mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 20:24:09 +00:00
Update NetworkPolicy comments to reflect reality.
NetworkPolicy has been implemented with no distinction between nil and empty Ports/From, and we don't intend to change that now.
This commit is contained in:
parent
19b8be8b7d
commit
1940941dbb
@ -1061,21 +1061,17 @@ type NetworkPolicySpec struct {
|
||||
type NetworkPolicyIngressRule struct {
|
||||
// List of ports which should be made accessible on the pods selected for this rule.
|
||||
// Each item in this list is combined using a logical OR.
|
||||
// If this field is not provided, this rule matches all ports (traffic not restricted by port).
|
||||
// If this field is empty, this rule matches no ports (no traffic matches).
|
||||
// If this field is empty or missing, this rule matches all ports (traffic not restricted by port).
|
||||
// If this field is present and contains at least one item, then this rule allows traffic
|
||||
// only if the traffic matches at least one port in the list.
|
||||
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
|
||||
// +optional
|
||||
Ports []NetworkPolicyPort
|
||||
|
||||
// List of sources which should be able to access the pods selected for this rule.
|
||||
// Items in this list are combined using a logical OR operation.
|
||||
// If this field is not provided, this rule matches all sources (traffic not restricted by source).
|
||||
// If this field is empty, this rule matches no sources (no traffic matches).
|
||||
// If this field is empty or missing, this rule matches all sources (traffic not restricted by source).
|
||||
// If this field is present and contains at least on item, this rule allows traffic only if the
|
||||
// traffic matches at least one item in the from list.
|
||||
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
|
||||
// +optional
|
||||
From []NetworkPolicyPeer
|
||||
}
|
||||
@ -1100,7 +1096,6 @@ type NetworkPolicyPeer struct {
|
||||
|
||||
// This is a label selector which selects Pods in this namespace.
|
||||
// This field follows standard label selector semantics.
|
||||
// If not provided, this selector selects no pods.
|
||||
// If present but empty, this selector selects all pods in this namespace.
|
||||
// +optional
|
||||
PodSelector *metav1.LabelSelector
|
||||
@ -1108,7 +1103,6 @@ type NetworkPolicyPeer struct {
|
||||
// Selects Namespaces using cluster scoped-labels. This
|
||||
// matches all pods in all namespaces selected by this label selector.
|
||||
// This field follows standard label selector semantics.
|
||||
// If omitted, this selector selects no namespaces.
|
||||
// If present but empty, this selector selects all namespaces.
|
||||
// +optional
|
||||
NamespaceSelector *metav1.LabelSelector
|
||||
|
@ -127,7 +127,6 @@ func SetDefaults_ReplicaSet(obj *ReplicaSet) {
|
||||
func SetDefaults_NetworkPolicy(obj *NetworkPolicy) {
|
||||
// Default any undefined Protocol fields to TCP.
|
||||
for _, i := range obj.Spec.Ingress {
|
||||
// TODO: Update Ports to be a pointer to slice as soon as auto-generation supports it.
|
||||
for _, p := range i.Ports {
|
||||
if p.Protocol == nil {
|
||||
proto := v1.ProtocolTCP
|
||||
|
@ -1085,21 +1085,17 @@ type NetworkPolicySpec struct {
|
||||
type NetworkPolicyIngressRule struct {
|
||||
// List of ports which should be made accessible on the pods selected for this rule.
|
||||
// Each item in this list is combined using a logical OR.
|
||||
// If this field is not provided, this rule matches all ports (traffic not restricted by port).
|
||||
// If this field is empty, this rule matches no ports (no traffic matches).
|
||||
// If this field is empty or missing, this rule matches all ports (traffic not restricted by port).
|
||||
// If this field is present and contains at least one item, then this rule allows traffic
|
||||
// only if the traffic matches at least one port in the list.
|
||||
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
|
||||
// +optional
|
||||
Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"`
|
||||
|
||||
// List of sources which should be able to access the pods selected for this rule.
|
||||
// Items in this list are combined using a logical OR operation.
|
||||
// If this field is not provided, this rule matches all sources (traffic not restricted by source).
|
||||
// If this field is empty, this rule matches no sources (no traffic matches).
|
||||
// If this field is empty or missing, this rule matches all sources (traffic not restricted by source).
|
||||
// If this field is present and contains at least on item, this rule allows traffic only if the
|
||||
// traffic matches at least one item in the from list.
|
||||
// TODO: Update this to be a pointer to slice as soon as auto-generation supports it.
|
||||
// +optional
|
||||
From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"`
|
||||
}
|
||||
@ -1124,7 +1120,6 @@ type NetworkPolicyPeer struct {
|
||||
|
||||
// This is a label selector which selects Pods in this namespace.
|
||||
// This field follows standard label selector semantics.
|
||||
// If not provided, this selector selects no pods.
|
||||
// If present but empty, this selector selects all pods in this namespace.
|
||||
// +optional
|
||||
PodSelector *metav1.LabelSelector `json:"podSelector,omitempty" protobuf:"bytes,1,opt,name=podSelector"`
|
||||
@ -1132,7 +1127,6 @@ type NetworkPolicyPeer struct {
|
||||
// Selects Namespaces using cluster scoped-labels. This
|
||||
// matches all pods in all namespaces selected by this label selector.
|
||||
// This field follows standard label selector semantics.
|
||||
// If omitted, this selector selects no namespaces.
|
||||
// If present but empty, this selector selects all namespaces.
|
||||
// +optional
|
||||
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"`
|
||||
|
@ -921,7 +921,6 @@ func ValidateNetworkPolicySpec(spec *extensions.NetworkPolicySpec, fldPath *fiel
|
||||
}
|
||||
}
|
||||
}
|
||||
// TODO: Update From to be a pointer to slice as soon as auto-generation supports it.
|
||||
for i, from := range ingress.From {
|
||||
fromPath := ingressPath.Child("from").Index(i)
|
||||
numFroms := 0
|
||||
|
Loading…
Reference in New Issue
Block a user