From ee83e557b0f96e2a91a334acb68432e772b9a1ec Mon Sep 17 00:00:00 2001 From: Antonin Bas Date: Mon, 22 Apr 2024 11:21:38 -0700 Subject: [PATCH] Remove left over versions from CRD declarations (#6238) * Remove left over versions from CRD declarations This is a direct follow-up to #6162. The PR removed some deprecated APIs but forgot to update the CRD declarations. The affected APIs are v1alpha1.ClusterNetworkPolicy, v1alpha1.NetworkPolicy, v1alpha1.Traceflow. * Use existing versions in admission webhooks Signed-off-by: Antonin Bas --- .../antrea/crds/clusternetworkpolicy.yaml | 692 ---- build/charts/antrea/crds/networkpolicy.yaml | 606 --- build/charts/antrea/crds/traceflow.yaml | 239 -- .../webhooks/mutating/crdmutator.yaml | 4 +- .../webhooks/validating/crdvalidator.yaml | 2 +- build/yamls/antrea-aks.yml | 3415 +++++------------ build/yamls/antrea-crds.yml | 3383 +++++----------- build/yamls/antrea-eks.yml | 3415 +++++------------ build/yamls/antrea-gke.yml | 3415 +++++------------ build/yamls/antrea-ipsec.yml | 3415 +++++------------ build/yamls/antrea.yml | 3415 +++++------------ 11 files changed, 5621 insertions(+), 16380 deletions(-) diff --git a/build/charts/antrea/crds/clusternetworkpolicy.yaml b/build/charts/antrea/crds/clusternetworkpolicy.yaml index a6e2cca2530..09171307d1b 100644 --- a/build/charts/antrea/crds/clusternetworkpolicy.yaml +++ b/build/charts/antrea/crds/clusternetworkpolicy.yaml @@ -7,698 +7,6 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this ClusterNetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this ClusterNetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - schema: - openAPIV3Schema: - type: object - properties: - spec: - # Ensure that Spec.Priority field is set - required: - - priority - type: object - properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 - appliedTo: - type: array - items: - type: object - # Ensure that Spec.AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - ingress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaces: - type: object - properties: - match: - enum: - - Self - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - scope: - type: string - enum: ['Cluster', 'ClusterSet'] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaces: - type: object - properties: - match: - enum: - - Self - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - fqdn: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - toServices: - type: array - items: - type: object - required: - - name - - namespace - properties: - name: - type: string - namespace: - type: string - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - status: - type: object - properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - subresources: - status: {} - name: v1beta1 served: true storage: true diff --git a/build/charts/antrea/crds/networkpolicy.yaml b/build/charts/antrea/crds/networkpolicy.yaml index f9b281dd97a..e68ceef3e4c 100644 --- a/build/charts/antrea/crds/networkpolicy.yaml +++ b/build/charts/antrea/crds/networkpolicy.yaml @@ -7,612 +7,6 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this Antrea NetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this Antrea NetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - schema: - openAPIV3Schema: - type: object - properties: - spec: - # Ensure that Spec.Priority field is set - required: - - priority - type: object - properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 - appliedTo: - type: array - items: - type: object - # Ensure that Spec.AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - ingress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - scope: - type: string - enum: ['Cluster', 'ClusterSet'] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - fqdn: - type: string - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - toServices: - type: array - items: - type: object - required: - - name - properties: - name: - type: string - namespace: - type: string - scope: - type: string - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - status: - type: object - properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - subresources: - status: {} - name: v1beta1 served: true storage: true diff --git a/build/charts/antrea/crds/traceflow.yaml b/build/charts/antrea/crds/traceflow.yaml index 90b139ecb4f..2df4650a1a0 100644 --- a/build/charts/antrea/crds/traceflow.yaml +++ b/build/charts/antrea/crds/traceflow.yaml @@ -7,245 +7,6 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - jsonPath: .status.phase - description: The phase of the Traceflow. - name: Phase - type: string - - jsonPath: .spec.source.pod - description: The name of the source Pod. - name: Source-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.pod - description: The name of the destination Pod. - name: Destination-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.ip - description: The IP address of the destination. - name: Destination-IP - type: string - priority: 10 - - jsonPath: .spec.liveTraffic - description: Trace live traffic. - name: Live-Traffic - type: boolean - priority: 10 - - jsonPath: .spec.droppedOnly - description: Capture only the dropped packet. - name: Dropped-Only - type: boolean - priority: 10 - - jsonPath: .spec.timeout - description: Timeout in seconds. - name: Timeout - type: integer - priority: 10 - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - properties: - source: - type: object - properties: - pod: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - destination: - type: object - properties: - pod: - type: string - service: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - packet: - type: object - properties: - ipHeader: - type: object - properties: - srcIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - protocol: - type: integer - ttl: - type: integer - flags: - type: integer - ipv6Header: - type: object - properties: - srcIP: - type: string - format: ipv6 - nextHeader: - type: integer - hopLimit: - type: integer - transportHeader: - type: object - properties: - icmp: - type: object - properties: - id: - type: integer - sequence: - type: integer - udp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - tcp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - flags: - type: integer - liveTraffic: - type: boolean - droppedOnly: - type: boolean - timeout: - type: integer - status: - type: object - properties: - reason: - type: string - dataplaneTag: - type: integer - phase: - type: string - startTime: - type: string - results: - type: array - items: - type: object - properties: - node: - type: string - role: - type: string - timestamp: - type: integer - observations: - type: array - items: - type: object - properties: - component: - type: string - componentInfo: - type: string - action: - type: string - pod: - type: string - dstMAC: - type: string - networkPolicy: - type: string - ttl: - type: integer - translatedSrcIP: - type: string - translatedDstIP: - type: string - tunnelDstIP: - type: string - egressIP: - type: string - egress: - type: string - capturedPacket: - properties: - srcIP: - type: string - dstIP: - type: string - length: - type: integer - ipHeader: - properties: - flags: - type: integer - protocol: - type: integer - ttl: - type: integer - type: object - ipv6Header: - properties: - hopLimit: - type: integer - nextHeader: - type: integer - type: object - transportHeader: - properties: - tcp: - properties: - dstPort: - type: integer - srcPort: - type: integer - flags: - type: integer - type: object - udp: - properties: - dstPort: - type: integer - srcPort: - type: integer - type: object - icmp: - properties: - id: - type: integer - sequence: - type: integer - type: object - type: object - type: object - subresources: - status: {} - name: v1beta1 served: true storage: true diff --git a/build/charts/antrea/templates/webhooks/mutating/crdmutator.yaml b/build/charts/antrea/templates/webhooks/mutating/crdmutator.yaml index 98dc299a184..ec56e3b224f 100644 --- a/build/charts/antrea/templates/webhooks/mutating/crdmutator.yaml +++ b/build/charts/antrea/templates/webhooks/mutating/crdmutator.yaml @@ -15,7 +15,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["clusternetworkpolicies"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] @@ -30,7 +30,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["networkpolicies"] scope: "Namespaced" admissionReviewVersions: ["v1", "v1beta1"] diff --git a/build/charts/antrea/templates/webhooks/validating/crdvalidator.yaml b/build/charts/antrea/templates/webhooks/validating/crdvalidator.yaml index 9f98ff1e1cb..e950602bd6b 100644 --- a/build/charts/antrea/templates/webhooks/validating/crdvalidator.yaml +++ b/build/charts/antrea/templates/webhooks/validating/crdvalidator.yaml @@ -178,7 +178,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["traceflows"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index a2cd0b827d2..a00ed056fb8 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -573,9 +573,9 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 + - name: v1beta1 served: true - storage: false + storage: true additionalPrinterColumns: - name: Tier type: string @@ -646,7 +646,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -670,7 +673,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -681,8 +687,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -691,8 +697,35 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace + nodeSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object ingress: type: array items: @@ -729,7 +762,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -753,7 +789,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -764,8 +803,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -774,12 +813,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -787,7 +826,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -801,8 +840,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -832,8 +871,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -842,7 +881,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -878,7 +917,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -902,14 +944,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -926,8 +977,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -951,10 +1002,13 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object scope: type: string - enum: ['Cluster', 'ClusterSet'] + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: @@ -998,7 +1052,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1022,7 +1079,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -1033,12 +1093,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -1046,7 +1106,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -1060,8 +1120,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -1093,8 +1153,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -1103,7 +1163,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -1139,7 +1199,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1163,14 +1226,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1189,8 +1261,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -1214,14 +1286,17 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object toServices: type: array items: type: object required: - - name - - namespace + - name + - namespace properties: name: type: string @@ -1264,1511 +1339,275 @@ spec: message: type: string subresources: - status: {} - - name: v1beta1 + status: { } + scope: Cluster + names: + plural: clusternetworkpolicies + singular: clusternetworkpolicy + kind: ClusterNetworkPolicy + shortNames: + - acnp + +--- +# Source: crds/egress.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: egresses.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true - storage: true - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this ClusterNetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this ClusterNetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp + storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 appliedTo: - type: array - items: - type: object - # Ensure that Spec.AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - ingress: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: + type: array + items: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: + type: array + items: + type: string + status: + type: object + properties: + egressNode: + type: string + egressIP: + type: string + conditions: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + type: type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - fqdn: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - toServices: - type: array - items: - type: object - required: - - name - - namespace - properties: - name: - type: string - namespace: - type: string - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - status: - type: object - properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - subresources: - status: { } - scope: Cluster - names: - plural: clusternetworkpolicies - singular: clusternetworkpolicy - kind: ClusterNetworkPolicy - shortNames: - - acnp - ---- -# Source: crds/egress.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: egresses.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - bandwidth: - type: object - required: - - rate - - burst - properties: - rate: - type: string - burst: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - scope: Cluster - names: - plural: egresses - singular: egress - kind: Egress - shortNames: - - eg - ---- -# Source: crds/externalentity.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalentities.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - endpoints: - type: array - items: - type: object - properties: - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - name: - type: string - externalNode: - type: string - scope: Namespaced - names: - plural: externalentities - singular: externalentity - kind: ExternalEntity - shortNames: - - ee - ---- -# Source: crds/externalippool.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer - additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: + status: type: string - oneOf: - - format: ipv4 - - format: ipv6 - subnetInfo: - type: object - required: - - gateway - - prefixLength - properties: - gateway: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - prefixLength: - type: integer - minimum: 1 - maximum: 127 - vlan: - type: integer - minimum: 0 - maximum: 4094 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: + lastTransitionTime: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer - additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer + reason: + type: string + message: + type: string + additionalPrinterColumns: + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: - status: { } - scope: Cluster - names: - plural: externalippools - singular: externalippool - kind: ExternalIPPool - shortNames: - - eip - ---- -# Source: crds/externalnode.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app: antrea - name: externalnodes.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - interfaces - properties: - interfaces: - type: array - minItems: 1 - maxItems: 1 - required: - - ips - items: - type: object - properties: - ips: - type: array - minItems: 1 - items: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string + status: {} + - name: v1beta1 served: true storage: true - scope: Namespaced - names: - plural: externalnodes - singular: externalnode - kind: ExternalNode - shortNames: - - en - ---- -# Source: crds/group.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: groups.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha3 - served: true - storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: + appliedTo: type: object properties: - matchExpressions: - type: array - items: - type: object - properties: - key: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlocks: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: type: array items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: + type: array + items: + type: string + bandwidth: type: object + required: + - rate + - burst properties: - name: + rate: type: string - namespace: + burst: type: string status: type: object properties: + egressNode: + type: string + egressIP: + type: string conditions: type: array items: @@ -2780,9 +1619,44 @@ spec: type: string lastTransitionTime: type: string + reason: + type: string + message: + type: string + additionalPrinterColumns: + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: status: {} - - name: v1beta1 + scope: Cluster + names: + plural: egresses + singular: egress + kind: Egress + shortNames: + - eg + +--- +# Source: crds/externalentity.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalentities.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true storage: true schema: @@ -2792,17 +1666,95 @@ spec: spec: type: object properties: - childGroups: + endpoints: type: array items: - type: string - podSelector: + type: object + properties: + ip: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + ports: + type: array + items: + type: object + properties: + protocol: + type: string + enum: ['TCP', 'UDP', 'SCTP'] + port: + x-kubernetes-int-or-string: true + name: + type: string + externalNode: + type: string + scope: Namespaced + names: + plural: externalentities + singular: externalentity + kind: ExternalEntity + shortNames: + - ee + +--- +# Source: crds/externalippool.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - ipRanges + - nodeSelector + properties: + ipRanges: + type: array + items: + type: object + oneOf: + - required: + - cidr + - required: + - start + - end + properties: + cidr: + type: string + format: cidr + start: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + end: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + nodeSelector: type: object properties: matchExpressions: - type: array items: - type: object properties: key: type: string @@ -2814,108 +1766,39 @@ spec: - DoesNotExist type: string values: - type: array items: type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string + type: array matchLabels: x-kubernetes-preserve-unknown-fields: true - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string status: type: object properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string + usage: + type: object + properties: + total: + type: integer + used: + type: integer + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: - status: { } - scope: Namespaced - names: - plural: groups - singular: group - kind: Group - shortNames: - - grp - ---- -# Source: crds/ippool.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 + status: {} + - name: v1beta1 served: true storage: true schema: @@ -2925,97 +1808,91 @@ spec: - spec properties: spec: + type: object required: - - ipVersion - ipRanges - type: object + - nodeSelector properties: - ipVersion: - type: integer - enum: [ 4, 6 ] ipRanges: + type: array items: - oneOf: - - required: - - cidr - - gateway - - prefixLength + type: object + oneOf: - required: - - start - - end - - gateway - - prefixLength + - cidr + - required: + - start + - end properties: cidr: - format: cidr type: string + format: cidr start: - oneOf: - - format: ipv4 - - format: ipv6 type: string - end: oneOf: - format: ipv4 - format: ipv6 + end: type: string - gateway: oneOf: - format: ipv4 - format: ipv6 - type: string - prefixLength: - type: integer - minimum: 1 - maximum: 128 - vlan: - type: integer - minimum: 0 - maximum: 4094 - type: object - type: array - status: - properties: - ipAddresses: - items: - properties: - ipAddress: - type: string - owner: + subnetInfo: + type: object + required: + - gateway + - prefixLength + properties: + gateway: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + prefixLength: + type: integer + minimum: 1 + maximum: 127 + vlan: + type: integer + minimum: 0 + maximum: 4094 + nodeSelector: + type: object + properties: + matchExpressions: + items: properties: - pod: - properties: - name: - type: string - namespace: - type: string - containerID: - type: string - ifName: - type: string - type: object - statefulSet: - properties: - name: - type: string - namespace: - type: string - index: - type: integer - type: object + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: array type: object - phase: + type: array + matchLabels: + additionalProperties: type: string - type: object - type: array + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + status: + type: object + properties: usage: + type: object properties: - used: - type: integer total: type: integer - type: object - type: object + used: + type: integer additionalPrinterColumns: - description: The number of total IPs jsonPath: .status.usage.total @@ -3029,615 +1906,291 @@ spec: name: Age type: date subresources: - status: {} + status: { } scope: Cluster names: - plural: ippools - singular: ippool - kind: IPPool + plural: externalippools + singular: externalippool + kind: ExternalIPPool shortNames: - - ipp + - eip --- -# Source: crds/networkpolicy.yaml +# Source: crds/externalnode.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: networkpolicies.crd.antrea.io labels: app: antrea + name: externalnodes.crd.antrea.io spec: group: crd.antrea.io versions: - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this Antrea NetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this Antrea NetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - interfaces properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 - appliedTo: + interfaces: type: array + minItems: 1 + maxItems: 1 + required: + - ips items: type: object - # Ensure that Spec.AppliedTo does not allow NamespaceSelector/IPBlock field properties: - externalEntitySelector: + ips: + type: array + minItems: 1 + items: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + served: true + storage: true + scope: Namespaced + names: + plural: externalnodes + singular: externalnode + kind: ExternalNode + shortNames: + - en + +--- +# Source: crds/group.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: groups.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha3 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: type: array items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - podSelector: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: type: array items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - ingress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - enum: ['Cluster', 'ClusterSet'] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + cidr: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - fqdn: - type: string - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - toServices: - type: array - items: - type: object - required: - - name - properties: - name: + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + lastTransitionTime: + type: string + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - namespace: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - name: - type: string - enableLogging: - type: boolean - logLabel: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: + type: array + items: + type: object + properties: + cidr: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string status: type: object properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer conditions: type: array items: @@ -3649,12 +2202,161 @@ spec: type: string lastTransitionTime: type: string - reason: + subresources: + status: { } + scope: Namespaced + names: + plural: groups + singular: group + kind: Group + shortNames: + - grp + +--- +# Source: crds/ippool.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + required: + - ipVersion + - ipRanges + type: object + properties: + ipVersion: + type: integer + enum: [ 4, 6 ] + ipRanges: + items: + oneOf: + - required: + - cidr + - gateway + - prefixLength + - required: + - start + - end + - gateway + - prefixLength + properties: + cidr: + format: cidr type: string - message: + start: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + end: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + gateway: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + prefixLength: + type: integer + minimum: 1 + maximum: 128 + vlan: + type: integer + minimum: 0 + maximum: 4094 + type: object + type: array + status: + properties: + ipAddresses: + items: + properties: + ipAddress: + type: string + owner: + properties: + pod: + properties: + name: + type: string + namespace: + type: string + containerID: + type: string + ifName: + type: string + type: object + statefulSet: + properties: + name: + type: string + namespace: + type: string + index: + type: integer + type: object + type: object + phase: type: string + type: object + type: array + usage: + properties: + used: + type: integer + total: + type: integer + type: object + type: object + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: status: {} + scope: Cluster + names: + plural: ippools + singular: ippool + kind: IPPool + shortNames: + - ipp + +--- +# Source: crds/networkpolicy.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: - name: v1beta1 served: true storage: true @@ -4512,245 +3214,6 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - jsonPath: .status.phase - description: The phase of the Traceflow. - name: Phase - type: string - - jsonPath: .spec.source.pod - description: The name of the source Pod. - name: Source-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.pod - description: The name of the destination Pod. - name: Destination-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.ip - description: The IP address of the destination. - name: Destination-IP - type: string - priority: 10 - - jsonPath: .spec.liveTraffic - description: Trace live traffic. - name: Live-Traffic - type: boolean - priority: 10 - - jsonPath: .spec.droppedOnly - description: Capture only the dropped packet. - name: Dropped-Only - type: boolean - priority: 10 - - jsonPath: .spec.timeout - description: Timeout in seconds. - name: Timeout - type: integer - priority: 10 - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - properties: - source: - type: object - properties: - pod: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - destination: - type: object - properties: - pod: - type: string - service: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - packet: - type: object - properties: - ipHeader: - type: object - properties: - srcIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - protocol: - type: integer - ttl: - type: integer - flags: - type: integer - ipv6Header: - type: object - properties: - srcIP: - type: string - format: ipv6 - nextHeader: - type: integer - hopLimit: - type: integer - transportHeader: - type: object - properties: - icmp: - type: object - properties: - id: - type: integer - sequence: - type: integer - udp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - tcp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - flags: - type: integer - liveTraffic: - type: boolean - droppedOnly: - type: boolean - timeout: - type: integer - status: - type: object - properties: - reason: - type: string - dataplaneTag: - type: integer - phase: - type: string - startTime: - type: string - results: - type: array - items: - type: object - properties: - node: - type: string - role: - type: string - timestamp: - type: integer - observations: - type: array - items: - type: object - properties: - component: - type: string - componentInfo: - type: string - action: - type: string - pod: - type: string - dstMAC: - type: string - networkPolicy: - type: string - ttl: - type: integer - translatedSrcIP: - type: string - translatedDstIP: - type: string - tunnelDstIP: - type: string - egressIP: - type: string - egress: - type: string - capturedPacket: - properties: - srcIP: - type: string - dstIP: - type: string - length: - type: integer - ipHeader: - properties: - flags: - type: integer - protocol: - type: integer - ttl: - type: integer - type: object - ipv6Header: - properties: - hopLimit: - type: integer - nextHeader: - type: integer - type: object - transportHeader: - properties: - tcp: - properties: - dstPort: - type: integer - srcPort: - type: integer - flags: - type: integer - type: object - udp: - properties: - dstPort: - type: integer - srcPort: - type: integer - type: object - icmp: - properties: - id: - type: integer - sequence: - type: integer - type: object - type: object - type: object - subresources: - status: {} - name: v1beta1 served: true storage: true @@ -7191,7 +5654,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["clusternetworkpolicies"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] @@ -7206,7 +5669,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["networkpolicies"] scope: "Namespaced" admissionReviewVersions: ["v1", "v1beta1"] @@ -7394,7 +5857,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["traceflows"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] diff --git a/build/yamls/antrea-crds.yml b/build/yamls/antrea-crds.yml index 8864d50ba06..3859614369a 100644 --- a/build/yamls/antrea-crds.yml +++ b/build/yamls/antrea-crds.yml @@ -566,9 +566,9 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 + - name: v1beta1 served: true - storage: false + storage: true additionalPrinterColumns: - name: Tier type: string @@ -639,7 +639,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -663,7 +666,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -674,8 +680,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -684,8 +690,35 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace + nodeSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object ingress: type: array items: @@ -722,7 +755,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -746,7 +782,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -757,8 +796,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -767,12 +806,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -780,7 +819,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -794,8 +833,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -825,8 +864,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -835,7 +874,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -871,7 +910,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -895,14 +937,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -919,8 +970,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -944,10 +995,13 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object scope: type: string - enum: ['Cluster', 'ClusterSet'] + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: @@ -991,7 +1045,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1015,7 +1072,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -1026,12 +1086,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -1039,7 +1099,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -1053,8 +1113,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -1086,8 +1146,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -1096,7 +1156,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -1132,7 +1192,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1156,14 +1219,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1182,8 +1254,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -1207,14 +1279,17 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object toServices: type: array items: type: object required: - - name - - namespace + - name + - namespace properties: name: type: string @@ -1257,1501 +1332,273 @@ spec: message: type: string subresources: - status: {} - - name: v1beta1 + status: { } + scope: Cluster + names: + plural: clusternetworkpolicies + singular: clusternetworkpolicy + kind: ClusterNetworkPolicy + shortNames: + - acnp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: egresses.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true - storage: true - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this ClusterNetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this ClusterNetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp + storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 appliedTo: - type: array - items: - type: object - # Ensure that Spec.AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - ingress: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: + type: array + items: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: + type: array + items: + type: string + status: + type: object + properties: + egressNode: + type: string + egressIP: + type: string + conditions: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + type: type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - fqdn: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - toServices: - type: array - items: - type: object - required: - - name - - namespace - properties: - name: - type: string - namespace: - type: string - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - status: - type: object - properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - subresources: - status: { } - scope: Cluster - names: - plural: clusternetworkpolicies - singular: clusternetworkpolicy - kind: ClusterNetworkPolicy - shortNames: - - acnp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: egresses.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - bandwidth: - type: object - required: - - rate - - burst - properties: - rate: - type: string - burst: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - scope: Cluster - names: - plural: egresses - singular: egress - kind: Egress - shortNames: - - eg ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalentities.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - endpoints: - type: array - items: - type: object - properties: - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - name: - type: string - externalNode: - type: string - scope: Namespaced - names: - plural: externalentities - singular: externalentity - kind: ExternalEntity - shortNames: - - ee ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer - additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - subnetInfo: - type: object - required: - - gateway - - prefixLength - properties: - gateway: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - prefixLength: - type: integer - minimum: 1 - maximum: 127 - vlan: - type: integer - minimum: 0 - maximum: 4094 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: + status: + type: string + lastTransitionTime: + type: string + reason: + type: string + message: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: - status: { } - scope: Cluster - names: - plural: externalippools - singular: externalippool - kind: ExternalIPPool - shortNames: - - eip ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app: antrea - name: externalnodes.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - interfaces - properties: - interfaces: - type: array - minItems: 1 - maxItems: 1 - required: - - ips - items: - type: object - properties: - ips: - type: array - minItems: 1 - items: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string + status: {} + - name: v1beta1 served: true storage: true - scope: Namespaced - names: - plural: externalnodes - singular: externalnode - kind: ExternalNode - shortNames: - - en ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: groups.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha3 - served: true - storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: + appliedTo: type: object properties: - matchExpressions: - type: array - items: - type: object - properties: - key: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlocks: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: + type: array + items: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: type: array items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: + type: string + bandwidth: type: object + required: + - rate + - burst properties: - name: + rate: type: string - namespace: + burst: type: string status: type: object properties: + egressNode: + type: string + egressIP: + type: string conditions: type: array items: @@ -2763,9 +1610,42 @@ spec: type: string lastTransitionTime: type: string + reason: + type: string + message: + type: string + additionalPrinterColumns: + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: status: {} - - name: v1beta1 + scope: Cluster + names: + plural: egresses + singular: egress + kind: Egress + shortNames: + - eg +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalentities.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true storage: true schema: @@ -2775,17 +1655,93 @@ spec: spec: type: object properties: - childGroups: + endpoints: type: array items: - type: string - podSelector: + type: object + properties: + ip: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + ports: + type: array + items: + type: object + properties: + protocol: + type: string + enum: ['TCP', 'UDP', 'SCTP'] + port: + x-kubernetes-int-or-string: true + name: + type: string + externalNode: + type: string + scope: Namespaced + names: + plural: externalentities + singular: externalentity + kind: ExternalEntity + shortNames: + - ee +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - ipRanges + - nodeSelector + properties: + ipRanges: + type: array + items: + type: object + oneOf: + - required: + - cidr + - required: + - start + - end + properties: + cidr: + type: string + format: cidr + start: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + end: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + nodeSelector: type: object properties: matchExpressions: - type: array items: - type: object properties: key: type: string @@ -2797,106 +1753,39 @@ spec: - DoesNotExist type: string values: - type: array items: type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string + type: array matchLabels: x-kubernetes-preserve-unknown-fields: true - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string status: type: object properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string + usage: + type: object + properties: + total: + type: integer + used: + type: integer + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: - status: { } - scope: Namespaced - names: - plural: groups - singular: group - kind: Group - shortNames: - - grp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 + status: {} + - name: v1beta1 served: true storage: true schema: @@ -2906,97 +1795,91 @@ spec: - spec properties: spec: + type: object required: - - ipVersion - ipRanges - type: object + - nodeSelector properties: - ipVersion: - type: integer - enum: [ 4, 6 ] ipRanges: + type: array items: + type: object oneOf: - required: - - cidr - - gateway - - prefixLength + - cidr - required: - - start - - end - - gateway - - prefixLength + - start + - end properties: cidr: - format: cidr type: string + format: cidr start: - oneOf: - - format: ipv4 - - format: ipv6 type: string - end: oneOf: - format: ipv4 - format: ipv6 + end: type: string - gateway: oneOf: - format: ipv4 - format: ipv6 - type: string - prefixLength: - type: integer - minimum: 1 - maximum: 128 - vlan: - type: integer - minimum: 0 - maximum: 4094 - type: object - type: array - status: - properties: - ipAddresses: - items: - properties: - ipAddress: - type: string - owner: + subnetInfo: + type: object + required: + - gateway + - prefixLength + properties: + gateway: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + prefixLength: + type: integer + minimum: 1 + maximum: 127 + vlan: + type: integer + minimum: 0 + maximum: 4094 + nodeSelector: + type: object + properties: + matchExpressions: + items: properties: - pod: - properties: - name: - type: string - namespace: - type: string - containerID: - type: string - ifName: - type: string - type: object - statefulSet: - properties: - name: - type: string - namespace: - type: string - index: - type: integer - type: object + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: array type: object - phase: + type: array + matchLabels: + additionalProperties: type: string - type: object - type: array + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + status: + type: object + properties: usage: + type: object properties: - used: - type: integer total: type: integer - type: object - type: object + used: + type: integer additionalPrinterColumns: - description: The number of total IPs jsonPath: .status.usage.total @@ -3010,613 +1893,287 @@ spec: name: Age type: date subresources: - status: {} + status: { } scope: Cluster names: - plural: ippools - singular: ippool - kind: IPPool + plural: externalippools + singular: externalippool + kind: ExternalIPPool shortNames: - - ipp + - eip --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: networkpolicies.crd.antrea.io labels: app: antrea + name: externalnodes.crd.antrea.io spec: group: crd.antrea.io versions: - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this Antrea NetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this Antrea NetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - interfaces properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 - appliedTo: + interfaces: type: array + minItems: 1 + maxItems: 1 + required: + - ips items: type: object - # Ensure that Spec.AppliedTo does not allow NamespaceSelector/IPBlock field properties: - externalEntitySelector: + ips: + type: array + minItems: 1 + items: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + served: true + storage: true + scope: Namespaced + names: + plural: externalnodes + singular: externalnode + kind: ExternalNode + shortNames: + - en +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: groups.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha3 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - podSelector: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: type: array items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - ingress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - enum: ['Cluster', 'ClusterSet'] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + cidr: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - fqdn: - type: string - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - toServices: - type: array - items: - type: object - required: - - name - properties: - name: + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + lastTransitionTime: + type: string + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - namespace: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - name: - type: string - enableLogging: - type: boolean - logLabel: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: + type: array + items: + type: object + properties: + cidr: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string status: type: object properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer conditions: type: array items: @@ -3628,12 +2185,157 @@ spec: type: string lastTransitionTime: type: string - reason: + subresources: + status: { } + scope: Namespaced + names: + plural: groups + singular: group + kind: Group + shortNames: + - grp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + required: + - ipVersion + - ipRanges + type: object + properties: + ipVersion: + type: integer + enum: [ 4, 6 ] + ipRanges: + items: + oneOf: + - required: + - cidr + - gateway + - prefixLength + - required: + - start + - end + - gateway + - prefixLength + properties: + cidr: + format: cidr type: string - message: + start: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + end: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + gateway: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + prefixLength: + type: integer + minimum: 1 + maximum: 128 + vlan: + type: integer + minimum: 0 + maximum: 4094 + type: object + type: array + status: + properties: + ipAddresses: + items: + properties: + ipAddress: + type: string + owner: + properties: + pod: + properties: + name: + type: string + namespace: + type: string + containerID: + type: string + ifName: + type: string + type: object + statefulSet: + properties: + name: + type: string + namespace: + type: string + index: + type: integer + type: object + type: object + phase: type: string + type: object + type: array + usage: + properties: + used: + type: integer + total: + type: integer + type: object + type: object + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: status: {} + scope: Cluster + names: + plural: ippools + singular: ippool + kind: IPPool + shortNames: + - ipp +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: - name: v1beta1 served: true storage: true @@ -4485,245 +3187,6 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - jsonPath: .status.phase - description: The phase of the Traceflow. - name: Phase - type: string - - jsonPath: .spec.source.pod - description: The name of the source Pod. - name: Source-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.pod - description: The name of the destination Pod. - name: Destination-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.ip - description: The IP address of the destination. - name: Destination-IP - type: string - priority: 10 - - jsonPath: .spec.liveTraffic - description: Trace live traffic. - name: Live-Traffic - type: boolean - priority: 10 - - jsonPath: .spec.droppedOnly - description: Capture only the dropped packet. - name: Dropped-Only - type: boolean - priority: 10 - - jsonPath: .spec.timeout - description: Timeout in seconds. - name: Timeout - type: integer - priority: 10 - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - properties: - source: - type: object - properties: - pod: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - destination: - type: object - properties: - pod: - type: string - service: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - packet: - type: object - properties: - ipHeader: - type: object - properties: - srcIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - protocol: - type: integer - ttl: - type: integer - flags: - type: integer - ipv6Header: - type: object - properties: - srcIP: - type: string - format: ipv6 - nextHeader: - type: integer - hopLimit: - type: integer - transportHeader: - type: object - properties: - icmp: - type: object - properties: - id: - type: integer - sequence: - type: integer - udp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - tcp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - flags: - type: integer - liveTraffic: - type: boolean - droppedOnly: - type: boolean - timeout: - type: integer - status: - type: object - properties: - reason: - type: string - dataplaneTag: - type: integer - phase: - type: string - startTime: - type: string - results: - type: array - items: - type: object - properties: - node: - type: string - role: - type: string - timestamp: - type: integer - observations: - type: array - items: - type: object - properties: - component: - type: string - componentInfo: - type: string - action: - type: string - pod: - type: string - dstMAC: - type: string - networkPolicy: - type: string - ttl: - type: integer - translatedSrcIP: - type: string - translatedDstIP: - type: string - tunnelDstIP: - type: string - egressIP: - type: string - egress: - type: string - capturedPacket: - properties: - srcIP: - type: string - dstIP: - type: string - length: - type: integer - ipHeader: - properties: - flags: - type: integer - protocol: - type: integer - ttl: - type: integer - type: object - ipv6Header: - properties: - hopLimit: - type: integer - nextHeader: - type: integer - type: object - transportHeader: - properties: - tcp: - properties: - dstPort: - type: integer - srcPort: - type: integer - flags: - type: integer - type: object - udp: - properties: - dstPort: - type: integer - srcPort: - type: integer - type: object - icmp: - properties: - id: - type: integer - sequence: - type: integer - type: object - type: object - type: object - subresources: - status: {} - name: v1beta1 served: true storage: true diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index b47cd651b64..f80dcc1a2bf 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -573,9 +573,9 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 + - name: v1beta1 served: true - storage: false + storage: true additionalPrinterColumns: - name: Tier type: string @@ -646,7 +646,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -670,7 +673,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -681,8 +687,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -691,8 +697,35 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace + nodeSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object ingress: type: array items: @@ -729,7 +762,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -753,7 +789,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -764,8 +803,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -774,12 +813,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -787,7 +826,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -801,8 +840,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -832,8 +871,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -842,7 +881,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -878,7 +917,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -902,14 +944,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -926,8 +977,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -951,10 +1002,13 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object scope: type: string - enum: ['Cluster', 'ClusterSet'] + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: @@ -998,7 +1052,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1022,7 +1079,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -1033,12 +1093,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -1046,7 +1106,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -1060,8 +1120,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -1093,8 +1153,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -1103,7 +1163,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -1139,7 +1199,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1163,14 +1226,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1189,8 +1261,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -1214,14 +1286,17 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object toServices: type: array items: type: object required: - - name - - namespace + - name + - namespace properties: name: type: string @@ -1264,1511 +1339,275 @@ spec: message: type: string subresources: - status: {} - - name: v1beta1 + status: { } + scope: Cluster + names: + plural: clusternetworkpolicies + singular: clusternetworkpolicy + kind: ClusterNetworkPolicy + shortNames: + - acnp + +--- +# Source: crds/egress.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: egresses.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true - storage: true - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this ClusterNetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this ClusterNetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp + storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 appliedTo: - type: array - items: - type: object - # Ensure that Spec.AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - ingress: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: + type: array + items: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: + type: array + items: + type: string + status: + type: object + properties: + egressNode: + type: string + egressIP: + type: string + conditions: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + type: type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - fqdn: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - toServices: - type: array - items: - type: object - required: - - name - - namespace - properties: - name: - type: string - namespace: - type: string - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - status: - type: object - properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - subresources: - status: { } - scope: Cluster - names: - plural: clusternetworkpolicies - singular: clusternetworkpolicy - kind: ClusterNetworkPolicy - shortNames: - - acnp - ---- -# Source: crds/egress.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: egresses.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - bandwidth: - type: object - required: - - rate - - burst - properties: - rate: - type: string - burst: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - scope: Cluster - names: - plural: egresses - singular: egress - kind: Egress - shortNames: - - eg - ---- -# Source: crds/externalentity.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalentities.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - endpoints: - type: array - items: - type: object - properties: - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - name: - type: string - externalNode: - type: string - scope: Namespaced - names: - plural: externalentities - singular: externalentity - kind: ExternalEntity - shortNames: - - ee - ---- -# Source: crds/externalippool.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer - additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: + status: type: string - oneOf: - - format: ipv4 - - format: ipv6 - subnetInfo: - type: object - required: - - gateway - - prefixLength - properties: - gateway: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - prefixLength: - type: integer - minimum: 1 - maximum: 127 - vlan: - type: integer - minimum: 0 - maximum: 4094 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: + lastTransitionTime: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer - additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer + reason: + type: string + message: + type: string + additionalPrinterColumns: + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: - status: { } - scope: Cluster - names: - plural: externalippools - singular: externalippool - kind: ExternalIPPool - shortNames: - - eip - ---- -# Source: crds/externalnode.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app: antrea - name: externalnodes.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - interfaces - properties: - interfaces: - type: array - minItems: 1 - maxItems: 1 - required: - - ips - items: - type: object - properties: - ips: - type: array - minItems: 1 - items: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string + status: {} + - name: v1beta1 served: true storage: true - scope: Namespaced - names: - plural: externalnodes - singular: externalnode - kind: ExternalNode - shortNames: - - en - ---- -# Source: crds/group.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: groups.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha3 - served: true - storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: + appliedTo: type: object properties: - matchExpressions: - type: array - items: - type: object - properties: - key: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlocks: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: type: array items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: + type: array + items: + type: string + bandwidth: type: object + required: + - rate + - burst properties: - name: + rate: type: string - namespace: + burst: type: string status: type: object properties: + egressNode: + type: string + egressIP: + type: string conditions: type: array items: @@ -2780,9 +1619,44 @@ spec: type: string lastTransitionTime: type: string + reason: + type: string + message: + type: string + additionalPrinterColumns: + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: status: {} - - name: v1beta1 + scope: Cluster + names: + plural: egresses + singular: egress + kind: Egress + shortNames: + - eg + +--- +# Source: crds/externalentity.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalentities.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true storage: true schema: @@ -2792,17 +1666,95 @@ spec: spec: type: object properties: - childGroups: + endpoints: type: array items: - type: string - podSelector: + type: object + properties: + ip: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + ports: + type: array + items: + type: object + properties: + protocol: + type: string + enum: ['TCP', 'UDP', 'SCTP'] + port: + x-kubernetes-int-or-string: true + name: + type: string + externalNode: + type: string + scope: Namespaced + names: + plural: externalentities + singular: externalentity + kind: ExternalEntity + shortNames: + - ee + +--- +# Source: crds/externalippool.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - ipRanges + - nodeSelector + properties: + ipRanges: + type: array + items: + type: object + oneOf: + - required: + - cidr + - required: + - start + - end + properties: + cidr: + type: string + format: cidr + start: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + end: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + nodeSelector: type: object properties: matchExpressions: - type: array items: - type: object properties: key: type: string @@ -2814,108 +1766,39 @@ spec: - DoesNotExist type: string values: - type: array items: type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string + type: array matchLabels: x-kubernetes-preserve-unknown-fields: true - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string status: type: object properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string + usage: + type: object + properties: + total: + type: integer + used: + type: integer + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: - status: { } - scope: Namespaced - names: - plural: groups - singular: group - kind: Group - shortNames: - - grp - ---- -# Source: crds/ippool.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 + status: {} + - name: v1beta1 served: true storage: true schema: @@ -2925,97 +1808,91 @@ spec: - spec properties: spec: + type: object required: - - ipVersion - ipRanges - type: object + - nodeSelector properties: - ipVersion: - type: integer - enum: [ 4, 6 ] ipRanges: + type: array items: - oneOf: - - required: - - cidr - - gateway - - prefixLength + type: object + oneOf: - required: - - start - - end - - gateway - - prefixLength + - cidr + - required: + - start + - end properties: cidr: - format: cidr type: string + format: cidr start: - oneOf: - - format: ipv4 - - format: ipv6 type: string - end: oneOf: - format: ipv4 - format: ipv6 + end: type: string - gateway: oneOf: - format: ipv4 - format: ipv6 - type: string - prefixLength: - type: integer - minimum: 1 - maximum: 128 - vlan: - type: integer - minimum: 0 - maximum: 4094 - type: object - type: array - status: - properties: - ipAddresses: - items: - properties: - ipAddress: - type: string - owner: + subnetInfo: + type: object + required: + - gateway + - prefixLength + properties: + gateway: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + prefixLength: + type: integer + minimum: 1 + maximum: 127 + vlan: + type: integer + minimum: 0 + maximum: 4094 + nodeSelector: + type: object + properties: + matchExpressions: + items: properties: - pod: - properties: - name: - type: string - namespace: - type: string - containerID: - type: string - ifName: - type: string - type: object - statefulSet: - properties: - name: - type: string - namespace: - type: string - index: - type: integer - type: object + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: array type: object - phase: + type: array + matchLabels: + additionalProperties: type: string - type: object - type: array + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + status: + type: object + properties: usage: + type: object properties: - used: - type: integer total: type: integer - type: object - type: object + used: + type: integer additionalPrinterColumns: - description: The number of total IPs jsonPath: .status.usage.total @@ -3029,615 +1906,291 @@ spec: name: Age type: date subresources: - status: {} + status: { } scope: Cluster names: - plural: ippools - singular: ippool - kind: IPPool + plural: externalippools + singular: externalippool + kind: ExternalIPPool shortNames: - - ipp + - eip --- -# Source: crds/networkpolicy.yaml +# Source: crds/externalnode.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: networkpolicies.crd.antrea.io labels: app: antrea + name: externalnodes.crd.antrea.io spec: group: crd.antrea.io versions: - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this Antrea NetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this Antrea NetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - interfaces properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 - appliedTo: + interfaces: type: array + minItems: 1 + maxItems: 1 + required: + - ips items: type: object - # Ensure that Spec.AppliedTo does not allow NamespaceSelector/IPBlock field properties: - externalEntitySelector: + ips: + type: array + minItems: 1 + items: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + served: true + storage: true + scope: Namespaced + names: + plural: externalnodes + singular: externalnode + kind: ExternalNode + shortNames: + - en + +--- +# Source: crds/group.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: groups.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha3 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: type: array items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - podSelector: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: type: array items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - ingress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - enum: ['Cluster', 'ClusterSet'] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + cidr: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - fqdn: - type: string - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - toServices: - type: array - items: - type: object - required: - - name - properties: - name: + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + lastTransitionTime: + type: string + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - namespace: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - name: - type: string - enableLogging: - type: boolean - logLabel: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: + type: array + items: + type: object + properties: + cidr: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string status: type: object properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer conditions: type: array items: @@ -3649,12 +2202,161 @@ spec: type: string lastTransitionTime: type: string - reason: + subresources: + status: { } + scope: Namespaced + names: + plural: groups + singular: group + kind: Group + shortNames: + - grp + +--- +# Source: crds/ippool.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + required: + - ipVersion + - ipRanges + type: object + properties: + ipVersion: + type: integer + enum: [ 4, 6 ] + ipRanges: + items: + oneOf: + - required: + - cidr + - gateway + - prefixLength + - required: + - start + - end + - gateway + - prefixLength + properties: + cidr: + format: cidr type: string - message: + start: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + end: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + gateway: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + prefixLength: + type: integer + minimum: 1 + maximum: 128 + vlan: + type: integer + minimum: 0 + maximum: 4094 + type: object + type: array + status: + properties: + ipAddresses: + items: + properties: + ipAddress: + type: string + owner: + properties: + pod: + properties: + name: + type: string + namespace: + type: string + containerID: + type: string + ifName: + type: string + type: object + statefulSet: + properties: + name: + type: string + namespace: + type: string + index: + type: integer + type: object + type: object + phase: type: string + type: object + type: array + usage: + properties: + used: + type: integer + total: + type: integer + type: object + type: object + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: status: {} + scope: Cluster + names: + plural: ippools + singular: ippool + kind: IPPool + shortNames: + - ipp + +--- +# Source: crds/networkpolicy.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: - name: v1beta1 served: true storage: true @@ -4512,245 +3214,6 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - jsonPath: .status.phase - description: The phase of the Traceflow. - name: Phase - type: string - - jsonPath: .spec.source.pod - description: The name of the source Pod. - name: Source-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.pod - description: The name of the destination Pod. - name: Destination-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.ip - description: The IP address of the destination. - name: Destination-IP - type: string - priority: 10 - - jsonPath: .spec.liveTraffic - description: Trace live traffic. - name: Live-Traffic - type: boolean - priority: 10 - - jsonPath: .spec.droppedOnly - description: Capture only the dropped packet. - name: Dropped-Only - type: boolean - priority: 10 - - jsonPath: .spec.timeout - description: Timeout in seconds. - name: Timeout - type: integer - priority: 10 - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - properties: - source: - type: object - properties: - pod: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - destination: - type: object - properties: - pod: - type: string - service: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - packet: - type: object - properties: - ipHeader: - type: object - properties: - srcIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - protocol: - type: integer - ttl: - type: integer - flags: - type: integer - ipv6Header: - type: object - properties: - srcIP: - type: string - format: ipv6 - nextHeader: - type: integer - hopLimit: - type: integer - transportHeader: - type: object - properties: - icmp: - type: object - properties: - id: - type: integer - sequence: - type: integer - udp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - tcp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - flags: - type: integer - liveTraffic: - type: boolean - droppedOnly: - type: boolean - timeout: - type: integer - status: - type: object - properties: - reason: - type: string - dataplaneTag: - type: integer - phase: - type: string - startTime: - type: string - results: - type: array - items: - type: object - properties: - node: - type: string - role: - type: string - timestamp: - type: integer - observations: - type: array - items: - type: object - properties: - component: - type: string - componentInfo: - type: string - action: - type: string - pod: - type: string - dstMAC: - type: string - networkPolicy: - type: string - ttl: - type: integer - translatedSrcIP: - type: string - translatedDstIP: - type: string - tunnelDstIP: - type: string - egressIP: - type: string - egress: - type: string - capturedPacket: - properties: - srcIP: - type: string - dstIP: - type: string - length: - type: integer - ipHeader: - properties: - flags: - type: integer - protocol: - type: integer - ttl: - type: integer - type: object - ipv6Header: - properties: - hopLimit: - type: integer - nextHeader: - type: integer - type: object - transportHeader: - properties: - tcp: - properties: - dstPort: - type: integer - srcPort: - type: integer - flags: - type: integer - type: object - udp: - properties: - dstPort: - type: integer - srcPort: - type: integer - type: object - icmp: - properties: - id: - type: integer - sequence: - type: integer - type: object - type: object - type: object - subresources: - status: {} - name: v1beta1 served: true storage: true @@ -7192,7 +5655,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["clusternetworkpolicies"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] @@ -7207,7 +5670,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["networkpolicies"] scope: "Namespaced" admissionReviewVersions: ["v1", "v1beta1"] @@ -7395,7 +5858,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["traceflows"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 0984ab8ff54..868bb683fd9 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -573,9 +573,9 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 + - name: v1beta1 served: true - storage: false + storage: true additionalPrinterColumns: - name: Tier type: string @@ -646,7 +646,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -670,7 +673,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -681,8 +687,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -691,8 +697,35 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace + nodeSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object ingress: type: array items: @@ -729,7 +762,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -753,7 +789,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -764,8 +803,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -774,12 +813,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -787,7 +826,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -801,8 +840,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -832,8 +871,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -842,7 +881,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -878,7 +917,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -902,14 +944,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -926,8 +977,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -951,10 +1002,13 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object scope: type: string - enum: ['Cluster', 'ClusterSet'] + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: @@ -998,7 +1052,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1022,7 +1079,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -1033,12 +1093,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -1046,7 +1106,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -1060,8 +1120,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -1093,8 +1153,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -1103,7 +1163,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -1139,7 +1199,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1163,14 +1226,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1189,8 +1261,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -1214,14 +1286,17 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object toServices: type: array items: type: object required: - - name - - namespace + - name + - namespace properties: name: type: string @@ -1264,1511 +1339,275 @@ spec: message: type: string subresources: - status: {} - - name: v1beta1 + status: { } + scope: Cluster + names: + plural: clusternetworkpolicies + singular: clusternetworkpolicy + kind: ClusterNetworkPolicy + shortNames: + - acnp + +--- +# Source: crds/egress.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: egresses.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true - storage: true - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this ClusterNetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this ClusterNetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp + storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 appliedTo: - type: array - items: - type: object - # Ensure that Spec.AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - ingress: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: + type: array + items: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: + type: array + items: + type: string + status: + type: object + properties: + egressNode: + type: string + egressIP: + type: string + conditions: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + type: type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - fqdn: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - toServices: - type: array - items: - type: object - required: - - name - - namespace - properties: - name: - type: string - namespace: - type: string - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - status: - type: object - properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - subresources: - status: { } - scope: Cluster - names: - plural: clusternetworkpolicies - singular: clusternetworkpolicy - kind: ClusterNetworkPolicy - shortNames: - - acnp - ---- -# Source: crds/egress.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: egresses.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - bandwidth: - type: object - required: - - rate - - burst - properties: - rate: - type: string - burst: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - scope: Cluster - names: - plural: egresses - singular: egress - kind: Egress - shortNames: - - eg - ---- -# Source: crds/externalentity.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalentities.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - endpoints: - type: array - items: - type: object - properties: - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - name: - type: string - externalNode: - type: string - scope: Namespaced - names: - plural: externalentities - singular: externalentity - kind: ExternalEntity - shortNames: - - ee - ---- -# Source: crds/externalippool.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer - additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: + status: type: string - oneOf: - - format: ipv4 - - format: ipv6 - subnetInfo: - type: object - required: - - gateway - - prefixLength - properties: - gateway: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - prefixLength: - type: integer - minimum: 1 - maximum: 127 - vlan: - type: integer - minimum: 0 - maximum: 4094 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: + lastTransitionTime: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer - additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer + reason: + type: string + message: + type: string + additionalPrinterColumns: + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: - status: { } - scope: Cluster - names: - plural: externalippools - singular: externalippool - kind: ExternalIPPool - shortNames: - - eip - ---- -# Source: crds/externalnode.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app: antrea - name: externalnodes.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - interfaces - properties: - interfaces: - type: array - minItems: 1 - maxItems: 1 - required: - - ips - items: - type: object - properties: - ips: - type: array - minItems: 1 - items: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string + status: {} + - name: v1beta1 served: true storage: true - scope: Namespaced - names: - plural: externalnodes - singular: externalnode - kind: ExternalNode - shortNames: - - en - ---- -# Source: crds/group.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: groups.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha3 - served: true - storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: + appliedTo: type: object properties: - matchExpressions: - type: array - items: - type: object - properties: - key: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlocks: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: type: array items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: + type: array + items: + type: string + bandwidth: type: object + required: + - rate + - burst properties: - name: + rate: type: string - namespace: + burst: type: string status: type: object properties: + egressNode: + type: string + egressIP: + type: string conditions: type: array items: @@ -2780,9 +1619,44 @@ spec: type: string lastTransitionTime: type: string + reason: + type: string + message: + type: string + additionalPrinterColumns: + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: status: {} - - name: v1beta1 + scope: Cluster + names: + plural: egresses + singular: egress + kind: Egress + shortNames: + - eg + +--- +# Source: crds/externalentity.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalentities.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true storage: true schema: @@ -2792,17 +1666,95 @@ spec: spec: type: object properties: - childGroups: + endpoints: type: array items: - type: string - podSelector: + type: object + properties: + ip: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + ports: + type: array + items: + type: object + properties: + protocol: + type: string + enum: ['TCP', 'UDP', 'SCTP'] + port: + x-kubernetes-int-or-string: true + name: + type: string + externalNode: + type: string + scope: Namespaced + names: + plural: externalentities + singular: externalentity + kind: ExternalEntity + shortNames: + - ee + +--- +# Source: crds/externalippool.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - ipRanges + - nodeSelector + properties: + ipRanges: + type: array + items: + type: object + oneOf: + - required: + - cidr + - required: + - start + - end + properties: + cidr: + type: string + format: cidr + start: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + end: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + nodeSelector: type: object properties: matchExpressions: - type: array items: - type: object properties: key: type: string @@ -2814,108 +1766,39 @@ spec: - DoesNotExist type: string values: - type: array items: type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string + type: array matchLabels: x-kubernetes-preserve-unknown-fields: true - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string status: type: object properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string + usage: + type: object + properties: + total: + type: integer + used: + type: integer + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: - status: { } - scope: Namespaced - names: - plural: groups - singular: group - kind: Group - shortNames: - - grp - ---- -# Source: crds/ippool.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 + status: {} + - name: v1beta1 served: true storage: true schema: @@ -2925,97 +1808,91 @@ spec: - spec properties: spec: + type: object required: - - ipVersion - ipRanges - type: object + - nodeSelector properties: - ipVersion: - type: integer - enum: [ 4, 6 ] ipRanges: + type: array items: - oneOf: - - required: - - cidr - - gateway - - prefixLength + type: object + oneOf: - required: - - start - - end - - gateway - - prefixLength + - cidr + - required: + - start + - end properties: cidr: - format: cidr type: string + format: cidr start: - oneOf: - - format: ipv4 - - format: ipv6 type: string - end: oneOf: - format: ipv4 - format: ipv6 + end: type: string - gateway: oneOf: - format: ipv4 - format: ipv6 - type: string - prefixLength: - type: integer - minimum: 1 - maximum: 128 - vlan: - type: integer - minimum: 0 - maximum: 4094 - type: object - type: array - status: - properties: - ipAddresses: - items: - properties: - ipAddress: - type: string - owner: + subnetInfo: + type: object + required: + - gateway + - prefixLength + properties: + gateway: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + prefixLength: + type: integer + minimum: 1 + maximum: 127 + vlan: + type: integer + minimum: 0 + maximum: 4094 + nodeSelector: + type: object + properties: + matchExpressions: + items: properties: - pod: - properties: - name: - type: string - namespace: - type: string - containerID: - type: string - ifName: - type: string - type: object - statefulSet: - properties: - name: - type: string - namespace: - type: string - index: - type: integer - type: object + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: array type: object - phase: + type: array + matchLabels: + additionalProperties: type: string - type: object - type: array + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + status: + type: object + properties: usage: + type: object properties: - used: - type: integer total: type: integer - type: object - type: object + used: + type: integer additionalPrinterColumns: - description: The number of total IPs jsonPath: .status.usage.total @@ -3029,615 +1906,291 @@ spec: name: Age type: date subresources: - status: {} + status: { } scope: Cluster names: - plural: ippools - singular: ippool - kind: IPPool + plural: externalippools + singular: externalippool + kind: ExternalIPPool shortNames: - - ipp + - eip --- -# Source: crds/networkpolicy.yaml +# Source: crds/externalnode.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: networkpolicies.crd.antrea.io labels: app: antrea + name: externalnodes.crd.antrea.io spec: group: crd.antrea.io versions: - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this Antrea NetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this Antrea NetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - interfaces properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 - appliedTo: + interfaces: type: array + minItems: 1 + maxItems: 1 + required: + - ips items: type: object - # Ensure that Spec.AppliedTo does not allow NamespaceSelector/IPBlock field properties: - externalEntitySelector: + ips: + type: array + minItems: 1 + items: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + served: true + storage: true + scope: Namespaced + names: + plural: externalnodes + singular: externalnode + kind: ExternalNode + shortNames: + - en + +--- +# Source: crds/group.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: groups.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha3 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: type: array items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - podSelector: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: type: array items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - ingress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - enum: ['Cluster', 'ClusterSet'] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + cidr: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - fqdn: - type: string - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - toServices: - type: array - items: - type: object - required: - - name - properties: - name: + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + lastTransitionTime: + type: string + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - namespace: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - name: - type: string - enableLogging: - type: boolean - logLabel: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: + type: array + items: + type: object + properties: + cidr: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string status: type: object properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer conditions: type: array items: @@ -3649,12 +2202,161 @@ spec: type: string lastTransitionTime: type: string - reason: + subresources: + status: { } + scope: Namespaced + names: + plural: groups + singular: group + kind: Group + shortNames: + - grp + +--- +# Source: crds/ippool.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + required: + - ipVersion + - ipRanges + type: object + properties: + ipVersion: + type: integer + enum: [ 4, 6 ] + ipRanges: + items: + oneOf: + - required: + - cidr + - gateway + - prefixLength + - required: + - start + - end + - gateway + - prefixLength + properties: + cidr: + format: cidr type: string - message: + start: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + end: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + gateway: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + prefixLength: + type: integer + minimum: 1 + maximum: 128 + vlan: + type: integer + minimum: 0 + maximum: 4094 + type: object + type: array + status: + properties: + ipAddresses: + items: + properties: + ipAddress: + type: string + owner: + properties: + pod: + properties: + name: + type: string + namespace: + type: string + containerID: + type: string + ifName: + type: string + type: object + statefulSet: + properties: + name: + type: string + namespace: + type: string + index: + type: integer + type: object + type: object + phase: type: string + type: object + type: array + usage: + properties: + used: + type: integer + total: + type: integer + type: object + type: object + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: status: {} + scope: Cluster + names: + plural: ippools + singular: ippool + kind: IPPool + shortNames: + - ipp + +--- +# Source: crds/networkpolicy.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: - name: v1beta1 served: true storage: true @@ -4512,245 +3214,6 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - jsonPath: .status.phase - description: The phase of the Traceflow. - name: Phase - type: string - - jsonPath: .spec.source.pod - description: The name of the source Pod. - name: Source-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.pod - description: The name of the destination Pod. - name: Destination-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.ip - description: The IP address of the destination. - name: Destination-IP - type: string - priority: 10 - - jsonPath: .spec.liveTraffic - description: Trace live traffic. - name: Live-Traffic - type: boolean - priority: 10 - - jsonPath: .spec.droppedOnly - description: Capture only the dropped packet. - name: Dropped-Only - type: boolean - priority: 10 - - jsonPath: .spec.timeout - description: Timeout in seconds. - name: Timeout - type: integer - priority: 10 - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - properties: - source: - type: object - properties: - pod: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - destination: - type: object - properties: - pod: - type: string - service: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - packet: - type: object - properties: - ipHeader: - type: object - properties: - srcIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - protocol: - type: integer - ttl: - type: integer - flags: - type: integer - ipv6Header: - type: object - properties: - srcIP: - type: string - format: ipv6 - nextHeader: - type: integer - hopLimit: - type: integer - transportHeader: - type: object - properties: - icmp: - type: object - properties: - id: - type: integer - sequence: - type: integer - udp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - tcp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - flags: - type: integer - liveTraffic: - type: boolean - droppedOnly: - type: boolean - timeout: - type: integer - status: - type: object - properties: - reason: - type: string - dataplaneTag: - type: integer - phase: - type: string - startTime: - type: string - results: - type: array - items: - type: object - properties: - node: - type: string - role: - type: string - timestamp: - type: integer - observations: - type: array - items: - type: object - properties: - component: - type: string - componentInfo: - type: string - action: - type: string - pod: - type: string - dstMAC: - type: string - networkPolicy: - type: string - ttl: - type: integer - translatedSrcIP: - type: string - translatedDstIP: - type: string - tunnelDstIP: - type: string - egressIP: - type: string - egress: - type: string - capturedPacket: - properties: - srcIP: - type: string - dstIP: - type: string - length: - type: integer - ipHeader: - properties: - flags: - type: integer - protocol: - type: integer - ttl: - type: integer - type: object - ipv6Header: - properties: - hopLimit: - type: integer - nextHeader: - type: integer - type: object - transportHeader: - properties: - tcp: - properties: - dstPort: - type: integer - srcPort: - type: integer - flags: - type: integer - type: object - udp: - properties: - dstPort: - type: integer - srcPort: - type: integer - type: object - icmp: - properties: - id: - type: integer - sequence: - type: integer - type: object - type: object - type: object - subresources: - status: {} - name: v1beta1 served: true storage: true @@ -7189,7 +5652,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["clusternetworkpolicies"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] @@ -7204,7 +5667,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["networkpolicies"] scope: "Namespaced" admissionReviewVersions: ["v1", "v1beta1"] @@ -7392,7 +5855,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["traceflows"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index 1da6e0b3e27..b3343af3a8c 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -573,9 +573,9 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 + - name: v1beta1 served: true - storage: false + storage: true additionalPrinterColumns: - name: Tier type: string @@ -646,7 +646,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -670,7 +673,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -681,8 +687,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -691,8 +697,35 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace + nodeSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object ingress: type: array items: @@ -729,7 +762,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -753,7 +789,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -764,8 +803,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -774,12 +813,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -787,7 +826,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -801,8 +840,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -832,8 +871,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -842,7 +881,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -878,7 +917,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -902,14 +944,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -926,8 +977,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -951,10 +1002,13 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object scope: type: string - enum: ['Cluster', 'ClusterSet'] + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: @@ -998,7 +1052,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1022,7 +1079,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -1033,12 +1093,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -1046,7 +1106,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -1060,8 +1120,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -1093,8 +1153,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -1103,7 +1163,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -1139,7 +1199,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1163,14 +1226,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1189,8 +1261,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -1214,14 +1286,17 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object toServices: type: array items: type: object required: - - name - - namespace + - name + - namespace properties: name: type: string @@ -1264,1511 +1339,275 @@ spec: message: type: string subresources: - status: {} - - name: v1beta1 + status: { } + scope: Cluster + names: + plural: clusternetworkpolicies + singular: clusternetworkpolicy + kind: ClusterNetworkPolicy + shortNames: + - acnp + +--- +# Source: crds/egress.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: egresses.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true - storage: true - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this ClusterNetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this ClusterNetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp + storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 appliedTo: - type: array - items: - type: object - # Ensure that Spec.AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - ingress: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: + type: array + items: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: + type: array + items: + type: string + status: + type: object + properties: + egressNode: + type: string + egressIP: + type: string + conditions: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + type: type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - fqdn: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - toServices: - type: array - items: - type: object - required: - - name - - namespace - properties: - name: - type: string - namespace: - type: string - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - status: - type: object - properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - subresources: - status: { } - scope: Cluster - names: - plural: clusternetworkpolicies - singular: clusternetworkpolicy - kind: ClusterNetworkPolicy - shortNames: - - acnp - ---- -# Source: crds/egress.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: egresses.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - bandwidth: - type: object - required: - - rate - - burst - properties: - rate: - type: string - burst: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - scope: Cluster - names: - plural: egresses - singular: egress - kind: Egress - shortNames: - - eg - ---- -# Source: crds/externalentity.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalentities.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - endpoints: - type: array - items: - type: object - properties: - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - name: - type: string - externalNode: - type: string - scope: Namespaced - names: - plural: externalentities - singular: externalentity - kind: ExternalEntity - shortNames: - - ee - ---- -# Source: crds/externalippool.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer - additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: + status: type: string - oneOf: - - format: ipv4 - - format: ipv6 - subnetInfo: - type: object - required: - - gateway - - prefixLength - properties: - gateway: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - prefixLength: - type: integer - minimum: 1 - maximum: 127 - vlan: - type: integer - minimum: 0 - maximum: 4094 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: + lastTransitionTime: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer - additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer + reason: + type: string + message: + type: string + additionalPrinterColumns: + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: - status: { } - scope: Cluster - names: - plural: externalippools - singular: externalippool - kind: ExternalIPPool - shortNames: - - eip - ---- -# Source: crds/externalnode.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app: antrea - name: externalnodes.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - interfaces - properties: - interfaces: - type: array - minItems: 1 - maxItems: 1 - required: - - ips - items: - type: object - properties: - ips: - type: array - minItems: 1 - items: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string + status: {} + - name: v1beta1 served: true storage: true - scope: Namespaced - names: - plural: externalnodes - singular: externalnode - kind: ExternalNode - shortNames: - - en - ---- -# Source: crds/group.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: groups.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha3 - served: true - storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: + appliedTo: type: object properties: - matchExpressions: - type: array - items: - type: object - properties: - key: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlocks: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: type: array items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: + type: array + items: + type: string + bandwidth: type: object + required: + - rate + - burst properties: - name: + rate: type: string - namespace: + burst: type: string status: type: object properties: + egressNode: + type: string + egressIP: + type: string conditions: type: array items: @@ -2780,9 +1619,44 @@ spec: type: string lastTransitionTime: type: string + reason: + type: string + message: + type: string + additionalPrinterColumns: + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: status: {} - - name: v1beta1 + scope: Cluster + names: + plural: egresses + singular: egress + kind: Egress + shortNames: + - eg + +--- +# Source: crds/externalentity.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalentities.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true storage: true schema: @@ -2792,17 +1666,95 @@ spec: spec: type: object properties: - childGroups: + endpoints: type: array items: - type: string - podSelector: + type: object + properties: + ip: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + ports: + type: array + items: + type: object + properties: + protocol: + type: string + enum: ['TCP', 'UDP', 'SCTP'] + port: + x-kubernetes-int-or-string: true + name: + type: string + externalNode: + type: string + scope: Namespaced + names: + plural: externalentities + singular: externalentity + kind: ExternalEntity + shortNames: + - ee + +--- +# Source: crds/externalippool.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - ipRanges + - nodeSelector + properties: + ipRanges: + type: array + items: + type: object + oneOf: + - required: + - cidr + - required: + - start + - end + properties: + cidr: + type: string + format: cidr + start: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + end: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + nodeSelector: type: object properties: matchExpressions: - type: array items: - type: object properties: key: type: string @@ -2814,108 +1766,39 @@ spec: - DoesNotExist type: string values: - type: array items: type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string + type: array matchLabels: x-kubernetes-preserve-unknown-fields: true - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string status: type: object properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string + usage: + type: object + properties: + total: + type: integer + used: + type: integer + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: - status: { } - scope: Namespaced - names: - plural: groups - singular: group - kind: Group - shortNames: - - grp - ---- -# Source: crds/ippool.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 + status: {} + - name: v1beta1 served: true storage: true schema: @@ -2925,97 +1808,91 @@ spec: - spec properties: spec: + type: object required: - - ipVersion - ipRanges - type: object + - nodeSelector properties: - ipVersion: - type: integer - enum: [ 4, 6 ] ipRanges: + type: array items: - oneOf: - - required: - - cidr - - gateway - - prefixLength + type: object + oneOf: - required: - - start - - end - - gateway - - prefixLength + - cidr + - required: + - start + - end properties: cidr: - format: cidr type: string + format: cidr start: - oneOf: - - format: ipv4 - - format: ipv6 type: string - end: oneOf: - format: ipv4 - format: ipv6 + end: type: string - gateway: oneOf: - format: ipv4 - format: ipv6 - type: string - prefixLength: - type: integer - minimum: 1 - maximum: 128 - vlan: - type: integer - minimum: 0 - maximum: 4094 - type: object - type: array - status: - properties: - ipAddresses: - items: - properties: - ipAddress: - type: string - owner: + subnetInfo: + type: object + required: + - gateway + - prefixLength + properties: + gateway: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + prefixLength: + type: integer + minimum: 1 + maximum: 127 + vlan: + type: integer + minimum: 0 + maximum: 4094 + nodeSelector: + type: object + properties: + matchExpressions: + items: properties: - pod: - properties: - name: - type: string - namespace: - type: string - containerID: - type: string - ifName: - type: string - type: object - statefulSet: - properties: - name: - type: string - namespace: - type: string - index: - type: integer - type: object + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: array type: object - phase: + type: array + matchLabels: + additionalProperties: type: string - type: object - type: array + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + status: + type: object + properties: usage: + type: object properties: - used: - type: integer total: type: integer - type: object - type: object + used: + type: integer additionalPrinterColumns: - description: The number of total IPs jsonPath: .status.usage.total @@ -3029,615 +1906,291 @@ spec: name: Age type: date subresources: - status: {} + status: { } scope: Cluster names: - plural: ippools - singular: ippool - kind: IPPool + plural: externalippools + singular: externalippool + kind: ExternalIPPool shortNames: - - ipp + - eip --- -# Source: crds/networkpolicy.yaml +# Source: crds/externalnode.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: networkpolicies.crd.antrea.io labels: app: antrea + name: externalnodes.crd.antrea.io spec: group: crd.antrea.io versions: - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this Antrea NetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this Antrea NetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - interfaces properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 - appliedTo: + interfaces: type: array + minItems: 1 + maxItems: 1 + required: + - ips items: type: object - # Ensure that Spec.AppliedTo does not allow NamespaceSelector/IPBlock field properties: - externalEntitySelector: + ips: + type: array + minItems: 1 + items: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + served: true + storage: true + scope: Namespaced + names: + plural: externalnodes + singular: externalnode + kind: ExternalNode + shortNames: + - en + +--- +# Source: crds/group.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: groups.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha3 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: type: array items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - podSelector: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: type: array items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - ingress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - enum: ['Cluster', 'ClusterSet'] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + cidr: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - fqdn: - type: string - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - toServices: - type: array - items: - type: object - required: - - name - properties: - name: + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + lastTransitionTime: + type: string + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - namespace: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - name: - type: string - enableLogging: - type: boolean - logLabel: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: + type: array + items: + type: object + properties: + cidr: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string status: type: object properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer conditions: type: array items: @@ -3649,12 +2202,161 @@ spec: type: string lastTransitionTime: type: string - reason: + subresources: + status: { } + scope: Namespaced + names: + plural: groups + singular: group + kind: Group + shortNames: + - grp + +--- +# Source: crds/ippool.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + required: + - ipVersion + - ipRanges + type: object + properties: + ipVersion: + type: integer + enum: [ 4, 6 ] + ipRanges: + items: + oneOf: + - required: + - cidr + - gateway + - prefixLength + - required: + - start + - end + - gateway + - prefixLength + properties: + cidr: + format: cidr type: string - message: + start: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + end: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + gateway: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + prefixLength: + type: integer + minimum: 1 + maximum: 128 + vlan: + type: integer + minimum: 0 + maximum: 4094 + type: object + type: array + status: + properties: + ipAddresses: + items: + properties: + ipAddress: + type: string + owner: + properties: + pod: + properties: + name: + type: string + namespace: + type: string + containerID: + type: string + ifName: + type: string + type: object + statefulSet: + properties: + name: + type: string + namespace: + type: string + index: + type: integer + type: object + type: object + phase: type: string + type: object + type: array + usage: + properties: + used: + type: integer + total: + type: integer + type: object + type: object + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: status: {} + scope: Cluster + names: + plural: ippools + singular: ippool + kind: IPPool + shortNames: + - ipp + +--- +# Source: crds/networkpolicy.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: - name: v1beta1 served: true storage: true @@ -4512,245 +3214,6 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - jsonPath: .status.phase - description: The phase of the Traceflow. - name: Phase - type: string - - jsonPath: .spec.source.pod - description: The name of the source Pod. - name: Source-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.pod - description: The name of the destination Pod. - name: Destination-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.ip - description: The IP address of the destination. - name: Destination-IP - type: string - priority: 10 - - jsonPath: .spec.liveTraffic - description: Trace live traffic. - name: Live-Traffic - type: boolean - priority: 10 - - jsonPath: .spec.droppedOnly - description: Capture only the dropped packet. - name: Dropped-Only - type: boolean - priority: 10 - - jsonPath: .spec.timeout - description: Timeout in seconds. - name: Timeout - type: integer - priority: 10 - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - properties: - source: - type: object - properties: - pod: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - destination: - type: object - properties: - pod: - type: string - service: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - packet: - type: object - properties: - ipHeader: - type: object - properties: - srcIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - protocol: - type: integer - ttl: - type: integer - flags: - type: integer - ipv6Header: - type: object - properties: - srcIP: - type: string - format: ipv6 - nextHeader: - type: integer - hopLimit: - type: integer - transportHeader: - type: object - properties: - icmp: - type: object - properties: - id: - type: integer - sequence: - type: integer - udp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - tcp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - flags: - type: integer - liveTraffic: - type: boolean - droppedOnly: - type: boolean - timeout: - type: integer - status: - type: object - properties: - reason: - type: string - dataplaneTag: - type: integer - phase: - type: string - startTime: - type: string - results: - type: array - items: - type: object - properties: - node: - type: string - role: - type: string - timestamp: - type: integer - observations: - type: array - items: - type: object - properties: - component: - type: string - componentInfo: - type: string - action: - type: string - pod: - type: string - dstMAC: - type: string - networkPolicy: - type: string - ttl: - type: integer - translatedSrcIP: - type: string - translatedDstIP: - type: string - tunnelDstIP: - type: string - egressIP: - type: string - egress: - type: string - capturedPacket: - properties: - srcIP: - type: string - dstIP: - type: string - length: - type: integer - ipHeader: - properties: - flags: - type: integer - protocol: - type: integer - ttl: - type: integer - type: object - ipv6Header: - properties: - hopLimit: - type: integer - nextHeader: - type: integer - type: object - transportHeader: - properties: - tcp: - properties: - dstPort: - type: integer - srcPort: - type: integer - flags: - type: integer - type: object - udp: - properties: - dstPort: - type: integer - srcPort: - type: integer - type: object - icmp: - properties: - id: - type: integer - sequence: - type: integer - type: object - type: object - type: object - subresources: - status: {} - name: v1beta1 served: true storage: true @@ -7248,7 +5711,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["clusternetworkpolicies"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] @@ -7263,7 +5726,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["networkpolicies"] scope: "Namespaced" admissionReviewVersions: ["v1", "v1beta1"] @@ -7451,7 +5914,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["traceflows"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index e3d12af05e1..9398dc29a58 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -573,9 +573,9 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 + - name: v1beta1 served: true - storage: false + storage: true additionalPrinterColumns: - name: Tier type: string @@ -646,7 +646,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -670,7 +673,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -681,8 +687,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -691,8 +697,35 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace + nodeSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object ingress: type: array items: @@ -729,7 +762,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -753,7 +789,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -764,8 +803,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace service: type: object properties: @@ -774,12 +813,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -787,7 +826,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -801,8 +840,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -832,8 +871,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -842,7 +881,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -878,7 +917,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -902,14 +944,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -926,8 +977,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -951,10 +1002,13 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object scope: type: string - enum: ['Cluster', 'ClusterSet'] + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: @@ -998,7 +1052,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1022,7 +1079,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object group: type: string serviceAccount: @@ -1033,12 +1093,12 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values action: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] + enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] ports: type: array items: @@ -1046,7 +1106,7 @@ spec: properties: protocol: type: string - enum: ['TCP', 'UDP', 'SCTP'] + enum: [ 'TCP', 'UDP', 'SCTP' ] port: x-kubernetes-int-or-string: true endPort: @@ -1060,8 +1120,8 @@ spec: items: type: object oneOf: - - required: [icmp] - - required: [igmp] + - required: [ icmp ] + - required: [ igmp ] properties: icmp: type: object @@ -1093,8 +1153,8 @@ spec: items: type: object oneOf: - - required: [http] - - required: [tls] + - required: [ http ] + - required: [ tls ] properties: http: type: object @@ -1103,7 +1163,7 @@ spec: type: string method: type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] + enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] path: type: string tls: @@ -1139,7 +1199,10 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaceSelector: type: object properties: @@ -1163,14 +1226,23 @@ spec: type: string pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object namespaces: type: object + maxProperties: 1 + minProperties: 1 properties: match: + type: string enum: - Self - type: string + sameLabels: + type: array + items: + type: string ipBlock: type: object properties: @@ -1189,8 +1261,8 @@ spec: namespace: type: string required: - - name - - namespace + - name + - namespace nodeSelector: type: object properties: @@ -1214,14 +1286,17 @@ spec: type: object type: array matchLabels: - x-kubernetes-preserve-unknown-fields: true + additionalProperties: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object toServices: type: array items: type: object required: - - name - - namespace + - name + - namespace properties: name: type: string @@ -1264,1511 +1339,275 @@ spec: message: type: string subresources: - status: {} - - name: v1beta1 + status: { } + scope: Cluster + names: + plural: clusternetworkpolicies + singular: clusternetworkpolicy + kind: ClusterNetworkPolicy + shortNames: + - acnp + +--- +# Source: crds/egress.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: egresses.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true - storage: true - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this ClusterNetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this ClusterNetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp + storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 appliedTo: - type: array - items: - type: object - # Ensure that Spec.AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + properties: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - ingress: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + x-kubernetes-preserve-unknown-fields: true + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: + type: array + items: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: + type: array + items: + type: string + status: + type: object + properties: + egressNode: + type: string + egressIP: + type: string + conditions: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - service: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + type: type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - group: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: [ 'Allow', 'Drop', 'Reject', 'Pass' ] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: [ 'TCP', 'UDP', 'SCTP' ] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [ icmp ] - - required: [ igmp ] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [ http ] - - required: [ tls ] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: [ 'GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH' ] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - namespaces: - type: object - maxProperties: 1 - minProperties: 1 - properties: - match: - type: string - enum: - - Self - sameLabels: - type: array - items: - type: string - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - group: - type: string - fqdn: - type: string - serviceAccount: - type: object - properties: - name: - type: string - namespace: - type: string - required: - - name - - namespace - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - toServices: - type: array - items: - type: object - required: - - name - - namespace - properties: - name: - type: string - namespace: - type: string - scope: - type: string - enum: [ 'Cluster', 'ClusterSet' ] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - status: - type: object - properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - subresources: - status: { } - scope: Cluster - names: - plural: clusternetworkpolicies - singular: clusternetworkpolicy - kind: ClusterNetworkPolicy - shortNames: - - acnp - ---- -# Source: crds/egress.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: egresses.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - appliedTo - oneOf: - - anyOf: - - required: - - egressIP - - required: - - externalIPPool - - anyOf: - - required: - - egressIPs - - required: - - externalIPPools - properties: - appliedTo: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - type: object - additionalProperties: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - egressIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - egressIPs: - type: array - items: - type: string - oneOf: - - maxLength: 0 - - format: ipv4 - - format: ipv6 - externalIPPool: - type: string - externalIPPools: - type: array - items: - type: string - bandwidth: - type: object - required: - - rate - - burst - properties: - rate: - type: string - burst: - type: string - status: - type: object - properties: - egressNode: - type: string - egressIP: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string - reason: - type: string - message: - type: string - additionalPrinterColumns: - - description: The effective SNAT IP address for the selected workloads. - jsonPath: .status.egressIP - name: EgressIP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: The Owner Node of egress IP - jsonPath: .status.egressNode - name: Node - type: string - subresources: - status: {} - scope: Cluster - names: - plural: egresses - singular: egress - kind: Egress - shortNames: - - eg - ---- -# Source: crds/externalentity.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalentities.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - endpoints: - type: array - items: - type: object - properties: - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - name: - type: string - externalNode: - type: string - scope: Namespaced - names: - plural: externalentities - singular: externalentity - kind: ExternalEntity - shortNames: - - ee - ---- -# Source: crds/externalippool.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: externalippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer - additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - ipRanges - - nodeSelector - properties: - ipRanges: - type: array - items: - type: object - oneOf: - - required: - - cidr - - required: - - start - - end - properties: - cidr: - type: string - format: cidr - start: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - end: + status: type: string - oneOf: - - format: ipv4 - - format: ipv6 - subnetInfo: - type: object - required: - - gateway - - prefixLength - properties: - gateway: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - prefixLength: - type: integer - minimum: 1 - maximum: 127 - vlan: - type: integer - minimum: 0 - maximum: 4094 - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - additionalProperties: + lastTransitionTime: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: object - status: - type: object - properties: - usage: - type: object - properties: - total: - type: integer - used: - type: integer - additionalPrinterColumns: - - description: The number of total IPs - jsonPath: .status.usage.total - name: Total - type: integer - - description: The number of allocated IPs - jsonPath: .status.usage.used - name: Used - type: integer + reason: + type: string + message: + type: string + additionalPrinterColumns: + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: - status: { } - scope: Cluster - names: - plural: externalippools - singular: externalippool - kind: ExternalIPPool - shortNames: - - eip - ---- -# Source: crds/externalnode.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - app: antrea - name: externalnodes.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - required: - - interfaces - properties: - interfaces: - type: array - minItems: 1 - maxItems: 1 - required: - - ips - items: - type: object - properties: - ips: - type: array - minItems: 1 - items: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - name: - type: string + status: {} + - name: v1beta1 served: true storage: true - scope: Namespaced - names: - plural: externalnodes - singular: externalnode - kind: ExternalNode - shortNames: - - en - ---- -# Source: crds/group.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: groups.crd.antrea.io -spec: - group: crd.antrea.io - versions: - - name: v1alpha3 - served: true - storage: false schema: openAPIV3Schema: type: object + required: + - spec properties: spec: type: object + required: + - appliedTo + oneOf: + - anyOf: + - required: + - egressIP + - required: + - externalIPPool + - anyOf: + - required: + - egressIPs + - required: + - externalIPPools properties: - childGroups: - type: array - items: - type: string - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: + appliedTo: type: object properties: - matchExpressions: - type: array - items: - type: object - properties: - key: + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + matchLabels: + type: object + additionalProperties: type: string - values: - type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlocks: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + egressIP: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + egressIPs: type: array items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: + type: string + oneOf: + - maxLength: 0 + - format: ipv4 + - format: ipv6 + externalIPPool: + type: string + externalIPPools: + type: array + items: + type: string + bandwidth: type: object + required: + - rate + - burst properties: - name: + rate: type: string - namespace: + burst: type: string status: type: object properties: + egressNode: + type: string + egressIP: + type: string conditions: type: array items: @@ -2780,9 +1619,44 @@ spec: type: string lastTransitionTime: type: string + reason: + type: string + message: + type: string + additionalPrinterColumns: + - description: The effective SNAT IP address for the selected workloads. + jsonPath: .status.egressIP + name: EgressIP + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: The Owner Node of egress IP + jsonPath: .status.egressNode + name: Node + type: string subresources: status: {} - - name: v1beta1 + scope: Cluster + names: + plural: egresses + singular: egress + kind: Egress + shortNames: + - eg + +--- +# Source: crds/externalentity.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalentities.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 served: true storage: true schema: @@ -2792,17 +1666,95 @@ spec: spec: type: object properties: - childGroups: + endpoints: type: array items: - type: string - podSelector: + type: object + properties: + ip: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + ports: + type: array + items: + type: object + properties: + protocol: + type: string + enum: ['TCP', 'UDP', 'SCTP'] + port: + x-kubernetes-int-or-string: true + name: + type: string + externalNode: + type: string + scope: Namespaced + names: + plural: externalentities + singular: externalentity + kind: ExternalEntity + shortNames: + - ee + +--- +# Source: crds/externalippool.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + type: object + required: + - ipRanges + - nodeSelector + properties: + ipRanges: + type: array + items: + type: object + oneOf: + - required: + - cidr + - required: + - start + - end + properties: + cidr: + type: string + format: cidr + start: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + end: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + nodeSelector: type: object properties: matchExpressions: - type: array items: - type: object properties: key: type: string @@ -2814,108 +1766,39 @@ spec: - DoesNotExist type: string values: - type: array items: type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" type: array - items: - type: string - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string + type: array matchLabels: x-kubernetes-preserve-unknown-fields: true - ipBlocks: - type: array - items: - type: object - properties: - cidr: - type: string - format: cidr - serviceReference: - type: object - properties: - name: - type: string - namespace: - type: string status: type: object properties: - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - lastTransitionTime: - type: string + usage: + type: object + properties: + total: + type: integer + used: + type: integer + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: - status: { } - scope: Namespaced - names: - plural: groups - singular: group - kind: Group - shortNames: - - grp - ---- -# Source: crds/ippool.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.antrea.io - labels: - app: antrea -spec: - group: crd.antrea.io - versions: - - name: v1alpha2 + status: {} + - name: v1beta1 served: true storage: true schema: @@ -2925,97 +1808,91 @@ spec: - spec properties: spec: + type: object required: - - ipVersion - ipRanges - type: object + - nodeSelector properties: - ipVersion: - type: integer - enum: [ 4, 6 ] ipRanges: + type: array items: - oneOf: - - required: - - cidr - - gateway - - prefixLength + type: object + oneOf: - required: - - start - - end - - gateway - - prefixLength + - cidr + - required: + - start + - end properties: cidr: - format: cidr type: string + format: cidr start: - oneOf: - - format: ipv4 - - format: ipv6 type: string - end: oneOf: - format: ipv4 - format: ipv6 + end: type: string - gateway: oneOf: - format: ipv4 - format: ipv6 - type: string - prefixLength: - type: integer - minimum: 1 - maximum: 128 - vlan: - type: integer - minimum: 0 - maximum: 4094 - type: object - type: array - status: - properties: - ipAddresses: - items: - properties: - ipAddress: - type: string - owner: + subnetInfo: + type: object + required: + - gateway + - prefixLength + properties: + gateway: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + prefixLength: + type: integer + minimum: 1 + maximum: 127 + vlan: + type: integer + minimum: 0 + maximum: 4094 + nodeSelector: + type: object + properties: + matchExpressions: + items: properties: - pod: - properties: - name: - type: string - namespace: - type: string - containerID: - type: string - ifName: - type: string - type: object - statefulSet: - properties: - name: - type: string - namespace: - type: string - index: - type: integer - type: object + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + items: + type: string + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: array type: object - phase: + type: array + matchLabels: + additionalProperties: type: string - type: object - type: array + pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" + type: object + status: + type: object + properties: usage: + type: object properties: - used: - type: integer total: type: integer - type: object - type: object + used: + type: integer additionalPrinterColumns: - description: The number of total IPs jsonPath: .status.usage.total @@ -3029,615 +1906,291 @@ spec: name: Age type: date subresources: - status: {} + status: { } scope: Cluster names: - plural: ippools - singular: ippool - kind: IPPool + plural: externalippools + singular: externalippool + kind: ExternalIPPool shortNames: - - ipp + - eip --- -# Source: crds/networkpolicy.yaml +# Source: crds/externalnode.yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: networkpolicies.crd.antrea.io labels: app: antrea + name: externalnodes.crd.antrea.io spec: group: crd.antrea.io versions: - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - name: Tier - type: string - description: The Tier to which this Antrea NetworkPolicy belongs to. - jsonPath: .spec.tier - - name: Priority - type: number - format: float - description: The Priority of this Antrea NetworkPolicy relative to other policies. - jsonPath: .spec.priority - - name: Desired Nodes - type: number - format: int32 - description: The total number of Nodes that should realize the NetworkPolicy. - jsonPath: .status.desiredNodesRealized - - name: Current Nodes - type: number - format: int32 - description: The number of Nodes that have realized the NetworkPolicy. - jsonPath: .status.currentNodesRealized - - name: Age - type: date - jsonPath: .metadata.creationTimestamp schema: openAPIV3Schema: type: object + required: + - spec properties: spec: - # Ensure that Spec.Priority field is set - required: - - priority type: object + required: + - interfaces properties: - tier: - type: string - priority: - type: number - format: float - # Ensure that Spec.Priority field is between 1 and 10000 - minimum: 1.0 - maximum: 10000.0 - appliedTo: + interfaces: type: array + minItems: 1 + maxItems: 1 + required: + - ips items: type: object - # Ensure that Spec.AppliedTo does not allow NamespaceSelector/IPBlock field properties: - externalEntitySelector: + ips: + type: array + minItems: 1 + items: + type: string + oneOf: + - format: ipv4 + - format: ipv6 + name: + type: string + served: true + storage: true + scope: Namespaced + names: + plural: externalnodes + singular: externalnode + kind: ExternalNode + shortNames: + - en + +--- +# Source: crds/group.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: groups.crd.antrea.io +spec: + group: crd.antrea.io + versions: + - name: v1alpha3 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: type: array items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - podSelector: + type: string + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: type: object properties: - matchExpressions: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: type: array items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - ingress: - type: array - items: - type: object - required: - - action - properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: - type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP query (0x11) is valid igmpType in ingress rules. - enum: [ 0x11 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - from: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - enum: ['Cluster', 'ClusterSet'] - name: - type: string - enableLogging: - type: boolean - logLabel: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" - egress: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: type: array items: type: object - required: - - action properties: - appliedTo: - type: array - items: - type: object - # Ensure that rule AppliedTo does not allow NamespaceSelector/IPBlock field - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - # Ensure that Action field allows only ALLOW, DROP, REJECT and PASS values - action: + cidr: type: string - enum: ['Allow', 'Drop', 'Reject', 'Pass'] - ports: - type: array - items: - type: object - properties: - protocol: - type: string - enum: ['TCP', 'UDP', 'SCTP'] - port: - x-kubernetes-int-or-string: true - endPort: - type: integer - sourcePort: - type: integer - sourceEndPort: - type: integer - protocols: - type: array - items: - type: object - oneOf: - - required: [icmp] - - required: [igmp] - properties: - icmp: - type: object - properties: - icmpType: - type: integer - minimum: 0 - maximum: 255 - icmpCode: - type: integer - minimum: 0 - maximum: 255 - igmp: - type: object - properties: - igmpType: - type: integer - # Only IGMP reports are igmpType in egress rules, - # 0x12 is IGMP report V1, 0x16 is IGMP report v2, 0x22 is IGMP report v3. - # It will match all IGMP report types if igmpType is not set. - enum: [ 0x12, 0x16, 0x22 ] - groupAddress: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - l7Protocols: - type: array - items: - type: object - oneOf: - - required: [http] - - required: [tls] - properties: - http: - type: object - properties: - host: - type: string - method: - type: string - enum: ['GET', 'POST', 'PUT', 'HEAD', 'DELETE', 'TRACE', 'OPTIONS', 'CONNECT', 'PATCH'] - path: - type: string - tls: - type: object - properties: - sni: - type: string - to: - type: array - items: - type: object - properties: - podSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - namespaceSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - externalEntitySelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - type: array - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - matchLabels: - x-kubernetes-preserve-unknown-fields: true - ipBlock: - type: object - properties: - cidr: - type: string - format: cidr - fqdn: - type: string - nodeSelector: - type: object - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - enum: - - In - - NotIn - - Exists - - DoesNotExist - type: string - values: - items: - type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?$" - type: array - type: object - type: array - matchLabels: - x-kubernetes-preserve-unknown-fields: true - group: - type: string - toServices: - type: array - items: - type: object - required: - - name - properties: - name: + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + lastTransitionTime: + type: string + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + childGroups: + type: array + items: + type: string + podSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - namespace: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + namespaceSelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - scope: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + externalEntitySelector: + type: object + properties: + matchExpressions: + type: array + items: + type: object + properties: + key: + type: string + operator: + enum: + - In + - NotIn + - Exists + - DoesNotExist + type: string + values: + type: array + items: type: string - name: - type: string - enableLogging: - type: boolean - logLabel: + matchLabels: + x-kubernetes-preserve-unknown-fields: true + ipBlocks: + type: array + items: + type: object + properties: + cidr: type: string - pattern: "^(([A-Za-z0-9][-A-Za-z0-9_.]{0,61})?[A-Za-z0-9])?$" + format: cidr + serviceReference: + type: object + properties: + name: + type: string + namespace: + type: string status: type: object properties: - phase: - type: string - observedGeneration: - type: integer - currentNodesRealized: - type: integer - desiredNodesRealized: - type: integer conditions: type: array items: @@ -3649,12 +2202,161 @@ spec: type: string lastTransitionTime: type: string - reason: + subresources: + status: { } + scope: Namespaced + names: + plural: groups + singular: group + kind: Group + shortNames: + - grp + +--- +# Source: crds/ippool.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ippools.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: + - name: v1alpha2 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - spec + properties: + spec: + required: + - ipVersion + - ipRanges + type: object + properties: + ipVersion: + type: integer + enum: [ 4, 6 ] + ipRanges: + items: + oneOf: + - required: + - cidr + - gateway + - prefixLength + - required: + - start + - end + - gateway + - prefixLength + properties: + cidr: + format: cidr type: string - message: + start: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + end: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + gateway: + oneOf: + - format: ipv4 + - format: ipv6 + type: string + prefixLength: + type: integer + minimum: 1 + maximum: 128 + vlan: + type: integer + minimum: 0 + maximum: 4094 + type: object + type: array + status: + properties: + ipAddresses: + items: + properties: + ipAddress: + type: string + owner: + properties: + pod: + properties: + name: + type: string + namespace: + type: string + containerID: + type: string + ifName: + type: string + type: object + statefulSet: + properties: + name: + type: string + namespace: + type: string + index: + type: integer + type: object + type: object + phase: type: string + type: object + type: array + usage: + properties: + used: + type: integer + total: + type: integer + type: object + type: object + additionalPrinterColumns: + - description: The number of total IPs + jsonPath: .status.usage.total + name: Total + type: integer + - description: The number of allocated IPs + jsonPath: .status.usage.used + name: Used + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date subresources: status: {} + scope: Cluster + names: + plural: ippools + singular: ippool + kind: IPPool + shortNames: + - ipp + +--- +# Source: crds/networkpolicy.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networkpolicies.crd.antrea.io + labels: + app: antrea +spec: + group: crd.antrea.io + versions: - name: v1beta1 served: true storage: true @@ -4512,245 +3214,6 @@ metadata: spec: group: crd.antrea.io versions: - - name: v1alpha1 - served: true - storage: false - additionalPrinterColumns: - - jsonPath: .status.phase - description: The phase of the Traceflow. - name: Phase - type: string - - jsonPath: .spec.source.pod - description: The name of the source Pod. - name: Source-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.pod - description: The name of the destination Pod. - name: Destination-Pod - type: string - priority: 10 - - jsonPath: .spec.destination.ip - description: The IP address of the destination. - name: Destination-IP - type: string - priority: 10 - - jsonPath: .spec.liveTraffic - description: Trace live traffic. - name: Live-Traffic - type: boolean - priority: 10 - - jsonPath: .spec.droppedOnly - description: Capture only the dropped packet. - name: Dropped-Only - type: boolean - priority: 10 - - jsonPath: .spec.timeout - description: Timeout in seconds. - name: Timeout - type: integer - priority: 10 - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - schema: - openAPIV3Schema: - type: object - required: - - spec - properties: - spec: - type: object - properties: - source: - type: object - properties: - pod: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - destination: - type: object - properties: - pod: - type: string - service: - type: string - namespace: - type: string - ip: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - packet: - type: object - properties: - ipHeader: - type: object - properties: - srcIP: - type: string - oneOf: - - format: ipv4 - - format: ipv6 - protocol: - type: integer - ttl: - type: integer - flags: - type: integer - ipv6Header: - type: object - properties: - srcIP: - type: string - format: ipv6 - nextHeader: - type: integer - hopLimit: - type: integer - transportHeader: - type: object - properties: - icmp: - type: object - properties: - id: - type: integer - sequence: - type: integer - udp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - tcp: - type: object - properties: - srcPort: - type: integer - dstPort: - type: integer - flags: - type: integer - liveTraffic: - type: boolean - droppedOnly: - type: boolean - timeout: - type: integer - status: - type: object - properties: - reason: - type: string - dataplaneTag: - type: integer - phase: - type: string - startTime: - type: string - results: - type: array - items: - type: object - properties: - node: - type: string - role: - type: string - timestamp: - type: integer - observations: - type: array - items: - type: object - properties: - component: - type: string - componentInfo: - type: string - action: - type: string - pod: - type: string - dstMAC: - type: string - networkPolicy: - type: string - ttl: - type: integer - translatedSrcIP: - type: string - translatedDstIP: - type: string - tunnelDstIP: - type: string - egressIP: - type: string - egress: - type: string - capturedPacket: - properties: - srcIP: - type: string - dstIP: - type: string - length: - type: integer - ipHeader: - properties: - flags: - type: integer - protocol: - type: integer - ttl: - type: integer - type: object - ipv6Header: - properties: - hopLimit: - type: integer - nextHeader: - type: integer - type: object - transportHeader: - properties: - tcp: - properties: - dstPort: - type: integer - srcPort: - type: integer - flags: - type: integer - type: object - udp: - properties: - dstPort: - type: integer - srcPort: - type: integer - type: object - icmp: - properties: - id: - type: integer - sequence: - type: integer - type: object - type: object - type: object - subresources: - status: {} - name: v1beta1 served: true storage: true @@ -7189,7 +5652,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["clusternetworkpolicies"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"] @@ -7204,7 +5667,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["networkpolicies"] scope: "Namespaced" admissionReviewVersions: ["v1", "v1beta1"] @@ -7392,7 +5855,7 @@ webhooks: rules: - operations: ["CREATE", "UPDATE"] apiGroups: ["crd.antrea.io"] - apiVersions: ["v1alpha1"] + apiVersions: ["v1beta1"] resources: ["traceflows"] scope: "Cluster" admissionReviewVersions: ["v1", "v1beta1"]