Update NetworkPolicy comments to reflect reality.

NetworkPolicy has been implemented with no distinction between nil and
empty Ports/From, and we don't intend to change that now.
This commit is contained in:
Dan Winship 2016-12-16 09:38:55 -05:00
parent 19b8be8b7d
commit 1940941dbb
4 changed files with 4 additions and 18 deletions

View File

@ -1061,21 +1061,17 @@ type NetworkPolicySpec struct {
type NetworkPolicyIngressRule struct {
// List of ports which should be made accessible on the pods selected for this rule.
// Each item in this list is combined using a logical OR.
// If this field is not provided, this rule matches all ports (traffic not restricted by port).
// If this field is empty, this rule matches no ports (no traffic matches).
// If this field is empty or missing, this rule matches all ports (traffic not restricted by port).
// If this field is present and contains at least one item, then this rule allows traffic
// only if the traffic matches at least one port in the list.
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
// +optional
Ports []NetworkPolicyPort
// List of sources which should be able to access the pods selected for this rule.
// Items in this list are combined using a logical OR operation.
// If this field is not provided, this rule matches all sources (traffic not restricted by source).
// If this field is empty, this rule matches no sources (no traffic matches).
// If this field is empty or missing, this rule matches all sources (traffic not restricted by source).
// If this field is present and contains at least on item, this rule allows traffic only if the
// traffic matches at least one item in the from list.
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
// +optional
From []NetworkPolicyPeer
}
@ -1100,7 +1096,6 @@ type NetworkPolicyPeer struct {
// This is a label selector which selects Pods in this namespace.
// This field follows standard label selector semantics.
// If not provided, this selector selects no pods.
// If present but empty, this selector selects all pods in this namespace.
// +optional
PodSelector *metav1.LabelSelector
@ -1108,7 +1103,6 @@ type NetworkPolicyPeer struct {
// Selects Namespaces using cluster scoped-labels. This
// matches all pods in all namespaces selected by this label selector.
// This field follows standard label selector semantics.
// If omitted, this selector selects no namespaces.
// If present but empty, this selector selects all namespaces.
// +optional
NamespaceSelector *metav1.LabelSelector

View File

@ -127,7 +127,6 @@ func SetDefaults_ReplicaSet(obj *ReplicaSet) {
func SetDefaults_NetworkPolicy(obj *NetworkPolicy) {
// Default any undefined Protocol fields to TCP.
for _, i := range obj.Spec.Ingress {
// TODO: Update Ports to be a pointer to slice as soon as auto-generation supports it.
for _, p := range i.Ports {
if p.Protocol == nil {
proto := v1.ProtocolTCP

View File

@ -1085,21 +1085,17 @@ type NetworkPolicySpec struct {
type NetworkPolicyIngressRule struct {
// List of ports which should be made accessible on the pods selected for this rule.
// Each item in this list is combined using a logical OR.
// If this field is not provided, this rule matches all ports (traffic not restricted by port).
// If this field is empty, this rule matches no ports (no traffic matches).
// If this field is empty or missing, this rule matches all ports (traffic not restricted by port).
// If this field is present and contains at least one item, then this rule allows traffic
// only if the traffic matches at least one port in the list.
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
// +optional
Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"`
// List of sources which should be able to access the pods selected for this rule.
// Items in this list are combined using a logical OR operation.
// If this field is not provided, this rule matches all sources (traffic not restricted by source).
// If this field is empty, this rule matches no sources (no traffic matches).
// If this field is empty or missing, this rule matches all sources (traffic not restricted by source).
// If this field is present and contains at least on item, this rule allows traffic only if the
// traffic matches at least one item in the from list.
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
// +optional
From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"`
}
@ -1124,7 +1120,6 @@ type NetworkPolicyPeer struct {
// This is a label selector which selects Pods in this namespace.
// This field follows standard label selector semantics.
// If not provided, this selector selects no pods.
// If present but empty, this selector selects all pods in this namespace.
// +optional
PodSelector *metav1.LabelSelector `json:"podSelector,omitempty" protobuf:"bytes,1,opt,name=podSelector"`
@ -1132,7 +1127,6 @@ type NetworkPolicyPeer struct {
// Selects Namespaces using cluster scoped-labels. This
// matches all pods in all namespaces selected by this label selector.
// This field follows standard label selector semantics.
// If omitted, this selector selects no namespaces.
// If present but empty, this selector selects all namespaces.
// +optional
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"`

View File

@ -921,7 +921,6 @@ func ValidateNetworkPolicySpec(spec *extensions.NetworkPolicySpec, fldPath *fiel
}
}
}
// TODO: Update From to be a pointer to slice as soon as auto-generation supports it.
for i, from := range ingress.From {
fromPath := ingressPath.Child("from").Index(i)
numFroms := 0