github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 06:54:01 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #50033 from cmluciano/cml/addnpcidrselector

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 50033, 49988, 51132, 49674, 51207)

Add IPBlock to Network Policy

**What this PR does / why we need it**:
 Add ipBlockRule to NetworkPolicyPeer.

**Which issue this PR fixes**
fixes #49978

**Special notes for your reviewer**:
- I added this directly as a field on the existing API per guidance from API-Machinery/lazy SIG-Network consensus.

Todo:
- [ ] Documentation comments to mention this is beta, unless we want to go straight to GA
- [ ] e2e tests

**Release note**:
```
Support ipBlock in NetworkPolicy
```
This commit is contained in:
Kubernetes Submit Queue 2017-08-25 11:07:07 -07:00 committed by GitHub
commit c04e516373
27 changed files with 2123 additions and 445 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
api/openapi-spec/swagger.json
View File

@ -62904,6 +62904,25 @@
}
}
},
"io.k8s.api.extensions.v1beta1.IPBlock": {
"description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"required": [
"cidr"
],
"properties": {
"cidr": {
"description": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"",
"type": "string"
},
"except": {
"description": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"io.k8s.api.extensions.v1beta1.Ingress": {
"description": "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.",
"properties": {
@ -63130,6 +63149,10 @@
},
"io.k8s.api.extensions.v1beta1.NetworkPolicyPeer": {
"properties": {
"ipBlock": {
"description": "IPBlock defines policy on a particular IPBlock",
"$ref": "#/definitions/io.k8s.api.extensions.v1beta1.IPBlock"
},
"namespaceSelector": {
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
@ -63631,6 +63654,25 @@
}
}
},
"io.k8s.api.networking.v1.IPBlock": {
"description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"required": [
"cidr"
],
"properties": {
"cidr": {
"description": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"",
"type": "string"
},
"except": {
"description": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range",
"type": "array",
"items": {
"type": "string"
}
}
}
},
"io.k8s.api.networking.v1.NetworkPolicy": {
"description": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
"properties": {
@ -63715,6 +63757,10 @@
"io.k8s.api.networking.v1.NetworkPolicyPeer": {
"description": "NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields must be specified.",
"properties": {
"ipBlock": {
"description": "IPBlock defines policy on a particular IPBlock",
"$ref": "#/definitions/io.k8s.api.networking.v1.IPBlock"
},
"namespaceSelector": {
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"

24
api/swagger-spec/extensions_v1beta1.json
View File

@ -9305,6 +9305,30 @@
"namespaceSelector": {
"$ref": "v1.LabelSelector",
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces."
},
"ipBlock": {
"$ref": "v1beta1.IPBlock",
"description": "IPBlock defines policy on a particular IPBlock"
}
}
},
"v1beta1.IPBlock": {
"id": "v1beta1.IPBlock",
"description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"required": [
"cidr"
],
"properties": {
"cidr": {
"type": "string",
"description": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\""
},
"except": {
"type": "array",
"items": {
"type": "string"
},
"description": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range"
}
}
},

24
api/swagger-spec/networking.k8s.io_v1.json
View File

@ -1307,6 +1307,30 @@
"namespaceSelector": {
"$ref": "v1.LabelSelector",
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces."
},
"ipBlock": {
"$ref": "v1.IPBlock",
"description": "IPBlock defines policy on a particular IPBlock"
}
}
},
"v1.IPBlock": {
"id": "v1.IPBlock",
"description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"required": [
"cidr"
],
"properties": {
"cidr": {
"type": "string",
"description": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\""
},
"except": {
"type": "array",
"items": {
"type": "string"
},
"description": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range"
}
}
},

48
docs/api-reference/extensions/v1beta1/definitions.html
View File

@ -3215,6 +3215,47 @@ When an object is created, the system will populate this list with the current s
</tbody>
</table>
</div>
<div class="sect2">
<h3 id="_v1beta1_ipblock">v1beta1.IPBlock</h3>
<div class="paragraph">
<p>IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods matched by a NetworkPolicySpec&#8217;s podSelector. The except entry describes CIDRs that should not be included within this rule.</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Name</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Required</th>
<th class="tableblock halign-left valign-top">Schema</th>
<th class="tableblock halign-left valign-top">Default</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">cidr</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24"</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">except</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" Except values will be rejected if they are outside the CIDR range</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string array</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
</tbody>
</table>
</div>
<div class="sect2">
<h3 id="_v1_loadbalanceringress">v1.LoadBalancerIngress</h3>
@ -5965,6 +6006,13 @@ Both these may change in the future. Incoming requests are matched against the h
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_labelselector">v1.LabelSelector</a></p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ipBlock</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">IPBlock defines policy on a particular IPBlock</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1beta1_ipblock">v1beta1.IPBlock</a></p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
</tbody>
</table>

48
docs/api-reference/networking.k8s.io/v1/definitions.html
View File

@ -937,6 +937,47 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
</tbody>
</table>
</div>
<div class="sect2">
<h3 id="_v1_ipblock">v1.IPBlock</h3>
<div class="paragraph">
<p>IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods matched by a NetworkPolicySpec&#8217;s podSelector. The except entry describes CIDRs that should not be included within this rule.</p>
</div>
<table class="tableblock frame-all grid-all" style="width:100%; ">
<colgroup>
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
<col style="width:20%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Name</th>
<th class="tableblock halign-left valign-top">Description</th>
<th class="tableblock halign-left valign-top">Required</th>
<th class="tableblock halign-left valign-top">Schema</th>
<th class="tableblock halign-left valign-top">Default</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">cidr</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24"</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">except</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" Except values will be rejected if they are outside the CIDR range</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">string array</p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
</tbody>
</table>
</div>
<div class="sect2">
<h3 id="_v1_labelselector">v1.LabelSelector</h3>
@ -1460,6 +1501,13 @@ When an object is created, the system will populate this list with the current s
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_labelselector">v1.LabelSelector</a></p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">ipBlock</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">IPBlock defines policy on a particular IPBlock</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_ipblock">v1.IPBlock</a></p></td>
<td class="tableblock halign-left valign-top"></td>
</tr>
</tbody>
</table>

1
pkg/api/testing/BUILD
View File

@ -24,6 +24,7 @@ go_library(
"//pkg/apis/extensions:go_default_library",
"//pkg/apis/extensions/fuzzer:go_default_library",
"//pkg/apis/extensions/v1beta1:go_default_library",
"//pkg/apis/networking/fuzzer:go_default_library",
"//pkg/apis/policy/fuzzer:go_default_library",
"//pkg/apis/rbac/fuzzer:go_default_library",
"//pkg/apis/storage/fuzzer:go_default_library",

4
pkg/api/testing/fuzzer.go
View File

@ -19,7 +19,7 @@ package testing
import (
"fmt"
"github.com/google/gofuzz"
fuzz "github.com/google/gofuzz"
"k8s.io/api/core/v1"
apitesting "k8s.io/apimachinery/pkg/api/testing"
@ -38,6 +38,7 @@ import (
"k8s.io/kubernetes/pkg/apis/extensions"
extensionsfuzzer "k8s.io/kubernetes/pkg/apis/extensions/fuzzer"
extensionsv1beta1 "k8s.io/kubernetes/pkg/apis/extensions/v1beta1"
networkingfuzzer "k8s.io/kubernetes/pkg/apis/networking/fuzzer"
policyfuzzer "k8s.io/kubernetes/pkg/apis/policy/fuzzer"
rbacfuzzer "k8s.io/kubernetes/pkg/apis/rbac/fuzzer"
storagefuzzer "k8s.io/kubernetes/pkg/apis/storage/fuzzer"
@ -102,4 +103,5 @@ var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
certificatesfuzzer.Funcs,
admissionregistrationfuzzer.Funcs,
storagefuzzer.Funcs,
networkingfuzzer.Funcs,
)

34
pkg/apis/extensions/v1beta1/conversion.go
View File

@ -60,6 +60,8 @@ func addConversionFuncs(scheme *runtime.Scheme) error {
Convert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec,
Convert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec,
Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec,
Convert_v1beta1_IPBlock_To_networking_IPBlock,
Convert_networking_IPBlock_To_v1beta1_IPBlock,
)
if err != nil {
return err
@ -346,6 +348,14 @@ func Convert_v1beta1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *exten
} else {
out.NamespaceSelector = nil
}
if in.IPBlock != nil {
out.IPBlock = new(networking.IPBlock)
if err := s.Convert(in.IPBlock, out.IPBlock, 0); err != nil {
return err
}
} else {
out.IPBlock = nil
}
return nil
}
@ -366,6 +376,30 @@ func Convert_networking_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(in *netwo
} else {
out.NamespaceSelector = nil
}
if in.IPBlock != nil {
out.IPBlock = new(extensionsv1beta1.IPBlock)
if err := s.Convert(in.IPBlock, out.IPBlock, 0); err != nil {
return err
}
} else {
out.IPBlock = nil
}
return nil
}
func Convert_v1beta1_IPBlock_To_networking_IPBlock(in *extensionsv1beta1.IPBlock, out *networking.IPBlock, s conversion.Scope) error {
out.CIDR = in.CIDR
out.Except = make([]string, len(in.Except))
copy(out.Except, in.Except)
return nil
}
func Convert_networking_IPBlock_To_v1beta1_IPBlock(in *networking.IPBlock, out *extensionsv1beta1.IPBlock, s conversion.Scope) error {
out.CIDR = in.CIDR
out.Except = make([]string, len(in.Except))
copy(out.Except, in.Except)
return nil
}

6
pkg/apis/networking/fuzzer/BUILD
View File

@ -8,7 +8,11 @@ load(
go_library(
name = "go_default_library",
srcs = ["fuzzer.go"],
deps = ["//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library"],
deps = [
"//pkg/apis/networking:go_default_library",
"//vendor/github.com/google/gofuzz:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
],
)
filegroup(

16
pkg/apis/networking/fuzzer/fuzzer.go
View File

@ -17,10 +17,24 @@ limitations under the License.
package fuzzer
import (
fuzz "github.com/google/gofuzz"
runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
"k8s.io/kubernetes/pkg/apis/networking"
)
// Funcs returns the fuzzer functions for the networking api group.
var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
return []interface{}{}
return []interface{}{
func(np *networking.NetworkPolicyPeer, c fuzz.Continue) {
c.FuzzNoCustom(np) // fuzz self without calling this function again
// TODO: Implement a fuzzer to generate valid keys, values and operators for
// selector requirements.
if np.IPBlock != nil {
np.IPBlock = &networking.IPBlock{
CIDR: "192.168.1.0/24",
Except: []string{"192.168.1.1/24", "192.168.1.2/24"},
}
}
},
}
}

18
pkg/apis/networking/types.go
View File

@ -90,6 +90,20 @@ type NetworkPolicyPort struct {
Port *intstr.IntOrString
}
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
// not be included within this rule.
type IPBlock struct {
// CIDR is a string representing the IP Block
// Valid examples are "192.168.1.1/24"
CIDR string
// Except is a slice of CIDRs that should not be included within an IP Block
// Valid examples are "192.168.1.1/24"
// Except values will be rejected if they are outside the CIDR range
// +optional
Except []string
}
// NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields
// must be specified.
type NetworkPolicyPeer struct {
@ -104,6 +118,10 @@ type NetworkPolicyPeer struct {
// selector semantics. If present but empty, this selector selects all namespaces.
// +optional
NamespaceSelector *metav1.LabelSelector
// IPBlock defines policy on a particular IPBlock
// +optional
IPBlock *IPBlock
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

26
pkg/apis/networking/v1/zz_generated.conversion.go
View File

@ -40,6 +40,8 @@ func init() {
// Public to allow building arbitrary schemes.
func RegisterConversions(scheme *runtime.Scheme) error {
return scheme.AddGeneratedConversionFuncs(
Convert_v1_IPBlock_To_networking_IPBlock,
Convert_networking_IPBlock_To_v1_IPBlock,
Convert_v1_NetworkPolicy_To_networking_NetworkPolicy,
Convert_networking_NetworkPolicy_To_v1_NetworkPolicy,
Convert_v1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule,
@ -55,6 +57,28 @@ func RegisterConversions(scheme *runtime.Scheme) error {
)
}
func autoConvert_v1_IPBlock_To_networking_IPBlock(in *v1.IPBlock, out *networking.IPBlock, s conversion.Scope) error {
out.CIDR = in.CIDR
out.Except = *(*[]string)(unsafe.Pointer(&in.Except))
return nil
}
// Convert_v1_IPBlock_To_networking_IPBlock is an autogenerated conversion function.
func Convert_v1_IPBlock_To_networking_IPBlock(in *v1.IPBlock, out *networking.IPBlock, s conversion.Scope) error {
return autoConvert_v1_IPBlock_To_networking_IPBlock(in, out, s)
}
func autoConvert_networking_IPBlock_To_v1_IPBlock(in *networking.IPBlock, out *v1.IPBlock, s conversion.Scope) error {
out.CIDR = in.CIDR
out.Except = *(*[]string)(unsafe.Pointer(&in.Except))
return nil
}
// Convert_networking_IPBlock_To_v1_IPBlock is an autogenerated conversion function.
func Convert_networking_IPBlock_To_v1_IPBlock(in *networking.IPBlock, out *v1.IPBlock, s conversion.Scope) error {
return autoConvert_networking_IPBlock_To_v1_IPBlock(in, out, s)
}
func autoConvert_v1_NetworkPolicy_To_networking_NetworkPolicy(in *v1.NetworkPolicy, out *networking.NetworkPolicy, s conversion.Scope) error {
out.ObjectMeta = in.ObjectMeta
if err := Convert_v1_NetworkPolicySpec_To_networking_NetworkPolicySpec(&in.Spec, &out.Spec, s); err != nil {
@ -132,6 +156,7 @@ func Convert_networking_NetworkPolicyList_To_v1_NetworkPolicyList(in *networking
func autoConvert_v1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *v1.NetworkPolicyPeer, out *networking.NetworkPolicyPeer, s conversion.Scope) error {
out.PodSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.PodSelector))
out.NamespaceSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector))
out.IPBlock = (*networking.IPBlock)(unsafe.Pointer(in.IPBlock))
return nil
}
@ -143,6 +168,7 @@ func Convert_v1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *v1.Network
func autoConvert_networking_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(in *networking.NetworkPolicyPeer, out *v1.NetworkPolicyPeer, s conversion.Scope) error {
out.PodSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.PodSelector))
out.NamespaceSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector))
out.IPBlock = (*v1.IPBlock)(unsafe.Pointer(in.IPBlock))
return nil
}

43
pkg/apis/networking/validation/validation.go
View File

@ -17,6 +17,8 @@ limitations under the License.
package validation
import (
"net"
unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/apimachinery/pkg/util/validation"
@ -68,7 +70,10 @@ func ValidateNetworkPolicySpec(spec *networking.NetworkPolicySpec, fldPath *fiel
numFroms++
allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(from.NamespaceSelector, fromPath.Child("namespaceSelector"))...)
}
if from.IPBlock != nil {
numFroms++
allErrs = append(allErrs, ValidateIPBlock(from.IPBlock, fromPath.Child("ipBlock"))...)
}
if numFroms == 0 {
allErrs = append(allErrs, field.Required(fromPath, "must specify a from type"))
} else if numFroms > 1 {
@ -93,3 +98,39 @@ func ValidateNetworkPolicyUpdate(update, old *networking.NetworkPolicy) field.Er
allErrs = append(allErrs, ValidateNetworkPolicySpec(&update.Spec, field.NewPath("spec"))...)
return allErrs
}
// ValidateIPBlock validates a cidr and the except fields of an IpBlock NetworkPolicyPeer
func ValidateIPBlock(ipb *networking.IPBlock, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
if len(ipb.CIDR) == 0 || ipb.CIDR == "" {
allErrs = append(allErrs, field.Required(fldPath.Child("cidr"), ""))
return allErrs
}
cidrIPNet, err := validateCIDR(ipb.CIDR)
if err != nil {
allErrs = append(allErrs, field.Invalid(fldPath.Child("cidr"), ipb.CIDR, "not a valid CIDR"))
return allErrs
}
exceptCIDR := ipb.Except
for i, exceptIP := range exceptCIDR {
exceptPath := fldPath.Child("except").Index(i)
exceptCIDR, err := validateCIDR(exceptIP)
if err != nil {
allErrs = append(allErrs, field.Invalid(exceptPath, exceptIP, "not a valid CIDR"))
return allErrs
}
if !cidrIPNet.Contains(exceptCIDR.IP) {
allErrs = append(allErrs, field.Invalid(exceptPath, exceptCIDR.IP, "not within CIDR range"))
}
}
return allErrs
}
// validateCIDR validates whether a CIDR matches the conventions expected by net.ParseCIDR
func validateCIDR(cidr string) (*net.IPNet, error) {
_, net, err := net.ParseCIDR(cidr)
if err != nil {
return nil, err
}
return net, nil
}

97
pkg/apis/networking/validation/validation_test.go
View File

@ -122,6 +122,26 @@ func TestValidateNetworkPolicy(t *testing.T) {
},
},
},
{
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Spec: networking.NetworkPolicySpec{
PodSelector: metav1.LabelSelector{
MatchLabels: map[string]string{"a": "b"},
},
Ingress: []networking.NetworkPolicyIngressRule{
{
From: []networking.NetworkPolicyPeer{
{
IPBlock: &networking.IPBlock{
CIDR: "192.168.0.0/16",
Except: []string{"192.168.3.0/24", "192.168.4.0/24"},
},
},
},
},
},
},
},
}
// Success cases are expected to pass validation.
@ -256,6 +276,83 @@ func TestValidateNetworkPolicy(t *testing.T) {
},
},
},
"missing cidr field": {
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Spec: networking.NetworkPolicySpec{
PodSelector: metav1.LabelSelector{},
Ingress: []networking.NetworkPolicyIngressRule{
{
From: []networking.NetworkPolicyPeer{
{
IPBlock: &networking.IPBlock{
Except: []string{"192.168.8.0/24", "192.168.9.0/24"},
},
},
},
},
},
},
},
"invalid cidr format": {
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Spec: networking.NetworkPolicySpec{
PodSelector: metav1.LabelSelector{
MatchLabels: map[string]string{"a": "b"},
},
Ingress: []networking.NetworkPolicyIngressRule{
{
From: []networking.NetworkPolicyPeer{
{
IPBlock: &networking.IPBlock{
CIDR: "192.168.5.6",
Except: []string{"192.168.1.0/24", "192.168.2.0/24"},
},
},
},
},
},
},
},
"except field is an empty string": {
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Spec: networking.NetworkPolicySpec{
PodSelector: metav1.LabelSelector{
MatchLabels: map[string]string{"a": "b"},
},
Ingress: []networking.NetworkPolicyIngressRule{
{
From: []networking.NetworkPolicyPeer{
{
IPBlock: &networking.IPBlock{
CIDR: "192.168.8.0/24",
Except: []string{"", " "},
},
},
},
},
},
},
},
"except IP is outside of CIDR range": {
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
Spec: networking.NetworkPolicySpec{
PodSelector: metav1.LabelSelector{
MatchLabels: map[string]string{"a": "b"},
},
Ingress: []networking.NetworkPolicyIngressRule{
{
From: []networking.NetworkPolicyPeer{
{
IPBlock: &networking.IPBlock{
CIDR: "192.168.8.0/24",
Except: []string{"192.168.9.1/24"},
},
},
},
},
},
},
},
}
// Error cases are not expected to pass validation.

34
pkg/apis/networking/zz_generated.deepcopy.go
View File

@ -39,6 +39,10 @@ func init() {
// Deprecated: deepcopy registration will go away when static deepcopy is fully implemented.
func RegisterDeepCopies(scheme *runtime.Scheme) error {
return scheme.AddGeneratedDeepCopyFuncs(
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
in.(*IPBlock).DeepCopyInto(out.(*IPBlock))
return nil
}, InType: reflect.TypeOf(&IPBlock{})},
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
in.(*NetworkPolicy).DeepCopyInto(out.(*NetworkPolicy))
return nil
@ -66,6 +70,27 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
)
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPBlock) DeepCopyInto(out *IPBlock) {
*out = *in
if in.Except != nil {
in, out := &in.Except, &out.Except
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock.
func (in *IPBlock) DeepCopy() *IPBlock {
if in == nil {
return nil
}
out := new(IPBlock)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) {
*out = *in
@ -179,6 +204,15 @@ func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer) {
(*in).DeepCopyInto(*out)
}
}
if in.IPBlock != nil {
in, out := &in.IPBlock, &out.IPBlock
if *in == nil {
*out = nil
} else {
*out = new(IPBlock)
(*in).DeepCopyInto(*out)
}
}
return
}

888
staging/src/k8s.io/api/extensions/v1beta1/generated.pb.go
View File

File diff suppressed because it is too large Load Diff

19
staging/src/k8s.io/api/extensions/v1beta1/generated.proto
View File

@ -421,6 +421,21 @@ message IDRange {
optional int64 max = 2;
}
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
// not be included within this rule.
message IPBlock {
// CIDR is a string representing the IP Block
// Valid examples are "192.168.1.1/24"
optional string cidr = 1;
// Except is a slice of CIDRs that should not be included within an IP Block
// Valid examples are "192.168.1.1/24"
// Except values will be rejected if they are outside the CIDR range
// +optional
repeated string except = 2;
}
// Ingress is a collection of rules that allow inbound connections to reach the
// endpoints defined by a backend. An Ingress can be configured to give services
// externally-reachable urls, load balance traffic, terminate SSL, offer name
@ -602,6 +617,10 @@ message NetworkPolicyPeer {
// If present but empty, this selector selects all namespaces.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
// IPBlock defines policy on a particular IPBlock
// +optional
optional IPBlock ipBlock = 3;
}
message NetworkPolicyPort {

356
staging/src/k8s.io/api/extensions/v1beta1/types.generated.go
View File

@ -18741,7 +18741,7 @@ func (x *NetworkPolicyPort) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
}
func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
func (x *IPBlock) CodecEncodeSelf(e *codec1978.Encoder) {
var h codecSelfer1234
z, r := codec1978.GenHelperEncoder(e)
_, _, _ = h, z, r
@ -18758,11 +18758,254 @@ func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
var yyq2 [2]bool
_, _, _ = yysep2, yyq2, yy2arr2
const yyr2 bool = false
yyq2[0] = x.PodSelector != nil
yyq2[1] = x.NamespaceSelector != nil
yyq2[1] = len(x.Except) != 0
var yynn2 int
if yyr2 || yy2arr2 {
r.EncodeArrayStart(2)
} else {
yynn2 = 1
for _, b := range yyq2 {
if b {
yynn2++
}
}
r.EncodeMapStart(yynn2)
yynn2 = 0
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
yym4 := z.EncBinary()
_ = yym4
if false {
} else {
r.EncodeString(codecSelferC_UTF81234, string(x.CIDR))
}
} else {
z.EncSendContainerState(codecSelfer_containerMapKey1234)
r.EncodeString(codecSelferC_UTF81234, string("cidr"))
z.EncSendContainerState(codecSelfer_containerMapValue1234)
yym5 := z.EncBinary()
_ = yym5
if false {
} else {
r.EncodeString(codecSelferC_UTF81234, string(x.CIDR))
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
if yyq2[1] {
if x.Except == nil {
r.EncodeNil()
} else {
yym7 := z.EncBinary()
_ = yym7
if false {
} else {
z.F.EncSliceStringV(x.Except, false, e)
}
}
} else {
r.EncodeNil()
}
} else {
if yyq2[1] {
z.EncSendContainerState(codecSelfer_containerMapKey1234)
r.EncodeString(codecSelferC_UTF81234, string("except"))
z.EncSendContainerState(codecSelfer_containerMapValue1234)
if x.Except == nil {
r.EncodeNil()
} else {
yym8 := z.EncBinary()
_ = yym8
if false {
} else {
z.F.EncSliceStringV(x.Except, false, e)
}
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
} else {
z.EncSendContainerState(codecSelfer_containerMapEnd1234)
}
}
}
}
func (x *IPBlock) CodecDecodeSelf(d *codec1978.Decoder) {
var h codecSelfer1234
z, r := codec1978.GenHelperDecoder(d)
_, _, _ = h, z, r
yym1 := z.DecBinary()
_ = yym1
if false {
} else if z.HasExtensions() && z.DecExt(x) {
} else {
yyct2 := r.ContainerType()
if yyct2 == codecSelferValueTypeMap1234 {
yyl2 := r.ReadMapStart()
if yyl2 == 0 {
z.DecSendContainerState(codecSelfer_containerMapEnd1234)
} else {
x.codecDecodeSelfFromMap(yyl2, d)
}
} else if yyct2 == codecSelferValueTypeArray1234 {
yyl2 := r.ReadArrayStart()
if yyl2 == 0 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
} else {
x.codecDecodeSelfFromArray(yyl2, d)
}
} else {
panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234)
}
}
}
func (x *IPBlock) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
var h codecSelfer1234
z, r := codec1978.GenHelperDecoder(d)
_, _, _ = h, z, r
var yys3Slc = z.DecScratchBuffer() // default slice to decode into
_ = yys3Slc
var yyhl3 bool = l >= 0
for yyj3 := 0; ; yyj3++ {
if yyhl3 {
if yyj3 >= l {
break
}
} else {
if r.CheckBreak() {
break
}
}
z.DecSendContainerState(codecSelfer_containerMapKey1234)
yys3Slc = r.DecodeBytes(yys3Slc, true, true)
yys3 := string(yys3Slc)
z.DecSendContainerState(codecSelfer_containerMapValue1234)
switch yys3 {
case "cidr":
if r.TryDecodeAsNil() {
x.CIDR = ""
} else {
yyv4 := &x.CIDR
yym5 := z.DecBinary()
_ = yym5
if false {
} else {
*((*string)(yyv4)) = r.DecodeString()
}
}
case "except":
if r.TryDecodeAsNil() {
x.Except = nil
} else {
yyv6 := &x.Except
yym7 := z.DecBinary()
_ = yym7
if false {
} else {
z.F.DecSliceStringX(yyv6, false, d)
}
}
default:
z.DecStructFieldNotFound(-1, yys3)
} // end switch yys3
} // end for yyj3
z.DecSendContainerState(codecSelfer_containerMapEnd1234)
}
func (x *IPBlock) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
var h codecSelfer1234
z, r := codec1978.GenHelperDecoder(d)
_, _, _ = h, z, r
var yyj8 int
var yyb8 bool
var yyhl8 bool = l >= 0
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
} else {
yyb8 = r.CheckBreak()
}
if yyb8 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
if r.TryDecodeAsNil() {
x.CIDR = ""
} else {
yyv9 := &x.CIDR
yym10 := z.DecBinary()
_ = yym10
if false {
} else {
*((*string)(yyv9)) = r.DecodeString()
}
}
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
} else {
yyb8 = r.CheckBreak()
}
if yyb8 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
if r.TryDecodeAsNil() {
x.Except = nil
} else {
yyv11 := &x.Except
yym12 := z.DecBinary()
_ = yym12
if false {
} else {
z.F.DecSliceStringX(yyv11, false, d)
}
}
for {
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
} else {
yyb8 = r.CheckBreak()
}
if yyb8 {
break
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
z.DecStructFieldNotFound(yyj8-1, "")
}
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
}
func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
var h codecSelfer1234
z, r := codec1978.GenHelperEncoder(e)
_, _, _ = h, z, r
if x == nil {
r.EncodeNil()
} else {
yym1 := z.EncBinary()
_ = yym1
if false {
} else if z.HasExtensions() && z.EncExt(x) {
} else {
yysep2 := !z.EncBinary()
yy2arr2 := z.EncBasicHandle().StructToArray
var yyq2 [3]bool
_, _, _ = yysep2, yyq2, yy2arr2
const yyr2 bool = false
yyq2[0] = x.PodSelector != nil
yyq2[1] = x.NamespaceSelector != nil
yyq2[2] = x.IPBlock != nil
var yynn2 int
if yyr2 || yy2arr2 {
r.EncodeArrayStart(3)
} else {
yynn2 = 0
for _, b := range yyq2 {
@ -18843,6 +19086,29 @@ func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
if yyq2[2] {
if x.IPBlock == nil {
r.EncodeNil()
} else {
x.IPBlock.CodecEncodeSelf(e)
}
} else {
r.EncodeNil()
}
} else {
if yyq2[2] {
z.EncSendContainerState(codecSelfer_containerMapKey1234)
r.EncodeString(codecSelferC_UTF81234, string("ipBlock"))
z.EncSendContainerState(codecSelfer_containerMapValue1234)
if x.IPBlock == nil {
r.EncodeNil()
} else {
x.IPBlock.CodecEncodeSelf(e)
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
} else {
@ -18938,6 +19204,17 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromMap(l int, d *codec1978.Decoder)
z.DecFallback(x.NamespaceSelector, false)
}
}
case "ipBlock":
if r.TryDecodeAsNil() {
if x.IPBlock != nil {
x.IPBlock = nil
}
} else {
if x.IPBlock == nil {
x.IPBlock = new(IPBlock)
}
x.IPBlock.CodecDecodeSelf(d)
}
default:
z.DecStructFieldNotFound(-1, yys3)
} // end switch yys3
@ -18949,16 +19226,16 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
var h codecSelfer1234
z, r := codec1978.GenHelperDecoder(d)
_, _, _ = h, z, r
var yyj8 int
var yyb8 bool
var yyhl8 bool = l >= 0
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
var yyj9 int
var yyb9 bool
var yyhl9 bool = l >= 0
yyj9++
if yyhl9 {
yyb9 = yyj9 > l
} else {
yyb8 = r.CheckBreak()
yyb9 = r.CheckBreak()
}
if yyb8 {
if yyb9 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@ -18971,21 +19248,21 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
if x.PodSelector == nil {
x.PodSelector = new(pkg1_v1.LabelSelector)
}
yym10 := z.DecBinary()
_ = yym10
yym11 := z.DecBinary()
_ = yym11
if false {
} else if z.HasExtensions() && z.DecExt(x.PodSelector) {
} else {
z.DecFallback(x.PodSelector, false)
}
}
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
yyj9++
if yyhl9 {
yyb9 = yyj9 > l
} else {
yyb8 = r.CheckBreak()
yyb9 = r.CheckBreak()
}
if yyb8 {
if yyb9 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@ -18998,26 +19275,47 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
if x.NamespaceSelector == nil {
x.NamespaceSelector = new(pkg1_v1.LabelSelector)
}
yym12 := z.DecBinary()
_ = yym12
yym13 := z.DecBinary()
_ = yym13
if false {
} else if z.HasExtensions() && z.DecExt(x.NamespaceSelector) {
} else {
z.DecFallback(x.NamespaceSelector, false)
}
}
for {
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
} else {
yyb8 = r.CheckBreak()
yyj9++
if yyhl9 {
yyb9 = yyj9 > l
} else {
yyb9 = r.CheckBreak()
}
if yyb9 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
if r.TryDecodeAsNil() {
if x.IPBlock != nil {
x.IPBlock = nil
}
if yyb8 {
} else {
if x.IPBlock == nil {
x.IPBlock = new(IPBlock)
}
x.IPBlock.CodecDecodeSelf(d)
}
for {
yyj9++
if yyhl9 {
yyb9 = yyj9 > l
} else {
yyb9 = r.CheckBreak()
}
if yyb9 {
break
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
z.DecStructFieldNotFound(yyj8-1, "")
z.DecStructFieldNotFound(yyj9-1, "")
}
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
}
@ -21917,7 +22215,7 @@ func (x codecSelfer1234) decSliceNetworkPolicyPeer(v *[]NetworkPolicyPeer, d *co
yyrg1 := len(yyv1) > 0
yyv21 := yyv1
yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 16)
yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 24)
if yyrt1 {
if yyrl1 <= cap(yyv1) {
yyv1 = yyv1[:yyrl1]

18
staging/src/k8s.io/api/extensions/v1beta1/types.go
View File

@ -1181,6 +1181,20 @@ type NetworkPolicyPort struct {
Port *intstr.IntOrString `json:"port,omitempty" protobuf:"bytes,2,opt,name=port"`
}
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
// not be included within this rule.
type IPBlock struct {
// CIDR is a string representing the IP Block
// Valid examples are "192.168.1.1/24"
CIDR string `json:"cidr" protobuf:"bytes,1,name=cidr"`
// Except is a slice of CIDRs that should not be included within an IP Block
// Valid examples are "192.168.1.1/24"
// Except values will be rejected if they are outside the CIDR range
// +optional
Except []string `json:"except,omitempty" protobuf:"bytes,2,rep,name=except"`
}
type NetworkPolicyPeer struct {
// Exactly one of the following must be specified.
@ -1196,6 +1210,10 @@ type NetworkPolicyPeer struct {
// If present but empty, this selector selects all namespaces.
// +optional
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"`
// IPBlock defines policy on a particular IPBlock
// +optional
IPBlock *IPBlock `json:"ipBlock,omitempty" protobuf:"bytes,3,rep,name=ipBlock"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

11
staging/src/k8s.io/api/extensions/v1beta1/types_swagger_doc_generated.go
View File

@ -254,6 +254,16 @@ func (IDRange) SwaggerDoc() map[string]string {
return map_IDRange
}
var map_IPBlock = map[string]string{
"": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"cidr": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"",
"except": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range",
}
func (IPBlock) SwaggerDoc() map[string]string {
return map_IPBlock
}
var map_Ingress = map[string]string{
"": "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
@ -365,6 +375,7 @@ func (NetworkPolicyList) SwaggerDoc() map[string]string {
var map_NetworkPolicyPeer = map[string]string{
"podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.",
"namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
"ipBlock": "IPBlock defines policy on a particular IPBlock",
}
func (NetworkPolicyPeer) SwaggerDoc() map[string]string {

34
staging/src/k8s.io/api/extensions/v1beta1/zz_generated.deepcopy.go
View File

@ -127,6 +127,10 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
in.(*IDRange).DeepCopyInto(out.(*IDRange))
return nil
}, InType: reflect.TypeOf(&IDRange{})},
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
in.(*IPBlock).DeepCopyInto(out.(*IPBlock))
return nil
}, InType: reflect.TypeOf(&IPBlock{})},
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
in.(*Ingress).DeepCopyInto(out.(*Ingress))
return nil
@ -845,6 +849,27 @@ func (in *IDRange) DeepCopy() *IDRange {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPBlock) DeepCopyInto(out *IPBlock) {
*out = *in
if in.Except != nil {
in, out := &in.Except, &out.Except
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock.
func (in *IPBlock) DeepCopy() *IPBlock {
if in == nil {
return nil
}
out := new(IPBlock)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *Ingress) DeepCopyInto(out *Ingress) {
*out = *in
@ -1157,6 +1182,15 @@ func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer) {
(*in).DeepCopyInto(*out)
}
}
if in.IPBlock != nil {
in, out := &in.IPBlock, &out.IPBlock
if *in == nil {
*out = nil
} else {
*out = new(IPBlock)
(*in).DeepCopyInto(*out)
}
}
return
}

335
staging/src/k8s.io/api/networking/v1/generated.pb.go
View File

@ -25,6 +25,7 @@ limitations under the License.
k8s.io/kubernetes/vendor/k8s.io/api/networking/v1/generated.proto
It has these top-level messages:
IPBlock
NetworkPolicy
NetworkPolicyIngressRule
NetworkPolicyList
@ -60,33 +61,38 @@ var _ = math.Inf
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
func (m *IPBlock) Reset() { *m = IPBlock{} }
func (*IPBlock) ProtoMessage() {}
func (*IPBlock) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{0} }
func (m *NetworkPolicy) Reset() { *m = NetworkPolicy{} }
func (*NetworkPolicy) ProtoMessage() {}
func (*NetworkPolicy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{0} }
func (*NetworkPolicy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{1} }
func (m *NetworkPolicyIngressRule) Reset() { *m = NetworkPolicyIngressRule{} }
func (*NetworkPolicyIngressRule) ProtoMessage() {}
func (*NetworkPolicyIngressRule) Descriptor() ([]byte, []int) {
return fileDescriptorGenerated, []int{1}
return fileDescriptorGenerated, []int{2}
}
func (m *NetworkPolicyList) Reset() { *m = NetworkPolicyList{} }
func (*NetworkPolicyList) ProtoMessage() {}
func (*NetworkPolicyList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{2} }
func (*NetworkPolicyList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{3} }
func (m *NetworkPolicyPeer) Reset() { *m = NetworkPolicyPeer{} }
func (*NetworkPolicyPeer) ProtoMessage() {}
func (*NetworkPolicyPeer) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{3} }
func (*NetworkPolicyPeer) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{4} }
func (m *NetworkPolicyPort) Reset() { *m = NetworkPolicyPort{} }
func (*NetworkPolicyPort) ProtoMessage() {}
func (*NetworkPolicyPort) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{4} }
func (*NetworkPolicyPort) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{5} }
func (m *NetworkPolicySpec) Reset() { *m = NetworkPolicySpec{} }
func (*NetworkPolicySpec) ProtoMessage() {}
func (*NetworkPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{5} }
func (*NetworkPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{6} }
func init() {
proto.RegisterType((*IPBlock)(nil), "k8s.io.api.networking.v1.IPBlock")
proto.RegisterType((*NetworkPolicy)(nil), "k8s.io.api.networking.v1.NetworkPolicy")
proto.RegisterType((*NetworkPolicyIngressRule)(nil), "k8s.io.api.networking.v1.NetworkPolicyIngressRule")
proto.RegisterType((*NetworkPolicyList)(nil), "k8s.io.api.networking.v1.NetworkPolicyList")
@ -94,6 +100,43 @@ func init() {
proto.RegisterType((*NetworkPolicyPort)(nil), "k8s.io.api.networking.v1.NetworkPolicyPort")
proto.RegisterType((*NetworkPolicySpec)(nil), "k8s.io.api.networking.v1.NetworkPolicySpec")
}
func (m *IPBlock) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalTo(dAtA)
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *IPBlock) MarshalTo(dAtA []byte) (int, error) {
var i int
_ = i
var l int
_ = l
dAtA[i] = 0xa
i++
i = encodeVarintGenerated(dAtA, i, uint64(len(m.CIDR)))
i += copy(dAtA[i:], m.CIDR)
if len(m.Except) > 0 {
for _, s := range m.Except {
dAtA[i] = 0x12
i++
l = len(s)
for l >= 1<<7 {
dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
l >>= 7
i++
}
dAtA[i] = uint8(l)
i++
i += copy(dAtA[i:], s)
}
}
return i, nil
}
func (m *NetworkPolicy) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
@ -243,6 +286,16 @@ func (m *NetworkPolicyPeer) MarshalTo(dAtA []byte) (int, error) {
}
i += n5
}
if m.IPBlock != nil {
dAtA[i] = 0x1a
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.IPBlock.Size()))
n6, err := m.IPBlock.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n6
}
return i, nil
}
@ -271,11 +324,11 @@ func (m *NetworkPolicyPort) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0x12
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.Port.Size()))
n6, err := m.Port.MarshalTo(dAtA[i:])
n7, err := m.Port.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n6
i += n7
}
return i, nil
}
@ -298,11 +351,11 @@ func (m *NetworkPolicySpec) MarshalTo(dAtA []byte) (int, error) {
dAtA[i] = 0xa
i++
i = encodeVarintGenerated(dAtA, i, uint64(m.PodSelector.Size()))
n7, err := m.PodSelector.MarshalTo(dAtA[i:])
n8, err := m.PodSelector.MarshalTo(dAtA[i:])
if err != nil {
return 0, err
}
i += n7
i += n8
if len(m.Ingress) > 0 {
for _, msg := range m.Ingress {
dAtA[i] = 0x12
@ -345,6 +398,20 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
dAtA[offset] = uint8(v)
return offset + 1
}
func (m *IPBlock) Size() (n int) {
var l int
_ = l
l = len(m.CIDR)
n += 1 + l + sovGenerated(uint64(l))
if len(m.Except) > 0 {
for _, s := range m.Except {
l = len(s)
n += 1 + l + sovGenerated(uint64(l))
}
}
return n
}
func (m *NetworkPolicy) Size() (n int) {
var l int
_ = l
@ -398,6 +465,10 @@ func (m *NetworkPolicyPeer) Size() (n int) {
l = m.NamespaceSelector.Size()
n += 1 + l + sovGenerated(uint64(l))
}
if m.IPBlock != nil {
l = m.IPBlock.Size()
n += 1 + l + sovGenerated(uint64(l))
}
return n
}
@ -442,6 +513,17 @@ func sovGenerated(x uint64) (n int) {
func sozGenerated(x uint64) (n int) {
return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
}
func (this *IPBlock) String() string {
if this == nil {
return "nil"
}
s := strings.Join([]string{`&IPBlock{`,
`CIDR:` + fmt.Sprintf("%v", this.CIDR) + `,`,
`Except:` + fmt.Sprintf("%v", this.Except) + `,`,
`}`,
}, "")
return s
}
func (this *NetworkPolicy) String() string {
if this == nil {
return "nil"
@ -482,6 +564,7 @@ func (this *NetworkPolicyPeer) String() string {
s := strings.Join([]string{`&NetworkPolicyPeer{`,
`PodSelector:` + strings.Replace(fmt.Sprintf("%v", this.PodSelector), "LabelSelector", "k8s_io_apimachinery_pkg_apis_meta_v1.LabelSelector", 1) + `,`,
`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "k8s_io_apimachinery_pkg_apis_meta_v1.LabelSelector", 1) + `,`,
`IPBlock:` + strings.Replace(fmt.Sprintf("%v", this.IPBlock), "IPBlock", "IPBlock", 1) + `,`,
`}`,
}, "")
return s
@ -516,6 +599,114 @@ func valueToStringGenerated(v interface{}) string {
pv := reflect.Indirect(rv).Interface()
return fmt.Sprintf("*%v", pv)
}
func (m *IPBlock) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: IPBlock: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: IPBlock: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field CIDR", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.CIDR = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Except", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Except = append(m.Except, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthGenerated
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *NetworkPolicy) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
@ -944,6 +1135,39 @@ func (m *NetworkPolicyPeer) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field IPBlock", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGenerated
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthGenerated
}
postIndex := iNdEx + msglen
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.IPBlock == nil {
m.IPBlock = &IPBlock{}
}
if err := m.IPBlock.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@ -1299,47 +1523,52 @@ func init() {
}
var fileDescriptorGenerated = []byte{
// 670 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0x4d, 0x4f, 0xdb, 0x4a,
0x14, 0x8d, 0xf3, 0x40, 0xe4, 0x0d, 0x0f, 0xf1, 0xf0, 0xd3, 0x93, 0x22, 0x2a, 0x39, 0xc8, 0x9b,
0x52, 0x21, 0x66, 0x1a, 0xa8, 0xaa, 0x6e, 0xeb, 0x45, 0x2b, 0x24, 0x3e, 0x22, 0xb3, 0xab, 0x5a,
0xa9, 0x13, 0xe7, 0x62, 0x86, 0xc4, 0x33, 0xd6, 0xcc, 0x24, 0x85, 0x5d, 0x7f, 0x42, 0x7f, 0x48,
0xff, 0x41, 0x17, 0xed, 0x92, 0x25, 0x4b, 0x56, 0x51, 0x71, 0x7f, 0x43, 0x37, 0x5d, 0x55, 0x63,
0x3b, 0x71, 0x88, 0x89, 0x1a, 0xaa, 0xee, 0x98, 0xeb, 0x73, 0xce, 0xbd, 0x87, 0x73, 0x6f, 0xd0,
0xf3, 0xee, 0x33, 0x85, 0x99, 0x20, 0xdd, 0x7e, 0x1b, 0x24, 0x07, 0x0d, 0x8a, 0x0c, 0x80, 0x77,
0x84, 0x24, 0xf9, 0x07, 0x1a, 0x33, 0xc2, 0x41, 0xbf, 0x13, 0xb2, 0xcb, 0x78, 0x48, 0x06, 0x4d,
0x12, 0x02, 0x07, 0x49, 0x35, 0x74, 0x70, 0x2c, 0x85, 0x16, 0x76, 0x3d, 0x43, 0x62, 0x1a, 0x33,
0x5c, 0x20, 0xf1, 0xa0, 0xb9, 0xbe, 0x1d, 0x32, 0x7d, 0xda, 0x6f, 0xe3, 0x40, 0x44, 0x24, 0x14,
0xa1, 0x20, 0x29, 0xa1, 0xdd, 0x3f, 0x49, 0x5f, 0xe9, 0x23, 0xfd, 0x2b, 0x13, 0x5a, 0x77, 0x27,
0x5a, 0x06, 0x42, 0xc2, 0x1d, 0xcd, 0xd6, 0xb7, 0x27, 0x30, 0x70, 0xae, 0x81, 0x2b, 0x26, 0xb8,
0x22, 0x83, 0x66, 0x1b, 0x34, 0x2d, 0xc3, 0x1f, 0x4d, 0xc0, 0x63, 0xd1, 0x63, 0xc1, 0xc5, 0x4c,
0xe8, 0x93, 0x02, 0x1a, 0xd1, 0xe0, 0x94, 0x71, 0x90, 0x17, 0x24, 0xee, 0x86, 0xa6, 0xa0, 0x48,
0x04, 0x9a, 0xde, 0x35, 0x0f, 0x99, 0xc5, 0x92, 0x7d, 0xae, 0x59, 0x04, 0x25, 0xc2, 0xd3, 0x5f,
0x11, 0x54, 0x70, 0x0a, 0x11, 0x2d, 0xf1, 0x76, 0x67, 0xf1, 0xfa, 0x9a, 0xf5, 0x08, 0xe3, 0x5a,
0x69, 0x39, 0x4d, 0x72, 0xbf, 0x58, 0x68, 0xe5, 0x30, 0x8b, 0xa4, 0x95, 0xba, 0xb7, 0xdf, 0xa2,
0x9a, 0xb1, 0xd2, 0xa1, 0x9a, 0xd6, 0xad, 0x0d, 0x6b, 0x73, 0x79, 0xe7, 0x31, 0x2e, 0xf2, 0x1b,
0x2b, 0xe3, 0xb8, 0x1b, 0x9a, 0x82, 0xc2, 0x06, 0x8d, 0x07, 0x4d, 0x7c, 0xd4, 0x3e, 0x83, 0x40,
0x1f, 0x80, 0xa6, 0x9e, 0x7d, 0x39, 0x6c, 0x54, 0x92, 0x61, 0x03, 0x15, 0x35, 0x7f, 0xac, 0x6a,
0x1f, 0xa0, 0x05, 0x15, 0x43, 0x50, 0xaf, 0xa6, 0xea, 0x5b, 0x78, 0xd6, 0x76, 0xe0, 0x5b, 0x83,
0x1d, 0xc7, 0x10, 0x78, 0xff, 0xe4, 0xc2, 0x0b, 0xe6, 0xe5, 0xa7, 0x32, 0xee, 0x27, 0x0b, 0xd5,
0x6f, 0x21, 0xf7, 0x78, 0x28, 0x41, 0x29, 0xbf, 0xdf, 0x03, 0xbb, 0x85, 0x16, 0x63, 0x21, 0xb5,
0xaa, 0x5b, 0x1b, 0x7f, 0xdd, 0xa3, 0x59, 0x4b, 0x48, 0xed, 0xad, 0xe4, 0xcd, 0x16, 0xcd, 0x4b,
0xf9, 0x99, 0x90, 0x99, 0xfe, 0x44, 0x8a, 0xa8, 0x5e, 0xbd, 0x9f, 0x20, 0x80, 0x2c, 0xa6, 0x7f,
0x21, 0x45, 0xe4, 0xa7, 0x32, 0xee, 0x67, 0x0b, 0xad, 0xdd, 0x42, 0xee, 0x33, 0xa5, 0xed, 0xd7,
0xa5, 0x10, 0xf0, 0x7c, 0x21, 0x18, 0x76, 0x1a, 0xc1, 0xbf, 0x79, 0xaf, 0xda, 0xa8, 0x32, 0x11,
0xc0, 0x3e, 0x5a, 0x64, 0x1a, 0x22, 0x95, 0x7b, 0x78, 0x38, 0xa7, 0x87, 0xe2, 0x1f, 0xb2, 0x67,
0xd8, 0x7e, 0x26, 0xe2, 0x7e, 0x9f, 0x76, 0x60, 0xbc, 0xda, 0x27, 0x68, 0x39, 0x16, 0x9d, 0x63,
0xe8, 0x41, 0xa0, 0x85, 0xcc, 0x4d, 0xec, 0xce, 0x69, 0x82, 0xb6, 0xa1, 0x37, 0xa2, 0x7a, 0xab,
0xc9, 0xb0, 0xb1, 0xdc, 0x2a, 0xb4, 0xfc, 0x49, 0x61, 0xfb, 0x1c, 0xad, 0x71, 0x1a, 0x81, 0x8a,
0x69, 0x00, 0xe3, 0x6e, 0xd5, 0xdf, 0xef, 0xf6, 0x7f, 0x32, 0x6c, 0xac, 0x1d, 0x4e, 0x2b, 0xfa,
0xe5, 0x26, 0xee, 0xc7, 0x92, 0x6f, 0x21, 0xb5, 0xfd, 0x12, 0xd5, 0xd2, 0xcb, 0x0a, 0x44, 0x2f,
0x35, 0xfd, 0xb7, 0xb7, 0x65, 0x52, 0x68, 0xe5, 0xb5, 0x1f, 0xc3, 0xc6, 0x83, 0xf2, 0x8f, 0x18,
0x1e, 0x7d, 0xf6, 0xc7, 0x64, 0xfb, 0x10, 0x2d, 0x98, 0x85, 0xcb, 0xbd, 0xcc, 0xbe, 0x41, 0x73,
0xdd, 0x38, 0xbb, 0x6e, 0xbc, 0xc7, 0xf5, 0x91, 0x3c, 0xd6, 0x92, 0xf1, 0xd0, 0xab, 0x99, 0x45,
0x33, 0x23, 0xf9, 0xa9, 0x8e, 0x3b, 0x9c, 0x1e, 0xd7, 0x9c, 0x90, 0x7d, 0xf6, 0xc7, 0x62, 0xfa,
0x2f, 0x5f, 0x8e, 0xd9, 0x51, 0xbd, 0x41, 0x4b, 0x2c, 0x3b, 0xcd, 0x7c, 0xf1, 0x76, 0xe6, 0x5c,
0xbc, 0x89, 0x83, 0xf6, 0x56, 0xf3, 0x36, 0x4b, 0xa3, 0xe2, 0x48, 0xd3, 0xdb, 0xbc, 0xbc, 0x71,
0x2a, 0x57, 0x37, 0x4e, 0xe5, 0xfa, 0xc6, 0xa9, 0xbc, 0x4f, 0x1c, 0xeb, 0x32, 0x71, 0xac, 0xab,
0xc4, 0xb1, 0xae, 0x13, 0xc7, 0xfa, 0x9a, 0x38, 0xd6, 0x87, 0x6f, 0x4e, 0xe5, 0x55, 0x75, 0xd0,
0xfc, 0x19, 0x00, 0x00, 0xff, 0xff, 0x75, 0x6b, 0xae, 0xb3, 0xd3, 0x06, 0x00, 0x00,
// 745 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0xcd, 0x4e, 0xdb, 0x4a,
0x14, 0x8e, 0x43, 0x20, 0x61, 0x72, 0x11, 0x17, 0x5f, 0x5d, 0x29, 0xa2, 0x92, 0x93, 0x7a, 0x53,
0x2a, 0xc4, 0xb8, 0x81, 0xaa, 0xea, 0xb6, 0xee, 0x6f, 0x24, 0x7e, 0x22, 0xb3, 0xab, 0x5a, 0xa9,
0x8e, 0x73, 0x30, 0x43, 0x62, 0x8f, 0x35, 0x33, 0x49, 0x61, 0xd7, 0x47, 0xe8, 0x83, 0xf4, 0x0d,
0xba, 0xa0, 0x4b, 0x96, 0x2c, 0x59, 0x59, 0xc5, 0x7d, 0x8b, 0xae, 0xaa, 0x99, 0x38, 0x71, 0x48,
0x88, 0x1a, 0xaa, 0xee, 0x66, 0xce, 0x9c, 0xef, 0xfb, 0xce, 0xef, 0xa0, 0x67, 0x9d, 0xa7, 0x1c,
0x13, 0x6a, 0x75, 0x7a, 0x2d, 0x60, 0x21, 0x08, 0xe0, 0x56, 0x1f, 0xc2, 0x36, 0x65, 0x56, 0xfa,
0xe0, 0x46, 0xc4, 0x0a, 0x41, 0x7c, 0xa4, 0xac, 0x43, 0x42, 0xdf, 0xea, 0xd7, 0x2d, 0x1f, 0x42,
0x60, 0xae, 0x80, 0x36, 0x8e, 0x18, 0x15, 0x54, 0xaf, 0x0c, 0x3c, 0xb1, 0x1b, 0x11, 0x9c, 0x79,
0xe2, 0x7e, 0x7d, 0x7d, 0xcb, 0x27, 0xe2, 0xb8, 0xd7, 0xc2, 0x1e, 0x0d, 0x2c, 0x9f, 0xfa, 0xd4,
0x52, 0x80, 0x56, 0xef, 0x48, 0xdd, 0xd4, 0x45, 0x9d, 0x06, 0x44, 0xeb, 0xe6, 0x98, 0xa4, 0x47,
0x19, 0xdc, 0x22, 0xb6, 0xbe, 0x35, 0xe6, 0x03, 0xa7, 0x02, 0x42, 0x4e, 0x68, 0xc8, 0xad, 0x7e,
0xbd, 0x05, 0xc2, 0x9d, 0x76, 0x7f, 0x38, 0xe6, 0x1e, 0xd1, 0x2e, 0xf1, 0xce, 0x66, 0xba, 0x3e,
0xce, 0x5c, 0x03, 0xd7, 0x3b, 0x26, 0x21, 0xb0, 0x33, 0x2b, 0xea, 0xf8, 0xd2, 0xc0, 0xad, 0x00,
0x84, 0x7b, 0x5b, 0x3c, 0xd6, 0x2c, 0x14, 0xeb, 0x85, 0x82, 0x04, 0x30, 0x05, 0x78, 0xf2, 0x3b,
0x00, 0xf7, 0x8e, 0x21, 0x70, 0xa7, 0x70, 0x3b, 0xb3, 0x70, 0x3d, 0x41, 0xba, 0x16, 0x09, 0x05,
0x17, 0x6c, 0x12, 0x64, 0x1e, 0xa0, 0x62, 0xa3, 0x69, 0x77, 0xa9, 0xd7, 0xd1, 0x6b, 0xa8, 0xe0,
0x91, 0x36, 0xab, 0x68, 0x35, 0x6d, 0x63, 0xd9, 0xfe, 0xe7, 0x22, 0xae, 0xe6, 0x92, 0xb8, 0x5a,
0x78, 0xde, 0x78, 0xe1, 0x38, 0xea, 0x45, 0x37, 0xd1, 0x12, 0x9c, 0x7a, 0x10, 0x89, 0x4a, 0xbe,
0xb6, 0xb0, 0xb1, 0x6c, 0xa3, 0x24, 0xae, 0x2e, 0xbd, 0x54, 0x16, 0x27, 0x7d, 0x31, 0xbf, 0x69,
0x68, 0x65, 0x7f, 0xd0, 0xe3, 0xa6, 0x2a, 0xa7, 0xfe, 0x01, 0x95, 0x64, 0x6d, 0xda, 0xae, 0x70,
0x15, 0x77, 0x79, 0xfb, 0x11, 0xce, 0x06, 0x62, 0x14, 0x2a, 0x8e, 0x3a, 0xbe, 0x34, 0x70, 0x2c,
0xbd, 0x71, 0xbf, 0x8e, 0x0f, 0x5a, 0x27, 0xe0, 0x89, 0x3d, 0x10, 0xae, 0xad, 0xa7, 0xd1, 0xa0,
0xcc, 0xe6, 0x8c, 0x58, 0xf5, 0x3d, 0x54, 0xe0, 0x11, 0x78, 0x95, 0xbc, 0x62, 0xdf, 0xc4, 0xb3,
0xc6, 0x0d, 0xdf, 0x08, 0xec, 0x30, 0x02, 0x2f, 0x4b, 0x53, 0xde, 0x1c, 0x45, 0x63, 0x7e, 0xd5,
0x50, 0xe5, 0x86, 0x67, 0x23, 0xf4, 0x19, 0x70, 0xee, 0xf4, 0xba, 0xa0, 0x37, 0xd1, 0x62, 0x44,
0x99, 0xe0, 0x15, 0xad, 0xb6, 0x70, 0x07, 0xb1, 0x26, 0x65, 0xc2, 0x5e, 0x49, 0xc5, 0x16, 0xe5,
0x8d, 0x3b, 0x03, 0x22, 0x19, 0xfd, 0x11, 0xa3, 0x81, 0xaa, 0xe9, 0x1d, 0x08, 0x01, 0x58, 0x16,
0xfd, 0x2b, 0x46, 0x03, 0x47, 0xd1, 0x98, 0xe7, 0x1a, 0x5a, 0xbb, 0xe1, 0xb9, 0x4b, 0xb8, 0xd0,
0xdf, 0x4d, 0x35, 0x01, 0xcf, 0xd7, 0x04, 0x89, 0x56, 0x2d, 0xf8, 0x37, 0xd5, 0x2a, 0x0d, 0x2d,
0x63, 0x0d, 0xd8, 0x45, 0x8b, 0x44, 0x40, 0xc0, 0xd3, 0x1c, 0x1e, 0xcc, 0x99, 0x43, 0x56, 0x90,
0x86, 0x44, 0x3b, 0x03, 0x12, 0xf3, 0x3c, 0x3f, 0x91, 0x81, 0xcc, 0x55, 0x3f, 0x42, 0xe5, 0x88,
0xb6, 0x0f, 0xa1, 0x0b, 0x9e, 0xa0, 0x2c, 0x4d, 0x62, 0x67, 0xce, 0x24, 0xdc, 0x16, 0x74, 0x87,
0x50, 0x7b, 0x35, 0x89, 0xab, 0xe5, 0x66, 0xc6, 0xe5, 0x8c, 0x13, 0xeb, 0xa7, 0x68, 0x2d, 0x74,
0x03, 0xe0, 0x91, 0xeb, 0xc1, 0x48, 0x2d, 0xff, 0xe7, 0x6a, 0xff, 0x27, 0x71, 0x75, 0x6d, 0x7f,
0x92, 0xd1, 0x99, 0x16, 0xd1, 0xdf, 0xa0, 0x22, 0x89, 0xd4, 0x2e, 0x56, 0x16, 0x94, 0xde, 0xfd,
0xd9, 0x75, 0x4c, 0x97, 0xd6, 0x2e, 0x27, 0x71, 0x75, 0xb8, 0xc1, 0xce, 0x10, 0x6e, 0x7e, 0x99,
0x9c, 0x01, 0x39, 0x70, 0xfa, 0x6b, 0x54, 0x52, 0x4b, 0xef, 0xd1, 0x6e, 0xba, 0xe4, 0x9b, 0xb2,
0x9f, 0xcd, 0xd4, 0xf6, 0x33, 0xae, 0xde, 0x9b, 0xfe, 0x5f, 0xf1, 0xf0, 0xd9, 0x19, 0x81, 0xf5,
0x7d, 0x54, 0x90, 0xa3, 0x9b, 0x56, 0x65, 0xf6, 0x36, 0xcb, 0x8f, 0x07, 0x0f, 0x3e, 0x1e, 0xdc,
0x08, 0xc5, 0x01, 0x3b, 0x14, 0x8c, 0x84, 0xbe, 0x5d, 0x92, 0x23, 0x2b, 0x43, 0x72, 0x14, 0x8f,
0x19, 0x4f, 0x86, 0x2b, 0x97, 0x51, 0x3f, 0xf9, 0x6b, 0x0d, 0xff, 0x2f, 0x1d, 0xb3, 0xd9, 0x4d,
0x7f, 0x8f, 0x8a, 0x64, 0xb0, 0xe4, 0xe9, 0x08, 0x6f, 0xcf, 0x39, 0xc2, 0x63, 0x5f, 0x83, 0xbd,
0x9a, 0xca, 0x14, 0x87, 0xc6, 0x21, 0xa7, 0xbd, 0x71, 0x71, 0x6d, 0xe4, 0x2e, 0xaf, 0x8d, 0xdc,
0xd5, 0xb5, 0x91, 0xfb, 0x94, 0x18, 0xda, 0x45, 0x62, 0x68, 0x97, 0x89, 0xa1, 0x5d, 0x25, 0x86,
0xf6, 0x3d, 0x31, 0xb4, 0xcf, 0x3f, 0x8c, 0xdc, 0xdb, 0x7c, 0xbf, 0xfe, 0x2b, 0x00, 0x00, 0xff,
0xff, 0x3b, 0x3f, 0x8c, 0x26, 0x6e, 0x07, 0x00, 0x00,
}

19
staging/src/k8s.io/api/networking/v1/generated.proto
View File

@ -32,6 +32,21 @@ import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
// Package-wide variables from generator "generated".
option go_package = "v1";
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
// not be included within this rule.
message IPBlock {
// CIDR is a string representing the IP Block
// Valid examples are "192.168.1.1/24"
optional string cidr = 1;
// Except is a slice of CIDRs that should not be included within an IP Block
// Valid examples are "192.168.1.1/24"
// Except values will be rejected if they are outside the CIDR range
// +optional
repeated string except = 2;
}
// NetworkPolicy describes what network traffic is allowed for a set of Pods
message NetworkPolicy {
// Standard object's metadata.
@ -89,6 +104,10 @@ message NetworkPolicyPeer {
// selector semantics. If present but empty, this selector selects all namespaces.
// +optional
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
// IPBlock defines policy on a particular IPBlock
// +optional
optional IPBlock ipBlock = 3;
}
// NetworkPolicyPort describes a port to allow traffic on

356
staging/src/k8s.io/api/networking/v1/types.generated.go
View File

@ -1196,7 +1196,7 @@ func (x *NetworkPolicyPort) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
}
func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
func (x *IPBlock) CodecEncodeSelf(e *codec1978.Encoder) {
var h codecSelfer1234
z, r := codec1978.GenHelperEncoder(e)
_, _, _ = h, z, r
@ -1213,11 +1213,254 @@ func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
var yyq2 [2]bool
_, _, _ = yysep2, yyq2, yy2arr2
const yyr2 bool = false
yyq2[0] = x.PodSelector != nil
yyq2[1] = x.NamespaceSelector != nil
yyq2[1] = len(x.Except) != 0
var yynn2 int
if yyr2 || yy2arr2 {
r.EncodeArrayStart(2)
} else {
yynn2 = 1
for _, b := range yyq2 {
if b {
yynn2++
}
}
r.EncodeMapStart(yynn2)
yynn2 = 0
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
yym4 := z.EncBinary()
_ = yym4
if false {
} else {
r.EncodeString(codecSelferC_UTF81234, string(x.CIDR))
}
} else {
z.EncSendContainerState(codecSelfer_containerMapKey1234)
r.EncodeString(codecSelferC_UTF81234, string("cidr"))
z.EncSendContainerState(codecSelfer_containerMapValue1234)
yym5 := z.EncBinary()
_ = yym5
if false {
} else {
r.EncodeString(codecSelferC_UTF81234, string(x.CIDR))
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
if yyq2[1] {
if x.Except == nil {
r.EncodeNil()
} else {
yym7 := z.EncBinary()
_ = yym7
if false {
} else {
z.F.EncSliceStringV(x.Except, false, e)
}
}
} else {
r.EncodeNil()
}
} else {
if yyq2[1] {
z.EncSendContainerState(codecSelfer_containerMapKey1234)
r.EncodeString(codecSelferC_UTF81234, string("except"))
z.EncSendContainerState(codecSelfer_containerMapValue1234)
if x.Except == nil {
r.EncodeNil()
} else {
yym8 := z.EncBinary()
_ = yym8
if false {
} else {
z.F.EncSliceStringV(x.Except, false, e)
}
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
} else {
z.EncSendContainerState(codecSelfer_containerMapEnd1234)
}
}
}
}
func (x *IPBlock) CodecDecodeSelf(d *codec1978.Decoder) {
var h codecSelfer1234
z, r := codec1978.GenHelperDecoder(d)
_, _, _ = h, z, r
yym1 := z.DecBinary()
_ = yym1
if false {
} else if z.HasExtensions() && z.DecExt(x) {
} else {
yyct2 := r.ContainerType()
if yyct2 == codecSelferValueTypeMap1234 {
yyl2 := r.ReadMapStart()
if yyl2 == 0 {
z.DecSendContainerState(codecSelfer_containerMapEnd1234)
} else {
x.codecDecodeSelfFromMap(yyl2, d)
}
} else if yyct2 == codecSelferValueTypeArray1234 {
yyl2 := r.ReadArrayStart()
if yyl2 == 0 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
} else {
x.codecDecodeSelfFromArray(yyl2, d)
}
} else {
panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234)
}
}
}
func (x *IPBlock) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
var h codecSelfer1234
z, r := codec1978.GenHelperDecoder(d)
_, _, _ = h, z, r
var yys3Slc = z.DecScratchBuffer() // default slice to decode into
_ = yys3Slc
var yyhl3 bool = l >= 0
for yyj3 := 0; ; yyj3++ {
if yyhl3 {
if yyj3 >= l {
break
}
} else {
if r.CheckBreak() {
break
}
}
z.DecSendContainerState(codecSelfer_containerMapKey1234)
yys3Slc = r.DecodeBytes(yys3Slc, true, true)
yys3 := string(yys3Slc)
z.DecSendContainerState(codecSelfer_containerMapValue1234)
switch yys3 {
case "cidr":
if r.TryDecodeAsNil() {
x.CIDR = ""
} else {
yyv4 := &x.CIDR
yym5 := z.DecBinary()
_ = yym5
if false {
} else {
*((*string)(yyv4)) = r.DecodeString()
}
}
case "except":
if r.TryDecodeAsNil() {
x.Except = nil
} else {
yyv6 := &x.Except
yym7 := z.DecBinary()
_ = yym7
if false {
} else {
z.F.DecSliceStringX(yyv6, false, d)
}
}
default:
z.DecStructFieldNotFound(-1, yys3)
} // end switch yys3
} // end for yyj3
z.DecSendContainerState(codecSelfer_containerMapEnd1234)
}
func (x *IPBlock) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
var h codecSelfer1234
z, r := codec1978.GenHelperDecoder(d)
_, _, _ = h, z, r
var yyj8 int
var yyb8 bool
var yyhl8 bool = l >= 0
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
} else {
yyb8 = r.CheckBreak()
}
if yyb8 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
if r.TryDecodeAsNil() {
x.CIDR = ""
} else {
yyv9 := &x.CIDR
yym10 := z.DecBinary()
_ = yym10
if false {
} else {
*((*string)(yyv9)) = r.DecodeString()
}
}
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
} else {
yyb8 = r.CheckBreak()
}
if yyb8 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
if r.TryDecodeAsNil() {
x.Except = nil
} else {
yyv11 := &x.Except
yym12 := z.DecBinary()
_ = yym12
if false {
} else {
z.F.DecSliceStringX(yyv11, false, d)
}
}
for {
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
} else {
yyb8 = r.CheckBreak()
}
if yyb8 {
break
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
z.DecStructFieldNotFound(yyj8-1, "")
}
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
}
func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
var h codecSelfer1234
z, r := codec1978.GenHelperEncoder(e)
_, _, _ = h, z, r
if x == nil {
r.EncodeNil()
} else {
yym1 := z.EncBinary()
_ = yym1
if false {
} else if z.HasExtensions() && z.EncExt(x) {
} else {
yysep2 := !z.EncBinary()
yy2arr2 := z.EncBasicHandle().StructToArray
var yyq2 [3]bool
_, _, _ = yysep2, yyq2, yy2arr2
const yyr2 bool = false
yyq2[0] = x.PodSelector != nil
yyq2[1] = x.NamespaceSelector != nil
yyq2[2] = x.IPBlock != nil
var yynn2 int
if yyr2 || yy2arr2 {
r.EncodeArrayStart(3)
} else {
yynn2 = 0
for _, b := range yyq2 {
@ -1298,6 +1541,29 @@ func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
if yyq2[2] {
if x.IPBlock == nil {
r.EncodeNil()
} else {
x.IPBlock.CodecEncodeSelf(e)
}
} else {
r.EncodeNil()
}
} else {
if yyq2[2] {
z.EncSendContainerState(codecSelfer_containerMapKey1234)
r.EncodeString(codecSelferC_UTF81234, string("ipBlock"))
z.EncSendContainerState(codecSelfer_containerMapValue1234)
if x.IPBlock == nil {
r.EncodeNil()
} else {
x.IPBlock.CodecEncodeSelf(e)
}
}
}
if yyr2 || yy2arr2 {
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
} else {
@ -1393,6 +1659,17 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromMap(l int, d *codec1978.Decoder)
z.DecFallback(x.NamespaceSelector, false)
}
}
case "ipBlock":
if r.TryDecodeAsNil() {
if x.IPBlock != nil {
x.IPBlock = nil
}
} else {
if x.IPBlock == nil {
x.IPBlock = new(IPBlock)
}
x.IPBlock.CodecDecodeSelf(d)
}
default:
z.DecStructFieldNotFound(-1, yys3)
} // end switch yys3
@ -1404,16 +1681,16 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
var h codecSelfer1234
z, r := codec1978.GenHelperDecoder(d)
_, _, _ = h, z, r
var yyj8 int
var yyb8 bool
var yyhl8 bool = l >= 0
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
var yyj9 int
var yyb9 bool
var yyhl9 bool = l >= 0
yyj9++
if yyhl9 {
yyb9 = yyj9 > l
} else {
yyb8 = r.CheckBreak()
yyb9 = r.CheckBreak()
}
if yyb8 {
if yyb9 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@ -1426,21 +1703,21 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
if x.PodSelector == nil {
x.PodSelector = new(pkg1_v1.LabelSelector)
}
yym10 := z.DecBinary()
_ = yym10
yym11 := z.DecBinary()
_ = yym11
if false {
} else if z.HasExtensions() && z.DecExt(x.PodSelector) {
} else {
z.DecFallback(x.PodSelector, false)
}
}
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
yyj9++
if yyhl9 {
yyb9 = yyj9 > l
} else {
yyb8 = r.CheckBreak()
yyb9 = r.CheckBreak()
}
if yyb8 {
if yyb9 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
@ -1453,26 +1730,47 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
if x.NamespaceSelector == nil {
x.NamespaceSelector = new(pkg1_v1.LabelSelector)
}
yym12 := z.DecBinary()
_ = yym12
yym13 := z.DecBinary()
_ = yym13
if false {
} else if z.HasExtensions() && z.DecExt(x.NamespaceSelector) {
} else {
z.DecFallback(x.NamespaceSelector, false)
}
}
for {
yyj8++
if yyhl8 {
yyb8 = yyj8 > l
} else {
yyb8 = r.CheckBreak()
yyj9++
if yyhl9 {
yyb9 = yyj9 > l
} else {
yyb9 = r.CheckBreak()
}
if yyb9 {
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
return
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
if r.TryDecodeAsNil() {
if x.IPBlock != nil {
x.IPBlock = nil
}
if yyb8 {
} else {
if x.IPBlock == nil {
x.IPBlock = new(IPBlock)
}
x.IPBlock.CodecDecodeSelf(d)
}
for {
yyj9++
if yyhl9 {
yyb9 = yyj9 > l
} else {
yyb9 = r.CheckBreak()
}
if yyb9 {
break
}
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
z.DecStructFieldNotFound(yyj8-1, "")
z.DecStructFieldNotFound(yyj9-1, "")
}
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
}
@ -2122,7 +2420,7 @@ func (x codecSelfer1234) decSliceNetworkPolicyPeer(v *[]NetworkPolicyPeer, d *co
yyrg1 := len(yyv1) > 0
yyv21 := yyv1
yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 16)
yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 24)
if yyrt1 {
if yyrl1 <= cap(yyv1) {
yyv1 = yyv1[:yyrl1]

18
staging/src/k8s.io/api/networking/v1/types.go
View File

@ -92,6 +92,20 @@ type NetworkPolicyPort struct {
Port *intstr.IntOrString `json:"port,omitempty" protobuf:"bytes,2,opt,name=port"`
}
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
// not be included within this rule.
type IPBlock struct {
// CIDR is a string representing the IP Block
// Valid examples are "192.168.1.1/24"
CIDR string `json:"cidr" protobuf:"bytes,1,name=cidr"`
// Except is a slice of CIDRs that should not be included within an IP Block
// Valid examples are "192.168.1.1/24"
// Except values will be rejected if they are outside the CIDR range
// +optional
Except []string `json:"except,omitempty" protobuf:"bytes,2,rep,name=except"`
}
// NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields
// must be specified.
type NetworkPolicyPeer struct {
@ -106,6 +120,10 @@ type NetworkPolicyPeer struct {
// selector semantics. If present but empty, this selector selects all namespaces.
// +optional
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"`
// IPBlock defines policy on a particular IPBlock
// +optional
IPBlock *IPBlock `json:"ipBlock,omitempty" protobuf:"bytes,3,rep,name=ipBlock"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

11
staging/src/k8s.io/api/networking/v1/types_swagger_doc_generated.go
View File

@ -27,6 +27,16 @@ package v1
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
// AUTO-GENERATED FUNCTIONS START HERE
var map_IPBlock = map[string]string{
"": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
"cidr": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"",
"except": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range",
}
func (IPBlock) SwaggerDoc() map[string]string {
return map_IPBlock
}
var map_NetworkPolicy = map[string]string{
"": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
@ -61,6 +71,7 @@ var map_NetworkPolicyPeer = map[string]string{
"": "NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields must be specified.",
"podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.",
"namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
"ipBlock": "IPBlock defines policy on a particular IPBlock",
}
func (NetworkPolicyPeer) SwaggerDoc() map[string]string {

34
staging/src/k8s.io/api/networking/v1/zz_generated.deepcopy.go
View File

@ -39,6 +39,10 @@ func init() {
// Deprecated: deepcopy registration will go away when static deepcopy is fully implemented.
func RegisterDeepCopies(scheme *runtime.Scheme) error {
return scheme.AddGeneratedDeepCopyFuncs(
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
in.(*IPBlock).DeepCopyInto(out.(*IPBlock))
return nil
}, InType: reflect.TypeOf(&IPBlock{})},
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
in.(*NetworkPolicy).DeepCopyInto(out.(*NetworkPolicy))
return nil
@ -66,6 +70,27 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
)
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IPBlock) DeepCopyInto(out *IPBlock) {
*out = *in
if in.Except != nil {
in, out := &in.Except, &out.Except
*out = make([]string, len(*in))
copy(*out, *in)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock.
func (in *IPBlock) DeepCopy() *IPBlock {
if in == nil {
return nil
}
out := new(IPBlock)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) {
*out = *in
@ -179,6 +204,15 @@ func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer) {
(*in).DeepCopyInto(*out)
}
}
if in.IPBlock != nil {
in, out := &in.IPBlock, &out.IPBlock
if *in == nil {
*out = nil
} else {
*out = new(IPBlock)
(*in).DeepCopyInto(*out)
}
}
return
}