From b2458e456a103c720e5cbb2554cabcedab4c46fd Mon Sep 17 00:00:00 2001 From: Tim Hockin Date: Thu, 16 Nov 2023 11:52:42 -0800 Subject: [PATCH] Fix list_type_missing in api/networking --- api/api-rules/violation_exceptions.list | 15 ---- api/openapi-spec/swagger.json | 30 +++++--- .../apis__networking.k8s.io__v1_openapi.json | 27 ++++--- ...__networking.k8s.io__v1alpha1_openapi.json | 3 +- pkg/generated/openapi/zz_generated.openapi.go | 75 +++++++++++++++++++ .../k8s.io/api/networking/v1/generated.proto | 9 +++ staging/src/k8s.io/api/networking/v1/types.go | 9 +++ .../api/networking/v1alpha1/generated.proto | 1 + .../k8s.io/api/networking/v1alpha1/types.go | 1 + .../api/networking/v1beta1/generated.proto | 5 ++ .../k8s.io/api/networking/v1beta1/types.go | 5 ++ 11 files changed, 145 insertions(+), 35 deletions(-) diff --git a/api/api-rules/violation_exceptions.list b/api/api-rules/violation_exceptions.list index 4011ab39f49..4d22577e65c 100644 --- a/api/api-rules/violation_exceptions.list +++ b/api/api-rules/violation_exceptions.list @@ -1,18 +1,3 @@ -API rule violation: list_type_missing,k8s.io/api/networking/v1,IPBlock,Except -API rule violation: list_type_missing,k8s.io/api/networking/v1,IngressLoadBalancerStatus,Ingress -API rule violation: list_type_missing,k8s.io/api/networking/v1,NetworkPolicyEgressRule,Ports -API rule violation: list_type_missing,k8s.io/api/networking/v1,NetworkPolicyEgressRule,To -API rule violation: list_type_missing,k8s.io/api/networking/v1,NetworkPolicyIngressRule,From -API rule violation: list_type_missing,k8s.io/api/networking/v1,NetworkPolicyIngressRule,Ports -API rule violation: list_type_missing,k8s.io/api/networking/v1,NetworkPolicySpec,Egress -API rule violation: list_type_missing,k8s.io/api/networking/v1,NetworkPolicySpec,Ingress -API rule violation: list_type_missing,k8s.io/api/networking/v1,NetworkPolicySpec,PolicyTypes -API rule violation: list_type_missing,k8s.io/api/networking/v1alpha1,ServiceCIDRSpec,CIDRs -API rule violation: list_type_missing,k8s.io/api/networking/v1beta1,HTTPIngressRuleValue,Paths -API rule violation: list_type_missing,k8s.io/api/networking/v1beta1,IngressLoadBalancerStatus,Ingress -API rule violation: list_type_missing,k8s.io/api/networking/v1beta1,IngressSpec,Rules -API rule violation: list_type_missing,k8s.io/api/networking/v1beta1,IngressSpec,TLS -API rule violation: list_type_missing,k8s.io/api/networking/v1beta1,IngressTLS,Hosts API rule violation: list_type_missing,k8s.io/api/rbac/v1,AggregationRule,ClusterRoleSelectors API rule violation: list_type_missing,k8s.io/api/rbac/v1,ClusterRole,Rules API rule violation: list_type_missing,k8s.io/api/rbac/v1,ClusterRoleBinding,Subjects diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json index df84cea7880..2b72e384569 100644 --- a/api/openapi-spec/swagger.json +++ b/api/openapi-spec/swagger.json @@ -12862,7 +12862,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -13090,7 +13091,8 @@ "items": { "$ref": "#/definitions/io.k8s.api.networking.v1.IngressLoadBalancerIngress" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" @@ -13243,14 +13245,16 @@ "items": { "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPort" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "to": { "description": "to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.", "items": { "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPeer" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" @@ -13263,14 +13267,16 @@ "items": { "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPeer" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "ports": { "description": "ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", "items": { "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyPort" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" @@ -13355,14 +13361,16 @@ "items": { "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyEgressRule" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "ingress": { "description": "ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)", "items": { "$ref": "#/definitions/io.k8s.api.networking.v1.NetworkPolicyIngressRule" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "podSelector": { "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector", @@ -13373,7 +13381,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -13568,7 +13577,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" diff --git a/api/openapi-spec/v3/apis__networking.k8s.io__v1_openapi.json b/api/openapi-spec/v3/apis__networking.k8s.io__v1_openapi.json index ee940c000da..00f12487e3e 100644 --- a/api/openapi-spec/v3/apis__networking.k8s.io__v1_openapi.json +++ b/api/openapi-spec/v3/apis__networking.k8s.io__v1_openapi.json @@ -89,7 +89,8 @@ "default": "", "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ @@ -386,7 +387,8 @@ ], "default": {} }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" @@ -582,7 +584,8 @@ ], "default": {} }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "to": { "description": "to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.", @@ -594,7 +597,8 @@ ], "default": {} }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" @@ -612,7 +616,8 @@ ], "default": {} }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "ports": { "description": "ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", @@ -624,7 +629,8 @@ ], "default": {} }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" @@ -740,7 +746,8 @@ ], "default": {} }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "ingress": { "description": "ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)", @@ -752,7 +759,8 @@ ], "default": {} }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" }, "podSelector": { "allOf": [ @@ -769,7 +777,8 @@ "default": "", "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "required": [ diff --git a/api/openapi-spec/v3/apis__networking.k8s.io__v1alpha1_openapi.json b/api/openapi-spec/v3/apis__networking.k8s.io__v1alpha1_openapi.json index 603e4df1b69..d5250fb5c4a 100644 --- a/api/openapi-spec/v3/apis__networking.k8s.io__v1alpha1_openapi.json +++ b/api/openapi-spec/v3/apis__networking.k8s.io__v1alpha1_openapi.json @@ -223,7 +223,8 @@ "default": "", "type": "string" }, - "type": "array" + "type": "array", + "x-kubernetes-list-type": "atomic" } }, "type": "object" diff --git a/pkg/generated/openapi/zz_generated.openapi.go b/pkg/generated/openapi/zz_generated.openapi.go index fb84cef9a54..886be9e80ee 100644 --- a/pkg/generated/openapi/zz_generated.openapi.go +++ b/pkg/generated/openapi/zz_generated.openapi.go @@ -38122,6 +38122,11 @@ func schema_k8sio_api_networking_v1_IPBlock(ref common.ReferenceCallback) common }, }, "except": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "except is a slice of CIDRs that should not be included within an IPBlock Valid examples are \"192.168.1.0/24\" or \"2001:db8::/64\" Except values will be rejected if they are outside the cidr range", Type: []string{"array"}, @@ -38500,6 +38505,11 @@ func schema_k8sio_api_networking_v1_IngressLoadBalancerStatus(ref common.Referen Type: []string{"object"}, Properties: map[string]spec.Schema{ "ingress": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "ingress is a list containing ingress points for the load-balancer.", Type: []string{"array"}, @@ -38816,6 +38826,11 @@ func schema_k8sio_api_networking_v1_NetworkPolicyEgressRule(ref common.Reference Type: []string{"object"}, Properties: map[string]spec.Schema{ "ports": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", Type: []string{"array"}, @@ -38830,6 +38845,11 @@ func schema_k8sio_api_networking_v1_NetworkPolicyEgressRule(ref common.Reference }, }, "to": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.", Type: []string{"array"}, @@ -38859,6 +38879,11 @@ func schema_k8sio_api_networking_v1_NetworkPolicyIngressRule(ref common.Referenc Type: []string{"object"}, Properties: map[string]spec.Schema{ "ports": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", Type: []string{"array"}, @@ -38873,6 +38898,11 @@ func schema_k8sio_api_networking_v1_NetworkPolicyIngressRule(ref common.Referenc }, }, "from": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.", Type: []string{"array"}, @@ -39029,6 +39059,11 @@ func schema_k8sio_api_networking_v1_NetworkPolicySpec(ref common.ReferenceCallba }, }, "ingress": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)", Type: []string{"array"}, @@ -39043,6 +39078,11 @@ func schema_k8sio_api_networking_v1_NetworkPolicySpec(ref common.ReferenceCallba }, }, "egress": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8", Type: []string{"array"}, @@ -39057,6 +39097,11 @@ func schema_k8sio_api_networking_v1_NetworkPolicySpec(ref common.ReferenceCallba }, }, "policyTypes": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "policyTypes is a list of rule types that the NetworkPolicy relates to. Valid options are [\"Ingress\"], [\"Egress\"], or [\"Ingress\", \"Egress\"]. If this field is not specified, it will default based on the existence of ingress or egress rules; policies that contain an egress section are assumed to affect egress, and all policies (whether or not they contain an ingress section) are assumed to affect ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ \"Egress\" ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include \"Egress\" (since such a policy would not include an egress section and would otherwise default to just [ \"Ingress\" ]). This field is beta-level in 1.8", Type: []string{"array"}, @@ -39372,6 +39417,11 @@ func schema_k8sio_api_networking_v1alpha1_ServiceCIDRSpec(ref common.ReferenceCa Type: []string{"object"}, Properties: map[string]spec.Schema{ "cidrs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "CIDRs defines the IP blocks in CIDR notation (e.g. \"192.168.0.0/24\" or \"2001:db8::/64\") from which to assign service cluster IPs. Max of two CIDRs is allowed, one of each IP family. This field is immutable.", Type: []string{"array"}, @@ -39476,6 +39526,11 @@ func schema_k8sio_api_networking_v1beta1_HTTPIngressRuleValue(ref common.Referen Type: []string{"object"}, Properties: map[string]spec.Schema{ "paths": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "paths is a collection of paths that map requests to backends.", Type: []string{"array"}, @@ -39862,6 +39917,11 @@ func schema_k8sio_api_networking_v1beta1_IngressLoadBalancerStatus(ref common.Re Type: []string{"object"}, Properties: map[string]spec.Schema{ "ingress": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "ingress is a list containing ingress points for the load-balancer.", Type: []string{"array"}, @@ -39989,6 +40049,11 @@ func schema_k8sio_api_networking_v1beta1_IngressSpec(ref common.ReferenceCallbac }, }, "tls": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "tls represents the TLS configuration. Currently the Ingress only supports a single TLS port, 443. If multiple members of this list specify different hosts, they will be multiplexed on the same port according to the hostname specified through the SNI TLS extension, if the ingress controller fulfilling the ingress supports SNI.", Type: []string{"array"}, @@ -40003,6 +40068,11 @@ func schema_k8sio_api_networking_v1beta1_IngressSpec(ref common.ReferenceCallbac }, }, "rules": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "rules is a list of host rules used to configure the Ingress. If unspecified, or no rule matches, all traffic is sent to the default backend.", Type: []string{"array"}, @@ -40054,6 +40124,11 @@ func schema_k8sio_api_networking_v1beta1_IngressTLS(ref common.ReferenceCallback Type: []string{"object"}, Properties: map[string]spec.Schema{ "hosts": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "hosts is a list of hosts included in the TLS certificate. The values in this list must match the name/s used in the tlsSecret. Defaults to the wildcard host setting for the loadbalancer controller fulfilling this Ingress, if left unspecified.", Type: []string{"array"}, diff --git a/staging/src/k8s.io/api/networking/v1/generated.proto b/staging/src/k8s.io/api/networking/v1/generated.proto index b50dd491e0f..22a9085a54a 100644 --- a/staging/src/k8s.io/api/networking/v1/generated.proto +++ b/staging/src/k8s.io/api/networking/v1/generated.proto @@ -84,6 +84,7 @@ message IPBlock { // Valid examples are "192.168.1.0/24" or "2001:db8::/64" // Except values will be rejected if they are outside the cidr range // +optional + // +listType=atomic repeated string except = 2; } @@ -225,6 +226,7 @@ message IngressLoadBalancerIngress { message IngressLoadBalancerStatus { // ingress is a list containing ingress points for the load-balancer. // +optional + // +listType=atomic repeated IngressLoadBalancerIngress ingress = 1; } @@ -396,6 +398,7 @@ message NetworkPolicyEgressRule { // If this field is present and contains at least one item, then this rule allows // traffic only if the traffic matches at least one port in the list. // +optional + // +listType=atomic repeated NetworkPolicyPort ports = 1; // to is a list of destinations for outgoing traffic of pods selected for this rule. @@ -404,6 +407,7 @@ message NetworkPolicyEgressRule { // destination). If this field is present and contains at least one item, this rule // allows traffic only if the traffic matches at least one item in the to list. // +optional + // +listType=atomic repeated NetworkPolicyPeer to = 2; } @@ -416,6 +420,7 @@ message NetworkPolicyIngressRule { // If this field is present and contains at least one item, then this rule allows // traffic only if the traffic matches at least one port in the list. // +optional + // +listType=atomic repeated NetworkPolicyPort ports = 1; // from is a list of sources which should be able to access the pods selected for this rule. @@ -424,6 +429,7 @@ message NetworkPolicyIngressRule { // source). If this field is present and contains at least one item, this rule // allows traffic only if the traffic matches at least one item in the from list. // +optional + // +listType=atomic repeated NetworkPolicyPeer from = 2; } @@ -505,6 +511,7 @@ message NetworkPolicySpec { // this field is empty then this NetworkPolicy does not allow any traffic (and serves // solely to ensure that the pods it selects are isolated by default) // +optional + // +listType=atomic repeated NetworkPolicyIngressRule ingress = 2; // egress is a list of egress rules to be applied to the selected pods. Outgoing traffic @@ -515,6 +522,7 @@ message NetworkPolicySpec { // solely to ensure that the pods it selects are isolated by default). // This field is beta-level in 1.8 // +optional + // +listType=atomic repeated NetworkPolicyEgressRule egress = 3; // policyTypes is a list of rule types that the NetworkPolicy relates to. @@ -528,6 +536,7 @@ message NetworkPolicySpec { // an egress section and would otherwise default to just [ "Ingress" ]). // This field is beta-level in 1.8 // +optional + // +listType=atomic repeated string policyTypes = 4; } diff --git a/staging/src/k8s.io/api/networking/v1/types.go b/staging/src/k8s.io/api/networking/v1/types.go index a17e2cb5b39..8ee62918b0a 100644 --- a/staging/src/k8s.io/api/networking/v1/types.go +++ b/staging/src/k8s.io/api/networking/v1/types.go @@ -74,6 +74,7 @@ type NetworkPolicySpec struct { // this field is empty then this NetworkPolicy does not allow any traffic (and serves // solely to ensure that the pods it selects are isolated by default) // +optional + // +listType=atomic Ingress []NetworkPolicyIngressRule `json:"ingress,omitempty" protobuf:"bytes,2,rep,name=ingress"` // egress is a list of egress rules to be applied to the selected pods. Outgoing traffic @@ -84,6 +85,7 @@ type NetworkPolicySpec struct { // solely to ensure that the pods it selects are isolated by default). // This field is beta-level in 1.8 // +optional + // +listType=atomic Egress []NetworkPolicyEgressRule `json:"egress,omitempty" protobuf:"bytes,3,rep,name=egress"` // policyTypes is a list of rule types that the NetworkPolicy relates to. @@ -97,6 +99,7 @@ type NetworkPolicySpec struct { // an egress section and would otherwise default to just [ "Ingress" ]). // This field is beta-level in 1.8 // +optional + // +listType=atomic PolicyTypes []PolicyType `json:"policyTypes,omitempty" protobuf:"bytes,4,rep,name=policyTypes,casttype=PolicyType"` } @@ -109,6 +112,7 @@ type NetworkPolicyIngressRule struct { // If this field is present and contains at least one item, then this rule allows // traffic only if the traffic matches at least one port in the list. // +optional + // +listType=atomic Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"` // from is a list of sources which should be able to access the pods selected for this rule. @@ -117,6 +121,7 @@ type NetworkPolicyIngressRule struct { // source). If this field is present and contains at least one item, this rule // allows traffic only if the traffic matches at least one item in the from list. // +optional + // +listType=atomic From []NetworkPolicyPeer `json:"from,omitempty" protobuf:"bytes,2,rep,name=from"` } @@ -130,6 +135,7 @@ type NetworkPolicyEgressRule struct { // If this field is present and contains at least one item, then this rule allows // traffic only if the traffic matches at least one port in the list. // +optional + // +listType=atomic Ports []NetworkPolicyPort `json:"ports,omitempty" protobuf:"bytes,1,rep,name=ports"` // to is a list of destinations for outgoing traffic of pods selected for this rule. @@ -138,6 +144,7 @@ type NetworkPolicyEgressRule struct { // destination). If this field is present and contains at least one item, this rule // allows traffic only if the traffic matches at least one item in the to list. // +optional + // +listType=atomic To []NetworkPolicyPeer `json:"to,omitempty" protobuf:"bytes,2,rep,name=to"` } @@ -175,6 +182,7 @@ type IPBlock struct { // Valid examples are "192.168.1.0/24" or "2001:db8::/64" // Except values will be rejected if they are outside the cidr range // +optional + // +listType=atomic Except []string `json:"except,omitempty" protobuf:"bytes,2,rep,name=except"` } @@ -329,6 +337,7 @@ type IngressStatus struct { type IngressLoadBalancerStatus struct { // ingress is a list containing ingress points for the load-balancer. // +optional + // +listType=atomic Ingress []IngressLoadBalancerIngress `json:"ingress,omitempty" protobuf:"bytes,1,rep,name=ingress"` } diff --git a/staging/src/k8s.io/api/networking/v1alpha1/generated.proto b/staging/src/k8s.io/api/networking/v1alpha1/generated.proto index fb7971745d4..8914fffcf87 100644 --- a/staging/src/k8s.io/api/networking/v1alpha1/generated.proto +++ b/staging/src/k8s.io/api/networking/v1alpha1/generated.proto @@ -121,6 +121,7 @@ message ServiceCIDRSpec { // from which to assign service cluster IPs. Max of two CIDRs is allowed, one of each IP family. // This field is immutable. // +optional + // +listType=atomic repeated string cidrs = 1; } diff --git a/staging/src/k8s.io/api/networking/v1alpha1/types.go b/staging/src/k8s.io/api/networking/v1alpha1/types.go index 9d56ca193e6..bcdc33b4599 100644 --- a/staging/src/k8s.io/api/networking/v1alpha1/types.go +++ b/staging/src/k8s.io/api/networking/v1alpha1/types.go @@ -111,6 +111,7 @@ type ServiceCIDRSpec struct { // from which to assign service cluster IPs. Max of two CIDRs is allowed, one of each IP family. // This field is immutable. // +optional + // +listType=atomic CIDRs []string `json:"cidrs,omitempty" protobuf:"bytes,1,opt,name=cidrs"` } diff --git a/staging/src/k8s.io/api/networking/v1beta1/generated.proto b/staging/src/k8s.io/api/networking/v1beta1/generated.proto index 46bb7f66f22..f36df9ec194 100644 --- a/staging/src/k8s.io/api/networking/v1beta1/generated.proto +++ b/staging/src/k8s.io/api/networking/v1beta1/generated.proto @@ -69,6 +69,7 @@ message HTTPIngressPath { // or '#'. message HTTPIngressRuleValue { // paths is a collection of paths that map requests to backends. + // +listType=atomic repeated HTTPIngressPath paths = 1; } @@ -211,6 +212,7 @@ message IngressLoadBalancerIngress { message IngressLoadBalancerStatus { // ingress is a list containing ingress points for the load-balancer. // +optional + // +listType=atomic repeated IngressLoadBalancerIngress ingress = 1; } @@ -313,11 +315,13 @@ message IngressSpec { // through the SNI TLS extension, if the ingress controller fulfilling the // ingress supports SNI. // +optional + // +listType=atomic repeated IngressTLS tls = 2; // rules is a list of host rules used to configure the Ingress. If unspecified, or // no rule matches, all traffic is sent to the default backend. // +optional + // +listType=atomic repeated IngressRule rules = 3; } @@ -335,6 +339,7 @@ message IngressTLS { // wildcard host setting for the loadbalancer controller fulfilling this // Ingress, if left unspecified. // +optional + // +listType=atomic repeated string hosts = 1; // secretName is the name of the secret used to terminate TLS traffic on diff --git a/staging/src/k8s.io/api/networking/v1beta1/types.go b/staging/src/k8s.io/api/networking/v1beta1/types.go index 87cc91654b8..34dfe76aa3e 100644 --- a/staging/src/k8s.io/api/networking/v1beta1/types.go +++ b/staging/src/k8s.io/api/networking/v1beta1/types.go @@ -97,11 +97,13 @@ type IngressSpec struct { // through the SNI TLS extension, if the ingress controller fulfilling the // ingress supports SNI. // +optional + // +listType=atomic TLS []IngressTLS `json:"tls,omitempty" protobuf:"bytes,2,rep,name=tls"` // rules is a list of host rules used to configure the Ingress. If unspecified, or // no rule matches, all traffic is sent to the default backend. // +optional + // +listType=atomic Rules []IngressRule `json:"rules,omitempty" protobuf:"bytes,3,rep,name=rules"` // TODO: Add the ability to specify load-balancer IP through claims } @@ -113,6 +115,7 @@ type IngressTLS struct { // wildcard host setting for the loadbalancer controller fulfilling this // Ingress, if left unspecified. // +optional + // +listType=atomic Hosts []string `json:"hosts,omitempty" protobuf:"bytes,1,rep,name=hosts"` // secretName is the name of the secret used to terminate TLS traffic on @@ -136,6 +139,7 @@ type IngressStatus struct { type IngressLoadBalancerStatus struct { // ingress is a list containing ingress points for the load-balancer. // +optional + // +listType=atomic Ingress []IngressLoadBalancerIngress `json:"ingress,omitempty" protobuf:"bytes,1,rep,name=ingress"` } @@ -239,6 +243,7 @@ type IngressRuleValue struct { // or '#'. type HTTPIngressRuleValue struct { // paths is a collection of paths that map requests to backends. + // +listType=atomic Paths []HTTPIngressPath `json:"paths" protobuf:"bytes,1,rep,name=paths"` // TODO: Consider adding fields for ingress-type specific global // options usable by a loadbalancer, like http keep-alive.