From 64e017b6424d53198011f4cba01d2dbd564251f0 Mon Sep 17 00:00:00 2001 From: qiuwenqi Date: Fri, 7 May 2021 02:39:09 +0800 Subject: [PATCH] Improve Antrea-native Policy CRD schema verification (#2125) * Add namespaceSelector/podSelector validations in all CRD schema Improve Antrea-native Policy CRD schema verification * update the generate manifest YAMLs * add e2e test cases in antrea policy verify invalid labelSelector; * formalize e2e test case path of testInvalidACNPPodSelector; * verify e2e test; --- .gitignore | 1 + build/yamls/antrea-aks.yml | 1052 +++++++++++++++++++++++++++++++-- build/yamls/antrea-eks.yml | 1052 +++++++++++++++++++++++++++++++-- build/yamls/antrea-gke.yml | 1052 +++++++++++++++++++++++++++++++-- build/yamls/antrea-ipsec.yml | 1052 +++++++++++++++++++++++++++++++-- build/yamls/antrea.yml | 1052 +++++++++++++++++++++++++++++++-- build/yamls/base/crds.yml | 1052 +++++++++++++++++++++++++++++++-- test/e2e/antreapolicy_test.go | 31 + 8 files changed, 6068 insertions(+), 276 deletions(-) diff --git a/.gitignore b/.gitignore index d86503cd8f1..e0b41045e2a 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ bin .idea/ .vscode/ +vendor diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index f48640932ab..d88b483202a 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -119,7 +119,28 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -135,9 +156,51 @@ spec: type: object type: array namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object serviceReference: properties: name: @@ -191,7 +254,28 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -207,9 +291,51 @@ spec: type: object type: array namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object serviceReference: properties: name: @@ -289,9 +415,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array egress: @@ -309,9 +477,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -341,9 +551,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -365,9 +617,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -384,9 +678,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -484,9 +820,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array egress: @@ -504,9 +882,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -536,9 +956,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -560,9 +1022,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -579,9 +1083,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -661,9 +1207,51 @@ spec: appliedTo: properties: namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object egressIP: oneOf: @@ -845,8 +1433,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array egress: @@ -862,8 +1470,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -885,7 +1513,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -893,9 +1542,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -915,8 +1606,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -925,7 +1636,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -933,9 +1665,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -1031,8 +1805,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array egress: @@ -1048,8 +1842,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -1071,7 +1885,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -1079,9 +1914,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -1101,8 +1978,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -1111,7 +2008,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -1119,9 +2037,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 0215f74f9f6..a4f3ad1c1e6 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -119,7 +119,28 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -135,9 +156,51 @@ spec: type: object type: array namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object serviceReference: properties: name: @@ -191,7 +254,28 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -207,9 +291,51 @@ spec: type: object type: array namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object serviceReference: properties: name: @@ -289,9 +415,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array egress: @@ -309,9 +477,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -341,9 +551,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -365,9 +617,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -384,9 +678,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -484,9 +820,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array egress: @@ -504,9 +882,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -536,9 +956,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -560,9 +1022,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -579,9 +1083,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -661,9 +1207,51 @@ spec: appliedTo: properties: namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object egressIP: oneOf: @@ -845,8 +1433,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array egress: @@ -862,8 +1470,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -885,7 +1513,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -893,9 +1542,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -915,8 +1606,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -925,7 +1636,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -933,9 +1665,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -1031,8 +1805,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array egress: @@ -1048,8 +1842,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -1071,7 +1885,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -1079,9 +1914,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -1101,8 +1978,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -1111,7 +2008,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -1119,9 +2037,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 3af0cb8a773..c42c3256f45 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -119,7 +119,28 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -135,9 +156,51 @@ spec: type: object type: array namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object serviceReference: properties: name: @@ -191,7 +254,28 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -207,9 +291,51 @@ spec: type: object type: array namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object serviceReference: properties: name: @@ -289,9 +415,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array egress: @@ -309,9 +477,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -341,9 +551,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -365,9 +617,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -384,9 +678,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -484,9 +820,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array egress: @@ -504,9 +882,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -536,9 +956,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -560,9 +1022,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -579,9 +1083,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -661,9 +1207,51 @@ spec: appliedTo: properties: namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object egressIP: oneOf: @@ -845,8 +1433,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array egress: @@ -862,8 +1470,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -885,7 +1513,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -893,9 +1542,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -915,8 +1606,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -925,7 +1636,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -933,9 +1665,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -1031,8 +1805,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array egress: @@ -1048,8 +1842,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -1071,7 +1885,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -1079,9 +1914,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -1101,8 +1978,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -1111,7 +2008,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -1119,9 +2037,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 396afa98122..b8ec34cd2c7 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -119,7 +119,28 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -135,9 +156,51 @@ spec: type: object type: array namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object serviceReference: properties: name: @@ -191,7 +254,28 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -207,9 +291,51 @@ spec: type: object type: array namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object serviceReference: properties: name: @@ -289,9 +415,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array egress: @@ -309,9 +477,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -341,9 +551,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -365,9 +617,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -384,9 +678,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -484,9 +820,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array egress: @@ -504,9 +882,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -536,9 +956,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -560,9 +1022,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -579,9 +1083,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -661,9 +1207,51 @@ spec: appliedTo: properties: namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object egressIP: oneOf: @@ -845,8 +1433,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array egress: @@ -862,8 +1470,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -885,7 +1513,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -893,9 +1542,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -915,8 +1606,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -925,7 +1636,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -933,9 +1665,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -1031,8 +1805,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array egress: @@ -1048,8 +1842,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -1071,7 +1885,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -1079,9 +1914,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -1101,8 +1978,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -1111,7 +2008,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -1119,9 +2037,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index c7c316f5210..5b6c682e4b3 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -119,7 +119,28 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -135,9 +156,51 @@ spec: type: object type: array namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object serviceReference: properties: name: @@ -191,7 +254,28 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -207,9 +291,51 @@ spec: type: object type: array namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object serviceReference: properties: name: @@ -289,9 +415,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array egress: @@ -309,9 +477,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -341,9 +551,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -365,9 +617,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -384,9 +678,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -484,9 +820,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array egress: @@ -504,9 +882,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -536,9 +956,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -560,9 +1022,51 @@ spec: group: type: string namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array enableLogging: @@ -579,9 +1083,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -661,9 +1207,51 @@ spec: appliedTo: properties: namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object egressIP: oneOf: @@ -845,8 +1433,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array egress: @@ -862,8 +1470,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -885,7 +1513,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -893,9 +1542,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -915,8 +1606,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -925,7 +1636,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -933,9 +1665,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: @@ -1031,8 +1805,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array egress: @@ -1048,8 +1842,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -1071,7 +1885,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -1079,9 +1914,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array required: @@ -1101,8 +1978,28 @@ spec: items: properties: podSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true type: object - x-kubernetes-preserve-unknown-fields: true type: object type: array enableLogging: @@ -1111,7 +2008,28 @@ spec: items: properties: externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object ipBlock: properties: cidr: @@ -1119,9 +2037,51 @@ spec: type: string type: object namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object podSelector: - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + type: array + type: object + type: array + matchLabels: + x-kubernetes-preserve-unknown-fields: true + type: object type: object type: array name: diff --git a/build/yamls/base/crds.yml b/build/yamls/base/crds.yml index 0aed6821e50..baa553b515f 100644 --- a/build/yamls/base/crds.yml +++ b/build/yamls/base/crds.yml @@ -25,9 +25,51 @@ spec: type: object properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true egressIP: type: string oneOf: @@ -434,9 +476,51 @@ spec: # Ensure that Spec.AppliedTo does not allow IPBlock field properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true group: type: string ingress: @@ -453,9 +537,51 @@ spec: # Ensure that rule AppliedTo does not allow IPBlock field properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true group: type: string # Ensure that Action field allows only ALLOW, DROP and REJECT values @@ -479,9 +605,51 @@ spec: type: object properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ipBlock: type: object properties: @@ -508,9 +676,51 @@ spec: # Ensure that rule AppliedTo does not allow IPBlock field properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true group: type: string # Ensure that Action field allows only ALLOW, DROP and REJECT values @@ -534,9 +744,51 @@ spec: type: object properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ipBlock: type: object properties: @@ -629,7 +881,27 @@ spec: properties: podSelector: type: object - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ingress: type: array items: @@ -645,7 +917,27 @@ spec: properties: podSelector: type: object - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true # Ensure that Action field allows only ALLOW, DROP and REJECT values action: type: string @@ -667,11 +959,74 @@ spec: type: object properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ipBlock: type: object properties: @@ -697,7 +1052,27 @@ spec: properties: podSelector: type: object - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true # Ensure that Action field allows only ALLOW, DROP and REJECT values action: type: string @@ -719,11 +1094,74 @@ spec: type: object properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ipBlock: type: object properties: @@ -831,11 +1269,74 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ipBlock: type: object properties: @@ -1205,9 +1706,51 @@ spec: # Ensure that Spec.AppliedTo does not allow IPBlock field properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true group: type: string ingress: @@ -1224,9 +1767,51 @@ spec: # Ensure that rule AppliedTo does not allow IPBlock field properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true group: type: string # Ensure that Action field allows only ALLOW, DROP and REJECT values @@ -1250,9 +1835,51 @@ spec: type: object properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ipBlock: type: object properties: @@ -1279,9 +1906,51 @@ spec: # Ensure that rule AppliedTo does not allow IPBlock field properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true group: type: string # Ensure that Action field allows only ALLOW, DROP and REJECT values @@ -1305,9 +1974,51 @@ spec: type: object properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ipBlock: type: object properties: @@ -1401,7 +2112,27 @@ spec: properties: podSelector: type: object - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ingress: type: array items: @@ -1417,7 +2148,27 @@ spec: properties: podSelector: type: object - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true # Ensure that Action field allows only ALLOW, DROP and REJECT values action: type: string @@ -1439,11 +2190,74 @@ spec: type: object properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ipBlock: type: object properties: @@ -1469,7 +2283,27 @@ spec: properties: podSelector: type: object - x-kubernetes-preserve-unknown-fields: true + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true # Ensure that Action field allows only ALLOW, DROP and REJECT values action: type: string @@ -1491,11 +2325,74 @@ spec: type: object properties: podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ipBlock: type: object properties: @@ -1605,11 +2502,74 @@ spec: childGroups: x-kubernetes-preserve-unknown-fields: true podSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true namespaceSelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true externalEntitySelector: - x-kubernetes-preserve-unknown-fields: true + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true ipBlock: type: object properties: diff --git a/test/e2e/antreapolicy_test.go b/test/e2e/antreapolicy_test.go index be80e36ae8f..9bdc65ba9b1 100644 --- a/test/e2e/antreapolicy_test.go +++ b/test/e2e/antreapolicy_test.go @@ -664,6 +664,36 @@ func testInvalidTierANPRefDelete(t *testing.T) { failOnError(k8sUtils.DeleteTier(tr.Name), t) } +// testInvalidACNPPodSelectorNsSelectorMatchExpressions testes creating a ClusterNetworkPolicy with invalid LabelSelector(MatchExpressions) +func testInvalidACNPPodSelectorNsSelectorMatchExpressions(t *testing.T) { + invalidLSErr := fmt.Errorf("create Antrea NetworkPolicy with namespaceSelector but matchExpressions invalid") + + allowAction := crdv1alpha1.RuleActionAllow + selectorA := metav1.LabelSelector{MatchLabels: map[string]string{"env": "dummy"}} + nsSelectA := metav1.LabelSelector{MatchExpressions: []metav1.LabelSelectorRequirement{{Key: "env", Operator: "xxx", Values: []string{"xxxx"}}}} + + var acnp = &crdv1alpha1.ClusterNetworkPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: testNamespace, Name: "cnptest", Labels: map[string]string{"antrea-e2e": "cnp1"}}, + Spec: crdv1alpha1.ClusterNetworkPolicySpec{ + AppliedTo: []crdv1alpha1.NetworkPolicyPeer{ + {PodSelector: &selectorA}, + {NamespaceSelector: &nsSelectA}, + }, + Priority: 10, + Ingress: []crdv1alpha1.Rule{ + { + Action: &allowAction, + }, + }, + }, + } + + if _, err := k8sUtils.CreateOrUpdateACNP(acnp); err == nil { + failOnError(invalidLSErr, t) + } +} + // testACNPAllowXBtoA tests traffic from X/B to pods with label A, after applying the default deny // k8s NetworkPolicies in all namespaces and ACNP to allow X/B to A. func testACNPAllowXBtoA(t *testing.T) { @@ -2560,6 +2590,7 @@ func TestAntreaPolicy(t *testing.T) { t.Run("Case=ANPTierDoesNotExistDenied", func(t *testing.T) { testInvalidANPTierDoesNotExist(t) }) t.Run("Case=ANPPortRangePortUnsetDenied", func(t *testing.T) { testInvalidANPPortRangePortUnset(t) }) t.Run("Case=ANPPortRangePortEndPortSmallDenied", func(t *testing.T) { testInvalidANPPortRangeEndPortSmall(t) }) + t.Run("Case=ACNPInvalidPodSelectorNsSelectorMatchExpressions", func(t *testing.T) { testInvalidACNPPodSelectorNsSelectorMatchExpressions(t) }) }) t.Run("TestGroupValidateTiers", func(t *testing.T) {