Documentation ¶
Index ¶
- Constants
- Variables
- func Kind(kind string) schema.GroupKind
- func Resource(resource string) schema.GroupResource
- type ClusterNetworkPolicy
- type ClusterNetworkPolicyList
- type ClusterNetworkPolicySpec
- type IPBlock
- type NetworkPolicy
- type NetworkPolicyList
- type NetworkPolicyPeer
- type NetworkPolicyPort
- type NetworkPolicySpec
- type Rule
- type RuleAction
Constants ¶
const GroupName = "security.antrea.tanzu.vmware.com"
GroupName is the group name used in this package.
Variables ¶
var ( SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
SchemeGroupVersion is group version used to register these objects.
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource.
Types ¶
type ClusterNetworkPolicy ¶
type ClusterNetworkPolicy struct { metav1.TypeMeta `json:",inline"` // Standard metadata of the object. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the desired behavior of ClusterNetworkPolicy. Spec ClusterNetworkPolicySpec `json:"spec"` }
func (*ClusterNetworkPolicy) DeepCopy ¶
func (in *ClusterNetworkPolicy) DeepCopy() *ClusterNetworkPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicy.
func (*ClusterNetworkPolicy) DeepCopyInto ¶
func (in *ClusterNetworkPolicy) DeepCopyInto(out *ClusterNetworkPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterNetworkPolicy) DeepCopyObject ¶
func (in *ClusterNetworkPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterNetworkPolicyList ¶
type ClusterNetworkPolicyList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` Items []ClusterNetworkPolicy `json:"items"` }
func (*ClusterNetworkPolicyList) DeepCopy ¶
func (in *ClusterNetworkPolicyList) DeepCopy() *ClusterNetworkPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicyList.
func (*ClusterNetworkPolicyList) DeepCopyInto ¶
func (in *ClusterNetworkPolicyList) DeepCopyInto(out *ClusterNetworkPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ClusterNetworkPolicyList) DeepCopyObject ¶
func (in *ClusterNetworkPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ClusterNetworkPolicySpec ¶
type ClusterNetworkPolicySpec struct { // Tier specifies the tier to which this ClusterNetworkPolicy belongs to. // The ClusterNetworkPolicy order will be determined based on the // combination of the Tier's Priority and the ClusterNetworkPolicy's own // Priority. If not specified, this policy will be created in the Application // Tier right above the K8s NetworkPolicy which resides at the bottom. Tier string `json:"tier,omitempty"` // Priority specfies the order of the ClusterNetworkPolicy relative to // other ClusterNetworkPolicies. Priority float64 `json:"priority"` // Select workloads on which the rules will be applied to. AppliedTo []NetworkPolicyPeer `json:"appliedTo"` // Set of ingress rules evaluated based on the order in which they are set. // Currently Ingress rule supports setting the `From` field but not the `To` // field within a Rule. // +optional Ingress []Rule `json:"ingress"` // Set of egress rules evaluated based on the order in which they are set. // Currently Egress rule supports setting the `To` field but not the `From` // field within a Rule. // +optional Egress []Rule `json:"egress"` }
ClusterNetworkPolicySpec defines the desired state for ClusterNetworkPolicy.
func (*ClusterNetworkPolicySpec) DeepCopy ¶
func (in *ClusterNetworkPolicySpec) DeepCopy() *ClusterNetworkPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterNetworkPolicySpec.
func (*ClusterNetworkPolicySpec) DeepCopyInto ¶
func (in *ClusterNetworkPolicySpec) DeepCopyInto(out *ClusterNetworkPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IPBlock ¶
type IPBlock struct { // CIDR is a string representing the IP Block // Valid examples are "192.168.1.1/24". CIDR string `json:"cidr"` }
IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed or denied to/from the workloads matched by a Spec.AppliedTo.
func (*IPBlock) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock.
func (*IPBlock) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPolicy ¶
type NetworkPolicy struct { metav1.TypeMeta `json:",inline"` // Standard metadata of the object. metav1.ObjectMeta `json:"metadata,omitempty"` // Specification of the desired behavior of NetworkPolicy. Spec NetworkPolicySpec `json:"spec"` }
func (*NetworkPolicy) DeepCopy ¶
func (in *NetworkPolicy) DeepCopy() *NetworkPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicy.
func (*NetworkPolicy) DeepCopyInto ¶
func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NetworkPolicy) DeepCopyObject ¶
func (in *NetworkPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NetworkPolicyList ¶
type NetworkPolicyList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` Items []NetworkPolicy `json:"items"` }
func (*NetworkPolicyList) DeepCopy ¶
func (in *NetworkPolicyList) DeepCopy() *NetworkPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyList.
func (*NetworkPolicyList) DeepCopyInto ¶
func (in *NetworkPolicyList) DeepCopyInto(out *NetworkPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*NetworkPolicyList) DeepCopyObject ¶
func (in *NetworkPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type NetworkPolicyPeer ¶
type NetworkPolicyPeer struct { // IPBlock describes the IPAddresses/IPBlocks that is matched in to/from. // IPBlock cannot be set as part of the AppliedTo field. // Cannot be set with any other selector. // +optional IPBlock *IPBlock `json:"ipBlock,omitempty"` // Select Pods from NetworkPolicy's Namespace as workloads in // AppliedTo/To/From fields. If set with NamespaceSelector, Pods are // matched from Namespaces matched by the NamespaceSelector. // Cannot be set with any other selector except NamespaceSelector. // +optional PodSelector *metav1.LabelSelector `json:"podSelector,omitempty"` // Select all Pods from Namespaces matched by this selector, as // workloads in To/From fields. If set with PodSelector, // Pods are matched from Namespaces matched by the NamespaceSelector. // Cannot be set with any other selector except PodSelector or // ExternalEntitySelector. // +optional NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` // Select ExternalEntities from NetworkPolicy's Namespace as workloads // in AppliedTo/To/From fields. If set with NamespaceSelector, // ExternalEntities are matched from Namespaces matched by the // NamespaceSelector. // Cannot be set with any other selector except NamespaceSelector. ExternalEntitySelector *metav1.LabelSelector `json:"externalEntitySelector,omitempty"` }
NetworkPolicyPeer describes the grouping selector of workloads.
func (*NetworkPolicyPeer) DeepCopy ¶
func (in *NetworkPolicyPeer) DeepCopy() *NetworkPolicyPeer
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPeer.
func (*NetworkPolicyPeer) DeepCopyInto ¶
func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPolicyPort ¶
type NetworkPolicyPort struct { // The protocol (TCP, UDP, or SCTP) which traffic must match. // If not specified, this field defaults to TCP. // +optional Protocol *v1.Protocol `json:"protocol"` // The port on the given protocol. This can either be a numerical // or named port on a Pod. If this field is not provided, this // matches all port names and numbers. // TODO: extend it to include Port Range. // +optional Port *intstr.IntOrString `json:"port"` }
NetworkPolicyPort describes the port and protocol to match in a rule.
func (*NetworkPolicyPort) DeepCopy ¶
func (in *NetworkPolicyPort) DeepCopy() *NetworkPolicyPort
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicyPort.
func (*NetworkPolicyPort) DeepCopyInto ¶
func (in *NetworkPolicyPort) DeepCopyInto(out *NetworkPolicyPort)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type NetworkPolicySpec ¶
type NetworkPolicySpec struct { // Tier specifies the tier to which this NetworkPolicy belongs to. // The NetworkPolicy order will be determined based on the combination of the // Tier's Priority and the NetworkPolicy's own Priority. If not specified, // this policy will be created in the Application Tier right above the K8s // NetworkPolicy which resides at the bottom. Tier string `json:"tier,omitempty"` // Priority specfies the order of the NetworkPolicy relative to other // NetworkPolicies. Priority float64 `json:"priority"` // Select workloads on which the rules will be applied to. AppliedTo []NetworkPolicyPeer `json:"appliedTo"` // Set of ingress rules evaluated based on the order in which they are set. // Currently Ingress rule supports setting the `From` field but not the `To` // field within a Rule. // +optional Ingress []Rule `json:"ingress"` // Set of egress rules evaluated based on the order in which they are set. // Currently Egress rule supports setting the `To` field but not the `From` // field within a Rule. // +optional Egress []Rule `json:"egress"` }
NetworkPolicySpec defines the desired state for NetworkPolicy.
func (*NetworkPolicySpec) DeepCopy ¶
func (in *NetworkPolicySpec) DeepCopy() *NetworkPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkPolicySpec.
func (*NetworkPolicySpec) DeepCopyInto ¶
func (in *NetworkPolicySpec) DeepCopyInto(out *NetworkPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Rule ¶
type Rule struct { // Action specifies the action to be applied on the rule. Action *RuleAction `json:"action"` // Set of port and protocol allowed/denied by the rule. If this field is unset // or empty, this rule matches all ports. // +optional Ports []NetworkPolicyPort `json:"ports"` // Rule is matched if traffic originates from workloads selected by // this field. If this field is empty, this rule matches all sources. // +optional From []NetworkPolicyPeer `json:"from"` // Rule is matched if traffic is intended for workloads selected by // this field. If this field is empty or missing, this rule matches all // destinations. // +optional To []NetworkPolicyPeer `json:"to"` }
Rule describes the traffic allowed to/from the workloads selected by Spec.AppliedTo. Based on the action specified in the rule, traffic is either allowed or denied which exactly match the specified ports and protocol.
func (*Rule) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.
func (*Rule) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RuleAction ¶
type RuleAction string
RuleAction describes the action to be applied on traffic matching a rule.
const ( // RuleActionAllow describes that rule matching traffic must be allowed. RuleActionAllow RuleAction = "Allow" // RuleActionDrop describes that rule matching traffic must be dropped. RuleActionDrop RuleAction = "Drop" )