Skip to content

Commit

Permalink
add aws/amazon-network-policy-controller-k8s
Browse files Browse the repository at this point in the history
Signed-off-by: Sebastian Hoß <[email protected]>
  • Loading branch information
sebhoss committed Feb 4, 2024
1 parent 6284c22 commit 05b2edb
Show file tree
Hide file tree
Showing 8 changed files with 350 additions and 0 deletions.
4 changes: 4 additions & 0 deletions .reuse/dep5
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,10 @@ Files: crd-catalog/authzed/spicedb-operator/*
Copyright: The authzed/spicedb-operator Authors
License: Apache-2.0

Files: crd-catalog/aws/amazon-network-policy-controller-k8s/*
Copyright: The aws/amazon-network-policy-controller-k8s Authors
License: Apache-2.0

Files: crd-catalog/aws/amazon-vpc-resource-controller-k8s/*
Copyright: The aws/amazon-vpc-resource-controller-k8s Authors
License: Apache-2.0
Expand Down
7 changes: 7 additions & 0 deletions code-generator/src/catalog.rs
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,13 @@ pub const CRD_V1_SOURCES: &'static [UpstreamSource] = &[
"https://github.com/authzed/spicedb-operator/blob/main/config/crds/authzed.com_spicedbclusters.yaml",
],
},
UpstreamSource {
project_name: "aws/amazon-network-policy-controller-k8s",
license: APACHE_V2,
urls: &[
"https://github.com/aws/amazon-network-policy-controller-k8s/blob/main/config/crd/bases/networking.k8s.aws_policyendpoints.yaml",
],
},
UpstreamSource {
project_name: "aws/amazon-vpc-resource-controller-k8s",
license: APACHE_V2,
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,188 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.11.3
name: policyendpoints.networking.k8s.aws
spec:
group: networking.k8s.aws
names:
kind: PolicyEndpoint
listKind: PolicyEndpointList
plural: policyendpoints
singular: policyendpoint
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: PolicyEndpoint is the Schema for the policyendpoints API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: PolicyEndpointSpec defines the desired state of PolicyEndpoint
properties:
egress:
description: Egress is the list of egress rules containing resolved network addresses
items:
description: EndpointInfo defines the network endpoint information for the policy ingress/egress
properties:
cidr:
description: CIDR is the network address(s) of the endpoint
type: string
except:
description: Except is the exceptions to the CIDR ranges mentioned above.
items:
type: string
type: array
ports:
description: Ports is the list of ports
items:
description: Port contains information about the transport port/protocol
properties:
endPort:
description: Endport specifies the port range port to endPort port must be defined and an integer, endPort > port
format: int32
type: integer
port:
description: Port specifies the numerical port for the protocol. If empty applies to all ports
format: int32
type: integer
protocol:
default: TCP
description: Protocol specifies the transport protocol, default TCP
type: string
type: object
type: array
required:
- cidr
type: object
type: array
ingress:
description: Ingress is the list of ingress rules containing resolved network addresses
items:
description: EndpointInfo defines the network endpoint information for the policy ingress/egress
properties:
cidr:
description: CIDR is the network address(s) of the endpoint
type: string
except:
description: Except is the exceptions to the CIDR ranges mentioned above.
items:
type: string
type: array
ports:
description: Ports is the list of ports
items:
description: Port contains information about the transport port/protocol
properties:
endPort:
description: Endport specifies the port range port to endPort port must be defined and an integer, endPort > port
format: int32
type: integer
port:
description: Port specifies the numerical port for the protocol. If empty applies to all ports
format: int32
type: integer
protocol:
default: TCP
description: Protocol specifies the transport protocol, default TCP
type: string
type: object
type: array
required:
- cidr
type: object
type: array
podIsolation:
description: PodIsolation specifies whether the pod needs to be isolated for a particular traffic direction Ingress or Egress, or both. If default isolation is not specified, and there are no ingress/egress rules, then the pod is not isolated from the point of view of this policy. This follows the NetworkPolicy spec.PolicyTypes.
items:
description: PolicyType string describes the NetworkPolicy type This type is beta-level in 1.8
type: string
type: array
podSelector:
description: PodSelector is the podSelector from the policy resource
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies to.
type: string
operator:
description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
podSelectorEndpoints:
description: PodSelectorEndpoints contains information about the pods matching the podSelector
items:
description: PodEndpoint defines the summary information for the pods
properties:
hostIP:
description: HostIP is the IP address of the host the pod is currently running on
type: string
name:
description: Name is the pod name
type: string
namespace:
description: Namespace is the pod namespace
type: string
podIP:
description: PodIP is the IP address of the pod
type: string
required:
- hostIP
- name
- namespace
- podIP
type: object
type: array
policyRef:
description: PolicyRef is a reference to the Kubernetes NetworkPolicy resource.
properties:
name:
description: Name is the name of the Policy
type: string
namespace:
description: Namespace is the namespace of the Policy
type: string
required:
- name
- namespace
type: object
required:
- policyRef
type: object
status:
description: PolicyEndpointStatus defines the observed state of PolicyEndpoint
type: object
type: object
served: true
storage: true
subresources:
status: {}
1 change: 1 addition & 0 deletions kube-custom-resources-rs/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,7 @@ nativestor_alauda_io = []
netchecks_io = []
network_openshift_io = []
network_operator_openshift_io = []
networking_k8s_aws = []
networking_karmada_io = []
nfd_k8s_sigs_io = []
nfd_kubernetes_io = []
Expand Down
7 changes: 7 additions & 0 deletions kube-custom-resources-rs/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1664,6 +1664,11 @@ apiVersion `network.openshift.io/v1`:
apiVersion `network.operator.openshift.io/v1`:
- `EgressRouter`
## networking_k8s_aws
apiVersion `networking.k8s.aws/v1alpha1`:
- `PolicyEndpoint`
## networking_karmada_io
apiVersion `networking.karmada.io/v1alpha1`:
Expand Down Expand Up @@ -2719,6 +2724,8 @@ pub mod netchecks_io;
pub mod network_openshift_io;
#[cfg(feature = "network_operator_openshift_io")]
pub mod network_operator_openshift_io;
#[cfg(feature = "networking_k8s_aws")]
pub mod networking_k8s_aws;
#[cfg(feature = "networking_karmada_io")]
pub mod networking_karmada_io;
#[cfg(feature = "nfd_k8s_sigs_io")]
Expand Down
1 change: 1 addition & 0 deletions kube-custom-resources-rs/src/networking_k8s_aws/mod.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
pub mod v1alpha1;
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
pub mod policyendpoints;
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
// WARNING: generated by kopium - manual changes will be overwritten
// kopium command: kopium --docs --filename=./crd-catalog/aws/amazon-network-policy-controller-k8s/networking.k8s.aws/v1alpha1/policyendpoints.yaml --derive=Default --derive=PartialEq
// kopium version: 0.16.5

use kube::CustomResource;
use serde::{Serialize, Deserialize};
use std::collections::BTreeMap;

/// PolicyEndpointSpec defines the desired state of PolicyEndpoint
#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[kube(group = "networking.k8s.aws", version = "v1alpha1", kind = "PolicyEndpoint", plural = "policyendpoints")]
#[kube(namespaced)]
#[kube(status = "PolicyEndpointStatus")]
#[kube(schema = "disabled")]
pub struct PolicyEndpointSpec {
/// Egress is the list of egress rules containing resolved network addresses
#[serde(default, skip_serializing_if = "Option::is_none")]
pub egress: Option<Vec<PolicyEndpointEgress>>,
/// Ingress is the list of ingress rules containing resolved network addresses
#[serde(default, skip_serializing_if = "Option::is_none")]
pub ingress: Option<Vec<PolicyEndpointIngress>>,
/// PodIsolation specifies whether the pod needs to be isolated for a particular traffic direction Ingress or Egress, or both. If default isolation is not specified, and there are no ingress/egress rules, then the pod is not isolated from the point of view of this policy. This follows the NetworkPolicy spec.PolicyTypes.
#[serde(default, skip_serializing_if = "Option::is_none", rename = "podIsolation")]
pub pod_isolation: Option<Vec<String>>,
/// PodSelector is the podSelector from the policy resource
#[serde(default, skip_serializing_if = "Option::is_none", rename = "podSelector")]
pub pod_selector: Option<PolicyEndpointPodSelector>,
/// PodSelectorEndpoints contains information about the pods matching the podSelector
#[serde(default, skip_serializing_if = "Option::is_none", rename = "podSelectorEndpoints")]
pub pod_selector_endpoints: Option<Vec<PolicyEndpointPodSelectorEndpoints>>,
/// PolicyRef is a reference to the Kubernetes NetworkPolicy resource.
#[serde(rename = "policyRef")]
pub policy_ref: PolicyEndpointPolicyRef,
}

/// EndpointInfo defines the network endpoint information for the policy ingress/egress
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct PolicyEndpointEgress {
/// CIDR is the network address(s) of the endpoint
pub cidr: String,
/// Except is the exceptions to the CIDR ranges mentioned above.
#[serde(default, skip_serializing_if = "Option::is_none")]
pub except: Option<Vec<String>>,
/// Ports is the list of ports
#[serde(default, skip_serializing_if = "Option::is_none")]
pub ports: Option<Vec<PolicyEndpointEgressPorts>>,
}

/// Port contains information about the transport port/protocol
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct PolicyEndpointEgressPorts {
/// Endport specifies the port range port to endPort port must be defined and an integer, endPort > port
#[serde(default, skip_serializing_if = "Option::is_none", rename = "endPort")]
pub end_port: Option<i32>,
/// Port specifies the numerical port for the protocol. If empty applies to all ports
#[serde(default, skip_serializing_if = "Option::is_none")]
pub port: Option<i32>,
/// Protocol specifies the transport protocol, default TCP
#[serde(default, skip_serializing_if = "Option::is_none")]
pub protocol: Option<String>,
}

/// EndpointInfo defines the network endpoint information for the policy ingress/egress
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct PolicyEndpointIngress {
/// CIDR is the network address(s) of the endpoint
pub cidr: String,
/// Except is the exceptions to the CIDR ranges mentioned above.
#[serde(default, skip_serializing_if = "Option::is_none")]
pub except: Option<Vec<String>>,
/// Ports is the list of ports
#[serde(default, skip_serializing_if = "Option::is_none")]
pub ports: Option<Vec<PolicyEndpointIngressPorts>>,
}

/// Port contains information about the transport port/protocol
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct PolicyEndpointIngressPorts {
/// Endport specifies the port range port to endPort port must be defined and an integer, endPort > port
#[serde(default, skip_serializing_if = "Option::is_none", rename = "endPort")]
pub end_port: Option<i32>,
/// Port specifies the numerical port for the protocol. If empty applies to all ports
#[serde(default, skip_serializing_if = "Option::is_none")]
pub port: Option<i32>,
/// Protocol specifies the transport protocol, default TCP
#[serde(default, skip_serializing_if = "Option::is_none")]
pub protocol: Option<String>,
}

/// PodSelector is the podSelector from the policy resource
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct PolicyEndpointPodSelector {
/// matchExpressions is a list of label selector requirements. The requirements are ANDed.
#[serde(default, skip_serializing_if = "Option::is_none", rename = "matchExpressions")]
pub match_expressions: Option<Vec<PolicyEndpointPodSelectorMatchExpressions>>,
/// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
#[serde(default, skip_serializing_if = "Option::is_none", rename = "matchLabels")]
pub match_labels: Option<BTreeMap<String, String>>,
}

/// A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct PolicyEndpointPodSelectorMatchExpressions {
/// key is the label key that the selector applies to.
pub key: String,
/// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
pub operator: String,
/// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
#[serde(default, skip_serializing_if = "Option::is_none")]
pub values: Option<Vec<String>>,
}

/// PodEndpoint defines the summary information for the pods
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct PolicyEndpointPodSelectorEndpoints {
/// HostIP is the IP address of the host the pod is currently running on
#[serde(rename = "hostIP")]
pub host_ip: String,
/// Name is the pod name
pub name: String,
/// Namespace is the pod namespace
pub namespace: String,
/// PodIP is the IP address of the pod
#[serde(rename = "podIP")]
pub pod_ip: String,
}

/// PolicyRef is a reference to the Kubernetes NetworkPolicy resource.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct PolicyEndpointPolicyRef {
/// Name is the name of the Policy
pub name: String,
/// Namespace is the namespace of the Policy
pub namespace: String,
}

/// PolicyEndpointStatus defines the observed state of PolicyEndpoint
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
pub struct PolicyEndpointStatus {
}

0 comments on commit 05b2edb

Please sign in to comment.