Add EgressNetwork and routes statuses
#13181
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,123 @@ | ||
| --- | ||
| apiVersion: apiextensions.k8s.io/v1 | ||
| kind: CustomResourceDefinition | ||
| metadata: | ||
| name: egressnetworks.policy.linkerd.io | ||
| annotations: | ||
| {{ include "partials.annotations.created-by" . }} | ||
| labels: | ||
| helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} | ||
| linkerd.io/control-plane-ns: {{.Release.Namespace}} | ||
| spec: | ||
| group: policy.linkerd.io | ||
| names: | ||
| categories: | ||
| - policy | ||
| kind: EgressNetwork | ||
| listKind: EgressNetworkList | ||
| plural: egressnetworks | ||
| singular: egressnetwork | ||
| scope: Namespaced | ||
| versions: | ||
| - name: v1alpha1 | ||
| served: true | ||
| storage: true | ||
| subresources: | ||
| status: {} | ||
| schema: | ||
| openAPIV3Schema: | ||
| description: >- | ||
| An EgressNetwork captures traffic to egress destinations | ||
| type: object | ||
| required: [spec] | ||
| properties: | ||
| apiVerson: | ||
| type: string | ||
| kind: | ||
| type: string | ||
| metadata: | ||
| type: object | ||
| spec: | ||
| properties: | ||
| trafficPolicy: | ||
| description: >- | ||
| This field controls the traffic policy enforced upon traffic | ||
| that does not match any explicit route resources associated | ||
| with an instance of this object. The values that are allowed | ||
| currently are: | ||
| - AllowAll - permits all traffic, even if it has not been | ||
| explicitly described via attaching an xRoute | ||
| resources. | ||
| - DenyAll - blocks all traffic that has not been described via | ||
| attaching an xRoute resource. | ||
| type: string | ||
| enum: | ||
| - AllowAll | ||
| - DenyAll | ||
| networks: | ||
| type: array | ||
| items: | ||
| type: object | ||
| required: [cidr] | ||
| properties: | ||
| cidr: | ||
| description: >- | ||
| The CIDR of the network to be authorized. | ||
| type: string | ||
| except: | ||
| description: >- | ||
| A list of IP networks/addresses not to be included in | ||
| the above `cidr`. | ||
| type: array | ||
| items: | ||
| type: string | ||
| type: object | ||
| required: | ||
| - trafficPolicy | ||
| status: | ||
| type: object | ||
| properties: | ||
| conditions: | ||
| type: array | ||
| items: | ||
| type: object | ||
| properties: | ||
| lastTransitionTime: | ||
| description: lastTransitionTime is the last time the | ||
| condition transitioned from one status to another. | ||
| format: date-time | ||
| type: string | ||
| status: | ||
| description: status of the condition (one of True, False, Unknown) | ||
| enum: | ||
| - "True" | ||
| - "False" | ||
| - Unknown | ||
| type: string | ||
| type: | ||
| description: type of the condition in CamelCase or in | ||
| foo.example.com/CamelCase. | ||
| maxLength: 316 | ||
| pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ | ||
| type: string | ||
| reason: | ||
| description: reason contains a programmatic identifier | ||
| indicating the reason for the condition's last | ||
| transition. Producers of specific condition types may | ||
| define expected values and meanings for this field, and | ||
| whether the values are considered a guaranteed API. The | ||
| value should be a CamelCase string. This field may not | ||
| be empty. | ||
| maxLength: 1024 | ||
| minLength: 1 | ||
| pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ | ||
| type: string | ||
| message: | ||
| description: message is a human readable message | ||
| indicating details about the transition. This may be an | ||
| empty string. | ||
| maxLength: 32768 | ||
| type: string | ||
| required: | ||
| - status | ||
| - type | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,3 @@ | ||
| enableHttpRoutes: true | ||
| enableTlsRoutes: true | ||
|
There was a problem hiding this comment. it's a little weird that enableHttpRoutes controls both the HTTPRoute and GRPCRoute CRDs but then TLSRoute and TCPRoute each get their own value. but this is probably fine, more flexibility probably doesn't hurt. |
||
| enableTcpRoutes: true | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Naming bikeshed: I think "Allow" and "Deny" are better here. I don't think the word "All" is semantically meaningful, especially considering that the behavior can be changed by matching an attached route.
i.e. the "Deny" policy doesn't deny ALL traffic, it denies traffic that doesn't match any attached routes.