v1

package

v0.0.0-...-aca02aa Latest Latest Go to latest Published: Sep 25, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/icefed/domain-egress-policy

Links

Open Source Insights

Documentation ¶

Overview ¶

Package v1 contains API Schema definitions for the policy v1 API group +kubebuilder:object:generate=true +groupName=policy.icefed.io

Index ¶

Variables
type DomainEgressPolicy
type DomainEgressPolicyList
type DomainEgressPolicySpec
- func (in *DomainEgressPolicySpec) DeepCopy() *DomainEgressPolicySpec
- func (in *DomainEgressPolicySpec) DeepCopyInto(out *DomainEgressPolicySpec)
type DomainEgressPolicyStatus
- func (in *DomainEgressPolicyStatus) DeepCopy() *DomainEgressPolicyStatus
- func (in *DomainEgressPolicyStatus) DeepCopyInto(out *DomainEgressPolicyStatus)
type DomainEgressRule
- func (in *DomainEgressRule) DeepCopy() *DomainEgressRule
- func (in *DomainEgressRule) DeepCopyInto(out *DomainEgressRule)
type ResolvedDomain
- func (in *ResolvedDomain) DeepCopy() *ResolvedDomain
- func (in *ResolvedDomain) DeepCopyInto(out *ResolvedDomain)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "policy.icefed.io", Version: "v1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions ¶

This section is empty.

Types ¶

type DomainEgressPolicy ¶

type DomainEgressPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   DomainEgressPolicySpec   `json:"spec,omitempty"`
	Status DomainEgressPolicyStatus `json:"status,omitempty"`
}

DomainEgressPolicy is the Schema for the domainegresspolicies API

func (*DomainEgressPolicy) DeepCopy ¶

func (in *DomainEgressPolicy) DeepCopy() *DomainEgressPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainEgressPolicy.

func (*DomainEgressPolicy) DeepCopyInto ¶

func (in *DomainEgressPolicy) DeepCopyInto(out *DomainEgressPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DomainEgressPolicy) DeepCopyObject ¶

func (in *DomainEgressPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*DomainEgressPolicy) SetupWebhookWithManager ¶

func (r *DomainEgressPolicy) SetupWebhookWithManager(mgr ctrl.Manager) error

SetupWebhookWithManager will setup the manager to manage the webhooks

func (*DomainEgressPolicy) ValidateCreate ¶

func (r *DomainEgressPolicy) ValidateCreate() (admission.Warnings, error)

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*DomainEgressPolicy) ValidateDelete ¶

func (r *DomainEgressPolicy) ValidateDelete() (admission.Warnings, error)

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*DomainEgressPolicy) ValidateUpdate ¶

func (r *DomainEgressPolicy) ValidateUpdate(old runtime.Object) (admission.Warnings, error)

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type DomainEgressPolicyList ¶

type DomainEgressPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []DomainEgressPolicy `json:"items"`
}

DomainEgressPolicyList contains a list of DomainEgressPolicy

func (*DomainEgressPolicyList) DeepCopy ¶

func (in *DomainEgressPolicyList) DeepCopy() *DomainEgressPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainEgressPolicyList.

func (*DomainEgressPolicyList) DeepCopyInto ¶

func (in *DomainEgressPolicyList) DeepCopyInto(out *DomainEgressPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*DomainEgressPolicyList) DeepCopyObject ¶

func (in *DomainEgressPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type DomainEgressPolicySpec ¶

type DomainEgressPolicySpec struct {
	// podSelector selects the pods to which this DomainEgressPolicy object applies.
	// The array of ingress rules is applied to any pods selected by this field.
	// Multiple network policies can select the same set of pods. In this case,
	// the ingress rules for each are combined additively.
	// This field is NOT optional and follows standard label selector semantics.
	// An empty podSelector matches all pods in this namespace.
	PodSelector metav1.LabelSelector `json:"podSelector" protobuf:"bytes,1,opt,name=podSelector"`

	// domainEgress is a list of egress rules to be applied to the selected pods. Outgoing traffic
	// is allowed if there are no DomainEgressPolicies selecting the pod (and cluster policy
	// otherwise allows the traffic), OR if the traffic matches at least one egress rule
	// across all of the DomainEgressPolicy objects whose podSelector matches the pod. If
	// this field is empty then this DomainEgressPolicy limits all outgoing traffic (and serves
	// solely to ensure that the pods it selects are isolated by default).
	DomainEgress []DomainEgressRule `json:"domainEgress,omitempty" protobuf:"bytes,3,rep,name=domainEgress"`
}

DomainEgressPolicySpec defines the desired state of DomainEgressPolicy

func (*DomainEgressPolicySpec) DeepCopy ¶

func (in *DomainEgressPolicySpec) DeepCopy() *DomainEgressPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainEgressPolicySpec.

func (*DomainEgressPolicySpec) DeepCopyInto ¶

func (in *DomainEgressPolicySpec) DeepCopyInto(out *DomainEgressPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DomainEgressPolicyStatus ¶

type DomainEgressPolicyStatus struct {
	// ResolvedDomains is a list of resolved domains
	ResolvedDomains []ResolvedDomain `json:"resolvedDomains,omitempty" protobuf:"bytes,1,rep,name=resolvedDomains"`
}

DomainEgressPolicyStatus defines the observed state of DomainEgressPolicy

func (*DomainEgressPolicyStatus) DeepCopy ¶

func (in *DomainEgressPolicyStatus) DeepCopy() *DomainEgressPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainEgressPolicyStatus.

func (*DomainEgressPolicyStatus) DeepCopyInto ¶

func (in *DomainEgressPolicyStatus) DeepCopyInto(out *DomainEgressPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DomainEgressRule ¶

type DomainEgressRule struct {
	// ports is a list of destination ports for outgoing traffic.
	// Each item in this list is combined using a logical OR. If this field is
	// empty or missing, this rule matches all ports (traffic not restricted by port).
	// If this field is present and contains at least one item, then this rule allows
	// traffic only if the traffic matches at least one port in the list.
	// +optional
	Ports []networkingv1.NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"`

	// domains is a list of destinations for outgoing traffic of pods selected for this rule.
	// Items in this list are combined using a logical OR operation. If this field is
	// empty or missing, this rule matches all destinations (traffic not restricted by
	// destination). If this field is present and contains at least one item, this rule
	// allows traffic only if the traffic matches at least one item in the to list.
	// domain names may be fully qualified or match wildcards.
	Domains []string `json:"domains,omitempty" protobuf:"bytes,2,rep,name=domains"`
}

DomainEgressRule describes a particular set of traffic that is allowed out of pods matched by a DomainEgressPolicySpec's podSelector. The traffic must match both ports and domains.

func (*DomainEgressRule) DeepCopy ¶

func (in *DomainEgressRule) DeepCopy() *DomainEgressRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainEgressRule.

func (*DomainEgressRule) DeepCopyInto ¶

func (in *DomainEgressRule) DeepCopyInto(out *DomainEgressRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResolvedDomain ¶

type ResolvedDomain struct {
	Domain string   `json:"domain" protobuf:"bytes,1,opt,name=domain"`
	IPs    []string `json:"ips" protobuf:"bytes,2,rep,name=ips"`

	// UpdateTimestamp is a timestamp of when the domain was resolved
	UpdateTimestamp metav1.Time `json:"updateTimestamp,omitempty" protobuf:"bytes,8,opt,name=updateTimestamp"`
}

ResolvedDomain defines the domain and resolved IP addresses

func (*ResolvedDomain) DeepCopy ¶

func (in *ResolvedDomain) DeepCopy() *ResolvedDomain

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResolvedDomain.

func (*ResolvedDomain) DeepCopyInto ¶

func (in *ResolvedDomain) DeepCopyInto(out *ResolvedDomain)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL