egress section and would otherwise default to just [ "Ingress"
]). This field is beta-level in 1.8
items:
description: PolicyType string describes the NetworkPolicy type
This type is beta-level in 1.8
type: string
type: array
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
Reference in New Issue View Git Blame Copy Permalink