summaryrefslogtreecommitdiff
path: root/vendor/k8s.io/kubernetes/pkg/apis/networking/types.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/k8s.io/kubernetes/pkg/apis/networking/types.go')
-rw-r--r--vendor/k8s.io/kubernetes/pkg/apis/networking/types.go115
1 files changed, 115 insertions, 0 deletions
diff --git a/vendor/k8s.io/kubernetes/pkg/apis/networking/types.go b/vendor/k8s.io/kubernetes/pkg/apis/networking/types.go
new file mode 100644
index 000000000..f889543ed
--- /dev/null
+++ b/vendor/k8s.io/kubernetes/pkg/apis/networking/types.go
@@ -0,0 +1,115 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package networking
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/util/intstr"
+ "k8s.io/kubernetes/pkg/api"
+)
+
+// +genclient=true
+
+// NetworkPolicy describes what network traffic is allowed for a set of Pods
+type NetworkPolicy struct {
+ metav1.TypeMeta
+ // +optional
+ metav1.ObjectMeta
+
+ // Specification of the desired behavior for this NetworkPolicy.
+ // +optional
+ Spec NetworkPolicySpec
+}
+
+// NetworkPolicySpec provides the specification of a NetworkPolicy
+type NetworkPolicySpec struct {
+ // Selects the pods to which this NetworkPolicy object applies. The array of
+ // ingress rules is applied to any pods selected by this field. Multiple network
+ // policies can select the same set of pods. In this case, the ingress rules for
+ // each are combined additively. This field is NOT optional and follows standard
+ // label selector semantics. An empty podSelector matches all pods in this
+ // namespace.
+ PodSelector metav1.LabelSelector
+
+ // List of ingress rules to be applied to the selected pods. Traffic is allowed to
+ // a pod if there are no NetworkPolicies selecting the pod
+ // (and cluster policy otherwise allows the traffic), OR if the traffic source is
+ // the pod's local node, OR if the traffic matches at least one ingress rule
+ // across all of the NetworkPolicy objects whose podSelector matches the pod. If
+ // this field is empty then this NetworkPolicy does not allow any traffic (and serves
+ // solely to ensure that the pods it selects are isolated by default)
+ // +optional
+ Ingress []NetworkPolicyIngressRule
+}
+
+// NetworkPolicyIngressRule describes a particular set of traffic that is allowed to the pods
+// matched by a NetworkPolicySpec's podSelector. The traffic must match both ports and from.
+type NetworkPolicyIngressRule struct {
+ // List of ports which should be made accessible on the pods selected for this
+ // rule. Each item in this list is combined using a logical OR. If this field is
+ // empty or missing, this rule matches all ports (traffic not restricted by port).
+ // If this field is present and contains at least one item, then this rule allows
+ // traffic only if the traffic matches at least one port in the list.
+ // +optional
+ Ports []NetworkPolicyPort
+
+ // List of sources which should be able to access the pods selected for this rule.
+ // Items in this list are combined using a logical OR operation. If this field is
+ // empty or missing, this rule matches all sources (traffic not restricted by
+ // source). If this field is present and contains at least on item, this rule
+ // allows traffic only if the traffic matches at least one item in the from list.
+ // +optional
+ From []NetworkPolicyPeer
+}
+
+// NetworkPolicyPort describes a port to allow traffic on
+type NetworkPolicyPort struct {
+ // The protocol (TCP or UDP) which traffic must match. If not specified, this
+ // field defaults to TCP.
+ // +optional
+ Protocol *api.Protocol
+
+ // The port on the given protocol. This can either be a numerical or named port on
+ // a pod. If this field is not provided, this matches all port names and numbers.
+ // +optional
+ Port *intstr.IntOrString
+}
+
+// NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields
+// must be specified.
+type NetworkPolicyPeer struct {
+ // This is a label selector which selects Pods in this namespace. This field
+ // follows standard label selector semantics. If present but empty, this selector
+ // selects all pods in this namespace.
+ // +optional
+ PodSelector *metav1.LabelSelector
+
+ // Selects Namespaces using cluster scoped-labels. This matches all pods in all
+ // namespaces selected by this label selector. This field follows standard label
+ // selector semantics. If present but empty, this selector selects all namespaces.
+ // +optional
+ NamespaceSelector *metav1.LabelSelector
+}
+
+// NetworkPolicyList is a list of NetworkPolicy objects.
+type NetworkPolicyList struct {
+ metav1.TypeMeta
+ // +optional
+ metav1.ListMeta
+
+ Items []NetworkPolicy
+}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-10-21 01:36:11 +0000