-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add aws/amazon-network-policy-controller-k8s
Signed-off-by: Sebastian Hoß <[email protected]>
- Loading branch information
Showing
8 changed files
with
350 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
188 changes: 188 additions & 0 deletions
188
...aws/amazon-network-policy-controller-k8s/networking.k8s.aws/v1alpha1/policyendpoints.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,188 @@ | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
controller-gen.kubebuilder.io/version: v0.11.3 | ||
name: policyendpoints.networking.k8s.aws | ||
spec: | ||
group: networking.k8s.aws | ||
names: | ||
kind: PolicyEndpoint | ||
listKind: PolicyEndpointList | ||
plural: policyendpoints | ||
singular: policyendpoint | ||
scope: Namespaced | ||
versions: | ||
- name: v1alpha1 | ||
schema: | ||
openAPIV3Schema: | ||
description: PolicyEndpoint is the Schema for the policyendpoints API | ||
properties: | ||
apiVersion: | ||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | ||
type: string | ||
kind: | ||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | ||
type: string | ||
metadata: | ||
type: object | ||
spec: | ||
description: PolicyEndpointSpec defines the desired state of PolicyEndpoint | ||
properties: | ||
egress: | ||
description: Egress is the list of egress rules containing resolved network addresses | ||
items: | ||
description: EndpointInfo defines the network endpoint information for the policy ingress/egress | ||
properties: | ||
cidr: | ||
description: CIDR is the network address(s) of the endpoint | ||
type: string | ||
except: | ||
description: Except is the exceptions to the CIDR ranges mentioned above. | ||
items: | ||
type: string | ||
type: array | ||
ports: | ||
description: Ports is the list of ports | ||
items: | ||
description: Port contains information about the transport port/protocol | ||
properties: | ||
endPort: | ||
description: Endport specifies the port range port to endPort port must be defined and an integer, endPort > port | ||
format: int32 | ||
type: integer | ||
port: | ||
description: Port specifies the numerical port for the protocol. If empty applies to all ports | ||
format: int32 | ||
type: integer | ||
protocol: | ||
default: TCP | ||
description: Protocol specifies the transport protocol, default TCP | ||
type: string | ||
type: object | ||
type: array | ||
required: | ||
- cidr | ||
type: object | ||
type: array | ||
ingress: | ||
description: Ingress is the list of ingress rules containing resolved network addresses | ||
items: | ||
description: EndpointInfo defines the network endpoint information for the policy ingress/egress | ||
properties: | ||
cidr: | ||
description: CIDR is the network address(s) of the endpoint | ||
type: string | ||
except: | ||
description: Except is the exceptions to the CIDR ranges mentioned above. | ||
items: | ||
type: string | ||
type: array | ||
ports: | ||
description: Ports is the list of ports | ||
items: | ||
description: Port contains information about the transport port/protocol | ||
properties: | ||
endPort: | ||
description: Endport specifies the port range port to endPort port must be defined and an integer, endPort > port | ||
format: int32 | ||
type: integer | ||
port: | ||
description: Port specifies the numerical port for the protocol. If empty applies to all ports | ||
format: int32 | ||
type: integer | ||
protocol: | ||
default: TCP | ||
description: Protocol specifies the transport protocol, default TCP | ||
type: string | ||
type: object | ||
type: array | ||
required: | ||
- cidr | ||
type: object | ||
type: array | ||
podIsolation: | ||
description: PodIsolation specifies whether the pod needs to be isolated for a particular traffic direction Ingress or Egress, or both. If default isolation is not specified, and there are no ingress/egress rules, then the pod is not isolated from the point of view of this policy. This follows the NetworkPolicy spec.PolicyTypes. | ||
items: | ||
description: PolicyType string describes the NetworkPolicy type This type is beta-level in 1.8 | ||
type: string | ||
type: array | ||
podSelector: | ||
description: PodSelector is the podSelector from the policy resource | ||
properties: | ||
matchExpressions: | ||
description: matchExpressions is a list of label selector requirements. The requirements are ANDed. | ||
items: | ||
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. | ||
properties: | ||
key: | ||
description: key is the label key that the selector applies to. | ||
type: string | ||
operator: | ||
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. | ||
type: string | ||
values: | ||
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. | ||
items: | ||
type: string | ||
type: array | ||
required: | ||
- key | ||
- operator | ||
type: object | ||
type: array | ||
matchLabels: | ||
additionalProperties: | ||
type: string | ||
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. | ||
type: object | ||
type: object | ||
x-kubernetes-map-type: atomic | ||
podSelectorEndpoints: | ||
description: PodSelectorEndpoints contains information about the pods matching the podSelector | ||
items: | ||
description: PodEndpoint defines the summary information for the pods | ||
properties: | ||
hostIP: | ||
description: HostIP is the IP address of the host the pod is currently running on | ||
type: string | ||
name: | ||
description: Name is the pod name | ||
type: string | ||
namespace: | ||
description: Namespace is the pod namespace | ||
type: string | ||
podIP: | ||
description: PodIP is the IP address of the pod | ||
type: string | ||
required: | ||
- hostIP | ||
- name | ||
- namespace | ||
- podIP | ||
type: object | ||
type: array | ||
policyRef: | ||
description: PolicyRef is a reference to the Kubernetes NetworkPolicy resource. | ||
properties: | ||
name: | ||
description: Name is the name of the Policy | ||
type: string | ||
namespace: | ||
description: Namespace is the namespace of the Policy | ||
type: string | ||
required: | ||
- name | ||
- namespace | ||
type: object | ||
required: | ||
- policyRef | ||
type: object | ||
status: | ||
description: PolicyEndpointStatus defines the observed state of PolicyEndpoint | ||
type: object | ||
type: object | ||
served: true | ||
storage: true | ||
subresources: | ||
status: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
pub mod v1alpha1; |
1 change: 1 addition & 0 deletions
1
kube-custom-resources-rs/src/networking_k8s_aws/v1alpha1/mod.rs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
pub mod policyendpoints; |
141 changes: 141 additions & 0 deletions
141
kube-custom-resources-rs/src/networking_k8s_aws/v1alpha1/policyendpoints.rs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,141 @@ | ||
// WARNING: generated by kopium - manual changes will be overwritten | ||
// kopium command: kopium --docs --filename=./crd-catalog/aws/amazon-network-policy-controller-k8s/networking.k8s.aws/v1alpha1/policyendpoints.yaml --derive=Default --derive=PartialEq | ||
// kopium version: 0.16.5 | ||
|
||
use kube::CustomResource; | ||
use serde::{Serialize, Deserialize}; | ||
use std::collections::BTreeMap; | ||
|
||
/// PolicyEndpointSpec defines the desired state of PolicyEndpoint | ||
#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)] | ||
#[kube(group = "networking.k8s.aws", version = "v1alpha1", kind = "PolicyEndpoint", plural = "policyendpoints")] | ||
#[kube(namespaced)] | ||
#[kube(status = "PolicyEndpointStatus")] | ||
#[kube(schema = "disabled")] | ||
pub struct PolicyEndpointSpec { | ||
/// Egress is the list of egress rules containing resolved network addresses | ||
#[serde(default, skip_serializing_if = "Option::is_none")] | ||
pub egress: Option<Vec<PolicyEndpointEgress>>, | ||
/// Ingress is the list of ingress rules containing resolved network addresses | ||
#[serde(default, skip_serializing_if = "Option::is_none")] | ||
pub ingress: Option<Vec<PolicyEndpointIngress>>, | ||
/// PodIsolation specifies whether the pod needs to be isolated for a particular traffic direction Ingress or Egress, or both. If default isolation is not specified, and there are no ingress/egress rules, then the pod is not isolated from the point of view of this policy. This follows the NetworkPolicy spec.PolicyTypes. | ||
#[serde(default, skip_serializing_if = "Option::is_none", rename = "podIsolation")] | ||
pub pod_isolation: Option<Vec<String>>, | ||
/// PodSelector is the podSelector from the policy resource | ||
#[serde(default, skip_serializing_if = "Option::is_none", rename = "podSelector")] | ||
pub pod_selector: Option<PolicyEndpointPodSelector>, | ||
/// PodSelectorEndpoints contains information about the pods matching the podSelector | ||
#[serde(default, skip_serializing_if = "Option::is_none", rename = "podSelectorEndpoints")] | ||
pub pod_selector_endpoints: Option<Vec<PolicyEndpointPodSelectorEndpoints>>, | ||
/// PolicyRef is a reference to the Kubernetes NetworkPolicy resource. | ||
#[serde(rename = "policyRef")] | ||
pub policy_ref: PolicyEndpointPolicyRef, | ||
} | ||
|
||
/// EndpointInfo defines the network endpoint information for the policy ingress/egress | ||
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] | ||
pub struct PolicyEndpointEgress { | ||
/// CIDR is the network address(s) of the endpoint | ||
pub cidr: String, | ||
/// Except is the exceptions to the CIDR ranges mentioned above. | ||
#[serde(default, skip_serializing_if = "Option::is_none")] | ||
pub except: Option<Vec<String>>, | ||
/// Ports is the list of ports | ||
#[serde(default, skip_serializing_if = "Option::is_none")] | ||
pub ports: Option<Vec<PolicyEndpointEgressPorts>>, | ||
} | ||
|
||
/// Port contains information about the transport port/protocol | ||
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] | ||
pub struct PolicyEndpointEgressPorts { | ||
/// Endport specifies the port range port to endPort port must be defined and an integer, endPort > port | ||
#[serde(default, skip_serializing_if = "Option::is_none", rename = "endPort")] | ||
pub end_port: Option<i32>, | ||
/// Port specifies the numerical port for the protocol. If empty applies to all ports | ||
#[serde(default, skip_serializing_if = "Option::is_none")] | ||
pub port: Option<i32>, | ||
/// Protocol specifies the transport protocol, default TCP | ||
#[serde(default, skip_serializing_if = "Option::is_none")] | ||
pub protocol: Option<String>, | ||
} | ||
|
||
/// EndpointInfo defines the network endpoint information for the policy ingress/egress | ||
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] | ||
pub struct PolicyEndpointIngress { | ||
/// CIDR is the network address(s) of the endpoint | ||
pub cidr: String, | ||
/// Except is the exceptions to the CIDR ranges mentioned above. | ||
#[serde(default, skip_serializing_if = "Option::is_none")] | ||
pub except: Option<Vec<String>>, | ||
/// Ports is the list of ports | ||
#[serde(default, skip_serializing_if = "Option::is_none")] | ||
pub ports: Option<Vec<PolicyEndpointIngressPorts>>, | ||
} | ||
|
||
/// Port contains information about the transport port/protocol | ||
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] | ||
pub struct PolicyEndpointIngressPorts { | ||
/// Endport specifies the port range port to endPort port must be defined and an integer, endPort > port | ||
#[serde(default, skip_serializing_if = "Option::is_none", rename = "endPort")] | ||
pub end_port: Option<i32>, | ||
/// Port specifies the numerical port for the protocol. If empty applies to all ports | ||
#[serde(default, skip_serializing_if = "Option::is_none")] | ||
pub port: Option<i32>, | ||
/// Protocol specifies the transport protocol, default TCP | ||
#[serde(default, skip_serializing_if = "Option::is_none")] | ||
pub protocol: Option<String>, | ||
} | ||
|
||
/// PodSelector is the podSelector from the policy resource | ||
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] | ||
pub struct PolicyEndpointPodSelector { | ||
/// matchExpressions is a list of label selector requirements. The requirements are ANDed. | ||
#[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")] | ||
pub match_expressions: Option<Vec<PolicyEndpointPodSelectorMatchExpressions>>, | ||
/// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. | ||
#[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")] | ||
pub match_labels: Option<BTreeMap<String, String>>, | ||
} | ||
|
||
/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. | ||
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] | ||
pub struct PolicyEndpointPodSelectorMatchExpressions { | ||
/// key is the label key that the selector applies to. | ||
pub key: String, | ||
/// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. | ||
pub operator: String, | ||
/// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. | ||
#[serde(default, skip_serializing_if = "Option::is_none")] | ||
pub values: Option<Vec<String>>, | ||
} | ||
|
||
/// PodEndpoint defines the summary information for the pods | ||
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] | ||
pub struct PolicyEndpointPodSelectorEndpoints { | ||
/// HostIP is the IP address of the host the pod is currently running on | ||
#[serde(rename = "hostIP")] | ||
pub host_ip: String, | ||
/// Name is the pod name | ||
pub name: String, | ||
/// Namespace is the pod namespace | ||
pub namespace: String, | ||
/// PodIP is the IP address of the pod | ||
#[serde(rename = "podIP")] | ||
pub pod_ip: String, | ||
} | ||
|
||
/// PolicyRef is a reference to the Kubernetes NetworkPolicy resource. | ||
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] | ||
pub struct PolicyEndpointPolicyRef { | ||
/// Name is the name of the Policy | ||
pub name: String, | ||
/// Namespace is the namespace of the Policy | ||
pub namespace: String, | ||
} | ||
|
||
/// PolicyEndpointStatus defines the observed state of PolicyEndpoint | ||
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)] | ||
pub struct PolicyEndpointStatus { | ||
} | ||
|