Merge pull request #50033 from cmluciano/cml/addnpcidrselector
Automatic merge from submit-queue (batch tested with PRs 50033, 49988, 51132, 49674, 51207) Add IPBlock to Network Policy **What this PR does / why we need it**: Add ipBlockRule to NetworkPolicyPeer. **Which issue this PR fixes** fixes #49978 **Special notes for your reviewer**: - I added this directly as a field on the existing API per guidance from API-Machinery/lazy SIG-Network consensus. Todo: - [ ] Documentation comments to mention this is beta, unless we want to go straight to GA - [ ] e2e tests **Release note**: ``` Support ipBlock in NetworkPolicy ```
This commit is contained in:
@@ -62904,6 +62904,25 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"io.k8s.api.extensions.v1beta1.IPBlock": {
|
||||||
|
"description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
|
||||||
|
"required": [
|
||||||
|
"cidr"
|
||||||
|
],
|
||||||
|
"properties": {
|
||||||
|
"cidr": {
|
||||||
|
"description": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"",
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"except": {
|
||||||
|
"description": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range",
|
||||||
|
"type": "array",
|
||||||
|
"items": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"io.k8s.api.extensions.v1beta1.Ingress": {
|
"io.k8s.api.extensions.v1beta1.Ingress": {
|
||||||
"description": "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.",
|
"description": "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.",
|
||||||
"properties": {
|
"properties": {
|
||||||
@@ -63130,6 +63149,10 @@
|
|||||||
},
|
},
|
||||||
"io.k8s.api.extensions.v1beta1.NetworkPolicyPeer": {
|
"io.k8s.api.extensions.v1beta1.NetworkPolicyPeer": {
|
||||||
"properties": {
|
"properties": {
|
||||||
|
"ipBlock": {
|
||||||
|
"description": "IPBlock defines policy on a particular IPBlock",
|
||||||
|
"$ref": "#/definitions/io.k8s.api.extensions.v1beta1.IPBlock"
|
||||||
|
},
|
||||||
"namespaceSelector": {
|
"namespaceSelector": {
|
||||||
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
|
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
|
||||||
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
|
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
|
||||||
@@ -63631,6 +63654,25 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"io.k8s.api.networking.v1.IPBlock": {
|
||||||
|
"description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
|
||||||
|
"required": [
|
||||||
|
"cidr"
|
||||||
|
],
|
||||||
|
"properties": {
|
||||||
|
"cidr": {
|
||||||
|
"description": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"",
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"except": {
|
||||||
|
"description": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range",
|
||||||
|
"type": "array",
|
||||||
|
"items": {
|
||||||
|
"type": "string"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
"io.k8s.api.networking.v1.NetworkPolicy": {
|
"io.k8s.api.networking.v1.NetworkPolicy": {
|
||||||
"description": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
|
"description": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
|
||||||
"properties": {
|
"properties": {
|
||||||
@@ -63715,6 +63757,10 @@
|
|||||||
"io.k8s.api.networking.v1.NetworkPolicyPeer": {
|
"io.k8s.api.networking.v1.NetworkPolicyPeer": {
|
||||||
"description": "NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields must be specified.",
|
"description": "NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields must be specified.",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
"ipBlock": {
|
||||||
|
"description": "IPBlock defines policy on a particular IPBlock",
|
||||||
|
"$ref": "#/definitions/io.k8s.api.networking.v1.IPBlock"
|
||||||
|
},
|
||||||
"namespaceSelector": {
|
"namespaceSelector": {
|
||||||
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
|
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
|
||||||
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
|
"$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector"
|
||||||
|
@@ -9305,6 +9305,30 @@
|
|||||||
"namespaceSelector": {
|
"namespaceSelector": {
|
||||||
"$ref": "v1.LabelSelector",
|
"$ref": "v1.LabelSelector",
|
||||||
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces."
|
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces."
|
||||||
|
},
|
||||||
|
"ipBlock": {
|
||||||
|
"$ref": "v1beta1.IPBlock",
|
||||||
|
"description": "IPBlock defines policy on a particular IPBlock"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"v1beta1.IPBlock": {
|
||||||
|
"id": "v1beta1.IPBlock",
|
||||||
|
"description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
|
||||||
|
"required": [
|
||||||
|
"cidr"
|
||||||
|
],
|
||||||
|
"properties": {
|
||||||
|
"cidr": {
|
||||||
|
"type": "string",
|
||||||
|
"description": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\""
|
||||||
|
},
|
||||||
|
"except": {
|
||||||
|
"type": "array",
|
||||||
|
"items": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"description": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@@ -1307,6 +1307,30 @@
|
|||||||
"namespaceSelector": {
|
"namespaceSelector": {
|
||||||
"$ref": "v1.LabelSelector",
|
"$ref": "v1.LabelSelector",
|
||||||
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces."
|
"description": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces."
|
||||||
|
},
|
||||||
|
"ipBlock": {
|
||||||
|
"$ref": "v1.IPBlock",
|
||||||
|
"description": "IPBlock defines policy on a particular IPBlock"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"v1.IPBlock": {
|
||||||
|
"id": "v1.IPBlock",
|
||||||
|
"description": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
|
||||||
|
"required": [
|
||||||
|
"cidr"
|
||||||
|
],
|
||||||
|
"properties": {
|
||||||
|
"cidr": {
|
||||||
|
"type": "string",
|
||||||
|
"description": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\""
|
||||||
|
},
|
||||||
|
"except": {
|
||||||
|
"type": "array",
|
||||||
|
"items": {
|
||||||
|
"type": "string"
|
||||||
|
},
|
||||||
|
"description": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@@ -3215,6 +3215,47 @@ When an object is created, the system will populate this list with the current s
|
|||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_v1beta1_ipblock">v1beta1.IPBlock</h3>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods matched by a NetworkPolicySpec’s podSelector. The except entry describes CIDRs that should not be included within this rule.</p>
|
||||||
|
</div>
|
||||||
|
<table class="tableblock frame-all grid-all" style="width:100%; ">
|
||||||
|
<colgroup>
|
||||||
|
<col style="width:20%;">
|
||||||
|
<col style="width:20%;">
|
||||||
|
<col style="width:20%;">
|
||||||
|
<col style="width:20%;">
|
||||||
|
<col style="width:20%;">
|
||||||
|
</colgroup>
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th class="tableblock halign-left valign-top">Name</th>
|
||||||
|
<th class="tableblock halign-left valign-top">Description</th>
|
||||||
|
<th class="tableblock halign-left valign-top">Required</th>
|
||||||
|
<th class="tableblock halign-left valign-top">Schema</th>
|
||||||
|
<th class="tableblock halign-left valign-top">Default</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">cidr</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24"</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">except</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" Except values will be rejected if they are outside the CIDR range</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">string array</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"></td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<div class="sect2">
|
<div class="sect2">
|
||||||
<h3 id="_v1_loadbalanceringress">v1.LoadBalancerIngress</h3>
|
<h3 id="_v1_loadbalanceringress">v1.LoadBalancerIngress</h3>
|
||||||
@@ -5965,6 +6006,13 @@ Both these may change in the future. Incoming requests are matched against the h
|
|||||||
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_labelselector">v1.LabelSelector</a></p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_labelselector">v1.LabelSelector</a></p></td>
|
||||||
<td class="tableblock halign-left valign-top"></td>
|
<td class="tableblock halign-left valign-top"></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ipBlock</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">IPBlock defines policy on a particular IPBlock</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1beta1_ipblock">v1beta1.IPBlock</a></p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"></td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
@@ -937,6 +937,47 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
|
|||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="sect2">
|
||||||
|
<h3 id="_v1_ipblock">v1.IPBlock</h3>
|
||||||
|
<div class="paragraph">
|
||||||
|
<p>IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods matched by a NetworkPolicySpec’s podSelector. The except entry describes CIDRs that should not be included within this rule.</p>
|
||||||
|
</div>
|
||||||
|
<table class="tableblock frame-all grid-all" style="width:100%; ">
|
||||||
|
<colgroup>
|
||||||
|
<col style="width:20%;">
|
||||||
|
<col style="width:20%;">
|
||||||
|
<col style="width:20%;">
|
||||||
|
<col style="width:20%;">
|
||||||
|
<col style="width:20%;">
|
||||||
|
</colgroup>
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th class="tableblock halign-left valign-top">Name</th>
|
||||||
|
<th class="tableblock halign-left valign-top">Description</th>
|
||||||
|
<th class="tableblock halign-left valign-top">Required</th>
|
||||||
|
<th class="tableblock halign-left valign-top">Schema</th>
|
||||||
|
<th class="tableblock halign-left valign-top">Default</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">cidr</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">CIDR is a string representing the IP Block Valid examples are "192.168.1.1/24"</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">string</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"></td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">except</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">Except is a slice of CIDRs that should not be included within an IP Block Valid examples are "192.168.1.1/24" Except values will be rejected if they are outside the CIDR range</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">string array</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"></td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
<div class="sect2">
|
<div class="sect2">
|
||||||
<h3 id="_v1_labelselector">v1.LabelSelector</h3>
|
<h3 id="_v1_labelselector">v1.LabelSelector</h3>
|
||||||
@@ -1460,6 +1501,13 @@ When an object is created, the system will populate this list with the current s
|
|||||||
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_labelselector">v1.LabelSelector</a></p></td>
|
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_labelselector">v1.LabelSelector</a></p></td>
|
||||||
<td class="tableblock halign-left valign-top"></td>
|
<td class="tableblock halign-left valign-top"></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">ipBlock</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">IPBlock defines policy on a particular IPBlock</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_ipblock">v1.IPBlock</a></p></td>
|
||||||
|
<td class="tableblock halign-left valign-top"></td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
|
@@ -24,6 +24,7 @@ go_library(
|
|||||||
"//pkg/apis/extensions:go_default_library",
|
"//pkg/apis/extensions:go_default_library",
|
||||||
"//pkg/apis/extensions/fuzzer:go_default_library",
|
"//pkg/apis/extensions/fuzzer:go_default_library",
|
||||||
"//pkg/apis/extensions/v1beta1:go_default_library",
|
"//pkg/apis/extensions/v1beta1:go_default_library",
|
||||||
|
"//pkg/apis/networking/fuzzer:go_default_library",
|
||||||
"//pkg/apis/policy/fuzzer:go_default_library",
|
"//pkg/apis/policy/fuzzer:go_default_library",
|
||||||
"//pkg/apis/rbac/fuzzer:go_default_library",
|
"//pkg/apis/rbac/fuzzer:go_default_library",
|
||||||
"//pkg/apis/storage/fuzzer:go_default_library",
|
"//pkg/apis/storage/fuzzer:go_default_library",
|
||||||
|
@@ -19,7 +19,7 @@ package testing
|
|||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
||||||
"github.com/google/gofuzz"
|
fuzz "github.com/google/gofuzz"
|
||||||
|
|
||||||
"k8s.io/api/core/v1"
|
"k8s.io/api/core/v1"
|
||||||
apitesting "k8s.io/apimachinery/pkg/api/testing"
|
apitesting "k8s.io/apimachinery/pkg/api/testing"
|
||||||
@@ -38,6 +38,7 @@ import (
|
|||||||
"k8s.io/kubernetes/pkg/apis/extensions"
|
"k8s.io/kubernetes/pkg/apis/extensions"
|
||||||
extensionsfuzzer "k8s.io/kubernetes/pkg/apis/extensions/fuzzer"
|
extensionsfuzzer "k8s.io/kubernetes/pkg/apis/extensions/fuzzer"
|
||||||
extensionsv1beta1 "k8s.io/kubernetes/pkg/apis/extensions/v1beta1"
|
extensionsv1beta1 "k8s.io/kubernetes/pkg/apis/extensions/v1beta1"
|
||||||
|
networkingfuzzer "k8s.io/kubernetes/pkg/apis/networking/fuzzer"
|
||||||
policyfuzzer "k8s.io/kubernetes/pkg/apis/policy/fuzzer"
|
policyfuzzer "k8s.io/kubernetes/pkg/apis/policy/fuzzer"
|
||||||
rbacfuzzer "k8s.io/kubernetes/pkg/apis/rbac/fuzzer"
|
rbacfuzzer "k8s.io/kubernetes/pkg/apis/rbac/fuzzer"
|
||||||
storagefuzzer "k8s.io/kubernetes/pkg/apis/storage/fuzzer"
|
storagefuzzer "k8s.io/kubernetes/pkg/apis/storage/fuzzer"
|
||||||
@@ -102,4 +103,5 @@ var FuzzerFuncs = fuzzer.MergeFuzzerFuncs(
|
|||||||
certificatesfuzzer.Funcs,
|
certificatesfuzzer.Funcs,
|
||||||
admissionregistrationfuzzer.Funcs,
|
admissionregistrationfuzzer.Funcs,
|
||||||
storagefuzzer.Funcs,
|
storagefuzzer.Funcs,
|
||||||
|
networkingfuzzer.Funcs,
|
||||||
)
|
)
|
||||||
|
@@ -60,6 +60,8 @@ func addConversionFuncs(scheme *runtime.Scheme) error {
|
|||||||
Convert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec,
|
Convert_v1beta1_NetworkPolicySpec_To_networking_NetworkPolicySpec,
|
||||||
Convert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec,
|
Convert_networking_NetworkPolicySpec_To_v1beta1_NetworkPolicySpec,
|
||||||
Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec,
|
Convert_extensions_PodSecurityPolicySpec_To_v1beta1_PodSecurityPolicySpec,
|
||||||
|
Convert_v1beta1_IPBlock_To_networking_IPBlock,
|
||||||
|
Convert_networking_IPBlock_To_v1beta1_IPBlock,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@@ -346,6 +348,14 @@ func Convert_v1beta1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *exten
|
|||||||
} else {
|
} else {
|
||||||
out.NamespaceSelector = nil
|
out.NamespaceSelector = nil
|
||||||
}
|
}
|
||||||
|
if in.IPBlock != nil {
|
||||||
|
out.IPBlock = new(networking.IPBlock)
|
||||||
|
if err := s.Convert(in.IPBlock, out.IPBlock, 0); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
out.IPBlock = nil
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -366,6 +376,30 @@ func Convert_networking_NetworkPolicyPeer_To_v1beta1_NetworkPolicyPeer(in *netwo
|
|||||||
} else {
|
} else {
|
||||||
out.NamespaceSelector = nil
|
out.NamespaceSelector = nil
|
||||||
}
|
}
|
||||||
|
if in.IPBlock != nil {
|
||||||
|
out.IPBlock = new(extensionsv1beta1.IPBlock)
|
||||||
|
if err := s.Convert(in.IPBlock, out.IPBlock, 0); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
out.IPBlock = nil
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func Convert_v1beta1_IPBlock_To_networking_IPBlock(in *extensionsv1beta1.IPBlock, out *networking.IPBlock, s conversion.Scope) error {
|
||||||
|
out.CIDR = in.CIDR
|
||||||
|
|
||||||
|
out.Except = make([]string, len(in.Except))
|
||||||
|
copy(out.Except, in.Except)
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func Convert_networking_IPBlock_To_v1beta1_IPBlock(in *networking.IPBlock, out *extensionsv1beta1.IPBlock, s conversion.Scope) error {
|
||||||
|
out.CIDR = in.CIDR
|
||||||
|
|
||||||
|
out.Except = make([]string, len(in.Except))
|
||||||
|
copy(out.Except, in.Except)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -8,7 +8,11 @@ load(
|
|||||||
go_library(
|
go_library(
|
||||||
name = "go_default_library",
|
name = "go_default_library",
|
||||||
srcs = ["fuzzer.go"],
|
srcs = ["fuzzer.go"],
|
||||||
deps = ["//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library"],
|
deps = [
|
||||||
|
"//pkg/apis/networking:go_default_library",
|
||||||
|
"//vendor/github.com/google/gofuzz:go_default_library",
|
||||||
|
"//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
|
||||||
|
],
|
||||||
)
|
)
|
||||||
|
|
||||||
filegroup(
|
filegroup(
|
||||||
|
@@ -17,10 +17,24 @@ limitations under the License.
|
|||||||
package fuzzer
|
package fuzzer
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
fuzz "github.com/google/gofuzz"
|
||||||
runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
|
runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
|
||||||
|
"k8s.io/kubernetes/pkg/apis/networking"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Funcs returns the fuzzer functions for the networking api group.
|
// Funcs returns the fuzzer functions for the networking api group.
|
||||||
var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
|
var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} {
|
||||||
return []interface{}{}
|
return []interface{}{
|
||||||
|
func(np *networking.NetworkPolicyPeer, c fuzz.Continue) {
|
||||||
|
c.FuzzNoCustom(np) // fuzz self without calling this function again
|
||||||
|
// TODO: Implement a fuzzer to generate valid keys, values and operators for
|
||||||
|
// selector requirements.
|
||||||
|
if np.IPBlock != nil {
|
||||||
|
np.IPBlock = &networking.IPBlock{
|
||||||
|
CIDR: "192.168.1.0/24",
|
||||||
|
Except: []string{"192.168.1.1/24", "192.168.1.2/24"},
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@@ -90,6 +90,20 @@ type NetworkPolicyPort struct {
|
|||||||
Port *intstr.IntOrString
|
Port *intstr.IntOrString
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
|
||||||
|
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
|
||||||
|
// not be included within this rule.
|
||||||
|
type IPBlock struct {
|
||||||
|
// CIDR is a string representing the IP Block
|
||||||
|
// Valid examples are "192.168.1.1/24"
|
||||||
|
CIDR string
|
||||||
|
// Except is a slice of CIDRs that should not be included within an IP Block
|
||||||
|
// Valid examples are "192.168.1.1/24"
|
||||||
|
// Except values will be rejected if they are outside the CIDR range
|
||||||
|
// +optional
|
||||||
|
Except []string
|
||||||
|
}
|
||||||
|
|
||||||
// NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields
|
// NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields
|
||||||
// must be specified.
|
// must be specified.
|
||||||
type NetworkPolicyPeer struct {
|
type NetworkPolicyPeer struct {
|
||||||
@@ -104,6 +118,10 @@ type NetworkPolicyPeer struct {
|
|||||||
// selector semantics. If present but empty, this selector selects all namespaces.
|
// selector semantics. If present but empty, this selector selects all namespaces.
|
||||||
// +optional
|
// +optional
|
||||||
NamespaceSelector *metav1.LabelSelector
|
NamespaceSelector *metav1.LabelSelector
|
||||||
|
|
||||||
|
// IPBlock defines policy on a particular IPBlock
|
||||||
|
// +optional
|
||||||
|
IPBlock *IPBlock
|
||||||
}
|
}
|
||||||
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
@@ -40,6 +40,8 @@ func init() {
|
|||||||
// Public to allow building arbitrary schemes.
|
// Public to allow building arbitrary schemes.
|
||||||
func RegisterConversions(scheme *runtime.Scheme) error {
|
func RegisterConversions(scheme *runtime.Scheme) error {
|
||||||
return scheme.AddGeneratedConversionFuncs(
|
return scheme.AddGeneratedConversionFuncs(
|
||||||
|
Convert_v1_IPBlock_To_networking_IPBlock,
|
||||||
|
Convert_networking_IPBlock_To_v1_IPBlock,
|
||||||
Convert_v1_NetworkPolicy_To_networking_NetworkPolicy,
|
Convert_v1_NetworkPolicy_To_networking_NetworkPolicy,
|
||||||
Convert_networking_NetworkPolicy_To_v1_NetworkPolicy,
|
Convert_networking_NetworkPolicy_To_v1_NetworkPolicy,
|
||||||
Convert_v1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule,
|
Convert_v1_NetworkPolicyIngressRule_To_networking_NetworkPolicyIngressRule,
|
||||||
@@ -55,6 +57,28 @@ func RegisterConversions(scheme *runtime.Scheme) error {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func autoConvert_v1_IPBlock_To_networking_IPBlock(in *v1.IPBlock, out *networking.IPBlock, s conversion.Scope) error {
|
||||||
|
out.CIDR = in.CIDR
|
||||||
|
out.Except = *(*[]string)(unsafe.Pointer(&in.Except))
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Convert_v1_IPBlock_To_networking_IPBlock is an autogenerated conversion function.
|
||||||
|
func Convert_v1_IPBlock_To_networking_IPBlock(in *v1.IPBlock, out *networking.IPBlock, s conversion.Scope) error {
|
||||||
|
return autoConvert_v1_IPBlock_To_networking_IPBlock(in, out, s)
|
||||||
|
}
|
||||||
|
|
||||||
|
func autoConvert_networking_IPBlock_To_v1_IPBlock(in *networking.IPBlock, out *v1.IPBlock, s conversion.Scope) error {
|
||||||
|
out.CIDR = in.CIDR
|
||||||
|
out.Except = *(*[]string)(unsafe.Pointer(&in.Except))
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Convert_networking_IPBlock_To_v1_IPBlock is an autogenerated conversion function.
|
||||||
|
func Convert_networking_IPBlock_To_v1_IPBlock(in *networking.IPBlock, out *v1.IPBlock, s conversion.Scope) error {
|
||||||
|
return autoConvert_networking_IPBlock_To_v1_IPBlock(in, out, s)
|
||||||
|
}
|
||||||
|
|
||||||
func autoConvert_v1_NetworkPolicy_To_networking_NetworkPolicy(in *v1.NetworkPolicy, out *networking.NetworkPolicy, s conversion.Scope) error {
|
func autoConvert_v1_NetworkPolicy_To_networking_NetworkPolicy(in *v1.NetworkPolicy, out *networking.NetworkPolicy, s conversion.Scope) error {
|
||||||
out.ObjectMeta = in.ObjectMeta
|
out.ObjectMeta = in.ObjectMeta
|
||||||
if err := Convert_v1_NetworkPolicySpec_To_networking_NetworkPolicySpec(&in.Spec, &out.Spec, s); err != nil {
|
if err := Convert_v1_NetworkPolicySpec_To_networking_NetworkPolicySpec(&in.Spec, &out.Spec, s); err != nil {
|
||||||
@@ -132,6 +156,7 @@ func Convert_networking_NetworkPolicyList_To_v1_NetworkPolicyList(in *networking
|
|||||||
func autoConvert_v1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *v1.NetworkPolicyPeer, out *networking.NetworkPolicyPeer, s conversion.Scope) error {
|
func autoConvert_v1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *v1.NetworkPolicyPeer, out *networking.NetworkPolicyPeer, s conversion.Scope) error {
|
||||||
out.PodSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.PodSelector))
|
out.PodSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.PodSelector))
|
||||||
out.NamespaceSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector))
|
out.NamespaceSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector))
|
||||||
|
out.IPBlock = (*networking.IPBlock)(unsafe.Pointer(in.IPBlock))
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -143,6 +168,7 @@ func Convert_v1_NetworkPolicyPeer_To_networking_NetworkPolicyPeer(in *v1.Network
|
|||||||
func autoConvert_networking_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(in *networking.NetworkPolicyPeer, out *v1.NetworkPolicyPeer, s conversion.Scope) error {
|
func autoConvert_networking_NetworkPolicyPeer_To_v1_NetworkPolicyPeer(in *networking.NetworkPolicyPeer, out *v1.NetworkPolicyPeer, s conversion.Scope) error {
|
||||||
out.PodSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.PodSelector))
|
out.PodSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.PodSelector))
|
||||||
out.NamespaceSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector))
|
out.NamespaceSelector = (*meta_v1.LabelSelector)(unsafe.Pointer(in.NamespaceSelector))
|
||||||
|
out.IPBlock = (*v1.IPBlock)(unsafe.Pointer(in.IPBlock))
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -17,6 +17,8 @@ limitations under the License.
|
|||||||
package validation
|
package validation
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"net"
|
||||||
|
|
||||||
unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
|
unversionedvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
|
||||||
"k8s.io/apimachinery/pkg/util/intstr"
|
"k8s.io/apimachinery/pkg/util/intstr"
|
||||||
"k8s.io/apimachinery/pkg/util/validation"
|
"k8s.io/apimachinery/pkg/util/validation"
|
||||||
@@ -68,7 +70,10 @@ func ValidateNetworkPolicySpec(spec *networking.NetworkPolicySpec, fldPath *fiel
|
|||||||
numFroms++
|
numFroms++
|
||||||
allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(from.NamespaceSelector, fromPath.Child("namespaceSelector"))...)
|
allErrs = append(allErrs, unversionedvalidation.ValidateLabelSelector(from.NamespaceSelector, fromPath.Child("namespaceSelector"))...)
|
||||||
}
|
}
|
||||||
|
if from.IPBlock != nil {
|
||||||
|
numFroms++
|
||||||
|
allErrs = append(allErrs, ValidateIPBlock(from.IPBlock, fromPath.Child("ipBlock"))...)
|
||||||
|
}
|
||||||
if numFroms == 0 {
|
if numFroms == 0 {
|
||||||
allErrs = append(allErrs, field.Required(fromPath, "must specify a from type"))
|
allErrs = append(allErrs, field.Required(fromPath, "must specify a from type"))
|
||||||
} else if numFroms > 1 {
|
} else if numFroms > 1 {
|
||||||
@@ -93,3 +98,39 @@ func ValidateNetworkPolicyUpdate(update, old *networking.NetworkPolicy) field.Er
|
|||||||
allErrs = append(allErrs, ValidateNetworkPolicySpec(&update.Spec, field.NewPath("spec"))...)
|
allErrs = append(allErrs, ValidateNetworkPolicySpec(&update.Spec, field.NewPath("spec"))...)
|
||||||
return allErrs
|
return allErrs
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ValidateIPBlock validates a cidr and the except fields of an IpBlock NetworkPolicyPeer
|
||||||
|
func ValidateIPBlock(ipb *networking.IPBlock, fldPath *field.Path) field.ErrorList {
|
||||||
|
allErrs := field.ErrorList{}
|
||||||
|
if len(ipb.CIDR) == 0 || ipb.CIDR == "" {
|
||||||
|
allErrs = append(allErrs, field.Required(fldPath.Child("cidr"), ""))
|
||||||
|
return allErrs
|
||||||
|
}
|
||||||
|
cidrIPNet, err := validateCIDR(ipb.CIDR)
|
||||||
|
if err != nil {
|
||||||
|
allErrs = append(allErrs, field.Invalid(fldPath.Child("cidr"), ipb.CIDR, "not a valid CIDR"))
|
||||||
|
return allErrs
|
||||||
|
}
|
||||||
|
exceptCIDR := ipb.Except
|
||||||
|
for i, exceptIP := range exceptCIDR {
|
||||||
|
exceptPath := fldPath.Child("except").Index(i)
|
||||||
|
exceptCIDR, err := validateCIDR(exceptIP)
|
||||||
|
if err != nil {
|
||||||
|
allErrs = append(allErrs, field.Invalid(exceptPath, exceptIP, "not a valid CIDR"))
|
||||||
|
return allErrs
|
||||||
|
}
|
||||||
|
if !cidrIPNet.Contains(exceptCIDR.IP) {
|
||||||
|
allErrs = append(allErrs, field.Invalid(exceptPath, exceptCIDR.IP, "not within CIDR range"))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return allErrs
|
||||||
|
}
|
||||||
|
|
||||||
|
// validateCIDR validates whether a CIDR matches the conventions expected by net.ParseCIDR
|
||||||
|
func validateCIDR(cidr string) (*net.IPNet, error) {
|
||||||
|
_, net, err := net.ParseCIDR(cidr)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return net, nil
|
||||||
|
}
|
||||||
|
@@ -122,6 +122,26 @@ func TestValidateNetworkPolicy(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
PodSelector: metav1.LabelSelector{
|
||||||
|
MatchLabels: map[string]string{"a": "b"},
|
||||||
|
},
|
||||||
|
Ingress: []networking.NetworkPolicyIngressRule{
|
||||||
|
{
|
||||||
|
From: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
IPBlock: &networking.IPBlock{
|
||||||
|
CIDR: "192.168.0.0/16",
|
||||||
|
Except: []string{"192.168.3.0/24", "192.168.4.0/24"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Success cases are expected to pass validation.
|
// Success cases are expected to pass validation.
|
||||||
@@ -256,6 +276,83 @@ func TestValidateNetworkPolicy(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
"missing cidr field": {
|
||||||
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
PodSelector: metav1.LabelSelector{},
|
||||||
|
Ingress: []networking.NetworkPolicyIngressRule{
|
||||||
|
{
|
||||||
|
From: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
IPBlock: &networking.IPBlock{
|
||||||
|
Except: []string{"192.168.8.0/24", "192.168.9.0/24"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"invalid cidr format": {
|
||||||
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
PodSelector: metav1.LabelSelector{
|
||||||
|
MatchLabels: map[string]string{"a": "b"},
|
||||||
|
},
|
||||||
|
Ingress: []networking.NetworkPolicyIngressRule{
|
||||||
|
{
|
||||||
|
From: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
IPBlock: &networking.IPBlock{
|
||||||
|
CIDR: "192.168.5.6",
|
||||||
|
Except: []string{"192.168.1.0/24", "192.168.2.0/24"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"except field is an empty string": {
|
||||||
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
PodSelector: metav1.LabelSelector{
|
||||||
|
MatchLabels: map[string]string{"a": "b"},
|
||||||
|
},
|
||||||
|
Ingress: []networking.NetworkPolicyIngressRule{
|
||||||
|
{
|
||||||
|
From: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
IPBlock: &networking.IPBlock{
|
||||||
|
CIDR: "192.168.8.0/24",
|
||||||
|
Except: []string{"", " "},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
"except IP is outside of CIDR range": {
|
||||||
|
ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "bar"},
|
||||||
|
Spec: networking.NetworkPolicySpec{
|
||||||
|
PodSelector: metav1.LabelSelector{
|
||||||
|
MatchLabels: map[string]string{"a": "b"},
|
||||||
|
},
|
||||||
|
Ingress: []networking.NetworkPolicyIngressRule{
|
||||||
|
{
|
||||||
|
From: []networking.NetworkPolicyPeer{
|
||||||
|
{
|
||||||
|
IPBlock: &networking.IPBlock{
|
||||||
|
CIDR: "192.168.8.0/24",
|
||||||
|
Except: []string{"192.168.9.1/24"},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Error cases are not expected to pass validation.
|
// Error cases are not expected to pass validation.
|
||||||
|
@@ -39,6 +39,10 @@ func init() {
|
|||||||
// Deprecated: deepcopy registration will go away when static deepcopy is fully implemented.
|
// Deprecated: deepcopy registration will go away when static deepcopy is fully implemented.
|
||||||
func RegisterDeepCopies(scheme *runtime.Scheme) error {
|
func RegisterDeepCopies(scheme *runtime.Scheme) error {
|
||||||
return scheme.AddGeneratedDeepCopyFuncs(
|
return scheme.AddGeneratedDeepCopyFuncs(
|
||||||
|
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
|
||||||
|
in.(*IPBlock).DeepCopyInto(out.(*IPBlock))
|
||||||
|
return nil
|
||||||
|
}, InType: reflect.TypeOf(&IPBlock{})},
|
||||||
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
|
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
|
||||||
in.(*NetworkPolicy).DeepCopyInto(out.(*NetworkPolicy))
|
in.(*NetworkPolicy).DeepCopyInto(out.(*NetworkPolicy))
|
||||||
return nil
|
return nil
|
||||||
@@ -66,6 +70,27 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *IPBlock) DeepCopyInto(out *IPBlock) {
|
||||||
|
*out = *in
|
||||||
|
if in.Except != nil {
|
||||||
|
in, out := &in.Except, &out.Except
|
||||||
|
*out = make([]string, len(*in))
|
||||||
|
copy(*out, *in)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock.
|
||||||
|
func (in *IPBlock) DeepCopy() *IPBlock {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(IPBlock)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) {
|
func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) {
|
||||||
*out = *in
|
*out = *in
|
||||||
@@ -179,6 +204,15 @@ func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer) {
|
|||||||
(*in).DeepCopyInto(*out)
|
(*in).DeepCopyInto(*out)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if in.IPBlock != nil {
|
||||||
|
in, out := &in.IPBlock, &out.IPBlock
|
||||||
|
if *in == nil {
|
||||||
|
*out = nil
|
||||||
|
} else {
|
||||||
|
*out = new(IPBlock)
|
||||||
|
(*in).DeepCopyInto(*out)
|
||||||
|
}
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
File diff suppressed because it is too large
Load Diff
@@ -421,6 +421,21 @@ message IDRange {
|
|||||||
optional int64 max = 2;
|
optional int64 max = 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
|
||||||
|
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
|
||||||
|
// not be included within this rule.
|
||||||
|
message IPBlock {
|
||||||
|
// CIDR is a string representing the IP Block
|
||||||
|
// Valid examples are "192.168.1.1/24"
|
||||||
|
optional string cidr = 1;
|
||||||
|
|
||||||
|
// Except is a slice of CIDRs that should not be included within an IP Block
|
||||||
|
// Valid examples are "192.168.1.1/24"
|
||||||
|
// Except values will be rejected if they are outside the CIDR range
|
||||||
|
// +optional
|
||||||
|
repeated string except = 2;
|
||||||
|
}
|
||||||
|
|
||||||
// Ingress is a collection of rules that allow inbound connections to reach the
|
// Ingress is a collection of rules that allow inbound connections to reach the
|
||||||
// endpoints defined by a backend. An Ingress can be configured to give services
|
// endpoints defined by a backend. An Ingress can be configured to give services
|
||||||
// externally-reachable urls, load balance traffic, terminate SSL, offer name
|
// externally-reachable urls, load balance traffic, terminate SSL, offer name
|
||||||
@@ -602,6 +617,10 @@ message NetworkPolicyPeer {
|
|||||||
// If present but empty, this selector selects all namespaces.
|
// If present but empty, this selector selects all namespaces.
|
||||||
// +optional
|
// +optional
|
||||||
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
|
||||||
|
|
||||||
|
// IPBlock defines policy on a particular IPBlock
|
||||||
|
// +optional
|
||||||
|
optional IPBlock ipBlock = 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
message NetworkPolicyPort {
|
message NetworkPolicyPort {
|
||||||
|
@@ -18741,7 +18741,7 @@ func (x *NetworkPolicyPort) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
|
|||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
|
func (x *IPBlock) CodecEncodeSelf(e *codec1978.Encoder) {
|
||||||
var h codecSelfer1234
|
var h codecSelfer1234
|
||||||
z, r := codec1978.GenHelperEncoder(e)
|
z, r := codec1978.GenHelperEncoder(e)
|
||||||
_, _, _ = h, z, r
|
_, _, _ = h, z, r
|
||||||
@@ -18758,11 +18758,254 @@ func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
|
|||||||
var yyq2 [2]bool
|
var yyq2 [2]bool
|
||||||
_, _, _ = yysep2, yyq2, yy2arr2
|
_, _, _ = yysep2, yyq2, yy2arr2
|
||||||
const yyr2 bool = false
|
const yyr2 bool = false
|
||||||
yyq2[0] = x.PodSelector != nil
|
yyq2[1] = len(x.Except) != 0
|
||||||
yyq2[1] = x.NamespaceSelector != nil
|
|
||||||
var yynn2 int
|
var yynn2 int
|
||||||
if yyr2 || yy2arr2 {
|
if yyr2 || yy2arr2 {
|
||||||
r.EncodeArrayStart(2)
|
r.EncodeArrayStart(2)
|
||||||
|
} else {
|
||||||
|
yynn2 = 1
|
||||||
|
for _, b := range yyq2 {
|
||||||
|
if b {
|
||||||
|
yynn2++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
r.EncodeMapStart(yynn2)
|
||||||
|
yynn2 = 0
|
||||||
|
}
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
yym4 := z.EncBinary()
|
||||||
|
_ = yym4
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string(x.CIDR))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapKey1234)
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string("cidr"))
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapValue1234)
|
||||||
|
yym5 := z.EncBinary()
|
||||||
|
_ = yym5
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string(x.CIDR))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if yyq2[1] {
|
||||||
|
if x.Except == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
yym7 := z.EncBinary()
|
||||||
|
_ = yym7
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
z.F.EncSliceStringV(x.Except, false, e)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
r.EncodeNil()
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if yyq2[1] {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapKey1234)
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string("except"))
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapValue1234)
|
||||||
|
if x.Except == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
yym8 := z.EncBinary()
|
||||||
|
_ = yym8
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
z.F.EncSliceStringV(x.Except, false, e)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
} else {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapEnd1234)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *IPBlock) CodecDecodeSelf(d *codec1978.Decoder) {
|
||||||
|
var h codecSelfer1234
|
||||||
|
z, r := codec1978.GenHelperDecoder(d)
|
||||||
|
_, _, _ = h, z, r
|
||||||
|
yym1 := z.DecBinary()
|
||||||
|
_ = yym1
|
||||||
|
if false {
|
||||||
|
} else if z.HasExtensions() && z.DecExt(x) {
|
||||||
|
} else {
|
||||||
|
yyct2 := r.ContainerType()
|
||||||
|
if yyct2 == codecSelferValueTypeMap1234 {
|
||||||
|
yyl2 := r.ReadMapStart()
|
||||||
|
if yyl2 == 0 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerMapEnd1234)
|
||||||
|
} else {
|
||||||
|
x.codecDecodeSelfFromMap(yyl2, d)
|
||||||
|
}
|
||||||
|
} else if yyct2 == codecSelferValueTypeArray1234 {
|
||||||
|
yyl2 := r.ReadArrayStart()
|
||||||
|
if yyl2 == 0 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
} else {
|
||||||
|
x.codecDecodeSelfFromArray(yyl2, d)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *IPBlock) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
|
||||||
|
var h codecSelfer1234
|
||||||
|
z, r := codec1978.GenHelperDecoder(d)
|
||||||
|
_, _, _ = h, z, r
|
||||||
|
var yys3Slc = z.DecScratchBuffer() // default slice to decode into
|
||||||
|
_ = yys3Slc
|
||||||
|
var yyhl3 bool = l >= 0
|
||||||
|
for yyj3 := 0; ; yyj3++ {
|
||||||
|
if yyhl3 {
|
||||||
|
if yyj3 >= l {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if r.CheckBreak() {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerMapKey1234)
|
||||||
|
yys3Slc = r.DecodeBytes(yys3Slc, true, true)
|
||||||
|
yys3 := string(yys3Slc)
|
||||||
|
z.DecSendContainerState(codecSelfer_containerMapValue1234)
|
||||||
|
switch yys3 {
|
||||||
|
case "cidr":
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.CIDR = ""
|
||||||
|
} else {
|
||||||
|
yyv4 := &x.CIDR
|
||||||
|
yym5 := z.DecBinary()
|
||||||
|
_ = yym5
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
*((*string)(yyv4)) = r.DecodeString()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
case "except":
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.Except = nil
|
||||||
|
} else {
|
||||||
|
yyv6 := &x.Except
|
||||||
|
yym7 := z.DecBinary()
|
||||||
|
_ = yym7
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
z.F.DecSliceStringX(yyv6, false, d)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
z.DecStructFieldNotFound(-1, yys3)
|
||||||
|
} // end switch yys3
|
||||||
|
} // end for yyj3
|
||||||
|
z.DecSendContainerState(codecSelfer_containerMapEnd1234)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *IPBlock) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
|
||||||
|
var h codecSelfer1234
|
||||||
|
z, r := codec1978.GenHelperDecoder(d)
|
||||||
|
_, _, _ = h, z, r
|
||||||
|
var yyj8 int
|
||||||
|
var yyb8 bool
|
||||||
|
var yyhl8 bool = l >= 0
|
||||||
|
yyj8++
|
||||||
|
if yyhl8 {
|
||||||
|
yyb8 = yyj8 > l
|
||||||
|
} else {
|
||||||
|
yyb8 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb8 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.CIDR = ""
|
||||||
|
} else {
|
||||||
|
yyv9 := &x.CIDR
|
||||||
|
yym10 := z.DecBinary()
|
||||||
|
_ = yym10
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
*((*string)(yyv9)) = r.DecodeString()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
yyj8++
|
||||||
|
if yyhl8 {
|
||||||
|
yyb8 = yyj8 > l
|
||||||
|
} else {
|
||||||
|
yyb8 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb8 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.Except = nil
|
||||||
|
} else {
|
||||||
|
yyv11 := &x.Except
|
||||||
|
yym12 := z.DecBinary()
|
||||||
|
_ = yym12
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
z.F.DecSliceStringX(yyv11, false, d)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for {
|
||||||
|
yyj8++
|
||||||
|
if yyhl8 {
|
||||||
|
yyb8 = yyj8 > l
|
||||||
|
} else {
|
||||||
|
yyb8 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb8 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
z.DecStructFieldNotFound(yyj8-1, "")
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
|
||||||
|
var h codecSelfer1234
|
||||||
|
z, r := codec1978.GenHelperEncoder(e)
|
||||||
|
_, _, _ = h, z, r
|
||||||
|
if x == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
yym1 := z.EncBinary()
|
||||||
|
_ = yym1
|
||||||
|
if false {
|
||||||
|
} else if z.HasExtensions() && z.EncExt(x) {
|
||||||
|
} else {
|
||||||
|
yysep2 := !z.EncBinary()
|
||||||
|
yy2arr2 := z.EncBasicHandle().StructToArray
|
||||||
|
var yyq2 [3]bool
|
||||||
|
_, _, _ = yysep2, yyq2, yy2arr2
|
||||||
|
const yyr2 bool = false
|
||||||
|
yyq2[0] = x.PodSelector != nil
|
||||||
|
yyq2[1] = x.NamespaceSelector != nil
|
||||||
|
yyq2[2] = x.IPBlock != nil
|
||||||
|
var yynn2 int
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
r.EncodeArrayStart(3)
|
||||||
} else {
|
} else {
|
||||||
yynn2 = 0
|
yynn2 = 0
|
||||||
for _, b := range yyq2 {
|
for _, b := range yyq2 {
|
||||||
@@ -18843,6 +19086,29 @@ func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if yyq2[2] {
|
||||||
|
if x.IPBlock == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
x.IPBlock.CodecEncodeSelf(e)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
r.EncodeNil()
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if yyq2[2] {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapKey1234)
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string("ipBlock"))
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapValue1234)
|
||||||
|
if x.IPBlock == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
x.IPBlock.CodecEncodeSelf(e)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
if yyr2 || yy2arr2 {
|
if yyr2 || yy2arr2 {
|
||||||
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
} else {
|
} else {
|
||||||
@@ -18938,6 +19204,17 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromMap(l int, d *codec1978.Decoder)
|
|||||||
z.DecFallback(x.NamespaceSelector, false)
|
z.DecFallback(x.NamespaceSelector, false)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
case "ipBlock":
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
if x.IPBlock != nil {
|
||||||
|
x.IPBlock = nil
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if x.IPBlock == nil {
|
||||||
|
x.IPBlock = new(IPBlock)
|
||||||
|
}
|
||||||
|
x.IPBlock.CodecDecodeSelf(d)
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
z.DecStructFieldNotFound(-1, yys3)
|
z.DecStructFieldNotFound(-1, yys3)
|
||||||
} // end switch yys3
|
} // end switch yys3
|
||||||
@@ -18949,16 +19226,16 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
|
|||||||
var h codecSelfer1234
|
var h codecSelfer1234
|
||||||
z, r := codec1978.GenHelperDecoder(d)
|
z, r := codec1978.GenHelperDecoder(d)
|
||||||
_, _, _ = h, z, r
|
_, _, _ = h, z, r
|
||||||
var yyj8 int
|
var yyj9 int
|
||||||
var yyb8 bool
|
var yyb9 bool
|
||||||
var yyhl8 bool = l >= 0
|
var yyhl9 bool = l >= 0
|
||||||
yyj8++
|
yyj9++
|
||||||
if yyhl8 {
|
if yyhl9 {
|
||||||
yyb8 = yyj8 > l
|
yyb9 = yyj9 > l
|
||||||
} else {
|
} else {
|
||||||
yyb8 = r.CheckBreak()
|
yyb9 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb8 {
|
if yyb9 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -18971,21 +19248,21 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
|
|||||||
if x.PodSelector == nil {
|
if x.PodSelector == nil {
|
||||||
x.PodSelector = new(pkg1_v1.LabelSelector)
|
x.PodSelector = new(pkg1_v1.LabelSelector)
|
||||||
}
|
}
|
||||||
yym10 := z.DecBinary()
|
yym11 := z.DecBinary()
|
||||||
_ = yym10
|
_ = yym11
|
||||||
if false {
|
if false {
|
||||||
} else if z.HasExtensions() && z.DecExt(x.PodSelector) {
|
} else if z.HasExtensions() && z.DecExt(x.PodSelector) {
|
||||||
} else {
|
} else {
|
||||||
z.DecFallback(x.PodSelector, false)
|
z.DecFallback(x.PodSelector, false)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yyj8++
|
yyj9++
|
||||||
if yyhl8 {
|
if yyhl9 {
|
||||||
yyb8 = yyj8 > l
|
yyb9 = yyj9 > l
|
||||||
} else {
|
} else {
|
||||||
yyb8 = r.CheckBreak()
|
yyb9 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb8 {
|
if yyb9 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -18998,26 +19275,47 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
|
|||||||
if x.NamespaceSelector == nil {
|
if x.NamespaceSelector == nil {
|
||||||
x.NamespaceSelector = new(pkg1_v1.LabelSelector)
|
x.NamespaceSelector = new(pkg1_v1.LabelSelector)
|
||||||
}
|
}
|
||||||
yym12 := z.DecBinary()
|
yym13 := z.DecBinary()
|
||||||
_ = yym12
|
_ = yym13
|
||||||
if false {
|
if false {
|
||||||
} else if z.HasExtensions() && z.DecExt(x.NamespaceSelector) {
|
} else if z.HasExtensions() && z.DecExt(x.NamespaceSelector) {
|
||||||
} else {
|
} else {
|
||||||
z.DecFallback(x.NamespaceSelector, false)
|
z.DecFallback(x.NamespaceSelector, false)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for {
|
yyj9++
|
||||||
yyj8++
|
if yyhl9 {
|
||||||
if yyhl8 {
|
yyb9 = yyj9 > l
|
||||||
yyb8 = yyj8 > l
|
|
||||||
} else {
|
} else {
|
||||||
yyb8 = r.CheckBreak()
|
yyb9 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb8 {
|
if yyb9 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
if x.IPBlock != nil {
|
||||||
|
x.IPBlock = nil
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if x.IPBlock == nil {
|
||||||
|
x.IPBlock = new(IPBlock)
|
||||||
|
}
|
||||||
|
x.IPBlock.CodecDecodeSelf(d)
|
||||||
|
}
|
||||||
|
for {
|
||||||
|
yyj9++
|
||||||
|
if yyhl9 {
|
||||||
|
yyb9 = yyj9 > l
|
||||||
|
} else {
|
||||||
|
yyb9 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb9 {
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
z.DecStructFieldNotFound(yyj8-1, "")
|
z.DecStructFieldNotFound(yyj9-1, "")
|
||||||
}
|
}
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
}
|
}
|
||||||
@@ -21917,7 +22215,7 @@ func (x codecSelfer1234) decSliceNetworkPolicyPeer(v *[]NetworkPolicyPeer, d *co
|
|||||||
|
|
||||||
yyrg1 := len(yyv1) > 0
|
yyrg1 := len(yyv1) > 0
|
||||||
yyv21 := yyv1
|
yyv21 := yyv1
|
||||||
yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 16)
|
yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 24)
|
||||||
if yyrt1 {
|
if yyrt1 {
|
||||||
if yyrl1 <= cap(yyv1) {
|
if yyrl1 <= cap(yyv1) {
|
||||||
yyv1 = yyv1[:yyrl1]
|
yyv1 = yyv1[:yyrl1]
|
||||||
|
@@ -1181,6 +1181,20 @@ type NetworkPolicyPort struct {
|
|||||||
Port *intstr.IntOrString `json:"port,omitempty" protobuf:"bytes,2,opt,name=port"`
|
Port *intstr.IntOrString `json:"port,omitempty" protobuf:"bytes,2,opt,name=port"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
|
||||||
|
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
|
||||||
|
// not be included within this rule.
|
||||||
|
type IPBlock struct {
|
||||||
|
// CIDR is a string representing the IP Block
|
||||||
|
// Valid examples are "192.168.1.1/24"
|
||||||
|
CIDR string `json:"cidr" protobuf:"bytes,1,name=cidr"`
|
||||||
|
// Except is a slice of CIDRs that should not be included within an IP Block
|
||||||
|
// Valid examples are "192.168.1.1/24"
|
||||||
|
// Except values will be rejected if they are outside the CIDR range
|
||||||
|
// +optional
|
||||||
|
Except []string `json:"except,omitempty" protobuf:"bytes,2,rep,name=except"`
|
||||||
|
}
|
||||||
|
|
||||||
type NetworkPolicyPeer struct {
|
type NetworkPolicyPeer struct {
|
||||||
// Exactly one of the following must be specified.
|
// Exactly one of the following must be specified.
|
||||||
|
|
||||||
@@ -1196,6 +1210,10 @@ type NetworkPolicyPeer struct {
|
|||||||
// If present but empty, this selector selects all namespaces.
|
// If present but empty, this selector selects all namespaces.
|
||||||
// +optional
|
// +optional
|
||||||
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"`
|
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"`
|
||||||
|
|
||||||
|
// IPBlock defines policy on a particular IPBlock
|
||||||
|
// +optional
|
||||||
|
IPBlock *IPBlock `json:"ipBlock,omitempty" protobuf:"bytes,3,rep,name=ipBlock"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
@@ -254,6 +254,16 @@ func (IDRange) SwaggerDoc() map[string]string {
|
|||||||
return map_IDRange
|
return map_IDRange
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var map_IPBlock = map[string]string{
|
||||||
|
"": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
|
||||||
|
"cidr": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"",
|
||||||
|
"except": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range",
|
||||||
|
}
|
||||||
|
|
||||||
|
func (IPBlock) SwaggerDoc() map[string]string {
|
||||||
|
return map_IPBlock
|
||||||
|
}
|
||||||
|
|
||||||
var map_Ingress = map[string]string{
|
var map_Ingress = map[string]string{
|
||||||
"": "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.",
|
"": "Ingress is a collection of rules that allow inbound connections to reach the endpoints defined by a backend. An Ingress can be configured to give services externally-reachable urls, load balance traffic, terminate SSL, offer name based virtual hosting etc.",
|
||||||
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
|
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
|
||||||
@@ -365,6 +375,7 @@ func (NetworkPolicyList) SwaggerDoc() map[string]string {
|
|||||||
var map_NetworkPolicyPeer = map[string]string{
|
var map_NetworkPolicyPeer = map[string]string{
|
||||||
"podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.",
|
"podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.",
|
||||||
"namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
|
"namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
|
||||||
|
"ipBlock": "IPBlock defines policy on a particular IPBlock",
|
||||||
}
|
}
|
||||||
|
|
||||||
func (NetworkPolicyPeer) SwaggerDoc() map[string]string {
|
func (NetworkPolicyPeer) SwaggerDoc() map[string]string {
|
||||||
|
@@ -127,6 +127,10 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
|
|||||||
in.(*IDRange).DeepCopyInto(out.(*IDRange))
|
in.(*IDRange).DeepCopyInto(out.(*IDRange))
|
||||||
return nil
|
return nil
|
||||||
}, InType: reflect.TypeOf(&IDRange{})},
|
}, InType: reflect.TypeOf(&IDRange{})},
|
||||||
|
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
|
||||||
|
in.(*IPBlock).DeepCopyInto(out.(*IPBlock))
|
||||||
|
return nil
|
||||||
|
}, InType: reflect.TypeOf(&IPBlock{})},
|
||||||
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
|
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
|
||||||
in.(*Ingress).DeepCopyInto(out.(*Ingress))
|
in.(*Ingress).DeepCopyInto(out.(*Ingress))
|
||||||
return nil
|
return nil
|
||||||
@@ -845,6 +849,27 @@ func (in *IDRange) DeepCopy() *IDRange {
|
|||||||
return out
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *IPBlock) DeepCopyInto(out *IPBlock) {
|
||||||
|
*out = *in
|
||||||
|
if in.Except != nil {
|
||||||
|
in, out := &in.Except, &out.Except
|
||||||
|
*out = make([]string, len(*in))
|
||||||
|
copy(*out, *in)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock.
|
||||||
|
func (in *IPBlock) DeepCopy() *IPBlock {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(IPBlock)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *Ingress) DeepCopyInto(out *Ingress) {
|
func (in *Ingress) DeepCopyInto(out *Ingress) {
|
||||||
*out = *in
|
*out = *in
|
||||||
@@ -1157,6 +1182,15 @@ func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer) {
|
|||||||
(*in).DeepCopyInto(*out)
|
(*in).DeepCopyInto(*out)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if in.IPBlock != nil {
|
||||||
|
in, out := &in.IPBlock, &out.IPBlock
|
||||||
|
if *in == nil {
|
||||||
|
*out = nil
|
||||||
|
} else {
|
||||||
|
*out = new(IPBlock)
|
||||||
|
(*in).DeepCopyInto(*out)
|
||||||
|
}
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -25,6 +25,7 @@ limitations under the License.
|
|||||||
k8s.io/kubernetes/vendor/k8s.io/api/networking/v1/generated.proto
|
k8s.io/kubernetes/vendor/k8s.io/api/networking/v1/generated.proto
|
||||||
|
|
||||||
It has these top-level messages:
|
It has these top-level messages:
|
||||||
|
IPBlock
|
||||||
NetworkPolicy
|
NetworkPolicy
|
||||||
NetworkPolicyIngressRule
|
NetworkPolicyIngressRule
|
||||||
NetworkPolicyList
|
NetworkPolicyList
|
||||||
@@ -60,33 +61,38 @@ var _ = math.Inf
|
|||||||
// proto package needs to be updated.
|
// proto package needs to be updated.
|
||||||
const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
|
const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
|
||||||
|
|
||||||
|
func (m *IPBlock) Reset() { *m = IPBlock{} }
|
||||||
|
func (*IPBlock) ProtoMessage() {}
|
||||||
|
func (*IPBlock) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{0} }
|
||||||
|
|
||||||
func (m *NetworkPolicy) Reset() { *m = NetworkPolicy{} }
|
func (m *NetworkPolicy) Reset() { *m = NetworkPolicy{} }
|
||||||
func (*NetworkPolicy) ProtoMessage() {}
|
func (*NetworkPolicy) ProtoMessage() {}
|
||||||
func (*NetworkPolicy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{0} }
|
func (*NetworkPolicy) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{1} }
|
||||||
|
|
||||||
func (m *NetworkPolicyIngressRule) Reset() { *m = NetworkPolicyIngressRule{} }
|
func (m *NetworkPolicyIngressRule) Reset() { *m = NetworkPolicyIngressRule{} }
|
||||||
func (*NetworkPolicyIngressRule) ProtoMessage() {}
|
func (*NetworkPolicyIngressRule) ProtoMessage() {}
|
||||||
func (*NetworkPolicyIngressRule) Descriptor() ([]byte, []int) {
|
func (*NetworkPolicyIngressRule) Descriptor() ([]byte, []int) {
|
||||||
return fileDescriptorGenerated, []int{1}
|
return fileDescriptorGenerated, []int{2}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *NetworkPolicyList) Reset() { *m = NetworkPolicyList{} }
|
func (m *NetworkPolicyList) Reset() { *m = NetworkPolicyList{} }
|
||||||
func (*NetworkPolicyList) ProtoMessage() {}
|
func (*NetworkPolicyList) ProtoMessage() {}
|
||||||
func (*NetworkPolicyList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{2} }
|
func (*NetworkPolicyList) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{3} }
|
||||||
|
|
||||||
func (m *NetworkPolicyPeer) Reset() { *m = NetworkPolicyPeer{} }
|
func (m *NetworkPolicyPeer) Reset() { *m = NetworkPolicyPeer{} }
|
||||||
func (*NetworkPolicyPeer) ProtoMessage() {}
|
func (*NetworkPolicyPeer) ProtoMessage() {}
|
||||||
func (*NetworkPolicyPeer) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{3} }
|
func (*NetworkPolicyPeer) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{4} }
|
||||||
|
|
||||||
func (m *NetworkPolicyPort) Reset() { *m = NetworkPolicyPort{} }
|
func (m *NetworkPolicyPort) Reset() { *m = NetworkPolicyPort{} }
|
||||||
func (*NetworkPolicyPort) ProtoMessage() {}
|
func (*NetworkPolicyPort) ProtoMessage() {}
|
||||||
func (*NetworkPolicyPort) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{4} }
|
func (*NetworkPolicyPort) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{5} }
|
||||||
|
|
||||||
func (m *NetworkPolicySpec) Reset() { *m = NetworkPolicySpec{} }
|
func (m *NetworkPolicySpec) Reset() { *m = NetworkPolicySpec{} }
|
||||||
func (*NetworkPolicySpec) ProtoMessage() {}
|
func (*NetworkPolicySpec) ProtoMessage() {}
|
||||||
func (*NetworkPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{5} }
|
func (*NetworkPolicySpec) Descriptor() ([]byte, []int) { return fileDescriptorGenerated, []int{6} }
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
proto.RegisterType((*IPBlock)(nil), "k8s.io.api.networking.v1.IPBlock")
|
||||||
proto.RegisterType((*NetworkPolicy)(nil), "k8s.io.api.networking.v1.NetworkPolicy")
|
proto.RegisterType((*NetworkPolicy)(nil), "k8s.io.api.networking.v1.NetworkPolicy")
|
||||||
proto.RegisterType((*NetworkPolicyIngressRule)(nil), "k8s.io.api.networking.v1.NetworkPolicyIngressRule")
|
proto.RegisterType((*NetworkPolicyIngressRule)(nil), "k8s.io.api.networking.v1.NetworkPolicyIngressRule")
|
||||||
proto.RegisterType((*NetworkPolicyList)(nil), "k8s.io.api.networking.v1.NetworkPolicyList")
|
proto.RegisterType((*NetworkPolicyList)(nil), "k8s.io.api.networking.v1.NetworkPolicyList")
|
||||||
@@ -94,6 +100,43 @@ func init() {
|
|||||||
proto.RegisterType((*NetworkPolicyPort)(nil), "k8s.io.api.networking.v1.NetworkPolicyPort")
|
proto.RegisterType((*NetworkPolicyPort)(nil), "k8s.io.api.networking.v1.NetworkPolicyPort")
|
||||||
proto.RegisterType((*NetworkPolicySpec)(nil), "k8s.io.api.networking.v1.NetworkPolicySpec")
|
proto.RegisterType((*NetworkPolicySpec)(nil), "k8s.io.api.networking.v1.NetworkPolicySpec")
|
||||||
}
|
}
|
||||||
|
func (m *IPBlock) Marshal() (dAtA []byte, err error) {
|
||||||
|
size := m.Size()
|
||||||
|
dAtA = make([]byte, size)
|
||||||
|
n, err := m.MarshalTo(dAtA)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return dAtA[:n], nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (m *IPBlock) MarshalTo(dAtA []byte) (int, error) {
|
||||||
|
var i int
|
||||||
|
_ = i
|
||||||
|
var l int
|
||||||
|
_ = l
|
||||||
|
dAtA[i] = 0xa
|
||||||
|
i++
|
||||||
|
i = encodeVarintGenerated(dAtA, i, uint64(len(m.CIDR)))
|
||||||
|
i += copy(dAtA[i:], m.CIDR)
|
||||||
|
if len(m.Except) > 0 {
|
||||||
|
for _, s := range m.Except {
|
||||||
|
dAtA[i] = 0x12
|
||||||
|
i++
|
||||||
|
l = len(s)
|
||||||
|
for l >= 1<<7 {
|
||||||
|
dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
|
||||||
|
l >>= 7
|
||||||
|
i++
|
||||||
|
}
|
||||||
|
dAtA[i] = uint8(l)
|
||||||
|
i++
|
||||||
|
i += copy(dAtA[i:], s)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return i, nil
|
||||||
|
}
|
||||||
|
|
||||||
func (m *NetworkPolicy) Marshal() (dAtA []byte, err error) {
|
func (m *NetworkPolicy) Marshal() (dAtA []byte, err error) {
|
||||||
size := m.Size()
|
size := m.Size()
|
||||||
dAtA = make([]byte, size)
|
dAtA = make([]byte, size)
|
||||||
@@ -243,6 +286,16 @@ func (m *NetworkPolicyPeer) MarshalTo(dAtA []byte) (int, error) {
|
|||||||
}
|
}
|
||||||
i += n5
|
i += n5
|
||||||
}
|
}
|
||||||
|
if m.IPBlock != nil {
|
||||||
|
dAtA[i] = 0x1a
|
||||||
|
i++
|
||||||
|
i = encodeVarintGenerated(dAtA, i, uint64(m.IPBlock.Size()))
|
||||||
|
n6, err := m.IPBlock.MarshalTo(dAtA[i:])
|
||||||
|
if err != nil {
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
i += n6
|
||||||
|
}
|
||||||
return i, nil
|
return i, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -271,11 +324,11 @@ func (m *NetworkPolicyPort) MarshalTo(dAtA []byte) (int, error) {
|
|||||||
dAtA[i] = 0x12
|
dAtA[i] = 0x12
|
||||||
i++
|
i++
|
||||||
i = encodeVarintGenerated(dAtA, i, uint64(m.Port.Size()))
|
i = encodeVarintGenerated(dAtA, i, uint64(m.Port.Size()))
|
||||||
n6, err := m.Port.MarshalTo(dAtA[i:])
|
n7, err := m.Port.MarshalTo(dAtA[i:])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
i += n6
|
i += n7
|
||||||
}
|
}
|
||||||
return i, nil
|
return i, nil
|
||||||
}
|
}
|
||||||
@@ -298,11 +351,11 @@ func (m *NetworkPolicySpec) MarshalTo(dAtA []byte) (int, error) {
|
|||||||
dAtA[i] = 0xa
|
dAtA[i] = 0xa
|
||||||
i++
|
i++
|
||||||
i = encodeVarintGenerated(dAtA, i, uint64(m.PodSelector.Size()))
|
i = encodeVarintGenerated(dAtA, i, uint64(m.PodSelector.Size()))
|
||||||
n7, err := m.PodSelector.MarshalTo(dAtA[i:])
|
n8, err := m.PodSelector.MarshalTo(dAtA[i:])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
}
|
}
|
||||||
i += n7
|
i += n8
|
||||||
if len(m.Ingress) > 0 {
|
if len(m.Ingress) > 0 {
|
||||||
for _, msg := range m.Ingress {
|
for _, msg := range m.Ingress {
|
||||||
dAtA[i] = 0x12
|
dAtA[i] = 0x12
|
||||||
@@ -345,6 +398,20 @@ func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int {
|
|||||||
dAtA[offset] = uint8(v)
|
dAtA[offset] = uint8(v)
|
||||||
return offset + 1
|
return offset + 1
|
||||||
}
|
}
|
||||||
|
func (m *IPBlock) Size() (n int) {
|
||||||
|
var l int
|
||||||
|
_ = l
|
||||||
|
l = len(m.CIDR)
|
||||||
|
n += 1 + l + sovGenerated(uint64(l))
|
||||||
|
if len(m.Except) > 0 {
|
||||||
|
for _, s := range m.Except {
|
||||||
|
l = len(s)
|
||||||
|
n += 1 + l + sovGenerated(uint64(l))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return n
|
||||||
|
}
|
||||||
|
|
||||||
func (m *NetworkPolicy) Size() (n int) {
|
func (m *NetworkPolicy) Size() (n int) {
|
||||||
var l int
|
var l int
|
||||||
_ = l
|
_ = l
|
||||||
@@ -398,6 +465,10 @@ func (m *NetworkPolicyPeer) Size() (n int) {
|
|||||||
l = m.NamespaceSelector.Size()
|
l = m.NamespaceSelector.Size()
|
||||||
n += 1 + l + sovGenerated(uint64(l))
|
n += 1 + l + sovGenerated(uint64(l))
|
||||||
}
|
}
|
||||||
|
if m.IPBlock != nil {
|
||||||
|
l = m.IPBlock.Size()
|
||||||
|
n += 1 + l + sovGenerated(uint64(l))
|
||||||
|
}
|
||||||
return n
|
return n
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -442,6 +513,17 @@ func sovGenerated(x uint64) (n int) {
|
|||||||
func sozGenerated(x uint64) (n int) {
|
func sozGenerated(x uint64) (n int) {
|
||||||
return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
|
return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63))))
|
||||||
}
|
}
|
||||||
|
func (this *IPBlock) String() string {
|
||||||
|
if this == nil {
|
||||||
|
return "nil"
|
||||||
|
}
|
||||||
|
s := strings.Join([]string{`&IPBlock{`,
|
||||||
|
`CIDR:` + fmt.Sprintf("%v", this.CIDR) + `,`,
|
||||||
|
`Except:` + fmt.Sprintf("%v", this.Except) + `,`,
|
||||||
|
`}`,
|
||||||
|
}, "")
|
||||||
|
return s
|
||||||
|
}
|
||||||
func (this *NetworkPolicy) String() string {
|
func (this *NetworkPolicy) String() string {
|
||||||
if this == nil {
|
if this == nil {
|
||||||
return "nil"
|
return "nil"
|
||||||
@@ -482,6 +564,7 @@ func (this *NetworkPolicyPeer) String() string {
|
|||||||
s := strings.Join([]string{`&NetworkPolicyPeer{`,
|
s := strings.Join([]string{`&NetworkPolicyPeer{`,
|
||||||
`PodSelector:` + strings.Replace(fmt.Sprintf("%v", this.PodSelector), "LabelSelector", "k8s_io_apimachinery_pkg_apis_meta_v1.LabelSelector", 1) + `,`,
|
`PodSelector:` + strings.Replace(fmt.Sprintf("%v", this.PodSelector), "LabelSelector", "k8s_io_apimachinery_pkg_apis_meta_v1.LabelSelector", 1) + `,`,
|
||||||
`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "k8s_io_apimachinery_pkg_apis_meta_v1.LabelSelector", 1) + `,`,
|
`NamespaceSelector:` + strings.Replace(fmt.Sprintf("%v", this.NamespaceSelector), "LabelSelector", "k8s_io_apimachinery_pkg_apis_meta_v1.LabelSelector", 1) + `,`,
|
||||||
|
`IPBlock:` + strings.Replace(fmt.Sprintf("%v", this.IPBlock), "IPBlock", "IPBlock", 1) + `,`,
|
||||||
`}`,
|
`}`,
|
||||||
}, "")
|
}, "")
|
||||||
return s
|
return s
|
||||||
@@ -516,6 +599,114 @@ func valueToStringGenerated(v interface{}) string {
|
|||||||
pv := reflect.Indirect(rv).Interface()
|
pv := reflect.Indirect(rv).Interface()
|
||||||
return fmt.Sprintf("*%v", pv)
|
return fmt.Sprintf("*%v", pv)
|
||||||
}
|
}
|
||||||
|
func (m *IPBlock) Unmarshal(dAtA []byte) error {
|
||||||
|
l := len(dAtA)
|
||||||
|
iNdEx := 0
|
||||||
|
for iNdEx < l {
|
||||||
|
preIndex := iNdEx
|
||||||
|
var wire uint64
|
||||||
|
for shift := uint(0); ; shift += 7 {
|
||||||
|
if shift >= 64 {
|
||||||
|
return ErrIntOverflowGenerated
|
||||||
|
}
|
||||||
|
if iNdEx >= l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
b := dAtA[iNdEx]
|
||||||
|
iNdEx++
|
||||||
|
wire |= (uint64(b) & 0x7F) << shift
|
||||||
|
if b < 0x80 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
fieldNum := int32(wire >> 3)
|
||||||
|
wireType := int(wire & 0x7)
|
||||||
|
if wireType == 4 {
|
||||||
|
return fmt.Errorf("proto: IPBlock: wiretype end group for non-group")
|
||||||
|
}
|
||||||
|
if fieldNum <= 0 {
|
||||||
|
return fmt.Errorf("proto: IPBlock: illegal tag %d (wire type %d)", fieldNum, wire)
|
||||||
|
}
|
||||||
|
switch fieldNum {
|
||||||
|
case 1:
|
||||||
|
if wireType != 2 {
|
||||||
|
return fmt.Errorf("proto: wrong wireType = %d for field CIDR", wireType)
|
||||||
|
}
|
||||||
|
var stringLen uint64
|
||||||
|
for shift := uint(0); ; shift += 7 {
|
||||||
|
if shift >= 64 {
|
||||||
|
return ErrIntOverflowGenerated
|
||||||
|
}
|
||||||
|
if iNdEx >= l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
b := dAtA[iNdEx]
|
||||||
|
iNdEx++
|
||||||
|
stringLen |= (uint64(b) & 0x7F) << shift
|
||||||
|
if b < 0x80 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
intStringLen := int(stringLen)
|
||||||
|
if intStringLen < 0 {
|
||||||
|
return ErrInvalidLengthGenerated
|
||||||
|
}
|
||||||
|
postIndex := iNdEx + intStringLen
|
||||||
|
if postIndex > l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
m.CIDR = string(dAtA[iNdEx:postIndex])
|
||||||
|
iNdEx = postIndex
|
||||||
|
case 2:
|
||||||
|
if wireType != 2 {
|
||||||
|
return fmt.Errorf("proto: wrong wireType = %d for field Except", wireType)
|
||||||
|
}
|
||||||
|
var stringLen uint64
|
||||||
|
for shift := uint(0); ; shift += 7 {
|
||||||
|
if shift >= 64 {
|
||||||
|
return ErrIntOverflowGenerated
|
||||||
|
}
|
||||||
|
if iNdEx >= l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
b := dAtA[iNdEx]
|
||||||
|
iNdEx++
|
||||||
|
stringLen |= (uint64(b) & 0x7F) << shift
|
||||||
|
if b < 0x80 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
intStringLen := int(stringLen)
|
||||||
|
if intStringLen < 0 {
|
||||||
|
return ErrInvalidLengthGenerated
|
||||||
|
}
|
||||||
|
postIndex := iNdEx + intStringLen
|
||||||
|
if postIndex > l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
m.Except = append(m.Except, string(dAtA[iNdEx:postIndex]))
|
||||||
|
iNdEx = postIndex
|
||||||
|
default:
|
||||||
|
iNdEx = preIndex
|
||||||
|
skippy, err := skipGenerated(dAtA[iNdEx:])
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if skippy < 0 {
|
||||||
|
return ErrInvalidLengthGenerated
|
||||||
|
}
|
||||||
|
if (iNdEx + skippy) > l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
iNdEx += skippy
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if iNdEx > l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
func (m *NetworkPolicy) Unmarshal(dAtA []byte) error {
|
func (m *NetworkPolicy) Unmarshal(dAtA []byte) error {
|
||||||
l := len(dAtA)
|
l := len(dAtA)
|
||||||
iNdEx := 0
|
iNdEx := 0
|
||||||
@@ -944,6 +1135,39 @@ func (m *NetworkPolicyPeer) Unmarshal(dAtA []byte) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
iNdEx = postIndex
|
iNdEx = postIndex
|
||||||
|
case 3:
|
||||||
|
if wireType != 2 {
|
||||||
|
return fmt.Errorf("proto: wrong wireType = %d for field IPBlock", wireType)
|
||||||
|
}
|
||||||
|
var msglen int
|
||||||
|
for shift := uint(0); ; shift += 7 {
|
||||||
|
if shift >= 64 {
|
||||||
|
return ErrIntOverflowGenerated
|
||||||
|
}
|
||||||
|
if iNdEx >= l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
b := dAtA[iNdEx]
|
||||||
|
iNdEx++
|
||||||
|
msglen |= (int(b) & 0x7F) << shift
|
||||||
|
if b < 0x80 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if msglen < 0 {
|
||||||
|
return ErrInvalidLengthGenerated
|
||||||
|
}
|
||||||
|
postIndex := iNdEx + msglen
|
||||||
|
if postIndex > l {
|
||||||
|
return io.ErrUnexpectedEOF
|
||||||
|
}
|
||||||
|
if m.IPBlock == nil {
|
||||||
|
m.IPBlock = &IPBlock{}
|
||||||
|
}
|
||||||
|
if err := m.IPBlock.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
iNdEx = postIndex
|
||||||
default:
|
default:
|
||||||
iNdEx = preIndex
|
iNdEx = preIndex
|
||||||
skippy, err := skipGenerated(dAtA[iNdEx:])
|
skippy, err := skipGenerated(dAtA[iNdEx:])
|
||||||
@@ -1299,47 +1523,52 @@ func init() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
var fileDescriptorGenerated = []byte{
|
var fileDescriptorGenerated = []byte{
|
||||||
// 670 bytes of a gzipped FileDescriptorProto
|
// 745 bytes of a gzipped FileDescriptorProto
|
||||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0x4d, 0x4f, 0xdb, 0x4a,
|
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x54, 0xcd, 0x4e, 0xdb, 0x4a,
|
||||||
0x14, 0x8d, 0xf3, 0x40, 0xe4, 0x0d, 0x0f, 0xf1, 0xf0, 0xd3, 0x93, 0x22, 0x2a, 0x39, 0xc8, 0x9b,
|
0x14, 0x8e, 0x43, 0x20, 0x61, 0x72, 0x11, 0x17, 0x5f, 0x5d, 0x29, 0xa2, 0x92, 0x93, 0x7a, 0x53,
|
||||||
0x52, 0x21, 0x66, 0x1a, 0xa8, 0xaa, 0x6e, 0xeb, 0x45, 0x2b, 0x24, 0x3e, 0x22, 0xb3, 0xab, 0x5a,
|
0x2a, 0xc4, 0xb8, 0x81, 0xaa, 0xea, 0xb6, 0xee, 0x6f, 0x24, 0x7e, 0x22, 0xb3, 0xab, 0x5a, 0xa9,
|
||||||
0xa9, 0x13, 0xe7, 0x62, 0x86, 0xc4, 0x33, 0xd6, 0xcc, 0x24, 0x85, 0x5d, 0x7f, 0x42, 0x7f, 0x48,
|
0x8e, 0x73, 0x30, 0x43, 0x62, 0x8f, 0x35, 0x33, 0x49, 0x61, 0xd7, 0x47, 0xe8, 0x83, 0xf4, 0x0d,
|
||||||
0xff, 0x41, 0x17, 0xed, 0x92, 0x25, 0x4b, 0x56, 0x51, 0x71, 0x7f, 0x43, 0x37, 0x5d, 0x55, 0x63,
|
0xba, 0xa0, 0x4b, 0x96, 0x2c, 0x59, 0x59, 0xc5, 0x7d, 0x8b, 0xae, 0xaa, 0x99, 0x38, 0x71, 0x48,
|
||||||
0x3b, 0x71, 0x88, 0x89, 0x1a, 0xaa, 0xee, 0x98, 0xeb, 0x73, 0xce, 0xbd, 0x87, 0x73, 0x6f, 0xd0,
|
0x88, 0x1a, 0xaa, 0xee, 0x66, 0xce, 0x9c, 0xef, 0xfb, 0xce, 0xef, 0xa0, 0x67, 0x9d, 0xa7, 0x1c,
|
||||||
0xf3, 0xee, 0x33, 0x85, 0x99, 0x20, 0xdd, 0x7e, 0x1b, 0x24, 0x07, 0x0d, 0x8a, 0x0c, 0x80, 0x77,
|
0x13, 0x6a, 0x75, 0x7a, 0x2d, 0x60, 0x21, 0x08, 0xe0, 0x56, 0x1f, 0xc2, 0x36, 0x65, 0x56, 0xfa,
|
||||||
0x84, 0x24, 0xf9, 0x07, 0x1a, 0x33, 0xc2, 0x41, 0xbf, 0x13, 0xb2, 0xcb, 0x78, 0x48, 0x06, 0x4d,
|
0xe0, 0x46, 0xc4, 0x0a, 0x41, 0x7c, 0xa4, 0xac, 0x43, 0x42, 0xdf, 0xea, 0xd7, 0x2d, 0x1f, 0x42,
|
||||||
0x12, 0x02, 0x07, 0x49, 0x35, 0x74, 0x70, 0x2c, 0x85, 0x16, 0x76, 0x3d, 0x43, 0x62, 0x1a, 0x33,
|
0x60, 0xae, 0x80, 0x36, 0x8e, 0x18, 0x15, 0x54, 0xaf, 0x0c, 0x3c, 0xb1, 0x1b, 0x11, 0x9c, 0x79,
|
||||||
0x5c, 0x20, 0xf1, 0xa0, 0xb9, 0xbe, 0x1d, 0x32, 0x7d, 0xda, 0x6f, 0xe3, 0x40, 0x44, 0x24, 0x14,
|
0xe2, 0x7e, 0x7d, 0x7d, 0xcb, 0x27, 0xe2, 0xb8, 0xd7, 0xc2, 0x1e, 0x0d, 0x2c, 0x9f, 0xfa, 0xd4,
|
||||||
0xa1, 0x20, 0x29, 0xa1, 0xdd, 0x3f, 0x49, 0x5f, 0xe9, 0x23, 0xfd, 0x2b, 0x13, 0x5a, 0x77, 0x27,
|
0x52, 0x80, 0x56, 0xef, 0x48, 0xdd, 0xd4, 0x45, 0x9d, 0x06, 0x44, 0xeb, 0xe6, 0x98, 0xa4, 0x47,
|
||||||
0x5a, 0x06, 0x42, 0xc2, 0x1d, 0xcd, 0xd6, 0xb7, 0x27, 0x30, 0x70, 0xae, 0x81, 0x2b, 0x26, 0xb8,
|
0x19, 0xdc, 0x22, 0xb6, 0xbe, 0x35, 0xe6, 0x03, 0xa7, 0x02, 0x42, 0x4e, 0x68, 0xc8, 0xad, 0x7e,
|
||||||
0x22, 0x83, 0x66, 0x1b, 0x34, 0x2d, 0xc3, 0x1f, 0x4d, 0xc0, 0x63, 0xd1, 0x63, 0xc1, 0xc5, 0x4c,
|
0xbd, 0x05, 0xc2, 0x9d, 0x76, 0x7f, 0x38, 0xe6, 0x1e, 0xd1, 0x2e, 0xf1, 0xce, 0x66, 0xba, 0x3e,
|
||||||
0xe8, 0x93, 0x02, 0x1a, 0xd1, 0xe0, 0x94, 0x71, 0x90, 0x17, 0x24, 0xee, 0x86, 0xa6, 0xa0, 0x48,
|
0xce, 0x5c, 0x03, 0xd7, 0x3b, 0x26, 0x21, 0xb0, 0x33, 0x2b, 0xea, 0xf8, 0xd2, 0xc0, 0xad, 0x00,
|
||||||
0x04, 0x9a, 0xde, 0x35, 0x0f, 0x99, 0xc5, 0x92, 0x7d, 0xae, 0x59, 0x04, 0x25, 0xc2, 0xd3, 0x5f,
|
0x84, 0x7b, 0x5b, 0x3c, 0xd6, 0x2c, 0x14, 0xeb, 0x85, 0x82, 0x04, 0x30, 0x05, 0x78, 0xf2, 0x3b,
|
||||||
0x11, 0x54, 0x70, 0x0a, 0x11, 0x2d, 0xf1, 0x76, 0x67, 0xf1, 0xfa, 0x9a, 0xf5, 0x08, 0xe3, 0x5a,
|
0x00, 0xf7, 0x8e, 0x21, 0x70, 0xa7, 0x70, 0x3b, 0xb3, 0x70, 0x3d, 0x41, 0xba, 0x16, 0x09, 0x05,
|
||||||
0x69, 0x39, 0x4d, 0x72, 0xbf, 0x58, 0x68, 0xe5, 0x30, 0x8b, 0xa4, 0x95, 0xba, 0xb7, 0xdf, 0xa2,
|
0x17, 0x6c, 0x12, 0x64, 0x1e, 0xa0, 0x62, 0xa3, 0x69, 0x77, 0xa9, 0xd7, 0xd1, 0x6b, 0xa8, 0xe0,
|
||||||
0x9a, 0xb1, 0xd2, 0xa1, 0x9a, 0xd6, 0xad, 0x0d, 0x6b, 0x73, 0x79, 0xe7, 0x31, 0x2e, 0xf2, 0x1b,
|
0x91, 0x36, 0xab, 0x68, 0x35, 0x6d, 0x63, 0xd9, 0xfe, 0xe7, 0x22, 0xae, 0xe6, 0x92, 0xb8, 0x5a,
|
||||||
0x2b, 0xe3, 0xb8, 0x1b, 0x9a, 0x82, 0xc2, 0x06, 0x8d, 0x07, 0x4d, 0x7c, 0xd4, 0x3e, 0x83, 0x40,
|
0x78, 0xde, 0x78, 0xe1, 0x38, 0xea, 0x45, 0x37, 0xd1, 0x12, 0x9c, 0x7a, 0x10, 0x89, 0x4a, 0xbe,
|
||||||
0x1f, 0x80, 0xa6, 0x9e, 0x7d, 0x39, 0x6c, 0x54, 0x92, 0x61, 0x03, 0x15, 0x35, 0x7f, 0xac, 0x6a,
|
0xb6, 0xb0, 0xb1, 0x6c, 0xa3, 0x24, 0xae, 0x2e, 0xbd, 0x54, 0x16, 0x27, 0x7d, 0x31, 0xbf, 0x69,
|
||||||
0x1f, 0xa0, 0x05, 0x15, 0x43, 0x50, 0xaf, 0xa6, 0xea, 0x5b, 0x78, 0xd6, 0x76, 0xe0, 0x5b, 0x83,
|
0x68, 0x65, 0x7f, 0xd0, 0xe3, 0xa6, 0x2a, 0xa7, 0xfe, 0x01, 0x95, 0x64, 0x6d, 0xda, 0xae, 0x70,
|
||||||
0x1d, 0xc7, 0x10, 0x78, 0xff, 0xe4, 0xc2, 0x0b, 0xe6, 0xe5, 0xa7, 0x32, 0xee, 0x27, 0x0b, 0xd5,
|
0x15, 0x77, 0x79, 0xfb, 0x11, 0xce, 0x06, 0x62, 0x14, 0x2a, 0x8e, 0x3a, 0xbe, 0x34, 0x70, 0x2c,
|
||||||
0x6f, 0x21, 0xf7, 0x78, 0x28, 0x41, 0x29, 0xbf, 0xdf, 0x03, 0xbb, 0x85, 0x16, 0x63, 0x21, 0xb5,
|
0xbd, 0x71, 0xbf, 0x8e, 0x0f, 0x5a, 0x27, 0xe0, 0x89, 0x3d, 0x10, 0xae, 0xad, 0xa7, 0xd1, 0xa0,
|
||||||
0xaa, 0x5b, 0x1b, 0x7f, 0xdd, 0xa3, 0x59, 0x4b, 0x48, 0xed, 0xad, 0xe4, 0xcd, 0x16, 0xcd, 0x4b,
|
0xcc, 0xe6, 0x8c, 0x58, 0xf5, 0x3d, 0x54, 0xe0, 0x11, 0x78, 0x95, 0xbc, 0x62, 0xdf, 0xc4, 0xb3,
|
||||||
0xf9, 0x99, 0x90, 0x99, 0xfe, 0x44, 0x8a, 0xa8, 0x5e, 0xbd, 0x9f, 0x20, 0x80, 0x2c, 0xa6, 0x7f,
|
0xc6, 0x0d, 0xdf, 0x08, 0xec, 0x30, 0x02, 0x2f, 0x4b, 0x53, 0xde, 0x1c, 0x45, 0x63, 0x7e, 0xd5,
|
||||||
0x21, 0x45, 0xe4, 0xa7, 0x32, 0xee, 0x67, 0x0b, 0xad, 0xdd, 0x42, 0xee, 0x33, 0xa5, 0xed, 0xd7,
|
0x50, 0xe5, 0x86, 0x67, 0x23, 0xf4, 0x19, 0x70, 0xee, 0xf4, 0xba, 0xa0, 0x37, 0xd1, 0x62, 0x44,
|
||||||
0xa5, 0x10, 0xf0, 0x7c, 0x21, 0x18, 0x76, 0x1a, 0xc1, 0xbf, 0x79, 0xaf, 0xda, 0xa8, 0x32, 0x11,
|
0x99, 0xe0, 0x15, 0xad, 0xb6, 0x70, 0x07, 0xb1, 0x26, 0x65, 0xc2, 0x5e, 0x49, 0xc5, 0x16, 0xe5,
|
||||||
0xc0, 0x3e, 0x5a, 0x64, 0x1a, 0x22, 0x95, 0x7b, 0x78, 0x38, 0xa7, 0x87, 0xe2, 0x1f, 0xb2, 0x67,
|
0x8d, 0x3b, 0x03, 0x22, 0x19, 0xfd, 0x11, 0xa3, 0x81, 0xaa, 0xe9, 0x1d, 0x08, 0x01, 0x58, 0x16,
|
||||||
0xd8, 0x7e, 0x26, 0xe2, 0x7e, 0x9f, 0x76, 0x60, 0xbc, 0xda, 0x27, 0x68, 0x39, 0x16, 0x9d, 0x63,
|
0xfd, 0x2b, 0x46, 0x03, 0x47, 0xd1, 0x98, 0xe7, 0x1a, 0x5a, 0xbb, 0xe1, 0xb9, 0x4b, 0xb8, 0xd0,
|
||||||
0xe8, 0x41, 0xa0, 0x85, 0xcc, 0x4d, 0xec, 0xce, 0x69, 0x82, 0xb6, 0xa1, 0x37, 0xa2, 0x7a, 0xab,
|
0xdf, 0x4d, 0x35, 0x01, 0xcf, 0xd7, 0x04, 0x89, 0x56, 0x2d, 0xf8, 0x37, 0xd5, 0x2a, 0x0d, 0x2d,
|
||||||
0xc9, 0xb0, 0xb1, 0xdc, 0x2a, 0xb4, 0xfc, 0x49, 0x61, 0xfb, 0x1c, 0xad, 0x71, 0x1a, 0x81, 0x8a,
|
0x63, 0x0d, 0xd8, 0x45, 0x8b, 0x44, 0x40, 0xc0, 0xd3, 0x1c, 0x1e, 0xcc, 0x99, 0x43, 0x56, 0x90,
|
||||||
0x69, 0x00, 0xe3, 0x6e, 0xd5, 0xdf, 0xef, 0xf6, 0x7f, 0x32, 0x6c, 0xac, 0x1d, 0x4e, 0x2b, 0xfa,
|
0x86, 0x44, 0x3b, 0x03, 0x12, 0xf3, 0x3c, 0x3f, 0x91, 0x81, 0xcc, 0x55, 0x3f, 0x42, 0xe5, 0x88,
|
||||||
0xe5, 0x26, 0xee, 0xc7, 0x92, 0x6f, 0x21, 0xb5, 0xfd, 0x12, 0xd5, 0xd2, 0xcb, 0x0a, 0x44, 0x2f,
|
0xb6, 0x0f, 0xa1, 0x0b, 0x9e, 0xa0, 0x2c, 0x4d, 0x62, 0x67, 0xce, 0x24, 0xdc, 0x16, 0x74, 0x87,
|
||||||
0x35, 0xfd, 0xb7, 0xb7, 0x65, 0x52, 0x68, 0xe5, 0xb5, 0x1f, 0xc3, 0xc6, 0x83, 0xf2, 0x8f, 0x18,
|
0x50, 0x7b, 0x35, 0x89, 0xab, 0xe5, 0x66, 0xc6, 0xe5, 0x8c, 0x13, 0xeb, 0xa7, 0x68, 0x2d, 0x74,
|
||||||
0x1e, 0x7d, 0xf6, 0xc7, 0x64, 0xfb, 0x10, 0x2d, 0x98, 0x85, 0xcb, 0xbd, 0xcc, 0xbe, 0x41, 0x73,
|
0x03, 0xe0, 0x91, 0xeb, 0xc1, 0x48, 0x2d, 0xff, 0xe7, 0x6a, 0xff, 0x27, 0x71, 0x75, 0x6d, 0x7f,
|
||||||
0xdd, 0x38, 0xbb, 0x6e, 0xbc, 0xc7, 0xf5, 0x91, 0x3c, 0xd6, 0x92, 0xf1, 0xd0, 0xab, 0x99, 0x45,
|
0x92, 0xd1, 0x99, 0x16, 0xd1, 0xdf, 0xa0, 0x22, 0x89, 0xd4, 0x2e, 0x56, 0x16, 0x94, 0xde, 0xfd,
|
||||||
0x33, 0x23, 0xf9, 0xa9, 0x8e, 0x3b, 0x9c, 0x1e, 0xd7, 0x9c, 0x90, 0x7d, 0xf6, 0xc7, 0x62, 0xfa,
|
0xd9, 0x75, 0x4c, 0x97, 0xd6, 0x2e, 0x27, 0x71, 0x75, 0xb8, 0xc1, 0xce, 0x10, 0x6e, 0x7e, 0x99,
|
||||||
0x2f, 0x5f, 0x8e, 0xd9, 0x51, 0xbd, 0x41, 0x4b, 0x2c, 0x3b, 0xcd, 0x7c, 0xf1, 0x76, 0xe6, 0x5c,
|
0x9c, 0x01, 0x39, 0x70, 0xfa, 0x6b, 0x54, 0x52, 0x4b, 0xef, 0xd1, 0x6e, 0xba, 0xe4, 0x9b, 0xb2,
|
||||||
0xbc, 0x89, 0x83, 0xf6, 0x56, 0xf3, 0x36, 0x4b, 0xa3, 0xe2, 0x48, 0xd3, 0xdb, 0xbc, 0xbc, 0x71,
|
0x9f, 0xcd, 0xd4, 0xf6, 0x33, 0xae, 0xde, 0x9b, 0xfe, 0x5f, 0xf1, 0xf0, 0xd9, 0x19, 0x81, 0xf5,
|
||||||
0x2a, 0x57, 0x37, 0x4e, 0xe5, 0xfa, 0xc6, 0xa9, 0xbc, 0x4f, 0x1c, 0xeb, 0x32, 0x71, 0xac, 0xab,
|
0x7d, 0x54, 0x90, 0xa3, 0x9b, 0x56, 0x65, 0xf6, 0x36, 0xcb, 0x8f, 0x07, 0x0f, 0x3e, 0x1e, 0xdc,
|
||||||
0xc4, 0xb1, 0xae, 0x13, 0xc7, 0xfa, 0x9a, 0x38, 0xd6, 0x87, 0x6f, 0x4e, 0xe5, 0x55, 0x75, 0xd0,
|
0x08, 0xc5, 0x01, 0x3b, 0x14, 0x8c, 0x84, 0xbe, 0x5d, 0x92, 0x23, 0x2b, 0x43, 0x72, 0x14, 0x8f,
|
||||||
0xfc, 0x19, 0x00, 0x00, 0xff, 0xff, 0x75, 0x6b, 0xae, 0xb3, 0xd3, 0x06, 0x00, 0x00,
|
0x19, 0x4f, 0x86, 0x2b, 0x97, 0x51, 0x3f, 0xf9, 0x6b, 0x0d, 0xff, 0x2f, 0x1d, 0xb3, 0xd9, 0x4d,
|
||||||
|
0x7f, 0x8f, 0x8a, 0x64, 0xb0, 0xe4, 0xe9, 0x08, 0x6f, 0xcf, 0x39, 0xc2, 0x63, 0x5f, 0x83, 0xbd,
|
||||||
|
0x9a, 0xca, 0x14, 0x87, 0xc6, 0x21, 0xa7, 0xbd, 0x71, 0x71, 0x6d, 0xe4, 0x2e, 0xaf, 0x8d, 0xdc,
|
||||||
|
0xd5, 0xb5, 0x91, 0xfb, 0x94, 0x18, 0xda, 0x45, 0x62, 0x68, 0x97, 0x89, 0xa1, 0x5d, 0x25, 0x86,
|
||||||
|
0xf6, 0x3d, 0x31, 0xb4, 0xcf, 0x3f, 0x8c, 0xdc, 0xdb, 0x7c, 0xbf, 0xfe, 0x2b, 0x00, 0x00, 0xff,
|
||||||
|
0xff, 0x3b, 0x3f, 0x8c, 0x26, 0x6e, 0x07, 0x00, 0x00,
|
||||||
}
|
}
|
||||||
|
@@ -32,6 +32,21 @@ import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
|
|||||||
// Package-wide variables from generator "generated".
|
// Package-wide variables from generator "generated".
|
||||||
option go_package = "v1";
|
option go_package = "v1";
|
||||||
|
|
||||||
|
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
|
||||||
|
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
|
||||||
|
// not be included within this rule.
|
||||||
|
message IPBlock {
|
||||||
|
// CIDR is a string representing the IP Block
|
||||||
|
// Valid examples are "192.168.1.1/24"
|
||||||
|
optional string cidr = 1;
|
||||||
|
|
||||||
|
// Except is a slice of CIDRs that should not be included within an IP Block
|
||||||
|
// Valid examples are "192.168.1.1/24"
|
||||||
|
// Except values will be rejected if they are outside the CIDR range
|
||||||
|
// +optional
|
||||||
|
repeated string except = 2;
|
||||||
|
}
|
||||||
|
|
||||||
// NetworkPolicy describes what network traffic is allowed for a set of Pods
|
// NetworkPolicy describes what network traffic is allowed for a set of Pods
|
||||||
message NetworkPolicy {
|
message NetworkPolicy {
|
||||||
// Standard object's metadata.
|
// Standard object's metadata.
|
||||||
@@ -89,6 +104,10 @@ message NetworkPolicyPeer {
|
|||||||
// selector semantics. If present but empty, this selector selects all namespaces.
|
// selector semantics. If present but empty, this selector selects all namespaces.
|
||||||
// +optional
|
// +optional
|
||||||
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
|
optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;
|
||||||
|
|
||||||
|
// IPBlock defines policy on a particular IPBlock
|
||||||
|
// +optional
|
||||||
|
optional IPBlock ipBlock = 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
// NetworkPolicyPort describes a port to allow traffic on
|
// NetworkPolicyPort describes a port to allow traffic on
|
||||||
|
@@ -1196,7 +1196,7 @@ func (x *NetworkPolicyPort) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
|
|||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
|
func (x *IPBlock) CodecEncodeSelf(e *codec1978.Encoder) {
|
||||||
var h codecSelfer1234
|
var h codecSelfer1234
|
||||||
z, r := codec1978.GenHelperEncoder(e)
|
z, r := codec1978.GenHelperEncoder(e)
|
||||||
_, _, _ = h, z, r
|
_, _, _ = h, z, r
|
||||||
@@ -1213,11 +1213,254 @@ func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
|
|||||||
var yyq2 [2]bool
|
var yyq2 [2]bool
|
||||||
_, _, _ = yysep2, yyq2, yy2arr2
|
_, _, _ = yysep2, yyq2, yy2arr2
|
||||||
const yyr2 bool = false
|
const yyr2 bool = false
|
||||||
yyq2[0] = x.PodSelector != nil
|
yyq2[1] = len(x.Except) != 0
|
||||||
yyq2[1] = x.NamespaceSelector != nil
|
|
||||||
var yynn2 int
|
var yynn2 int
|
||||||
if yyr2 || yy2arr2 {
|
if yyr2 || yy2arr2 {
|
||||||
r.EncodeArrayStart(2)
|
r.EncodeArrayStart(2)
|
||||||
|
} else {
|
||||||
|
yynn2 = 1
|
||||||
|
for _, b := range yyq2 {
|
||||||
|
if b {
|
||||||
|
yynn2++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
r.EncodeMapStart(yynn2)
|
||||||
|
yynn2 = 0
|
||||||
|
}
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
yym4 := z.EncBinary()
|
||||||
|
_ = yym4
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string(x.CIDR))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapKey1234)
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string("cidr"))
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapValue1234)
|
||||||
|
yym5 := z.EncBinary()
|
||||||
|
_ = yym5
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string(x.CIDR))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if yyq2[1] {
|
||||||
|
if x.Except == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
yym7 := z.EncBinary()
|
||||||
|
_ = yym7
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
z.F.EncSliceStringV(x.Except, false, e)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
r.EncodeNil()
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if yyq2[1] {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapKey1234)
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string("except"))
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapValue1234)
|
||||||
|
if x.Except == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
yym8 := z.EncBinary()
|
||||||
|
_ = yym8
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
z.F.EncSliceStringV(x.Except, false, e)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
} else {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapEnd1234)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *IPBlock) CodecDecodeSelf(d *codec1978.Decoder) {
|
||||||
|
var h codecSelfer1234
|
||||||
|
z, r := codec1978.GenHelperDecoder(d)
|
||||||
|
_, _, _ = h, z, r
|
||||||
|
yym1 := z.DecBinary()
|
||||||
|
_ = yym1
|
||||||
|
if false {
|
||||||
|
} else if z.HasExtensions() && z.DecExt(x) {
|
||||||
|
} else {
|
||||||
|
yyct2 := r.ContainerType()
|
||||||
|
if yyct2 == codecSelferValueTypeMap1234 {
|
||||||
|
yyl2 := r.ReadMapStart()
|
||||||
|
if yyl2 == 0 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerMapEnd1234)
|
||||||
|
} else {
|
||||||
|
x.codecDecodeSelfFromMap(yyl2, d)
|
||||||
|
}
|
||||||
|
} else if yyct2 == codecSelferValueTypeArray1234 {
|
||||||
|
yyl2 := r.ReadArrayStart()
|
||||||
|
if yyl2 == 0 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
} else {
|
||||||
|
x.codecDecodeSelfFromArray(yyl2, d)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
panic(codecSelferOnlyMapOrArrayEncodeToStructErr1234)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *IPBlock) codecDecodeSelfFromMap(l int, d *codec1978.Decoder) {
|
||||||
|
var h codecSelfer1234
|
||||||
|
z, r := codec1978.GenHelperDecoder(d)
|
||||||
|
_, _, _ = h, z, r
|
||||||
|
var yys3Slc = z.DecScratchBuffer() // default slice to decode into
|
||||||
|
_ = yys3Slc
|
||||||
|
var yyhl3 bool = l >= 0
|
||||||
|
for yyj3 := 0; ; yyj3++ {
|
||||||
|
if yyhl3 {
|
||||||
|
if yyj3 >= l {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if r.CheckBreak() {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerMapKey1234)
|
||||||
|
yys3Slc = r.DecodeBytes(yys3Slc, true, true)
|
||||||
|
yys3 := string(yys3Slc)
|
||||||
|
z.DecSendContainerState(codecSelfer_containerMapValue1234)
|
||||||
|
switch yys3 {
|
||||||
|
case "cidr":
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.CIDR = ""
|
||||||
|
} else {
|
||||||
|
yyv4 := &x.CIDR
|
||||||
|
yym5 := z.DecBinary()
|
||||||
|
_ = yym5
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
*((*string)(yyv4)) = r.DecodeString()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
case "except":
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.Except = nil
|
||||||
|
} else {
|
||||||
|
yyv6 := &x.Except
|
||||||
|
yym7 := z.DecBinary()
|
||||||
|
_ = yym7
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
z.F.DecSliceStringX(yyv6, false, d)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
z.DecStructFieldNotFound(-1, yys3)
|
||||||
|
} // end switch yys3
|
||||||
|
} // end for yyj3
|
||||||
|
z.DecSendContainerState(codecSelfer_containerMapEnd1234)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *IPBlock) codecDecodeSelfFromArray(l int, d *codec1978.Decoder) {
|
||||||
|
var h codecSelfer1234
|
||||||
|
z, r := codec1978.GenHelperDecoder(d)
|
||||||
|
_, _, _ = h, z, r
|
||||||
|
var yyj8 int
|
||||||
|
var yyb8 bool
|
||||||
|
var yyhl8 bool = l >= 0
|
||||||
|
yyj8++
|
||||||
|
if yyhl8 {
|
||||||
|
yyb8 = yyj8 > l
|
||||||
|
} else {
|
||||||
|
yyb8 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb8 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.CIDR = ""
|
||||||
|
} else {
|
||||||
|
yyv9 := &x.CIDR
|
||||||
|
yym10 := z.DecBinary()
|
||||||
|
_ = yym10
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
*((*string)(yyv9)) = r.DecodeString()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
yyj8++
|
||||||
|
if yyhl8 {
|
||||||
|
yyb8 = yyj8 > l
|
||||||
|
} else {
|
||||||
|
yyb8 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb8 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
x.Except = nil
|
||||||
|
} else {
|
||||||
|
yyv11 := &x.Except
|
||||||
|
yym12 := z.DecBinary()
|
||||||
|
_ = yym12
|
||||||
|
if false {
|
||||||
|
} else {
|
||||||
|
z.F.DecSliceStringX(yyv11, false, d)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for {
|
||||||
|
yyj8++
|
||||||
|
if yyhl8 {
|
||||||
|
yyb8 = yyj8 > l
|
||||||
|
} else {
|
||||||
|
yyb8 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb8 {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
z.DecStructFieldNotFound(yyj8-1, "")
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
|
||||||
|
var h codecSelfer1234
|
||||||
|
z, r := codec1978.GenHelperEncoder(e)
|
||||||
|
_, _, _ = h, z, r
|
||||||
|
if x == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
yym1 := z.EncBinary()
|
||||||
|
_ = yym1
|
||||||
|
if false {
|
||||||
|
} else if z.HasExtensions() && z.EncExt(x) {
|
||||||
|
} else {
|
||||||
|
yysep2 := !z.EncBinary()
|
||||||
|
yy2arr2 := z.EncBasicHandle().StructToArray
|
||||||
|
var yyq2 [3]bool
|
||||||
|
_, _, _ = yysep2, yyq2, yy2arr2
|
||||||
|
const yyr2 bool = false
|
||||||
|
yyq2[0] = x.PodSelector != nil
|
||||||
|
yyq2[1] = x.NamespaceSelector != nil
|
||||||
|
yyq2[2] = x.IPBlock != nil
|
||||||
|
var yynn2 int
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
r.EncodeArrayStart(3)
|
||||||
} else {
|
} else {
|
||||||
yynn2 = 0
|
yynn2 = 0
|
||||||
for _, b := range yyq2 {
|
for _, b := range yyq2 {
|
||||||
@@ -1298,6 +1541,29 @@ func (x *NetworkPolicyPeer) CodecEncodeSelf(e *codec1978.Encoder) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if yyr2 || yy2arr2 {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if yyq2[2] {
|
||||||
|
if x.IPBlock == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
x.IPBlock.CodecEncodeSelf(e)
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
r.EncodeNil()
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if yyq2[2] {
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapKey1234)
|
||||||
|
r.EncodeString(codecSelferC_UTF81234, string("ipBlock"))
|
||||||
|
z.EncSendContainerState(codecSelfer_containerMapValue1234)
|
||||||
|
if x.IPBlock == nil {
|
||||||
|
r.EncodeNil()
|
||||||
|
} else {
|
||||||
|
x.IPBlock.CodecEncodeSelf(e)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
if yyr2 || yy2arr2 {
|
if yyr2 || yy2arr2 {
|
||||||
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.EncSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
} else {
|
} else {
|
||||||
@@ -1393,6 +1659,17 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromMap(l int, d *codec1978.Decoder)
|
|||||||
z.DecFallback(x.NamespaceSelector, false)
|
z.DecFallback(x.NamespaceSelector, false)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
case "ipBlock":
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
if x.IPBlock != nil {
|
||||||
|
x.IPBlock = nil
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if x.IPBlock == nil {
|
||||||
|
x.IPBlock = new(IPBlock)
|
||||||
|
}
|
||||||
|
x.IPBlock.CodecDecodeSelf(d)
|
||||||
|
}
|
||||||
default:
|
default:
|
||||||
z.DecStructFieldNotFound(-1, yys3)
|
z.DecStructFieldNotFound(-1, yys3)
|
||||||
} // end switch yys3
|
} // end switch yys3
|
||||||
@@ -1404,16 +1681,16 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
|
|||||||
var h codecSelfer1234
|
var h codecSelfer1234
|
||||||
z, r := codec1978.GenHelperDecoder(d)
|
z, r := codec1978.GenHelperDecoder(d)
|
||||||
_, _, _ = h, z, r
|
_, _, _ = h, z, r
|
||||||
var yyj8 int
|
var yyj9 int
|
||||||
var yyb8 bool
|
var yyb9 bool
|
||||||
var yyhl8 bool = l >= 0
|
var yyhl9 bool = l >= 0
|
||||||
yyj8++
|
yyj9++
|
||||||
if yyhl8 {
|
if yyhl9 {
|
||||||
yyb8 = yyj8 > l
|
yyb9 = yyj9 > l
|
||||||
} else {
|
} else {
|
||||||
yyb8 = r.CheckBreak()
|
yyb9 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb8 {
|
if yyb9 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -1426,21 +1703,21 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
|
|||||||
if x.PodSelector == nil {
|
if x.PodSelector == nil {
|
||||||
x.PodSelector = new(pkg1_v1.LabelSelector)
|
x.PodSelector = new(pkg1_v1.LabelSelector)
|
||||||
}
|
}
|
||||||
yym10 := z.DecBinary()
|
yym11 := z.DecBinary()
|
||||||
_ = yym10
|
_ = yym11
|
||||||
if false {
|
if false {
|
||||||
} else if z.HasExtensions() && z.DecExt(x.PodSelector) {
|
} else if z.HasExtensions() && z.DecExt(x.PodSelector) {
|
||||||
} else {
|
} else {
|
||||||
z.DecFallback(x.PodSelector, false)
|
z.DecFallback(x.PodSelector, false)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
yyj8++
|
yyj9++
|
||||||
if yyhl8 {
|
if yyhl9 {
|
||||||
yyb8 = yyj8 > l
|
yyb9 = yyj9 > l
|
||||||
} else {
|
} else {
|
||||||
yyb8 = r.CheckBreak()
|
yyb9 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb8 {
|
if yyb9 {
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@@ -1453,26 +1730,47 @@ func (x *NetworkPolicyPeer) codecDecodeSelfFromArray(l int, d *codec1978.Decoder
|
|||||||
if x.NamespaceSelector == nil {
|
if x.NamespaceSelector == nil {
|
||||||
x.NamespaceSelector = new(pkg1_v1.LabelSelector)
|
x.NamespaceSelector = new(pkg1_v1.LabelSelector)
|
||||||
}
|
}
|
||||||
yym12 := z.DecBinary()
|
yym13 := z.DecBinary()
|
||||||
_ = yym12
|
_ = yym13
|
||||||
if false {
|
if false {
|
||||||
} else if z.HasExtensions() && z.DecExt(x.NamespaceSelector) {
|
} else if z.HasExtensions() && z.DecExt(x.NamespaceSelector) {
|
||||||
} else {
|
} else {
|
||||||
z.DecFallback(x.NamespaceSelector, false)
|
z.DecFallback(x.NamespaceSelector, false)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for {
|
yyj9++
|
||||||
yyj8++
|
if yyhl9 {
|
||||||
if yyhl8 {
|
yyb9 = yyj9 > l
|
||||||
yyb8 = yyj8 > l
|
|
||||||
} else {
|
} else {
|
||||||
yyb8 = r.CheckBreak()
|
yyb9 = r.CheckBreak()
|
||||||
}
|
}
|
||||||
if yyb8 {
|
if yyb9 {
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
|
if r.TryDecodeAsNil() {
|
||||||
|
if x.IPBlock != nil {
|
||||||
|
x.IPBlock = nil
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if x.IPBlock == nil {
|
||||||
|
x.IPBlock = new(IPBlock)
|
||||||
|
}
|
||||||
|
x.IPBlock.CodecDecodeSelf(d)
|
||||||
|
}
|
||||||
|
for {
|
||||||
|
yyj9++
|
||||||
|
if yyhl9 {
|
||||||
|
yyb9 = yyj9 > l
|
||||||
|
} else {
|
||||||
|
yyb9 = r.CheckBreak()
|
||||||
|
}
|
||||||
|
if yyb9 {
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
z.DecSendContainerState(codecSelfer_containerArrayElem1234)
|
||||||
z.DecStructFieldNotFound(yyj8-1, "")
|
z.DecStructFieldNotFound(yyj9-1, "")
|
||||||
}
|
}
|
||||||
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
z.DecSendContainerState(codecSelfer_containerArrayEnd1234)
|
||||||
}
|
}
|
||||||
@@ -2122,7 +2420,7 @@ func (x codecSelfer1234) decSliceNetworkPolicyPeer(v *[]NetworkPolicyPeer, d *co
|
|||||||
|
|
||||||
yyrg1 := len(yyv1) > 0
|
yyrg1 := len(yyv1) > 0
|
||||||
yyv21 := yyv1
|
yyv21 := yyv1
|
||||||
yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 16)
|
yyrl1, yyrt1 = z.DecInferLen(yyl1, z.DecBasicHandle().MaxInitLen, 24)
|
||||||
if yyrt1 {
|
if yyrt1 {
|
||||||
if yyrl1 <= cap(yyv1) {
|
if yyrl1 <= cap(yyv1) {
|
||||||
yyv1 = yyv1[:yyrl1]
|
yyv1 = yyv1[:yyrl1]
|
||||||
|
@@ -92,6 +92,20 @@ type NetworkPolicyPort struct {
|
|||||||
Port *intstr.IntOrString `json:"port,omitempty" protobuf:"bytes,2,opt,name=port"`
|
Port *intstr.IntOrString `json:"port,omitempty" protobuf:"bytes,2,opt,name=port"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IPBlock describes a particular CIDR (Ex. "192.168.1.1/24") that is allowed to the pods
|
||||||
|
// matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should
|
||||||
|
// not be included within this rule.
|
||||||
|
type IPBlock struct {
|
||||||
|
// CIDR is a string representing the IP Block
|
||||||
|
// Valid examples are "192.168.1.1/24"
|
||||||
|
CIDR string `json:"cidr" protobuf:"bytes,1,name=cidr"`
|
||||||
|
// Except is a slice of CIDRs that should not be included within an IP Block
|
||||||
|
// Valid examples are "192.168.1.1/24"
|
||||||
|
// Except values will be rejected if they are outside the CIDR range
|
||||||
|
// +optional
|
||||||
|
Except []string `json:"except,omitempty" protobuf:"bytes,2,rep,name=except"`
|
||||||
|
}
|
||||||
|
|
||||||
// NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields
|
// NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields
|
||||||
// must be specified.
|
// must be specified.
|
||||||
type NetworkPolicyPeer struct {
|
type NetworkPolicyPeer struct {
|
||||||
@@ -106,6 +120,10 @@ type NetworkPolicyPeer struct {
|
|||||||
// selector semantics. If present but empty, this selector selects all namespaces.
|
// selector semantics. If present but empty, this selector selects all namespaces.
|
||||||
// +optional
|
// +optional
|
||||||
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"`
|
NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty" protobuf:"bytes,2,opt,name=namespaceSelector"`
|
||||||
|
|
||||||
|
// IPBlock defines policy on a particular IPBlock
|
||||||
|
// +optional
|
||||||
|
IPBlock *IPBlock `json:"ipBlock,omitempty" protobuf:"bytes,3,rep,name=ipBlock"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||||
|
@@ -27,6 +27,16 @@ package v1
|
|||||||
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
|
// Those methods can be generated by using hack/update-generated-swagger-docs.sh
|
||||||
|
|
||||||
// AUTO-GENERATED FUNCTIONS START HERE
|
// AUTO-GENERATED FUNCTIONS START HERE
|
||||||
|
var map_IPBlock = map[string]string{
|
||||||
|
"": "IPBlock describes a particular CIDR (Ex. \"192.168.1.1/24\") that is allowed to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs that should not be included within this rule.",
|
||||||
|
"cidr": "CIDR is a string representing the IP Block Valid examples are \"192.168.1.1/24\"",
|
||||||
|
"except": "Except is a slice of CIDRs that should not be included within an IP Block Valid examples are \"192.168.1.1/24\" Except values will be rejected if they are outside the CIDR range",
|
||||||
|
}
|
||||||
|
|
||||||
|
func (IPBlock) SwaggerDoc() map[string]string {
|
||||||
|
return map_IPBlock
|
||||||
|
}
|
||||||
|
|
||||||
var map_NetworkPolicy = map[string]string{
|
var map_NetworkPolicy = map[string]string{
|
||||||
"": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
|
"": "NetworkPolicy describes what network traffic is allowed for a set of Pods",
|
||||||
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
|
"metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata",
|
||||||
@@ -61,6 +71,7 @@ var map_NetworkPolicyPeer = map[string]string{
|
|||||||
"": "NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields must be specified.",
|
"": "NetworkPolicyPeer describes a peer to allow traffic from. Exactly one of its fields must be specified.",
|
||||||
"podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.",
|
"podSelector": "This is a label selector which selects Pods in this namespace. This field follows standard label selector semantics. If present but empty, this selector selects all pods in this namespace.",
|
||||||
"namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
|
"namespaceSelector": "Selects Namespaces using cluster scoped-labels. This matches all pods in all namespaces selected by this label selector. This field follows standard label selector semantics. If present but empty, this selector selects all namespaces.",
|
||||||
|
"ipBlock": "IPBlock defines policy on a particular IPBlock",
|
||||||
}
|
}
|
||||||
|
|
||||||
func (NetworkPolicyPeer) SwaggerDoc() map[string]string {
|
func (NetworkPolicyPeer) SwaggerDoc() map[string]string {
|
||||||
|
@@ -39,6 +39,10 @@ func init() {
|
|||||||
// Deprecated: deepcopy registration will go away when static deepcopy is fully implemented.
|
// Deprecated: deepcopy registration will go away when static deepcopy is fully implemented.
|
||||||
func RegisterDeepCopies(scheme *runtime.Scheme) error {
|
func RegisterDeepCopies(scheme *runtime.Scheme) error {
|
||||||
return scheme.AddGeneratedDeepCopyFuncs(
|
return scheme.AddGeneratedDeepCopyFuncs(
|
||||||
|
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
|
||||||
|
in.(*IPBlock).DeepCopyInto(out.(*IPBlock))
|
||||||
|
return nil
|
||||||
|
}, InType: reflect.TypeOf(&IPBlock{})},
|
||||||
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
|
conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
|
||||||
in.(*NetworkPolicy).DeepCopyInto(out.(*NetworkPolicy))
|
in.(*NetworkPolicy).DeepCopyInto(out.(*NetworkPolicy))
|
||||||
return nil
|
return nil
|
||||||
@@ -66,6 +70,27 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
|
func (in *IPBlock) DeepCopyInto(out *IPBlock) {
|
||||||
|
*out = *in
|
||||||
|
if in.Except != nil {
|
||||||
|
in, out := &in.Except, &out.Except
|
||||||
|
*out = make([]string, len(*in))
|
||||||
|
copy(*out, *in)
|
||||||
|
}
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPBlock.
|
||||||
|
func (in *IPBlock) DeepCopy() *IPBlock {
|
||||||
|
if in == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
out := new(IPBlock)
|
||||||
|
in.DeepCopyInto(out)
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||||
func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) {
|
func (in *NetworkPolicy) DeepCopyInto(out *NetworkPolicy) {
|
||||||
*out = *in
|
*out = *in
|
||||||
@@ -179,6 +204,15 @@ func (in *NetworkPolicyPeer) DeepCopyInto(out *NetworkPolicyPeer) {
|
|||||||
(*in).DeepCopyInto(*out)
|
(*in).DeepCopyInto(*out)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if in.IPBlock != nil {
|
||||||
|
in, out := &in.IPBlock, &out.IPBlock
|
||||||
|
if *in == nil {
|
||||||
|
*out = nil
|
||||||
|
} else {
|
||||||
|
*out = new(IPBlock)
|
||||||
|
(*in).DeepCopyInto(*out)
|
||||||
|
}
|
||||||
|
}
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user