Documentation ¶
Index ¶
- Constants
- Variables
- func Resource(resource string) schema.GroupResource
- type Action
- type AllocationAttribute
- type BGPConfiguration
- type BGPConfigurationList
- type BGPConfigurationSpec
- type BGPPeer
- type BGPPeerList
- type BGPPeerSpec
- type BlockAffinity
- type BlockAffinityList
- type BlockAffinitySpec
- type ClusterInformation
- type ClusterInformationList
- type ClusterInformationSpec
- type EndpointPort
- type EntityRule
- type FelixConfiguration
- type FelixConfigurationList
- type FelixConfigurationSpec
- type GlobalNetworkPolicy
- type GlobalNetworkPolicyList
- type GlobalNetworkPolicySpec
- type GlobalNetworkSet
- type GlobalNetworkSetList
- type GlobalNetworkSetSpec
- type HTTPMatch
- type HTTPPath
- type HostEndpoint
- type HostEndpointList
- type HostEndpointSpec
- type ICMPFields
- type IPAMBlock
- type IPAMBlockList
- type IPAMBlockSpec
- type IPAMConfig
- type IPAMConfigList
- type IPAMConfigSpec
- type IPAMHandle
- type IPAMHandleList
- type IPAMHandleSpec
- type IPIPMode
- type IPNAT
- type IPPool
- type IPPoolList
- type IPPoolSpec
- type NetworkPolicy
- type NetworkPolicyList
- type NetworkPolicySpec
- type Node
- type NodeBGPSpec
- type NodeList
- type NodeSpec
- type OrchRef
- type PolicyType
- type Profile
- type ProfileList
- type ProfileSpec
- type ProtoPort
- type Rule
- type ServiceAccountMatch
- type WorkloadEndpoint
- type WorkloadEndpointList
- type WorkloadEndpointSpec
Constants ¶
const ( KindBGPConfiguration = "BGPConfiguration" KindBGPConfigurationList = "BGPConfigurationList" )
const ( KindBGPPeer = "BGPPeer" KindBGPPeerList = "BGPPeerList" )
const ( KindBlockAffinity = "BlockAffinity" KindBlockAffinityList = "BlockAffinityList" )
const ( KindClusterInformation = "ClusterInformation" KindClusterInformationList = "ClusterInformationList" )
const ( // API group details for the Calico v3 API. Group = "projectcalico.org" VersionCurrent = "v3" GroupVersionCurrent = Group + "/" + VersionCurrent // AllNamepaces is used for client instantiation, either for when the namespace // will be specified in the resource request, or for List or Watch queries across // all namespaces. AllNamespaces = "" // AllNames is used for List or Watch queries to wildcard the name. AllNames = "" // Label used to denote the Namespace. This is added to the workload endpoints by Calico // and may be used for label matches by Policy selectors. LabelNamespace = "projectcalico.org/namespace" // Label used to denote the ServiceAccount. This is added to the workload endpoints by Calico // and may be used for label matches by Policy selectors. LabelServiceAccount = "projectcalico.org/serviceaccount" // Label used to denote the Orchestrator. This is added to the workload endpoints by an // orchestrator. LabelOrchestrator = "projectcalico.org/orchestrator" // Known orchestrators. Orchestrators are not limited to this list. OrchestratorKubernetes = "k8s" OrchestratorCNI = "cni" OrchestratorDocker = "libnetwork" OrchestratorOpenStack = "openstack" )
const ( KindFelixConfiguration = "FelixConfiguration" KindFelixConfigurationList = "FelixConfigurationList" )
const ( KindGlobalNetworkPolicy = "GlobalNetworkPolicy" KindGlobalNetworkPolicyList = "GlobalNetworkPolicyList" )
const ( KindGlobalNetworkSet = "GlobalNetworkSet" KindGlobalNetworkSetList = "GlobalNetworkSetList" )
const ( KindHostEndpoint = "HostEndpoint" KindHostEndpointList = "HostEndpointList" )
const ( KindIPAMBlock = "IPAMBlock" KindIPAMBlockList = "IPAMBlockList" )
const ( KindIPAMConfig = "IPAMConfig" KindIPAMConfigList = "IPAMConfigList" )
const ( KindIPAMHandle = "IPAMHandle" KindIPAMHandleList = "IPAMHandleList" )
const ( KindIPPool = "IPPool" KindIPPoolList = "IPPoolList" )
const ( IPIPModeNever IPIPMode = "Never" IPIPModeAlways = "Always" IPIPModeCrossSubnet = "CrossSubnet" )
const ( KindNetworkPolicy = "NetworkPolicy" KindNetworkPolicyList = "NetworkPolicyList" )
const ( KindNode = "Node" KindNodeList = "NodeList" )
const ( Allow Action = "Allow" Deny = "Deny" Log = "Log" Pass = "Pass" )
const ( KindProfile = "Profile" KindProfileList = "ProfileList" )
const ( KindWorkloadEndpoint = "WorkloadEndpoint" KindWorkloadEndpointList = "WorkloadEndpointList" )
const DefaultMode = IPIPModeAlways
Variables ¶
var ( SchemeBuilder runtime.SchemeBuilder AddToScheme = localSchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: "crd.projectcalico.org", Version: "v3"}
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type AllocationAttribute ¶
type AllocationAttribute struct { AttrPrimary *string `json:"handle_id"` AttrSecondary map[string]string `json:"secondary"` }
func (*AllocationAttribute) DeepCopy ¶
func (in *AllocationAttribute) DeepCopy() *AllocationAttribute
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllocationAttribute.
func (*AllocationAttribute) DeepCopyInto ¶
func (in *AllocationAttribute) DeepCopyInto(out *AllocationAttribute)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BGPConfiguration ¶
type BGPConfiguration struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the BGPConfiguration. Spec BGPConfigurationSpec `json:"spec,omitempty"` }
BGPConfiguration contains the configuration for any BGP routing.
func NewBGPConfiguration ¶
func NewBGPConfiguration() *BGPConfiguration
New BGPConfiguration creates a new (zeroed) BGPConfiguration struct with the TypeMetadata initialized to the current version.
func (*BGPConfiguration) DeepCopy ¶
func (in *BGPConfiguration) DeepCopy() *BGPConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BGPConfiguration.
func (*BGPConfiguration) DeepCopyInto ¶
func (in *BGPConfiguration) DeepCopyInto(out *BGPConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BGPConfiguration) DeepCopyObject ¶
func (in *BGPConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BGPConfigurationList ¶
type BGPConfigurationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []BGPConfiguration `json:"items"` }
BGPConfigurationList contains a list of BGPConfiguration resources.
func NewBGPConfigurationList ¶
func NewBGPConfigurationList() *BGPConfigurationList
NewBGPConfigurationList creates a new zeroed) BGPConfigurationList struct with the TypeMetadata initialized to the current version.
func (*BGPConfigurationList) DeepCopy ¶
func (in *BGPConfigurationList) DeepCopy() *BGPConfigurationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BGPConfigurationList.
func (*BGPConfigurationList) DeepCopyInto ¶
func (in *BGPConfigurationList) DeepCopyInto(out *BGPConfigurationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BGPConfigurationList) DeepCopyObject ¶
func (in *BGPConfigurationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BGPConfigurationSpec ¶
type BGPConfigurationSpec struct { // LogSeverityScreen is the log severity above which logs are sent to the stdout. [Default: INFO] LogSeverityScreen string `json:"logSeverityScreen,omitempty" validate:"omitempty,logLevel" confignamev1:"loglevel"` // NodeToNodeMeshEnabled sets whether full node to node BGP mesh is enabled. [Default: true] NodeToNodeMeshEnabled *bool `json:"nodeToNodeMeshEnabled,omitempty" validate:"omitempty" confignamev1:"node_mesh"` // ASNumber is the default AS number used by a node. [Default: 64512] ASNumber *numorstring.ASNumber `json:"asNumber,omitempty" validate:"omitempty" confignamev1:"as_num"` }
BGPConfigurationSpec contains the values of the BGP configuration.
func (*BGPConfigurationSpec) DeepCopy ¶
func (in *BGPConfigurationSpec) DeepCopy() *BGPConfigurationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BGPConfigurationSpec.
func (*BGPConfigurationSpec) DeepCopyInto ¶
func (in *BGPConfigurationSpec) DeepCopyInto(out *BGPConfigurationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BGPPeer ¶
type BGPPeer struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the BGPPeer. Spec BGPPeerSpec `json:"spec,omitempty"` }
BGPPeer contains information about a BGPPeer resource that is a peer of a Calico compute node.
func NewBGPPeer ¶
func NewBGPPeer() *BGPPeer
NewBGPPeer creates a new (zeroed) BGPPeer struct with the TypeMetadata initialised to the current version.
func (*BGPPeer) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BGPPeer.
func (*BGPPeer) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BGPPeer) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BGPPeerList ¶
type BGPPeerList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []BGPPeer `json:"items"` }
BGPPeerList contains a list of BGPPeer resources.
func NewBGPPeerList ¶
func NewBGPPeerList() *BGPPeerList
NewBGPPeerList creates a new (zeroed) BGPPeerList struct with the TypeMetadata initialised to the current version.
func (*BGPPeerList) DeepCopy ¶
func (in *BGPPeerList) DeepCopy() *BGPPeerList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BGPPeerList.
func (*BGPPeerList) DeepCopyInto ¶
func (in *BGPPeerList) DeepCopyInto(out *BGPPeerList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BGPPeerList) DeepCopyObject ¶
func (in *BGPPeerList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BGPPeerSpec ¶
type BGPPeerSpec struct { // The node name identifying the Calico node instance that is peering with this peer. // If this is not set, this represents a global peer, i.e. a peer that peers with // every node in the deployment. Node string `json:"node,omitempty" validate:"omitempty,name"` // The IP address of the peer. PeerIP string `json:"peerIP" validate:"omitempty,ip"` // The AS Number of the peer. ASNumber numorstring.ASNumber `json:"asNumber"` // Selector for the nodes that should have this peering. When this is set, the Node // field must be empty. NodeSelector string `json:"nodeSelector,omitempty"` // Selector for the remote nodes to peer with. When this is set, the PeerIP and // ASNumber fields must be empty. For each peering between the local node and // selected remote nodes, we configure an IPv4 peering if both ends have // NodeBGPSpec.IPv4Address specified, and an IPv6 peering if both ends have // NodeBGPSpec.IPv6Address specified. The remote AS number comes from the remote // node’s NodeBGPSpec.ASNumber, or the global default if that is not set. PeerSelector string `json:"peerSelector,omitempty"` }
BGPPeerSpec contains the specification for a BGPPeer resource.
func (*BGPPeerSpec) DeepCopy ¶
func (in *BGPPeerSpec) DeepCopy() *BGPPeerSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BGPPeerSpec.
func (*BGPPeerSpec) DeepCopyInto ¶
func (in *BGPPeerSpec) DeepCopyInto(out *BGPPeerSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BlockAffinity ¶
type BlockAffinity struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the BlockAffinity. Spec BlockAffinitySpec `json:"spec,omitempty"` }
BlockAffinity maintains a block affinity's state
func NewBlockAffinity ¶
func NewBlockAffinity() *BlockAffinity
NewBlockAffinity creates a new (zeroed) BlockAffinity struct with the TypeMetadata initialised to the current version.
func (*BlockAffinity) DeepCopy ¶
func (in *BlockAffinity) DeepCopy() *BlockAffinity
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockAffinity.
func (*BlockAffinity) DeepCopyInto ¶
func (in *BlockAffinity) DeepCopyInto(out *BlockAffinity)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BlockAffinity) DeepCopyObject ¶
func (in *BlockAffinity) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BlockAffinityList ¶
type BlockAffinityList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []BlockAffinity `json:"items"` }
BlockAffinityList contains a list of BlockAffinity resources.
func NewBlockAffinityList ¶
func NewBlockAffinityList() *BlockAffinityList
NewBlockAffinityList creates a new (zeroed) BlockAffinityList struct with the TypeMetadata initialised to the current version.
func (*BlockAffinityList) DeepCopy ¶
func (in *BlockAffinityList) DeepCopy() *BlockAffinityList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockAffinityList.
func (*BlockAffinityList) DeepCopyInto ¶
func (in *BlockAffinityList) DeepCopyInto(out *BlockAffinityList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BlockAffinityList) DeepCopyObject ¶
func (in *BlockAffinityList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BlockAffinitySpec ¶
type BlockAffinitySpec struct { State string `json:"state"` Node string `json:"node"` CIDR string `json:"cidr"` Deleted string `json:"deleted"` }
BlockAffinitySpec contains the specification for a BlockAffinity resource.
func (*BlockAffinitySpec) DeepCopy ¶
func (in *BlockAffinitySpec) DeepCopy() *BlockAffinitySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockAffinitySpec.
func (*BlockAffinitySpec) DeepCopyInto ¶
func (in *BlockAffinitySpec) DeepCopyInto(out *BlockAffinitySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterInformation ¶
type ClusterInformation struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the ClusterInformation. Spec ClusterInformationSpec `json:"spec,omitempty"` }
ClusterInformation contains the cluster specific information.
func NewClusterInformation ¶
func NewClusterInformation() *ClusterInformation
New ClusterInformation creates a new (zeroed) ClusterInformation struct with the TypeMetadata initialized to the current version.
func (*ClusterInformation) DeepCopy ¶
func (in *ClusterInformation) DeepCopy() *ClusterInformation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterInformation.
func (*ClusterInformation) DeepCopyInto ¶
func (in *ClusterInformation) DeepCopyInto(out *ClusterInformation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterInformation) DeepCopyObject ¶
func (in *ClusterInformation) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterInformationList ¶
type ClusterInformationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []ClusterInformation `json:"items"` }
ClusterInformationList contains a list of ClusterInformation resources (even though there should only be one).
func NewClusterInformationList ¶
func NewClusterInformationList() *ClusterInformationList
NewClusterInformationList creates a new 9zeroed) ClusterInformationList struct with the TypeMetadata initialized to the current version.
func (*ClusterInformationList) DeepCopy ¶
func (in *ClusterInformationList) DeepCopy() *ClusterInformationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterInformationList.
func (*ClusterInformationList) DeepCopyInto ¶
func (in *ClusterInformationList) DeepCopyInto(out *ClusterInformationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterInformationList) DeepCopyObject ¶
func (in *ClusterInformationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterInformationSpec ¶
type ClusterInformationSpec struct { // ClusterGUID is the GUID of the cluster ClusterGUID string `json:"clusterGUID,omitempty" validate:"omitempty"` // ClusterType describes the type of the cluster ClusterType string `json:"clusterType,omitempty" validate:"omitempty"` // CalicoVersion is the version of Calico that the cluster is running CalicoVersion string `json:"calicoVersion,omitempty" validate:"omitempty"` // DatastoreReady is used during significant datastore migrations to signal to components // such as Felix that it should wait before accessing the datastore. DatastoreReady *bool `json:"datastoreReady"` }
ClusterInformationSpec contains the values of describing the cluster.
func (*ClusterInformationSpec) DeepCopy ¶
func (in *ClusterInformationSpec) DeepCopy() *ClusterInformationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterInformationSpec.
func (*ClusterInformationSpec) DeepCopyInto ¶
func (in *ClusterInformationSpec) DeepCopyInto(out *ClusterInformationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EndpointPort ¶
type EndpointPort struct { Name string `json:"name" validate:"portName"` Protocol numorstring.Protocol `json:"protocol"` Port uint16 `json:"port" validate:"gt=0"` }
func (*EndpointPort) DeepCopy ¶
func (in *EndpointPort) DeepCopy() *EndpointPort
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointPort.
func (*EndpointPort) DeepCopyInto ¶
func (in *EndpointPort) DeepCopyInto(out *EndpointPort)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EntityRule ¶
type EntityRule struct { // Nets is an optional field that restricts the rule to only apply to traffic that // originates from (or terminates at) IP addresses in any of the given subnets. Nets []string `json:"nets,omitempty" validate:"omitempty,dive,net"` // Selector is an optional field that contains a selector expression (see Policy for // sample syntax). Only traffic that originates from (terminates at) endpoints matching // the selector will be matched. // // Note that: in addition to the negated version of the Selector (see NotSelector below), the // selector expression syntax itself supports negation. The two types of negation are subtly // different. One negates the set of matched endpoints, the other negates the whole match: // // Selector = "!has(my_label)" matches packets that are from other Calico-controlled // endpoints that do not have the label “my_label”. // // NotSelector = "has(my_label)" matches packets that are not from Calico-controlled // endpoints that do have the label “my_label”. // // The effect is that the latter will accept packets from non-Calico sources whereas the // former is limited to packets from Calico-controlled endpoints. Selector string `json:"selector,omitempty" validate:"omitempty,selector"` // NamespaceSelector is an optional field that contains a selector expression. Only traffic // that originates from (or terminates at) endpoints within the selected namespaces will be // matched. When both NamespaceSelector and Selector are defined on the same rule, then only // workload endpoints that are matched by both selectors will be selected by the rule. // // For NetworkPolicy, an empty NamespaceSelector implies that the Selector is limited to selecting // only workload endpoints in the same namespace as the NetworkPolicy. // // For GlobalNetworkPolicy, an empty NamespaceSelector implies the Selector applies to workload // endpoints across all namespaces. NamespaceSelector string `json:"namespaceSelector,omitempty" validate:"omitempty,selector"` // Ports is an optional field that restricts the rule to only apply to traffic that has a // source (destination) port that matches one of these ranges/values. This value is a // list of integers or strings that represent ranges of ports. // // Since only some protocols have ports, if any ports are specified it requires the // Protocol match in the Rule to be set to "TCP" or "UDP". Ports []numorstring.Port `json:"ports,omitempty" validate:"omitempty,dive"` // NotNets is the negated version of the Nets field. NotNets []string `json:"notNets,omitempty" validate:"omitempty,dive,net"` // NotSelector is the negated version of the Selector field. See Selector field for // subtleties with negated selectors. NotSelector string `json:"notSelector,omitempty" validate:"omitempty,selector"` // NotPorts is the negated version of the Ports field. // Since only some protocols have ports, if any ports are specified it requires the // Protocol match in the Rule to be set to "TCP" or "UDP". NotPorts []numorstring.Port `json:"notPorts,omitempty" validate:"omitempty,dive"` // ServiceAccounts is an optional field that restricts the rule to only apply to traffic that originates from (or // terminates at) a pod running as a matching service account. ServiceAccounts *ServiceAccountMatch `json:"serviceAccounts,omitempty" validate:"omitempty"` }
An EntityRule is a sub-component of a Rule comprising the match criteria specific to a particular entity (that is either the source or destination).
A source EntityRule matches the source endpoint and originating traffic. A destination EntityRule matches the destination endpoint and terminating traffic.
func (*EntityRule) DeepCopy ¶
func (in *EntityRule) DeepCopy() *EntityRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EntityRule.
func (*EntityRule) DeepCopyInto ¶
func (in *EntityRule) DeepCopyInto(out *EntityRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FelixConfiguration ¶
type FelixConfiguration struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the FelixConfiguration. Spec FelixConfigurationSpec `json:"spec,omitempty"` }
Felix Configuration contains the configuration for Felix.
func NewFelixConfiguration ¶
func NewFelixConfiguration() *FelixConfiguration
New FelixConfiguration creates a new (zeroed) FelixConfiguration struct with the TypeMetadata initialized to the current version.
func (*FelixConfiguration) DeepCopy ¶
func (in *FelixConfiguration) DeepCopy() *FelixConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FelixConfiguration.
func (*FelixConfiguration) DeepCopyInto ¶
func (in *FelixConfiguration) DeepCopyInto(out *FelixConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FelixConfiguration) DeepCopyObject ¶
func (in *FelixConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FelixConfigurationList ¶
type FelixConfigurationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []FelixConfiguration `json:"items"` }
FelixConfigurationList contains a list of FelixConfiguration resources.
func NewFelixConfigurationList ¶
func NewFelixConfigurationList() *FelixConfigurationList
NewFelixConfigurationList creates a new 9zeroed) FelixConfigurationList struct with the TypeMetadata initialized to the current version.
func (*FelixConfigurationList) DeepCopy ¶
func (in *FelixConfigurationList) DeepCopy() *FelixConfigurationList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FelixConfigurationList.
func (*FelixConfigurationList) DeepCopyInto ¶
func (in *FelixConfigurationList) DeepCopyInto(out *FelixConfigurationList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*FelixConfigurationList) DeepCopyObject ¶
func (in *FelixConfigurationList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type FelixConfigurationSpec ¶
type FelixConfigurationSpec struct { UseInternalDataplaneDriver *bool `json:"useInternalDataplaneDriver,omitempty"` DataplaneDriver string `json:"dataplaneDriver,omitempty"` IPv6Support *bool `json:"ipv6Support,omitempty" confignamev1:"Ipv6Support"` IgnoreLooseRPF *bool `json:"ignoreLooseRPF,omitempty"` // RouterefreshInterval is the period at which Felix re-checks the routes // in the dataplane to ensure that no other process has accidentally broken Calico’s rules. // Set to 0 to disable route refresh. [Default: 90s] RouteRefreshInterval *metav1.Duration `json:"routeRefreshInterval,omitempty" configv1timescale:"seconds"` // IptablesRefreshInterval is the period at which Felix re-checks the IP sets // in the dataplane to ensure that no other process has accidentally broken Calico’s rules. // Set to 0 to disable IP sets refresh. Note: the default for this value is lower than the // other refresh intervals as a workaround for a Linux kernel bug that was fixed in kernel // version 4.11. If you are using v4.11 or greater you may want to set this to, a higher value // to reduce Felix CPU usage. [Default: 10s] IptablesRefreshInterval *metav1.Duration `json:"iptablesRefreshInterval,omitempty" configv1timescale:"seconds"` // IptablesPostWriteCheckInterval is the period after Felix has done a write // to the dataplane that it schedules an extra read back in order to check the write was not // clobbered by another process. This should only occur if another application on the system // doesn’t respect the iptables lock. [Default: 1s] IptablesPostWriteCheckInterval *metav1.Duration `json:"iptablesPostWriteCheckInterval,omitempty" configv1timescale:"seconds" confignamev1:"IptablesPostWriteCheckIntervalSecs"` // IptablesLockFilePath is the location of the iptables lock file. You may need to change this // if the lock file is not in its standard location (for example if you have mapped it into Felix’s // container at a different path). [Default: /run/xtables.lock] IptablesLockFilePath string `json:"iptablesLockFilePath,omitempty"` // IptablesLockTimeout is the time that Felix will wait for the iptables lock, // or 0, to disable. To use this feature, Felix must share the iptables lock file with all other // processes that also take the lock. When running Felix inside a container, this requires the // /run directory of the host to be mounted into the calico/node or calico/felix container. // [Default: 0s disabled] IptablesLockTimeout *metav1.Duration `json:"iptablesLockTimeout,omitempty" configv1timescale:"seconds" confignamev1:"IptablesLockTimeoutSecs"` // IptablesLockProbeInterval is the time that Felix will wait between // attempts to acquire the iptables lock if it is not available. Lower values make Felix more // responsive when the lock is contended, but use more CPU. [Default: 50ms] IptablesLockProbeInterval *metav1.Duration `json:"iptablesLockProbeInterval,omitempty" configv1timescale:"milliseconds" confignamev1:"IptablesLockProbeIntervalMillis"` // IpsetsRefreshInterval is the period at which Felix re-checks all iptables // state to ensure that no other process has accidentally broken Calico’s rules. Set to 0 to // disable iptables refresh. [Default: 90s] IpsetsRefreshInterval *metav1.Duration `json:"ipsetsRefreshInterval,omitempty" configv1timescale:"seconds"` MaxIpsetSize *int `json:"maxIpsetSize,omitempty"` NetlinkTimeout *metav1.Duration `json:"netlinkTimeout,omitempty" configv1timescale:"seconds" confignamev1:"NetlinkTimeoutSecs"` // MetadataAddr is the IP address or domain name of the server that can answer VM queries for // cloud-init metadata. In OpenStack, this corresponds to the machine running nova-api (or in // Ubuntu, nova-api-metadata). A value of none (case insensitive) means that Felix should not // set up any NAT rule for the metadata path. [Default: 127.0.0.1] MetadataAddr string `json:"metadataAddr,omitempty"` // MetadataPort is the port of the metadata server. This, combined with global.MetadataAddr (if // not ‘None’), is used to set up a NAT rule, from 169.254.169.254:80 to MetadataAddr:MetadataPort. // In most cases this should not need to be changed [Default: 8775]. MetadataPort *int `json:"metadataPort,omitempty"` // OpenstackRegion is the name of the region that a particular Felix belongs to. In a multi-region // Calico/OpenStack deployment, this must be configured somehow for each Felix (here in the datamodel, // or in felix.cfg or the environment on each compute node), and must match the [calico] // openstack_region value configured in neutron.conf on each node. [Default: Empty] OpenstackRegion string `json:"openstackRegion,omitempty"` // InterfacePrefix is the interface name prefix that identifies workload endpoints and so distinguishes // them from host endpoint interfaces. Note: in environments other than bare metal, the orchestrators // configure this appropriately. For example our Kubernetes and Docker integrations set the ‘cali’ value, // and our OpenStack integration sets the ‘tap’ value. [Default: cali] InterfacePrefix string `json:"interfacePrefix,omitempty"` // InterfaceExclude is a list of interfaces that Felix should exclude when monitoring for host // endpoints. The default value ensures that Felix ignores Kubernetes' IPVS dummy interface, // which is used internally by kube-proxy. [Default: kube-ipvs0] InterfaceExclude string `json:"interfaceExclude,omitempty"` // ChainInsertMode controls whether Felix hooks the kernel’s top-level iptables chains by inserting a rule // at the top of the chain or by appending a rule at the bottom. insert is the safe default since it prevents // Calico’s rules from being bypassed. If you switch to append mode, be sure that the other rules in the chains // signal acceptance by falling through to the Calico rules, otherwise the Calico policy will be bypassed. // [Default: insert] ChainInsertMode string `json:"chainInsertMode,omitempty"` // DefaultEndpointToHostAction controls what happens to traffic that goes from a workload endpoint to the host // itself (after the traffic hits the endpoint egress policy). By default Calico blocks traffic from workload // endpoints to the host itself with an iptables “DROP” action. If you want to allow some or all traffic from // endpoint to host, set this parameter to RETURN or ACCEPT. Use RETURN if you have your own rules in the iptables // “INPUT” chain; Calico will insert its rules at the top of that chain, then “RETURN” packets to the “INPUT” chain // once it has completed processing workload endpoint egress policy. Use ACCEPT to unconditionally accept packets // from workloads after processing workload endpoint egress policy. [Default: Drop] DefaultEndpointToHostAction string `json:"defaultEndpointToHostAction,omitempty" validate:"omitempty,dropAcceptReturn"` IptablesFilterAllowAction string `json:"iptablesFilterAllowAction,omitempty" validate:"omitempty,acceptReturn"` IptablesMangleAllowAction string `json:"iptablesMangleAllowAction,omitempty" validate:"omitempty,acceptReturn"` // LogPrefix is the log prefix that Felix uses when rendering LOG rules. [Default: calico-packet] LogPrefix string `json:"logPrefix,omitempty"` // LogFilePath is the full path to the Felix log. Set to none to disable file logging. [Default: /var/log/calico/felix.log] LogFilePath string `json:"logFilePath,omitempty"` // LogSeverityFile is the log severity above which logs are sent to the log file. [Default: Info] LogSeverityFile string `json:"logSeverityFile,omitempty" validate:"omitempty,logLevel"` // LogSeverityScreen is the log severity above which logs are sent to the stdout. [Default: Info] LogSeverityScreen string `json:"logSeverityScreen,omitempty" validate:"omitempty,logLevel"` // LogSeveritySys is the log severity above which logs are sent to the syslog. Set to None for no logging to syslog. // [Default: Info] LogSeveritySys string `json:"logSeveritySys,omitempty" validate:"omitempty,logLevel"` IPIPEnabled *bool `json:"ipipEnabled,omitempty" confignamev1:"IpInIpEnabled"` // IPIPMTU is the MTU to set on the tunnel device. See Configuring MTU [Default: 1440] IPIPMTU *int `json:"ipipMTU,omitempty" confignamev1:"IpInIpMtu"` // ReportingInterval is the interval at which Felix reports its status into the datastore or 0 to disable. // Must be non-zero in OpenStack deployments. [Default: 30s] ReportingInterval *metav1.Duration `json:"reportingInterval,omitempty" configv1timescale:"seconds" confignamev1:"ReportingIntervalSecs"` // ReportingTTL is the time-to-live setting for process-wide status reports. [Default: 90s] ReportingTTL *metav1.Duration `json:"reportingTTL,omitempty" configv1timescale:"seconds" confignamev1:"ReportingTTLSecs"` EndpointReportingEnabled *bool `json:"endpointReportingEnabled,omitempty"` EndpointReportingDelay *metav1.Duration `json:"endpointReportingDelay,omitempty" configv1timescale:"seconds" confignamev1:"EndpointReportingDelaySecs"` // IptablesMarkMask is the mask that Felix selects its IPTables Mark bits from. Should be a 32 bit hexadecimal // number with at least 8 bits set, none of which clash with any other mark bits in use on the system. // [Default: 0xff000000] IptablesMarkMask *uint32 `json:"iptablesMarkMask,omitempty"` DisableConntrackInvalidCheck *bool `json:"disableConntrackInvalidCheck,omitempty"` HealthEnabled *bool `json:"healthEnabled,omitempty"` HealthHost *string `json:"healthHost,omitempty"` HealthPort *int `json:"healthPort,omitempty"` // PrometheusMetricsEnabled enables the experimental Prometheus metrics server in Felix if set to true. [Default: false] PrometheusMetricsEnabled *bool `json:"prometheusMetricsEnabled,omitempty"` // PrometheusMetricsPort is the TCP port that the experimental Prometheus metrics server should bind to. [Default:9091] PrometheusMetricsPort *int `json:"prometheusMetricsPort,omitempty"` // PrometheusGoMetricsEnabled disables Go runtime metrics collection, which the Prometheus client does by default, when // set to false. This reduces the number of metrics reported, reducing Prometheus load. [Default: true] PrometheusGoMetricsEnabled *bool `json:"prometheusGoMetricsEnabled,omitempty"` // PrometheusProcessMetricsEnabled disables process metrics collection, which the Prometheus client does by default, when // set to false. This reduces the number of metrics reported, reducing Prometheus load. [Default: true] PrometheusProcessMetricsEnabled *bool `json:"prometheusProcessMetricsEnabled,omitempty"` // FailsafeInboundHostPorts is a comma-delimited list of UDP/TCP ports that Felix will allow incoming traffic to host endpoints // on irrespective of the security policy. This is useful to avoid accidently cutting off a host with incorrect configuration. Each // port should be specified as tcp:<port-number> or udp:<port-number>. For back-compatibility, if the protocol is not specified, it // defaults to “tcp”. To disable all inbound host ports, use the value none. The default value allows ssh access and DHCP. // [Default: tcp:22, udp:68] FailsafeInboundHostPorts *[]ProtoPort `json:"failsafeInboundHostPorts,omitempty"` // FailsafeOutboundHostPorts is a comma-delimited list of UDP/TCP ports that Felix will allow outgoing traffic from host endpoints to // irrespective of the security policy. This is useful to avoid accidently cutting off a host with incorrect configuration. Each port // should be specified as tcp:<port-number> or udp:<port-number>. For back-compatibility, if the protocol is not specified, it defaults // to “tcp”. To disable all outbound host ports, use the value none. The default value opens etcd’s standard ports to ensure that Felix // does not get cut off from etcd as well as allowing DHCP and DNS. [Default: tcp:2379, tcp:2380, tcp:4001, tcp:7001, udp:53, udp:67] FailsafeOutboundHostPorts *[]ProtoPort `json:"failsafeOutboundHostPorts,omitempty"` // KubeNodePortRanges holds list of port ranges used for service node ports. Only used if felix detects kube-proxy running in ipvs mode. // Felix uses these ranges to separate host and workload traffic. [Default: 30000:32767]. KubeNodePortRanges *[]numorstring.Port `json:"kubeNodePortRanges,omitempty" validate:"omitempty,dive"` // PolicySyncPathPrefix is used to by Felix to communicate policy changes to external services, // like Application layer policy. [Default: Empty] PolicySyncPathPrefix string `json:"policySyncPathPrefix,omitempty"` // UsageReportingEnabled reports anonymous Calico version number and cluster size to projectcalico.org. Logs warnings returned by the usage // server. For example, if a significant security vulnerability has been discovered in the version of Calico being used. [Default: true] UsageReportingEnabled *bool `json:"usageReportingEnabled,omitempty"` // UsageReportingInitialDelay controls the minimum delay before Felix makes a report. [Default: 300s] UsageReportingInitialDelay *metav1.Duration `json:"usageReportingInitialDelay,omitempty" configv1timescale:"seconds" confignamev1:"UsageReportingInitialDelaySecs"` // UsageReportingInterval controls the interval at which Felix makes reports. [Default: 86400s] UsageReportingInterval *metav1.Duration `json:"usageReportingInterval,omitempty" configv1timescale:"seconds" confignamev1:"UsageReportingIntervalSecs"` // NATPortRange specifies the range of ports that is used for port mapping when doing outgoing NAT. When unset the default behavior of the // network stack is used. NATPortRange *numorstring.Port `json:"natPortRange,omitempty"` // ExternalNodesCIDRList is a list of CIDR's of external-non-calico-nodes which may source tunnel traffic and have // the tunneled traffic be accepted at calico nodes. ExternalNodesCIDRList *[]string `json:"externalNodesList,omitempty"` DebugMemoryProfilePath string `json:"debugMemoryProfilePath,omitempty"` DebugDisableLogDropping *bool `json:"debugDisableLogDropping,omitempty"` DebugSimulateCalcGraphHangAfter *metav1.Duration `json:"debugSimulateCalcGraphHangAfter,omitempty" configv1timescale:"seconds"` DebugSimulateDataplaneHangAfter *metav1.Duration `json:"debugSimulateDataplaneHangAfter,omitempty" configv1timescale:"seconds"` IptablesNATOutgoingInterfaceFilter string `json:"iptablesNATOutgoingInterfaceFilter,omitempty" validate:"omitempty,ifaceFilter"` }
FelixConfigurationSpec contains the values of the Felix configuration.
func (*FelixConfigurationSpec) DeepCopy ¶
func (in *FelixConfigurationSpec) DeepCopy() *FelixConfigurationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FelixConfigurationSpec.
func (*FelixConfigurationSpec) DeepCopyInto ¶
func (in *FelixConfigurationSpec) DeepCopyInto(out *FelixConfigurationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GlobalNetworkPolicy ¶
type GlobalNetworkPolicy struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the Policy. Spec GlobalNetworkPolicySpec `json:"spec,omitempty"` }
GlobalNetworkPolicy contains information about a security Policy resource. This contains a set of security rules to apply. Security policies allow a selector-based security model which can override the security profiles directly referenced by an endpoint.
Each policy must do one of the following:
- Match the packet and apply an “allow” action; this immediately accepts the packet, skipping all further policies and profiles. This is not recommended in general, because it prevents further policy from being executed.
- Match the packet and apply a “deny” action; this drops the packet immediately, skipping all further policy and profiles.
- Fail to match the packet; in which case the packet proceeds to the next policy. If there are no more policies then the packet is dropped.
Calico implements the security policy for each endpoint individually and only the policies that have matching selectors are implemented. This ensures that the number of rules that actually need to be inserted into the kernel is proportional to the number of local endpoints rather than the total amount of policy.
GlobalNetworkPolicy is globally-scoped (i.e. not Namespaced).
func NewGlobalNetworkPolicy ¶
func NewGlobalNetworkPolicy() *GlobalNetworkPolicy
NewGlobalNetworkPolicy creates a new (zeroed) GlobalNetworkPolicy struct with the TypeMetadata initialised to the current version.
func (*GlobalNetworkPolicy) DeepCopy ¶
func (in *GlobalNetworkPolicy) DeepCopy() *GlobalNetworkPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalNetworkPolicy.
func (*GlobalNetworkPolicy) DeepCopyInto ¶
func (in *GlobalNetworkPolicy) DeepCopyInto(out *GlobalNetworkPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GlobalNetworkPolicy) DeepCopyObject ¶
func (in *GlobalNetworkPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GlobalNetworkPolicyList ¶
type GlobalNetworkPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []GlobalNetworkPolicy `json:"items"` }
GlobalNetworkPolicyList contains a list of GlobalNetworkPolicy resources.
func NewGlobalNetworkPolicyList ¶
func NewGlobalNetworkPolicyList() *GlobalNetworkPolicyList
NewGlobalNetworkPolicyList creates a new (zeroed) GlobalNetworkPolicyList struct with the TypeMetadata initialised to the current version.
func (*GlobalNetworkPolicyList) DeepCopy ¶
func (in *GlobalNetworkPolicyList) DeepCopy() *GlobalNetworkPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalNetworkPolicyList.
func (*GlobalNetworkPolicyList) DeepCopyInto ¶
func (in *GlobalNetworkPolicyList) DeepCopyInto(out *GlobalNetworkPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GlobalNetworkPolicyList) DeepCopyObject ¶
func (in *GlobalNetworkPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GlobalNetworkPolicySpec ¶
type GlobalNetworkPolicySpec struct { // Order is an optional field that specifies the order in which the policy is applied. // Policies with higher "order" are applied after those with lower // order. If the order is omitted, it may be considered to be "infinite" - i.e. the // policy will be applied last. Policies with identical order will be applied in // alphanumerical order based on the Policy "Name". Order *float64 `json:"order,omitempty"` // The ordered set of ingress rules. Each rule contains a set of packet match criteria and // a corresponding action to apply. Ingress []Rule `json:"ingress,omitempty" validate:"omitempty,dive"` // The ordered set of egress rules. Each rule contains a set of packet match criteria and // a corresponding action to apply. Egress []Rule `json:"egress,omitempty" validate:"omitempty,dive"` // The selector is an expression used to pick pick out the endpoints that the policy should // be applied to. // // Selector expressions follow this syntax: // // label == "string_literal" -> comparison, e.g. my_label == "foo bar" // label != "string_literal" -> not equal; also matches if label is not present // label in { "a", "b", "c", ... } -> true if the value of label X is one of "a", "b", "c" // label not in { "a", "b", "c", ... } -> true if the value of label X is not one of "a", "b", "c" // has(label_name) -> True if that label is present // ! expr -> negation of expr // expr && expr -> Short-circuit and // expr || expr -> Short-circuit or // ( expr ) -> parens for grouping // all() or the empty selector -> matches all endpoints. // // Label names are allowed to contain alphanumerics, -, _ and /. String literals are more permissive // but they do not support escape characters. // // Examples (with made-up labels): // // type == "webserver" && deployment == "prod" // type in {"frontend", "backend"} // deployment != "dev" // ! has(label_name) Selector string `json:"selector" validate:"selector"` // Types indicates whether this policy applies to ingress, or to egress, or to both. When // not explicitly specified (and so the value on creation is empty or nil), Calico defaults // Types according to what Ingress and Egress rules are present in the policy. The // default is: // // - [ PolicyTypeIngress ], if there are no Egress rules (including the case where there are // also no Ingress rules) // // - [ PolicyTypeEgress ], if there are Egress rules but no Ingress rules // // - [ PolicyTypeIngress, PolicyTypeEgress ], if there are both Ingress and Egress rules. // // When the policy is read back again, Types will always be one of these values, never empty // or nil. Types []PolicyType `json:"types,omitempty" validate:"omitempty,dive,policyType"` // DoNotTrack indicates whether packets matched by the rules in this policy should go through // the data plane's connection tracking, such as Linux conntrack. If True, the rules in // this policy are applied before any data plane connection tracking, and packets allowed by // this policy are marked as not to be tracked. DoNotTrack bool `json:"doNotTrack,omitempty"` // PreDNAT indicates to apply the rules in this policy before any DNAT. PreDNAT bool `json:"preDNAT,omitempty"` // ApplyOnForward indicates to apply the rules in this policy on forward traffic. ApplyOnForward bool `json:"applyOnForward,omitempty"` }
func (*GlobalNetworkPolicySpec) DeepCopy ¶
func (in *GlobalNetworkPolicySpec) DeepCopy() *GlobalNetworkPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalNetworkPolicySpec.
func (*GlobalNetworkPolicySpec) DeepCopyInto ¶
func (in *GlobalNetworkPolicySpec) DeepCopyInto(out *GlobalNetworkPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type GlobalNetworkSet ¶
type GlobalNetworkSet struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the NetworkSet. Spec GlobalNetworkSetSpec `json:"spec,omitempty"` }
GlobalNetworkSet contains a set of arbitrary IP sub-networks/CIDRs that share labels to allow rules to refer to them via selectors. The labels of GlobalNetworkSet are not namespaced.
func NewGlobalNetworkSet ¶
func NewGlobalNetworkSet() *GlobalNetworkSet
NewGlobalNetworkSet creates a new (zeroed) NetworkSet struct with the TypeMetadata initialised to the current version.
func (*GlobalNetworkSet) DeepCopy ¶
func (in *GlobalNetworkSet) DeepCopy() *GlobalNetworkSet
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalNetworkSet.
func (*GlobalNetworkSet) DeepCopyInto ¶
func (in *GlobalNetworkSet) DeepCopyInto(out *GlobalNetworkSet)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GlobalNetworkSet) DeepCopyObject ¶
func (in *GlobalNetworkSet) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GlobalNetworkSetList ¶
type GlobalNetworkSetList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []GlobalNetworkSet `json:"items"` }
GlobalNetworkSetList contains a list of NetworkSet resources.
func NewGlobalNetworkSetList ¶
func NewGlobalNetworkSetList() *GlobalNetworkSetList
NewNetworkSetList creates a new (zeroed) NetworkSetList struct with the TypeMetadata initialised to the current version.
func (*GlobalNetworkSetList) DeepCopy ¶
func (in *GlobalNetworkSetList) DeepCopy() *GlobalNetworkSetList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalNetworkSetList.
func (*GlobalNetworkSetList) DeepCopyInto ¶
func (in *GlobalNetworkSetList) DeepCopyInto(out *GlobalNetworkSetList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*GlobalNetworkSetList) DeepCopyObject ¶
func (in *GlobalNetworkSetList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type GlobalNetworkSetSpec ¶
type GlobalNetworkSetSpec struct { // The list of IP networks that belong to this set. Nets []string `json:"nets,omitempty" validate:"omitempty,dive,cidr"` }
GlobalNetworkSetSpec contains the specification for a NetworkSet resource.
func (*GlobalNetworkSetSpec) DeepCopy ¶
func (in *GlobalNetworkSetSpec) DeepCopy() *GlobalNetworkSetSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GlobalNetworkSetSpec.
func (*GlobalNetworkSetSpec) DeepCopyInto ¶
func (in *GlobalNetworkSetSpec) DeepCopyInto(out *GlobalNetworkSetSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPMatch ¶
type HTTPMatch struct { // Methods is an optional field that restricts the rule to apply only to HTTP requests that use one of the listed // HTTP Methods (e.g. GET, PUT, etc.) // Multiple methods are OR'd together. Methods []string `json:"methods,omitempty" validate:"omitempty"` // Paths is an optional field that restricts the rule to apply to HTTP requests that use one of the listed // HTTP Paths. // Multiple paths are OR'd together. // e.g: // - exact: /foo // - prefix: /bar // NOTE: Each entry may ONLY specify either a `exact` or a `prefix` match. The validator will check for it. Paths []HTTPPath `json:"paths,omitempty" validate:"omitempty"` }
HTTPMatch is an optional field that apply only to HTTP requests The Methods and Path fields are joined with AND
func (*HTTPMatch) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPMatch.
func (*HTTPMatch) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HTTPPath ¶
type HTTPPath struct { Exact string `json:"exact,omitempty" validate:"omitempty"` Prefix string `json:"prefix,omitempty" validate:"omitempty"` }
HTTPPath specifies an HTTP path to match. It may be either of the form: exact: <path>: which matches the path exactly or prefix: <path-prefix>: which matches the path prefix
func (*HTTPPath) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPPath.
func (*HTTPPath) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type HostEndpoint ¶
type HostEndpoint struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the HostEndpoint. Spec HostEndpointSpec `json:"spec,omitempty"` }
HostEndpoint contains information about a HostEndpoint resource that represents a “bare-metal” interface attached to the host that is running Calico’s agent, Felix. By default, Calico doesn’t apply any policy to such interfaces.
func NewHostEndpoint ¶
func NewHostEndpoint() *HostEndpoint
NewHostEndpoint creates a new (zeroed) HostEndpoint struct with the TypeMetadata initialised to the current version.
func (*HostEndpoint) DeepCopy ¶
func (in *HostEndpoint) DeepCopy() *HostEndpoint
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostEndpoint.
func (*HostEndpoint) DeepCopyInto ¶
func (in *HostEndpoint) DeepCopyInto(out *HostEndpoint)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*HostEndpoint) DeepCopyObject ¶
func (in *HostEndpoint) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type HostEndpointList ¶
type HostEndpointList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []HostEndpoint `json:"items"` }
HostEndpointList contains a list of HostEndpoint resources.
func NewHostEndpointList ¶
func NewHostEndpointList() *HostEndpointList
NewHostEndpointList creates a new (zeroed) HostEndpointList struct with the TypeMetadata initialised to the current version.
func (*HostEndpointList) DeepCopy ¶
func (in *HostEndpointList) DeepCopy() *HostEndpointList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostEndpointList.
func (*HostEndpointList) DeepCopyInto ¶
func (in *HostEndpointList) DeepCopyInto(out *HostEndpointList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*HostEndpointList) DeepCopyObject ¶
func (in *HostEndpointList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type HostEndpointSpec ¶
type HostEndpointSpec struct { // The node name identifying the Calico node instance. Node string `json:"node,omitempty" validate:"omitempty,name"` // Either "*", or the name of a specific Linux interface to apply policy to; or empty. "*" // indicates that this HostEndpoint governs all traffic to, from or through the default // network namespace of the host named by the "Node" field; entering and leaving that // namespace via any interface, including those from/to non-host-networked local workloads. // // If InterfaceName is not "*", this HostEndpoint only governs traffic that enters or leaves // the host through the specific interface named by InterfaceName, or - when InterfaceName // is empty - through the specific interface that has one of the IPs in ExpectedIPs. // Therefore, when InterfaceName is empty, at least one expected IP must be specified. Only // external interfaces (such as “eth0”) are supported here; it isn't possible for a // HostEndpoint to protect traffic through a specific local workload interface. // // Note: Only some kinds of policy are implemented for "*" HostEndpoints; initially just // pre-DNAT policy. Please check Calico documentation for the latest position. InterfaceName string `json:"interfaceName,omitempty" validate:"omitempty,interface"` // The expected IP addresses (IPv4 and IPv6) of the endpoint. // If "InterfaceName" is not present, Calico will look for an interface matching any // of the IPs in the list and apply policy to that. // Note: // When using the selector match criteria in an ingress or egress security Policy // or Profile, Calico converts the selector into a set of IP addresses. For host // endpoints, the ExpectedIPs field is used for that purpose. (If only the interface // name is specified, Calico does not learn the IPs of the interface for use in match // criteria.) ExpectedIPs []string `json:"expectedIPs,omitempty" validate:"omitempty,dive,ip"` // A list of identifiers of security Profile objects that apply to this endpoint. Each // profile is applied in the order that they appear in this list. Profile rules are applied // after the selector-based security policy. Profiles []string `json:"profiles,omitempty" validate:"omitempty,dive,name"` // Ports contains the endpoint's named ports, which may be referenced in security policy rules. Ports []EndpointPort `json:"ports,omitempty" validate:"dive"` }
HostEndpointSpec contains the specification for a HostEndpoint resource.
func (*HostEndpointSpec) DeepCopy ¶
func (in *HostEndpointSpec) DeepCopy() *HostEndpointSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HostEndpointSpec.
func (*HostEndpointSpec) DeepCopyInto ¶
func (in *HostEndpointSpec) DeepCopyInto(out *HostEndpointSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ICMPFields ¶
type ICMPFields struct { // Match on a specific ICMP type. For example a value of 8 refers to ICMP Echo Request // (i.e. pings). Type *int `json:"type,omitempty" validate:"omitempty,gte=0,lte=254"` // Match on a specific ICMP code. If specified, the Type value must also be specified. // This is a technical limitation imposed by the kernel’s iptables firewall, which // Calico uses to enforce the rule. Code *int `json:"code,omitempty" validate:"omitempty,gte=0,lte=255"` }
ICMPFields defines structure for ICMP and NotICMP sub-struct for ICMP code and type
func (*ICMPFields) DeepCopy ¶
func (in *ICMPFields) DeepCopy() *ICMPFields
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ICMPFields.
func (*ICMPFields) DeepCopyInto ¶
func (in *ICMPFields) DeepCopyInto(out *ICMPFields)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPAMBlock ¶
type IPAMBlock struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the IPAMBlock. Spec IPAMBlockSpec `json:"spec,omitempty"` }
IPAMBlock contains information about a block for IP address assignment.
func NewIPAMBlock ¶
func NewIPAMBlock() *IPAMBlock
NewIPAMBlock creates a new (zeroed) IPAMBlock struct with the TypeMetadata initialised to the current version.
func (*IPAMBlock) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMBlock.
func (*IPAMBlock) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IPAMBlock) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IPAMBlockList ¶
type IPAMBlockList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []IPAMBlock `json:"items"` }
IPAMBlockList contains a list of IPAMBlock resources.
func NewIPAMBlockList ¶
func NewIPAMBlockList() *IPAMBlockList
NewIPAMBlockList creates a new (zeroed) IPAMBlockList struct with the TypeMetadata initialised to the current version.
func (*IPAMBlockList) DeepCopy ¶
func (in *IPAMBlockList) DeepCopy() *IPAMBlockList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMBlockList.
func (*IPAMBlockList) DeepCopyInto ¶
func (in *IPAMBlockList) DeepCopyInto(out *IPAMBlockList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IPAMBlockList) DeepCopyObject ¶
func (in *IPAMBlockList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IPAMBlockSpec ¶
type IPAMBlockSpec struct { CIDR string `json:"cidr"` Affinity *string `json:"affinity"` StrictAffinity bool `json:"strictAffinity"` Allocations []*int `json:"allocations"` Unallocated []int `json:"unallocated"` Attributes []AllocationAttribute `json:"attributes"` Deleted bool `json:"deleted` }
IPAMBlockSpec contains the specification for a IPAMBlock resource.
func (*IPAMBlockSpec) DeepCopy ¶
func (in *IPAMBlockSpec) DeepCopy() *IPAMBlockSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMBlockSpec.
func (*IPAMBlockSpec) DeepCopyInto ¶
func (in *IPAMBlockSpec) DeepCopyInto(out *IPAMBlockSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPAMConfig ¶
type IPAMConfig struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the IPAMConfig. Spec IPAMConfigSpec `json:"spec,omitempty"` }
IPAMConfig contains information about a block for IP address assignment.
func NewIPAMConfig ¶
func NewIPAMConfig() *IPAMConfig
NewIPAMConfig creates a new (zeroed) IPAMConfig struct with the TypeMetadata initialised to the current version.
func (*IPAMConfig) DeepCopy ¶
func (in *IPAMConfig) DeepCopy() *IPAMConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMConfig.
func (*IPAMConfig) DeepCopyInto ¶
func (in *IPAMConfig) DeepCopyInto(out *IPAMConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IPAMConfig) DeepCopyObject ¶
func (in *IPAMConfig) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IPAMConfigList ¶
type IPAMConfigList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []IPAMConfig `json:"items"` }
IPAMConfigList contains a list of IPAMConfig resources.
func NewIPAMConfigList ¶
func NewIPAMConfigList() *IPAMConfigList
NewIPAMConfigList creates a new (zeroed) IPAMConfigList struct with the TypeMetadata initialised to the current version.
func (*IPAMConfigList) DeepCopy ¶
func (in *IPAMConfigList) DeepCopy() *IPAMConfigList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMConfigList.
func (*IPAMConfigList) DeepCopyInto ¶
func (in *IPAMConfigList) DeepCopyInto(out *IPAMConfigList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IPAMConfigList) DeepCopyObject ¶
func (in *IPAMConfigList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IPAMConfigSpec ¶
type IPAMConfigSpec struct { StrictAffinity bool `json:"strictAffinity"` AutoAllocateBlocks bool `json:"autoAllocateBlocks"` }
IPAMConfigSpec contains the specification for a IPAMConfig resource.
func (*IPAMConfigSpec) DeepCopy ¶
func (in *IPAMConfigSpec) DeepCopy() *IPAMConfigSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMConfigSpec.
func (*IPAMConfigSpec) DeepCopyInto ¶
func (in *IPAMConfigSpec) DeepCopyInto(out *IPAMConfigSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPAMHandle ¶
type IPAMHandle struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the IPAMHandle. Spec IPAMHandleSpec `json:"spec,omitempty"` }
IPAMHandle contains information about a IPAMHandle resource.
func NewIPAMHandle ¶
func NewIPAMHandle() *IPAMHandle
NewIPAMHandle creates a new (zeroed) IPAMHandle struct with the TypeMetadata initialised to the current version.
func (*IPAMHandle) DeepCopy ¶
func (in *IPAMHandle) DeepCopy() *IPAMHandle
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMHandle.
func (*IPAMHandle) DeepCopyInto ¶
func (in *IPAMHandle) DeepCopyInto(out *IPAMHandle)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IPAMHandle) DeepCopyObject ¶
func (in *IPAMHandle) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IPAMHandleList ¶
type IPAMHandleList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []IPAMHandle `json:"items"` }
IPAMHandleList contains a list of IPAMHandle resources.
func NewIPAMHandleList ¶
func NewIPAMHandleList() *IPAMHandleList
NewIPAMHandleList creates a new (zeroed) IPAMHandleList struct with the TypeMetadata initialised to the current version.
func (*IPAMHandleList) DeepCopy ¶
func (in *IPAMHandleList) DeepCopy() *IPAMHandleList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMHandleList.
func (*IPAMHandleList) DeepCopyInto ¶
func (in *IPAMHandleList) DeepCopyInto(out *IPAMHandleList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IPAMHandleList) DeepCopyObject ¶
func (in *IPAMHandleList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IPAMHandleSpec ¶
type IPAMHandleSpec struct { HandleID string `json:"handleID"` Block map[string]int `json:"block"` }
IPAMHandleSpec contains the specification for a IPAMHandle resource.
func (*IPAMHandleSpec) DeepCopy ¶
func (in *IPAMHandleSpec) DeepCopy() *IPAMHandleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMHandleSpec.
func (*IPAMHandleSpec) DeepCopyInto ¶
func (in *IPAMHandleSpec) DeepCopyInto(out *IPAMHandleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPNAT ¶
type IPNAT struct { // The internal IP address which must be associated with the owning endpoint via the // configured IPNetworks for the endpoint. InternalIP string `json:"internalIP" validate:"omitempty,ip"` // The external IP address. ExternalIP string `json:"externalIP" validate:"omitempty,ip"` }
IPNat contains a single NAT mapping for a WorkloadEndpoint resource.
func (*IPNAT) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPNAT.
func (*IPNAT) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPPool ¶
type IPPool struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the IPPool. Spec IPPoolSpec `json:"spec,omitempty"` }
IPPool contains information about a IPPool resource.
func NewIPPool ¶
func NewIPPool() *IPPool
NewIPPool creates a new (zeroed) IPPool struct with the TypeMetadata initialised to the current version.
func (*IPPool) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPPool.
func (*IPPool) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IPPool) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IPPoolList ¶
type IPPoolList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []IPPool `json:"items"` }
IPPoolList contains a list of IPPool resources.
func NewIPPoolList ¶
func NewIPPoolList() *IPPoolList
NewIPPoolList creates a new (zeroed) IPPoolList struct with the TypeMetadata initialised to the current version.
func (*IPPoolList) DeepCopy ¶
func (in *IPPoolList) DeepCopy() *IPPoolList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPPoolList.
func (*IPPoolList) DeepCopyInto ¶
func (in *IPPoolList) DeepCopyInto(out *IPPoolList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*IPPoolList) DeepCopyObject ¶
func (in *IPPoolList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type IPPoolSpec ¶
type IPPoolSpec struct { // The pool CIDR. CIDR string `json:"cidr" validate:"net"` // Contains configuration for IPIP tunneling for this pool. If not specified, // then this is defaulted to "Never" (i.e. IPIP tunelling is disabled). IPIPMode IPIPMode `json:"ipipMode,omitempty" validate:"omitempty,ipIpMode"` // When nat-outgoing is true, packets sent from Calico networked containers in // this pool to destinations outside of this pool will be masqueraded. NATOutgoing bool `json:"natOutgoing,omitempty"` // When disabled is true, Calico IPAM will not assign addresses from this pool. Disabled bool `json:"disabled,omitempty"` // The block size to use for IP address assignments from this pool. Defaults to 26 for IPv4 and 112 for IPv6. BlockSize int `json:"blockSize,omitempty"` // Allows IPPool to allocate for a specific node by label selector. NodeSelector string `json:"nodeSelector,omitempty" validate:"omitempty,selector"` // Deprecated: this field is only used for APIv1 backwards compatibility. // Setting this field is not allowed, this field is for internal use only. IPIP *apiv1.IPIPConfiguration `json:"ipip,omitempty" validate:"omitempty,mustBeNil"` // Deprecated: this field is only used for APIv1 backwards compatibility. // Setting this field is not allowed, this field is for internal use only. NATOutgoingV1 bool `json:"nat-outgoing,omitempty" validate:"omitempty,mustBeFalse"` }
IPPoolSpec contains the specification for an IPPool resource.
func (*IPPoolSpec) DeepCopy ¶
func (in *IPPoolSpec) DeepCopy() *IPPoolSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPPoolSpec.
func (*IPPoolSpec) DeepCopyInto ¶
func (in *IPPoolSpec) DeepCopyInto(out *IPPoolSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPolicy ¶
type NetworkPolicy struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the Policy. Spec NetworkPolicySpec `json:"spec,omitempty"` }
NetworkPolicy is the Namespaced-equivalent of the GlobalNetworkPolicy.
func NewNetworkPolicy ¶
func NewNetworkPolicy() *NetworkPolicy
NewNetworkPolicy creates a new (zeroed) NetworkPolicy struct with the TypeMetadata initialised to the current version.
func (*NetworkPolicy) DeepCopy ¶
func (in *NetworkPolicy) DeepCopy() *NetworkPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicy.
func (*NetworkPolicy) DeepCopyInto ¶
func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NetworkPolicy) DeepCopyObject ¶
func (in *NetworkPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NetworkPolicyList ¶
type NetworkPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []NetworkPolicy `json:"items"` }
NetworkPolicyList contains a list of NetworkPolicy resources.
func NewNetworkPolicyList ¶
func NewNetworkPolicyList() *NetworkPolicyList
NewNetworkPolicyList creates a new (zeroed) NetworkPolicyList struct with the TypeMetadata initialised to the current version.
func (*NetworkPolicyList) DeepCopy ¶
func (in *NetworkPolicyList) DeepCopy() *NetworkPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyList.
func (*NetworkPolicyList) DeepCopyInto ¶
func (in *NetworkPolicyList) DeepCopyInto(out *NetworkPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NetworkPolicyList) DeepCopyObject ¶
func (in *NetworkPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NetworkPolicySpec ¶
type NetworkPolicySpec struct { // Order is an optional field that specifies the order in which the policy is applied. // Policies with higher "order" are applied after those with lower // order. If the order is omitted, it may be considered to be "infinite" - i.e. the // policy will be applied last. Policies with identical order will be applied in // alphanumerical order based on the Policy "Name". Order *float64 `json:"order,omitempty"` // The ordered set of ingress rules. Each rule contains a set of packet match criteria and // a corresponding action to apply. Ingress []Rule `json:"ingress,omitempty" validate:"omitempty,dive"` // The ordered set of egress rules. Each rule contains a set of packet match criteria and // a corresponding action to apply. Egress []Rule `json:"egress,omitempty" validate:"omitempty,dive"` // The selector is an expression used to pick pick out the endpoints that the policy should // be applied to. // // Selector expressions follow this syntax: // // label == "string_literal" -> comparison, e.g. my_label == "foo bar" // label != "string_literal" -> not equal; also matches if label is not present // label in { "a", "b", "c", ... } -> true if the value of label X is one of "a", "b", "c" // label not in { "a", "b", "c", ... } -> true if the value of label X is not one of "a", "b", "c" // has(label_name) -> True if that label is present // ! expr -> negation of expr // expr && expr -> Short-circuit and // expr || expr -> Short-circuit or // ( expr ) -> parens for grouping // all() or the empty selector -> matches all endpoints. // // Label names are allowed to contain alphanumerics, -, _ and /. String literals are more permissive // but they do not support escape characters. // // Examples (with made-up labels): // // type == "webserver" && deployment == "prod" // type in {"frontend", "backend"} // deployment != "dev" // ! has(label_name) Selector string `json:"selector" validate:"selector"` // Types indicates whether this policy applies to ingress, or to egress, or to both. When // not explicitly specified (and so the value on creation is empty or nil), Calico defaults // Types according to what Ingress and Egress are present in the policy. The // default is: // // - [ PolicyTypeIngress ], if there are no Egress rules (including the case where there are // also no Ingress rules) // // - [ PolicyTypeEgress ], if there are Egress rules but no Ingress rules // // - [ PolicyTypeIngress, PolicyTypeEgress ], if there are both Ingress and Egress rules. // // When the policy is read back again, Types will always be one of these values, never empty // or nil. Types []PolicyType `json:"types,omitempty" validate:"omitempty,dive,policyType"` }
func (*NetworkPolicySpec) DeepCopy ¶
func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicySpec.
func (*NetworkPolicySpec) DeepCopyInto ¶
func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Node ¶
type Node struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the Node. Spec NodeSpec `json:"spec,omitempty"` }
Node contains information about a Node resource.
func NewNode ¶
func NewNode() *Node
NewNode creates a new (zeroed) Node struct with the TypeMetadata initialised to the current version.
func (*Node) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Node.
func (*Node) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Node) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NodeBGPSpec ¶
type NodeBGPSpec struct { // The AS Number of the node. If this is not specified, the global // default value will be used. ASNumber *numorstring.ASNumber `json:"asNumber,omitempty"` // IPv4Address is the IPv4 address and network of this node. The IPv4 address // should always be specified if you are using BGP. IPv4Address string `json:"ipv4Address,omitempty" validate:"omitempty,cidrv4"` // IPv6Address is the IPv6 address and network of this node. Not required if you // are not using BGP or you do not require IPv6 routing. IPv6Address string `json:"ipv6Address,omitempty" validate:"omitempty,cidrv6"` // IPv4IPIPTunnelAddr is the IPv4 address of the IP in IP tunnel. IPv4IPIPTunnelAddr string `json:"ipv4IPIPTunnelAddr,omitempty" validate:"omitempty,ipv4"` // RouteReflectorClusterID enables this node as a route reflector within the given // cluster. RouteReflectorClusterID string `json:"routeReflectorClusterID,omitempty" validate:"omitempty,ipv4"` }
NodeBGPSpec contains the specification for the Node BGP configuration.
func (*NodeBGPSpec) DeepCopy ¶
func (in *NodeBGPSpec) DeepCopy() *NodeBGPSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeBGPSpec.
func (*NodeBGPSpec) DeepCopyInto ¶
func (in *NodeBGPSpec) DeepCopyInto(out *NodeBGPSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NodeList ¶
type NodeList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []Node `json:"items"` }
NodeList contains a list of Node resources.
func NewNodeList ¶
func NewNodeList() *NodeList
NewNodeList creates a new (zeroed) NodeList struct with the TypeMetadata initialised to the current version.
func (*NodeList) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeList.
func (*NodeList) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NodeList) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NodeSpec ¶
type NodeSpec struct { // BGP configuration for this node. BGP *NodeBGPSpec `json:"bgp,omitempty" validate:"omitempty"` // OrchRefs for this node. OrchRefs []OrchRef `json:"orchRefs,omitempty" validate:"omitempty"` }
NodeSpec contains the specification for a Node resource.
func (*NodeSpec) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeSpec.
func (*NodeSpec) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OrchRef ¶
type OrchRef struct { // NodeName represents the name for this node according to the orchestrator. NodeName string `json:"nodeName,omitempty" validate:"omitempty"` // Orchestrator represents the orchestrator using this node. Orchestrator string `json:"orchestrator"` }
OrchRef is used to correlate a Calico node to its corresponding representation in a given orchestrator
func (*OrchRef) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OrchRef.
func (*OrchRef) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyType ¶
type PolicyType string
PolicyType enumerates the possible values of the PolicySpec Types field.
const ( PolicyTypeIngress PolicyType = "Ingress" PolicyTypeEgress PolicyType = "Egress" )
type Profile ¶
type Profile struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the Profile. Spec ProfileSpec `json:"spec,omitempty"` }
Profile contains the details a security profile resource. A profile is set of security rules to apply on an endpoint. An endpoint (either a host endpoint or an endpoint on a workload) can reference zero or more profiles. The profile rules are applied directly to the endpoint *after* the selector-based security policy has been applied, and in the order the profiles are declared on the endpoint.
func NewProfile ¶
func NewProfile() *Profile
NewProfile creates a new (zeroed) Profile struct with the TypeMetadata initialised to the current version.
func (*Profile) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Profile.
func (*Profile) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Profile) DeepCopyObject ¶
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProfileList ¶
type ProfileList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []Profile `json:"items"` }
ProfileList contains a list of Profile resources.
func NewProfileList ¶
func NewProfileList() *ProfileList
NewProfileList creates a new (zeroed) ProfileList struct with the TypeMetadata initialised to the current version.
func (*ProfileList) DeepCopy ¶
func (in *ProfileList) DeepCopy() *ProfileList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileList.
func (*ProfileList) DeepCopyInto ¶
func (in *ProfileList) DeepCopyInto(out *ProfileList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ProfileList) DeepCopyObject ¶
func (in *ProfileList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ProfileSpec ¶
type ProfileSpec struct { // The ordered set of ingress rules. Each rule contains a set of packet match criteria and // a corresponding action to apply. Ingress []Rule `json:"ingress,omitempty" validate:"omitempty,dive"` // The ordered set of egress rules. Each rule contains a set of packet match criteria and // a corresponding action to apply. Egress []Rule `json:"egress,omitempty" validate:"omitempty,dive"` // An option set of labels to apply to each endpoint (in addition to their own labels) // referencing this profile. If labels configured on the endpoint have keys matching those // labels inherited from the profile, the endpoint label values take precedence. LabelsToApply map[string]string `json:"labelsToApply,omitempty" validate:"omitempty,labels"` }
ProfileSpec contains the specification for a security Profile resource.
func (*ProfileSpec) DeepCopy ¶
func (in *ProfileSpec) DeepCopy() *ProfileSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProfileSpec.
func (*ProfileSpec) DeepCopyInto ¶
func (in *ProfileSpec) DeepCopyInto(out *ProfileSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ProtoPort ¶
ProtoPort is combination of protocol and port, both must be specified.
func (*ProtoPort) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProtoPort.
func (*ProtoPort) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Rule ¶
type Rule struct { Action Action `json:"action" validate:"action"` // IPVersion is an optional field that restricts the rule to only match a specific IP // version. IPVersion *int `json:"ipVersion,omitempty" validate:"omitempty,ipVersion"` // Protocol is an optional field that restricts the rule to only apply to traffic of // a specific IP protocol. Required if any of the EntityRules contain Ports // (because ports only apply to certain protocols). // // Must be one of these string values: "TCP", "UDP", "ICMP", "ICMPv6", "SCTP", "UDPLite" // or an integer in the range 1-255. Protocol *numorstring.Protocol `json:"protocol,omitempty" validate:"omitempty"` // ICMP is an optional field that restricts the rule to apply to a specific type and // code of ICMP traffic. This should only be specified if the Protocol field is set to // "ICMP" or "ICMPv6". ICMP *ICMPFields `json:"icmp,omitempty" validate:"omitempty"` // NotProtocol is the negated version of the Protocol field. NotProtocol *numorstring.Protocol `json:"notProtocol,omitempty" validate:"omitempty"` // NotICMP is the negated version of the ICMP field. NotICMP *ICMPFields `json:"notICMP,omitempty" validate:"omitempty"` // Source contains the match criteria that apply to source entity. Source EntityRule `json:"source,omitempty" validate:"omitempty"` // Destination contains the match criteria that apply to destination entity. Destination EntityRule `json:"destination,omitempty" validate:"omitempty"` // HTTP contains match criteria that apply to HTTP requests. HTTP *HTTPMatch `json:"http,omitempty" validate:"omitempty"` }
A Rule encapsulates a set of match criteria and an action. Both selector-based security Policy and security Profiles reference rules - separated out as a list of rules for both ingress and egress packet matching.
Each positive match criteria has a negated version, prefixed with ”Not”. All the match criteria within a rule must be satisfied for a packet to match. A single rule can contain the positive and negative version of a match and both must be satisfied for the rule to match.
func (*Rule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (*Rule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceAccountMatch ¶
type ServiceAccountMatch struct { // Names is an optional field that restricts the rule to only apply to traffic that originates from (or terminates // at) a pod running as a service account whose name is in the list. Names []string `json:"names,omitempty" validate:"omitempty"` // Selector is an optional field that restricts the rule to only apply to traffic that originates from // (or terminates at) a pod running as a service account that matches the given label selector. // If both Names and Selector are specified then they are AND'ed. Selector string `json:"selector,omitempty" validate:"omitempty,selector"` }
func (*ServiceAccountMatch) DeepCopy ¶
func (in *ServiceAccountMatch) DeepCopy() *ServiceAccountMatch
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountMatch.
func (*ServiceAccountMatch) DeepCopyInto ¶
func (in *ServiceAccountMatch) DeepCopyInto(out *ServiceAccountMatch)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type WorkloadEndpoint ¶
type WorkloadEndpoint struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the WorkloadEndpoint. Spec WorkloadEndpointSpec `json:"spec,omitempty"` }
WorkloadEndpoint contains information about a WorkloadEndpoint resource that is a peer of a Calico compute node.
func NewWorkloadEndpoint ¶
func NewWorkloadEndpoint() *WorkloadEndpoint
NewWorkloadEndpoint creates a new (zeroed) WorkloadEndpoint struct with the TypeMetadata initialised to the current version.
func (*WorkloadEndpoint) DeepCopy ¶
func (in *WorkloadEndpoint) DeepCopy() *WorkloadEndpoint
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEndpoint.
func (*WorkloadEndpoint) DeepCopyInto ¶
func (in *WorkloadEndpoint) DeepCopyInto(out *WorkloadEndpoint)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*WorkloadEndpoint) DeepCopyObject ¶
func (in *WorkloadEndpoint) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type WorkloadEndpointList ¶
type WorkloadEndpointList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` Items []WorkloadEndpoint `json:"items"` }
WorkloadEndpointList contains a list of WorkloadEndpoint resources.
func NewWorkloadEndpointList ¶
func NewWorkloadEndpointList() *WorkloadEndpointList
NewWorkloadEndpointList creates a new (zeroed) WorkloadEndpointList struct with the TypeMetadata initialised to the current version.
func (*WorkloadEndpointList) DeepCopy ¶
func (in *WorkloadEndpointList) DeepCopy() *WorkloadEndpointList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEndpointList.
func (*WorkloadEndpointList) DeepCopyInto ¶
func (in *WorkloadEndpointList) DeepCopyInto(out *WorkloadEndpointList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*WorkloadEndpointList) DeepCopyObject ¶
func (in *WorkloadEndpointList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type WorkloadEndpointSpec ¶
type WorkloadEndpointSpec struct { // The name of the orchestrator. Orchestrator string `json:"orchestrator,omitempty" validate:"omitempty,name"` // The name of the workload. Workload string `json:"workload,omitempty" validate:"omitempty,name"` // The node name identifying the Calico node instance. Node string `json:"node,omitempty" validate:"omitempty,name"` // The container ID. ContainerID string `json:"containerID,omitempty" validate:"omitempty,containerID"` // The Pod name. Pod string `json:"pod,omitempty" validate:"omitempty,name"` // The Endpoint name. Endpoint string `json:"endpoint,omitempty" validate:"omitempty,name"` // IPNetworks is a list of subnets allocated to this endpoint. IP packets will only be // allowed to leave this interface if they come from an address in one of these subnets. // Currently only /32 for IPv4 and /128 for IPv6 networks are supported. IPNetworks []string `json:"ipNetworks,omitempty" validate:"omitempty,dive,net"` // IPNATs is a list of 1:1 NAT mappings to apply to the endpoint. Inbound connections // to the external IP will be forwarded to the internal IP. Connections initiated from the // internal IP will not have their source address changed, except when an endpoint attempts // to connect one of its own external IPs. Each internal IP must be associated with the same // endpoint via the configured IPNetworks. IPNATs []IPNAT `json:"ipNATs,omitempty" validate:"omitempty,dive"` // IPv4Gateway is the gateway IPv4 address for traffic from the workload. IPv4Gateway string `json:"ipv4Gateway,omitempty" validate:"omitempty,ipv4"` // IPv6Gateway is the gateway IPv6 address for traffic from the workload. IPv6Gateway string `json:"ipv6Gateway,omitempty" validate:"omitempty,ipv6"` // A list of security Profile resources that apply to this endpoint. Each profile is // applied in the order that they appear in this list. Profile rules are applied // after the selector-based security policy. Profiles []string `json:"profiles,omitempty" validate:"omitempty,dive,name"` // InterfaceName the name of the Linux interface on the host: for example, tap80. InterfaceName string `json:"interfaceName,omitempty" validate:"interface"` // MAC is the MAC address of the endpoint interface. MAC string `json:"mac,omitempty" validate:"omitempty,mac"` // Ports contains the endpoint's named ports, which may be referenced in security policy rules. Ports []EndpointPort `json:"ports,omitempty" validate:"dive,omitempty"` }
WorkloadEndpointMetadata contains the specification for a WorkloadEndpoint resource.
func (*WorkloadEndpointSpec) DeepCopy ¶
func (in *WorkloadEndpointSpec) DeepCopy() *WorkloadEndpointSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEndpointSpec.
func (*WorkloadEndpointSpec) DeepCopyInto ¶
func (in *WorkloadEndpointSpec) DeepCopyInto(out *WorkloadEndpointSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files ¶
- bgpconfig.go
- bgppeer.go
- blockaffinity.go
- clusterinfo.go
- constants.go
- doc.go
- felixconfig.go
- globalnetworkpolicy.go
- globalnetworkset.go
- hostendpoint.go
- ipam_block.go
- ipam_config.go
- ipam_handle.go
- ippool.go
- networkpolicy.go
- node.go
- policy.go
- profile.go
- register.go
- workloadendpoint.go
- zz_generated.deepcopy.go