v1alpha1

package
v0.13.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 16, 2021 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source
const GroupName = "security.antrea.tanzu.vmware.com"

GroupName is the group name used in this package.

Variables

View Source
var (
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	AddToScheme   = SchemeBuilder.AddToScheme
)
View Source
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

SchemeGroupVersion is group version used to register these objects.

Functions

func Kind

func Kind(kind string) schema.GroupKind

Kind takes an unqualified kind and returns back a Group qualified GroupKind

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource.

Types

type ClusterNetworkPolicy

type ClusterNetworkPolicy struct {
	metav1.TypeMeta `json:",inline"`
	// Standard metadata of the object.
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Specification of the desired behavior of ClusterNetworkPolicy.
	Spec ClusterNetworkPolicySpec `json:"spec"`
	// Most recently observed status of the NetworkPolicy.
	Status NetworkPolicyStatus `json:"status"`
}

func (*ClusterNetworkPolicy) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicy.

func (*ClusterNetworkPolicy) DeepCopyInto

func (in *ClusterNetworkPolicy) DeepCopyInto(out *ClusterNetworkPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterNetworkPolicy) DeepCopyObject

func (in *ClusterNetworkPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterNetworkPolicyList

type ClusterNetworkPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []ClusterNetworkPolicy `json:"items"`
}

func (*ClusterNetworkPolicyList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicyList.

func (*ClusterNetworkPolicyList) DeepCopyInto

func (in *ClusterNetworkPolicyList) DeepCopyInto(out *ClusterNetworkPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*ClusterNetworkPolicyList) DeepCopyObject

func (in *ClusterNetworkPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type ClusterNetworkPolicySpec

type ClusterNetworkPolicySpec struct {
	// Tier specifies the tier to which this ClusterNetworkPolicy belongs to.
	// The ClusterNetworkPolicy order will be determined based on the
	// combination of the Tier's Priority and the ClusterNetworkPolicy's own
	// Priority. If not specified, this policy will be created in the Application
	// Tier right above the K8s NetworkPolicy which resides at the bottom.
	Tier string `json:"tier,omitempty"`
	// Priority specfies the order of the ClusterNetworkPolicy relative to
	// other AntreaClusterNetworkPolicies.
	Priority float64 `json:"priority"`
	// Select workloads on which the rules will be applied to. Cannot be set in
	// conjunction with AppliedTo in each rule.
	// +optional
	AppliedTo []NetworkPolicyPeer `json:"appliedTo,omitempty"`
	// Set of ingress rules evaluated based on the order in which they are set.
	// Currently Ingress rule supports setting the `From` field but not the `To`
	// field within a Rule.
	// +optional
	Ingress []Rule `json:"ingress"`
	// Set of egress rules evaluated based on the order in which they are set.
	// Currently Egress rule supports setting the `To` field but not the `From`
	// field within a Rule.
	// +optional
	Egress []Rule `json:"egress"`
}

ClusterNetworkPolicySpec defines the desired state for ClusterNetworkPolicy.

func (*ClusterNetworkPolicySpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicySpec.

func (*ClusterNetworkPolicySpec) DeepCopyInto

func (in *ClusterNetworkPolicySpec) DeepCopyInto(out *ClusterNetworkPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IPBlock

type IPBlock struct {
	// CIDR is a string representing the IP Block
	// Valid examples are "192.168.1.1/24".
	CIDR string `json:"cidr"`
}

IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed or denied to/from the workloads matched by a Spec.AppliedTo.

func (*IPBlock) DeepCopy

func (in *IPBlock) DeepCopy() *IPBlock

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock.

func (*IPBlock) DeepCopyInto

func (in *IPBlock) DeepCopyInto(out *IPBlock)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkPolicy

type NetworkPolicy struct {
	metav1.TypeMeta `json:",inline"`
	// Standard metadata of the object.
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Specification of the desired behavior of NetworkPolicy.
	Spec NetworkPolicySpec `json:"spec"`
	// Most recently observed status of the NetworkPolicy.
	Status NetworkPolicyStatus `json:"status"`
}

func (*NetworkPolicy) DeepCopy

func (in *NetworkPolicy) DeepCopy() *NetworkPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicy.

func (*NetworkPolicy) DeepCopyInto

func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*NetworkPolicy) DeepCopyObject

func (in *NetworkPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type NetworkPolicyList

type NetworkPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []NetworkPolicy `json:"items"`
}

func (*NetworkPolicyList) DeepCopy

func (in *NetworkPolicyList) DeepCopy() *NetworkPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyList.

func (*NetworkPolicyList) DeepCopyInto

func (in *NetworkPolicyList) DeepCopyInto(out *NetworkPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*NetworkPolicyList) DeepCopyObject

func (in *NetworkPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type NetworkPolicyPeer

type NetworkPolicyPeer struct {
	// IPBlock describes the IPAddresses/IPBlocks that is matched in to/from.
	// IPBlock cannot be set as part of the AppliedTo field.
	// Cannot be set with any other selector.
	// +optional
	IPBlock *IPBlock `json:"ipBlock,omitempty"`
	// Select Pods from NetworkPolicy's Namespace as workloads in
	// AppliedTo/To/From fields. If set with NamespaceSelector, Pods are
	// matched from Namespaces matched by the NamespaceSelector.
	// Cannot be set with any other selector except NamespaceSelector.
	// +optional
	PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"`
	// Select all Pods from Namespaces matched by this selector, as
	// workloads in To/From fields. If set with PodSelector,
	// Pods are matched from Namespaces matched by the NamespaceSelector.
	// Cannot be set with any other selector except PodSelector or
	// ExternalEntitySelector.
	// +optional
	NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"`
	// Select ExternalEntities from NetworkPolicy's Namespace as workloads
	// in AppliedTo/To/From fields. If set with NamespaceSelector,
	// ExternalEntities are matched from Namespaces matched by the
	// NamespaceSelector.
	// Cannot be set with any other selector except NamespaceSelector.
	// +optional
	ExternalEntitySelector *metav1.LabelSelector `json:"externalEntitySelector,omitempty"`
	// Group is the name of the ClusterGroup which can be set as an
	// AppliedTo or within an Ingress or Egress rule in place of
	// a stand-alone selector. A Group cannot be set with any other
	// selector.
	Group string `json:"group,omitempty"`
}

NetworkPolicyPeer describes the grouping selector of workloads.

func (*NetworkPolicyPeer) DeepCopy

func (in *NetworkPolicyPeer) DeepCopy() *NetworkPolicyPeer

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPeer.

func (*NetworkPolicyPeer) DeepCopyInto

func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkPolicyPhase added in v0.11.0

type NetworkPolicyPhase string

NetworkPolicyPhase defines the phase in which a NetworkPolicy is.

const (
	// NetworkPolicyPending means the NetworkPolicy has been accepted by the system, but it has not been processed by Antrea.
	NetworkPolicyPending NetworkPolicyPhase = "Pending"
	// NetworkPolicyRealizing means the NetworkPolicy has been observed by Antrea and is being realized.
	NetworkPolicyRealizing NetworkPolicyPhase = "Realizing"
	// NetworkPolicyRealized means the NetworkPolicy has been enforced to all Pods on all Nodes it applies to.
	NetworkPolicyRealized NetworkPolicyPhase = "Realized"
)

These are the valid values for NetworkPolicyPhase.

type NetworkPolicyPort

type NetworkPolicyPort struct {
	// The protocol (TCP, UDP, or SCTP) which traffic must match.
	// If not specified, this field defaults to TCP.
	// +optional
	Protocol *v1.Protocol `json:"protocol,omitempty"`
	// The port on the given protocol. This can be either a numerical
	// or named port on a Pod. If this field is not provided, this
	// matches all port names and numbers.
	// +optional
	Port *intstr.IntOrString `json:"port,omitempty"`
	// EndPort defines the end of the port range, being the end included within the range.
	// It can only be specified when a numerical `port` is specified.
	// +optional
	EndPort *int32 `json:"endPort,omitempty"`
}

NetworkPolicyPort describes the port and protocol to match in a rule.

func (*NetworkPolicyPort) DeepCopy

func (in *NetworkPolicyPort) DeepCopy() *NetworkPolicyPort

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPort.

func (*NetworkPolicyPort) DeepCopyInto

func (in *NetworkPolicyPort) DeepCopyInto(out *NetworkPolicyPort)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkPolicySpec

type NetworkPolicySpec struct {
	// Tier specifies the tier to which this NetworkPolicy belongs to.
	// The NetworkPolicy order will be determined based on the combination of the
	// Tier's Priority and the NetworkPolicy's own Priority. If not specified,
	// this policy will be created in the Application Tier right above the K8s
	// NetworkPolicy which resides at the bottom.
	Tier string `json:"tier,omitempty"`
	// Priority specfies the order of the NetworkPolicy relative to other
	// NetworkPolicies.
	Priority float64 `json:"priority"`
	// Select workloads on which the rules will be applied to. Cannot be set in
	// conjunction with AppliedTo in each rule.
	// +optional
	AppliedTo []NetworkPolicyPeer `json:"appliedTo,omitempty"`
	// Set of ingress rules evaluated based on the order in which they are set.
	// Currently Ingress rule supports setting the `From` field but not the `To`
	// field within a Rule.
	// +optional
	Ingress []Rule `json:"ingress"`
	// Set of egress rules evaluated based on the order in which they are set.
	// Currently Egress rule supports setting the `To` field but not the `From`
	// field within a Rule.
	// +optional
	Egress []Rule `json:"egress"`
}

NetworkPolicySpec defines the desired state for NetworkPolicy.

func (*NetworkPolicySpec) DeepCopy

func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicySpec.

func (*NetworkPolicySpec) DeepCopyInto

func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NetworkPolicyStatus added in v0.11.0

type NetworkPolicyStatus struct {
	// The phase of a NetworkPolicy is a simple, high-level summary of the NetworkPolicy's status.
	Phase NetworkPolicyPhase `json:"phase"`
	// The generation observed by Antrea.
	ObservedGeneration int64 `json:"observedGeneration"`
	// The number of nodes that have realized the NetworkPolicy.
	CurrentNodesRealized int32 `json:"currentNodesRealized"`
	// The total number of nodes that should realize the NetworkPolicy.
	DesiredNodesRealized int32 `json:"desiredNodesRealized"`
}

NetworkPolicyStatus represents information about the status of a NetworkPolicy.

func (*NetworkPolicyStatus) DeepCopy added in v0.11.0

func (in *NetworkPolicyStatus) DeepCopy() *NetworkPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyStatus.

func (*NetworkPolicyStatus) DeepCopyInto added in v0.11.0

func (in *NetworkPolicyStatus) DeepCopyInto(out *NetworkPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Rule

type Rule struct {
	// Action specifies the action to be applied on the rule.
	Action *RuleAction `json:"action"`
	// Set of port and protocol allowed/denied by the rule. If this field is unset
	// or empty, this rule matches all ports.
	// +optional
	Ports []NetworkPolicyPort `json:"ports,omitempty"`
	// Rule is matched if traffic originates from workloads selected by
	// this field. If this field is empty, this rule matches all sources.
	// +optional
	From []NetworkPolicyPeer `json:"from"`
	// Rule is matched if traffic is intended for workloads selected by
	// this field. If this field is empty or missing, this rule matches all
	// destinations.
	// +optional
	To []NetworkPolicyPeer `json:"to"`
	// Name describes the intention of this rule.
	// Name should be unique within the policy.
	// +optional
	Name string `json:"name"`
	// EnableLogging is used to indicate if agent should generate logs
	// when rules are matched. Should be default to false.
	EnableLogging bool `json:"enableLogging"`
	// Select workloads on which this rule will be applied to. Cannot be set in
	// conjunction with NetworkPolicySpec/ClusterNetworkPolicySpec.AppliedTo.
	// +optional
	AppliedTo []NetworkPolicyPeer `json:"appliedTo,omitempty"`
}

Rule describes the traffic allowed to/from the workloads selected by Spec.AppliedTo. Based on the action specified in the rule, traffic is either allowed or denied which exactly match the specified ports and protocol.

func (*Rule) DeepCopy

func (in *Rule) DeepCopy() *Rule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.

func (*Rule) DeepCopyInto

func (in *Rule) DeepCopyInto(out *Rule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleAction

type RuleAction string

RuleAction describes the action to be applied on traffic matching a rule.

const (
	// RuleActionAllow describes that rule matching traffic must be allowed.
	RuleActionAllow RuleAction = "Allow"
	// RuleActionDrop describes that rule matching traffic must be dropped.
	RuleActionDrop RuleAction = "Drop"
)

type Tier added in v0.10.0

type Tier struct {
	metav1.TypeMeta `json:",inline"`
	// Standard metadata of the object.
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Specification of the desired behavior of Tier.
	Spec TierSpec `json:"spec"`
}

func (*Tier) DeepCopy added in v0.10.0

func (in *Tier) DeepCopy() *Tier

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tier.

func (*Tier) DeepCopyInto added in v0.10.0

func (in *Tier) DeepCopyInto(out *Tier)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*Tier) DeepCopyObject added in v0.10.0

func (in *Tier) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TierList added in v0.10.0

type TierList struct {
	metav1.TypeMeta `json:",inline"`
	// +optional
	metav1.ListMeta `json:"metadata,omitempty"`

	Items []Tier `json:"items"`
}

func (*TierList) DeepCopy added in v0.10.0

func (in *TierList) DeepCopy() *TierList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TierList.

func (*TierList) DeepCopyInto added in v0.10.0

func (in *TierList) DeepCopyInto(out *TierList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*TierList) DeepCopyObject added in v0.10.0

func (in *TierList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type TierSpec added in v0.10.0

type TierSpec struct {
	// Priority specfies the order of the Tier relative to other Tiers.
	Priority int32 `json:"priority"`
	// Description is an optional field to add more information regarding
	// the purpose of this Tier.
	Description string `json:"description,omitempty"`
}

TierSpec defines the desired state for Tier.

func (*TierSpec) DeepCopy added in v0.10.0

func (in *TierSpec) DeepCopy() *TierSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TierSpec.

func (*TierSpec) DeepCopyInto added in v0.10.0

func (in *TierSpec) DeepCopyInto(out *TierSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL