Documentation ¶
Index ¶
- Constants
- Variables
- func Kind(kind string) schema.GroupKind
- func Resource(resource string) schema.GroupResource
- type ClusterNetworkPolicy
- type ClusterNetworkPolicyList
- type ClusterNetworkPolicySpec
- type IPBlock
- type NetworkPolicy
- type NetworkPolicyList
- type NetworkPolicyPeer
- type NetworkPolicyPhase
- type NetworkPolicyPort
- type NetworkPolicySpec
- type NetworkPolicyStatus
- type Rule
- type RuleAction
- type Tier
- type TierList
- type TierSpec
Constants ¶
const GroupName = "security.antrea.tanzu.vmware.com"
GroupName is the group name used in this package.
Variables ¶
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
SchemeGroupVersion is group version used to register these objects.
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource.
Types ¶
type ClusterNetworkPolicy ¶
type ClusterNetworkPolicy struct { metav1.TypeMeta `json:",inline"` // Standard metadata of the object. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the desired behavior of ClusterNetworkPolicy. Spec ClusterNetworkPolicySpec `json:"spec"` // Most recently observed status of the NetworkPolicy. Status NetworkPolicyStatus `json:"status"` }
func (*ClusterNetworkPolicy) DeepCopy ¶
func (in *ClusterNetworkPolicy) DeepCopy() *ClusterNetworkPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicy.
func (*ClusterNetworkPolicy) DeepCopyInto ¶
func (in *ClusterNetworkPolicy) DeepCopyInto(out *ClusterNetworkPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterNetworkPolicy) DeepCopyObject ¶
func (in *ClusterNetworkPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterNetworkPolicyList ¶
type ClusterNetworkPolicyList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterNetworkPolicy `json:"items"` }
func (*ClusterNetworkPolicyList) DeepCopy ¶
func (in *ClusterNetworkPolicyList) DeepCopy() *ClusterNetworkPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicyList.
func (*ClusterNetworkPolicyList) DeepCopyInto ¶
func (in *ClusterNetworkPolicyList) DeepCopyInto(out *ClusterNetworkPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterNetworkPolicyList) DeepCopyObject ¶
func (in *ClusterNetworkPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterNetworkPolicySpec ¶
type ClusterNetworkPolicySpec struct { // Tier specifies the tier to which this ClusterNetworkPolicy belongs to. // The ClusterNetworkPolicy order will be determined based on the // combination of the Tier's Priority and the ClusterNetworkPolicy's own // Priority. If not specified, this policy will be created in the Application // Tier right above the K8s NetworkPolicy which resides at the bottom. Tier string `json:"tier,omitempty"` // Priority specfies the order of the ClusterNetworkPolicy relative to // other AntreaClusterNetworkPolicies. Priority float64 `json:"priority"` // Select workloads on which the rules will be applied to. Cannot be set in // conjunction with AppliedTo in each rule. // +optional AppliedTo []NetworkPolicyPeer `json:"appliedTo,omitempty"` // Set of ingress rules evaluated based on the order in which they are set. // Currently Ingress rule supports setting the `From` field but not the `To` // field within a Rule. // +optional Ingress []Rule `json:"ingress"` // Set of egress rules evaluated based on the order in which they are set. // Currently Egress rule supports setting the `To` field but not the `From` // field within a Rule. // +optional Egress []Rule `json:"egress"` }
ClusterNetworkPolicySpec defines the desired state for ClusterNetworkPolicy.
func (*ClusterNetworkPolicySpec) DeepCopy ¶
func (in *ClusterNetworkPolicySpec) DeepCopy() *ClusterNetworkPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicySpec.
func (*ClusterNetworkPolicySpec) DeepCopyInto ¶
func (in *ClusterNetworkPolicySpec) DeepCopyInto(out *ClusterNetworkPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPBlock ¶
type IPBlock struct { // CIDR is a string representing the IP Block // Valid examples are "192.168.1.1/24". CIDR string `json:"cidr"` }
IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed or denied to/from the workloads matched by a Spec.AppliedTo.
func (*IPBlock) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock.
func (*IPBlock) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPolicy ¶
type NetworkPolicy struct { metav1.TypeMeta `json:",inline"` // Standard metadata of the object. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the desired behavior of NetworkPolicy. Spec NetworkPolicySpec `json:"spec"` // Most recently observed status of the NetworkPolicy. Status NetworkPolicyStatus `json:"status"` }
func (*NetworkPolicy) DeepCopy ¶
func (in *NetworkPolicy) DeepCopy() *NetworkPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicy.
func (*NetworkPolicy) DeepCopyInto ¶
func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NetworkPolicy) DeepCopyObject ¶
func (in *NetworkPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NetworkPolicyList ¶
type NetworkPolicyList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` Items []NetworkPolicy `json:"items"` }
func (*NetworkPolicyList) DeepCopy ¶
func (in *NetworkPolicyList) DeepCopy() *NetworkPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyList.
func (*NetworkPolicyList) DeepCopyInto ¶
func (in *NetworkPolicyList) DeepCopyInto(out *NetworkPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NetworkPolicyList) DeepCopyObject ¶
func (in *NetworkPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NetworkPolicyPeer ¶
type NetworkPolicyPeer struct { // IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. // IPBlock cannot be set as part of the AppliedTo field. // Cannot be set with any other selector. // +optional IPBlock *IPBlock `json:"ipBlock,omitempty"` // Select Pods from NetworkPolicy's Namespace as workloads in // AppliedTo/To/From fields. If set with NamespaceSelector, Pods are // matched from Namespaces matched by the NamespaceSelector. // Cannot be set with any other selector except NamespaceSelector. // +optional PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"` // Select all Pods from Namespaces matched by this selector, as // workloads in To/From fields. If set with PodSelector, // Pods are matched from Namespaces matched by the NamespaceSelector. // Cannot be set with any other selector except PodSelector or // ExternalEntitySelector. // +optional NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` // Select ExternalEntities from NetworkPolicy's Namespace as workloads // in AppliedTo/To/From fields. If set with NamespaceSelector, // ExternalEntities are matched from Namespaces matched by the // NamespaceSelector. // Cannot be set with any other selector except NamespaceSelector. // +optional ExternalEntitySelector *metav1.LabelSelector `json:"externalEntitySelector,omitempty"` // Group is the name of the ClusterGroup which can be set as an // AppliedTo or within an Ingress or Egress rule in place of // a stand-alone selector. A Group cannot be set with any other // selector. Group string `json:"group,omitempty"` }
NetworkPolicyPeer describes the grouping selector of workloads.
func (*NetworkPolicyPeer) DeepCopy ¶
func (in *NetworkPolicyPeer) DeepCopy() *NetworkPolicyPeer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPeer.
func (*NetworkPolicyPeer) DeepCopyInto ¶
func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPolicyPhase ¶ added in v0.11.0
type NetworkPolicyPhase string
NetworkPolicyPhase defines the phase in which a NetworkPolicy is.
const ( // NetworkPolicyPending means the NetworkPolicy has been accepted by the system, but it has not been processed by Antrea. NetworkPolicyPending NetworkPolicyPhase = "Pending" // NetworkPolicyRealizing means the NetworkPolicy has been observed by Antrea and is being realized. NetworkPolicyRealizing NetworkPolicyPhase = "Realizing" // NetworkPolicyRealized means the NetworkPolicy has been enforced to all Pods on all Nodes it applies to. NetworkPolicyRealized NetworkPolicyPhase = "Realized" )
These are the valid values for NetworkPolicyPhase.
type NetworkPolicyPort ¶
type NetworkPolicyPort struct { // The protocol (TCP, UDP, or SCTP) which traffic must match. // If not specified, this field defaults to TCP. // +optional Protocol *v1.Protocol `json:"protocol,omitempty"` // The port on the given protocol. This can be either a numerical // or named port on a Pod. If this field is not provided, this // matches all port names and numbers. // +optional Port *intstr.IntOrString `json:"port,omitempty"` // EndPort defines the end of the port range, being the end included within the range. // It can only be specified when a numerical `port` is specified. // +optional EndPort *int32 `json:"endPort,omitempty"` }
NetworkPolicyPort describes the port and protocol to match in a rule.
func (*NetworkPolicyPort) DeepCopy ¶
func (in *NetworkPolicyPort) DeepCopy() *NetworkPolicyPort
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPort.
func (*NetworkPolicyPort) DeepCopyInto ¶
func (in *NetworkPolicyPort) DeepCopyInto(out *NetworkPolicyPort)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPolicySpec ¶
type NetworkPolicySpec struct { // Tier specifies the tier to which this NetworkPolicy belongs to. // The NetworkPolicy order will be determined based on the combination of the // Tier's Priority and the NetworkPolicy's own Priority. If not specified, // this policy will be created in the Application Tier right above the K8s // NetworkPolicy which resides at the bottom. Tier string `json:"tier,omitempty"` // Priority specfies the order of the NetworkPolicy relative to other // NetworkPolicies. Priority float64 `json:"priority"` // Select workloads on which the rules will be applied to. Cannot be set in // conjunction with AppliedTo in each rule. // +optional AppliedTo []NetworkPolicyPeer `json:"appliedTo,omitempty"` // Set of ingress rules evaluated based on the order in which they are set. // Currently Ingress rule supports setting the `From` field but not the `To` // field within a Rule. // +optional Ingress []Rule `json:"ingress"` // Set of egress rules evaluated based on the order in which they are set. // Currently Egress rule supports setting the `To` field but not the `From` // field within a Rule. // +optional Egress []Rule `json:"egress"` }
NetworkPolicySpec defines the desired state for NetworkPolicy.
func (*NetworkPolicySpec) DeepCopy ¶
func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicySpec.
func (*NetworkPolicySpec) DeepCopyInto ¶
func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPolicyStatus ¶ added in v0.11.0
type NetworkPolicyStatus struct { // The phase of a NetworkPolicy is a simple, high-level summary of the NetworkPolicy's status. Phase NetworkPolicyPhase `json:"phase"` // The generation observed by Antrea. ObservedGeneration int64 `json:"observedGeneration"` // The number of nodes that have realized the NetworkPolicy. CurrentNodesRealized int32 `json:"currentNodesRealized"` // The total number of nodes that should realize the NetworkPolicy. DesiredNodesRealized int32 `json:"desiredNodesRealized"` }
NetworkPolicyStatus represents information about the status of a NetworkPolicy.
func (*NetworkPolicyStatus) DeepCopy ¶ added in v0.11.0
func (in *NetworkPolicyStatus) DeepCopy() *NetworkPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyStatus.
func (*NetworkPolicyStatus) DeepCopyInto ¶ added in v0.11.0
func (in *NetworkPolicyStatus) DeepCopyInto(out *NetworkPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Rule ¶
type Rule struct { // Action specifies the action to be applied on the rule. Action *RuleAction `json:"action"` // Set of port and protocol allowed/denied by the rule. If this field is unset // or empty, this rule matches all ports. // +optional Ports []NetworkPolicyPort `json:"ports,omitempty"` // Rule is matched if traffic originates from workloads selected by // this field. If this field is empty, this rule matches all sources. // +optional From []NetworkPolicyPeer `json:"from"` // Rule is matched if traffic is intended for workloads selected by // this field. If this field is empty or missing, this rule matches all // destinations. // +optional To []NetworkPolicyPeer `json:"to"` // Name describes the intention of this rule. // Name should be unique within the policy. // +optional Name string `json:"name"` // EnableLogging is used to indicate if agent should generate logs // when rules are matched. Should be default to false. EnableLogging bool `json:"enableLogging"` // Select workloads on which this rule will be applied to. Cannot be set in // conjunction with NetworkPolicySpec/ClusterNetworkPolicySpec.AppliedTo. // +optional AppliedTo []NetworkPolicyPeer `json:"appliedTo,omitempty"` }
Rule describes the traffic allowed to/from the workloads selected by Spec.AppliedTo. Based on the action specified in the rule, traffic is either allowed or denied which exactly match the specified ports and protocol.
func (*Rule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (*Rule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RuleAction ¶
type RuleAction string
RuleAction describes the action to be applied on traffic matching a rule.
const ( // RuleActionAllow describes that rule matching traffic must be allowed. RuleActionAllow RuleAction = "Allow" // RuleActionDrop describes that rule matching traffic must be dropped. RuleActionDrop RuleAction = "Drop" )
type Tier ¶ added in v0.10.0
type Tier struct { metav1.TypeMeta `json:",inline"` // Standard metadata of the object. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the desired behavior of Tier. Spec TierSpec `json:"spec"` }
func (*Tier) DeepCopy ¶ added in v0.10.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tier.
func (*Tier) DeepCopyInto ¶ added in v0.10.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*Tier) DeepCopyObject ¶ added in v0.10.0
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TierList ¶ added in v0.10.0
type TierList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` Items []Tier `json:"items"` }
func (*TierList) DeepCopy ¶ added in v0.10.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TierList.
func (*TierList) DeepCopyInto ¶ added in v0.10.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*TierList) DeepCopyObject ¶ added in v0.10.0
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type TierSpec ¶ added in v0.10.0
type TierSpec struct { // Priority specfies the order of the Tier relative to other Tiers. Priority int32 `json:"priority"` // Description is an optional field to add more information regarding // the purpose of this Tier. Description string `json:"description,omitempty"` }
TierSpec defines the desired state for Tier.
func (*TierSpec) DeepCopy ¶ added in v0.10.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TierSpec.
func (*TierSpec) DeepCopyInto ¶ added in v0.10.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.