Skip to content

Commit

Permalink
Bump to 1.31.1 kube
Browse files Browse the repository at this point in the history 
Signed-off-by: Surya Seetharaman <[email protected]>
  • Loading branch information
@tssurya
tssurya committed Oct 22, 2024
1 parent dfafbc5 commit d76b811
Show file tree
Hide file tree
Showing 33 changed files with 312 additions and 787 deletions.
5 changes: 3 additions & 2 deletions apis/v1alpha1/shared_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ type AdminNetworkPolicyPort struct {
type Port struct {
// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
// match. If not specified, this field defaults to TCP.
// +kubebuilder:default=TCP
//
// Support: Core
//
Expand All @@ -96,6 +97,7 @@ type Port struct {
type PortRange struct {
// Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
// match. If not specified, this field defaults to TCP.
// +kubebuilder:default=TCP
//
// Support: Core
//
Expand Down Expand Up @@ -145,8 +147,7 @@ type AdminNetworkPolicyIngressPeer struct {
}

// CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8").
// This string must be validated by implementations using net.ParseCIDR
// TODO: Introduce CEL CIDR validation regex isCIDR() in Kube 1.31 when it is available.
// +kubebuilder:validation:XValidation:rule="isCIDR(self)",message="Invalid CIDR format provided"
// +kubebuilder:validation:XValidation:rule="self.contains(':') != self.contains('.')",message="CIDR must be either an IPv4 or IPv6 address. IPv4 address embedded in IPv6 addresses are not supported"
// +kubebuilder:validation:MaxLength=43
type CIDR string
74 changes: 7 additions & 67 deletions config/crd/experimental/policy.networking.k8s.io_adminnetworkpolicies.yaml
View file

Large diffs are not rendered by default.

65 changes: 7 additions & 58 deletions config/crd/experimental/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@ spec:
would take the highest precedence.
BANPs with no egress rules do not affect egress traffic.
Support: Core
items:
description: |-
Expand All @@ -76,7 +75,6 @@ spec:
Allow: allows the selected traffic
Deny: denies the selected traffic
Support: Core
enum:
- Allow
Expand All @@ -89,7 +87,6 @@ spec:
improve observability, readability and error-reporting for any applied
BaselineAdminNetworkPolicies.
Support: Core
maxLength: 100
type: string
Expand All @@ -109,24 +106,20 @@ spec:
description: |-
NamedPort selects a port on a pod(s) based on name.
Support: Extended
<network-policy-api:experimental>
type: string
portNumber:
description: |-
Port selects a port on a pod(s) based on number.
Support: Core
properties:
port:
description: |-
Number defines a network port value.
Support: Core
format: int32
maximum: 65535
Expand All @@ -138,7 +131,6 @@ spec:
Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
match. If not specified, this field defaults to TCP.
Support: Core
type: string
required:
Expand All @@ -150,15 +142,13 @@ spec:
PortRange selects a port range on a pod(s) based on provided start and end
values.
Support: Core
properties:
end:
description: |-
End defines a network port that is the end of a port range, the End value
must be greater than Start.
Support: Core
format: int32
maximum: 65535
Expand All @@ -170,15 +160,13 @@ spec:
Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
match. If not specified, this field defaults to TCP.
Support: Core
type: string
start:
description: |-
Start defines a network port that is the start of a port range, the Start
value must be less than End.
Support: Core
format: int32
maximum: 65535
Expand All @@ -199,7 +187,6 @@ spec:
traffic then the specified action is applied.
This field must be defined and contain at least one item.
Support: Core
items:
description: |-
Expand All @@ -215,7 +202,6 @@ spec:
Namespaces defines a way to select all pods within a set of Namespaces.
Note that host-networked pods are not included in this type of peer.
Support: Core
properties:
matchExpressions:
Expand Down Expand Up @@ -271,26 +257,22 @@ spec:
or deny all IPv4 pod-to-pod traffic as well. If you don't want that,
add a rule that Passes all pod traffic before the Networks rule.
Each item in Networks should be provided in the CIDR format and should be
IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8".
Networks can have upto 25 CIDRs specified.
Support: Extended
<network-policy-api:experimental>
items:
description: |-
CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8").
This string must be validated by implementations using net.ParseCIDR
TODO: Introduce CEL CIDR validation regex isCIDR() in Kube 1.31 when it is available.
description: CIDR is an IP address range in CIDR notation
(for example, "10.0.0.0/8" or "fd00::/8").
maxLength: 43
type: string
x-kubernetes-validations:
- message: Invalid CIDR format provided
rule: isCIDR(self)
- message: CIDR must be either an IPv4 or IPv6 address.
IPv4 address embedded in IPv6 addresses are not
supported
Expand All @@ -305,10 +287,8 @@ spec:
the cluster. This field follows standard label selector
semantics; if present but empty, it selects all Nodes.
Support: Extended
<network-policy-api:experimental>
properties:
matchExpressions:
Expand Down Expand Up @@ -360,7 +340,6 @@ spec:
a set of namespaces. Note that host-networked pods
are not included in this type of peer.
Support: Core
properties:
namespaceSelector:
Expand Down Expand Up @@ -491,7 +470,6 @@ spec:
would take the highest precedence.
BANPs with no ingress rules do not affect ingress traffic.
Support: Core
items:
description: |-
Expand All @@ -506,7 +484,6 @@ spec:
Allow: allows the selected traffic
Deny: denies the selected traffic
Support: Core
enum:
- Allow
Expand All @@ -519,7 +496,6 @@ spec:
traffic then the specified action is applied.
This field must be defined and contain at least one item.
Support: Core
items:
description: |-
Expand All @@ -535,7 +511,6 @@ spec:
Namespaces defines a way to select all pods within a set of Namespaces.
Note that host-networked pods are not included in this type of peer.
Support: Core
properties:
matchExpressions:
Expand Down Expand Up @@ -587,7 +562,6 @@ spec:
a set of namespaces. Note that host-networked pods
are not included in this type of peer.
Support: Core
properties:
namespaceSelector:
Expand Down Expand Up @@ -703,7 +677,6 @@ spec:
improve observability, readability and error-reporting for any applied
BaselineAdminNetworkPolicies.
Support: Core
maxLength: 100
type: string
Expand All @@ -715,7 +688,6 @@ spec:
So it matches on the destination port for the ingress traffic.
If Ports is not set then the rule does not filter traffic via port.
Support: Core
items:
description: |-
Expand All @@ -728,24 +700,20 @@ spec:
description: |-
NamedPort selects a port on a pod(s) based on name.
Support: Extended
<network-policy-api:experimental>
type: string
portNumber:
description: |-
Port selects a port on a pod(s) based on number.
Support: Core
properties:
port:
description: |-
Number defines a network port value.
Support: Core
format: int32
maximum: 65535
Expand All @@ -757,7 +725,6 @@ spec:
Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
match. If not specified, this field defaults to TCP.
Support: Core
type: string
required:
Expand All @@ -769,15 +736,13 @@ spec:
PortRange selects a port range on a pod(s) based on provided start and end
values.
Support: Core
properties:
end:
description: |-
End defines a network port that is the end of a port range, the End value
must be greater than Start.
Support: Core
format: int32
maximum: 65535
Expand All @@ -789,15 +754,13 @@ spec:
Protocol is the network protocol (TCP, UDP, or SCTP) which traffic must
match. If not specified, this field defaults to TCP.
Support: Core
type: string
start:
description: |-
Start defines a network port that is the start of a port range, the Start
value must be less than End.
Support: Core
format: int32
maximum: 65535
Expand All @@ -822,7 +785,6 @@ spec:
Subject defines the pods to which this BaselineAdminNetworkPolicy applies.
Note that host-networked pods are not included in subject selection.
Support: Core
maxProperties: 1
minProperties: 1
Expand Down Expand Up @@ -986,16 +948,8 @@ spec:
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
Expand Down Expand Up @@ -1036,12 +990,7 @@ spec:
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
Expand Down
Loading

0 comments on commit d76b811

Please sign in to comment.