Commit Graph

112 Commits

Author SHA1 Message Date
Ricardo Katz
b7c82bb83c
Add EndPort to Network Policy - Alpha (#97058)
* Fix merge conflict in kube_features

* Add alpha support for EndPort in Network Policy

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Add alpha support for EndPort in Network Policy

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Add alpha support for EndPort in Network Policy

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Correct some nits

Signed-off-by: Ricardo Pchevuzinske Katz <ricardo.katz@gmail.com>

* Add alpha support for EndPort in Network Policy

* Add alpha support for EndPort in Network Policy

* Add alpha support for EndPort in Network Policy

* Add alpha support for EndPort in Network Policy
2021-02-01 19:24:28 -08:00
Dan Winship
3a110546ed Move SCTP to GA 2020-10-15 08:56:33 -04:00
Matthew Fenwick
d407129cf7 modify DNS-1123 error messages to indicate that RFC 1123 is not followed exactly 2020-09-02 08:04:04 -04:00
Kubernetes Prow Robot
008708d036
Merge pull request #93966 from Miciah/verify-that-an-ingress-with-empty-TLS-is-valid
Verify that an ingress with empty TLS is valid
2020-08-27 04:48:57 -07:00
Miciah Masters
e648deca3b Fix validation of ingress rules with wildcard host
Fix ingress validation so that it validates the rules of an ingress that
specifies a wildcard host.  Commit 60f4fbf4f2
added an inopportune continue statement that caused this validation to be
skipped.  For backwards compatibility, this change restores validation for
v1 of the api but still skips it on v1beta1.

* pkg/apis/networking/validation/validation.go (IngressValidationOptions):
Add AllowInvalidWildcardHostRule field to indicate that validation of rules
should be skipped for ingresses that specify wildcard hosts.
(ValidateIngressCreate): Set AllowInvalidWildcardHostRule to true if the
request is using the v1beta1 API version.
(ValidateIngressUpdate): Set AllowInvalidWildcardHostRule to true if the
request or old ingress is using the v1beta1 API version.
(validateIngressRules): Don't skip validation of the ingress rules unless
the ingress has a wildcard host and AllowInvalidWildcardHostRule is true.
(allowInvalidWildcardHostRule): New helper for ValidateIngressCreate and
ValidateIngressUpdate.
* pkg/apis/networking/validation/validation_test.go
(TestValidateIngressCreate, TestValidateIngressUpdate): Add test cases to
ensure that validation is performed on v1 objects and skipped on v1beta
objects for backwards compatibility.
(TestValidateIngressTLS): Specify PathType so that the test passes.

Co-authored-by: jordan@liggitt.net
2020-08-13 15:53:17 -04:00
Miciah Masters
7ef8fa7207 Verify that an ingress with empty TLS is valid
Add a test that verifies that an ingress with an empty TLS value or with a
TLS value that specifies an empty list of hosts passes validation.

* pkg/apis/networking/validation/validation_test.go
(TestValidateEmptyIngressTLS): New test.
2020-08-13 11:55:18 -04:00
Jordan Liggitt
f87a846e65 Validate ingress TLS secretName in v1 2020-08-12 10:13:08 -04:00
Christopher M. Luciano
2b091f60ca
ingress: Add Ingress to v1 API and update backend to defaultBackend
ingress: use new serviceBackend split

ingress: remove all v1beta1 restrictions on creation

This change removes creation and update restrictions enforced by
k8s 1.18 for not allowing resource backends.

Paths are no longer
required to be valid regex and a PathType is now user-specified
and no longer defaulted.

Also remove all TODOs in staging/net/v1 types

Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
2020-05-22 11:57:41 -04:00
Jordan Liggitt
1758d17689 Allow resource backends in Ingress 2020-05-12 15:38:19 -04:00
Jordan Liggitt
8f7b8105a1 Remove ingress regex path requirement 2020-05-12 15:38:15 -04:00
Jordan Liggitt
d879965808 Clean up list items listType 2020-03-31 23:08:08 -04:00
Kubernetes Prow Robot
3d46b7878c
Merge pull request #89018 from abhiraut/npTypes
Update code comment for NetworkPolicyPeer
2020-03-19 20:31:04 -07:00
Abhishek Raut
7cab5753de Update code comment for NetworkPolicyPeer
NetworkPolicyPeer in types has an outdated comment from the
times when it only supported ingress rules. Update the comment
to reflect the current usage of the field.
2020-03-17 21:40:18 -07:00
Rob Scott
a68d712f12
Removing ConfigMap as suggestion for IngressClass parameters
As this is a a local object reference from a global object, referencing a ConfigMap would not be possible. Controller specific custom resources are a much better fit here, allowing for better validation.
2020-03-12 11:15:34 -07:00
Christopher M. Luciano
912f05bafb
ingress: add alternate resource backend
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
2020-03-05 16:08:44 -05:00
Christopher M. Luciano
e931e30647
ingress: allow wildcard hosts in IngressRule
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
2020-03-05 13:44:48 -05:00
Rob Scott
f38904d6f4
Adding PathType to Ingress
Co-authored-by: Christopher M. Luciano <cmluciano@us.ibm.com>
2020-03-03 11:11:16 -08:00
Rob Scott
132d2afca0
Adding IngressClass to networking/v1beta1
Co-authored-by: Christopher M. Luciano <cmluciano@us.ibm.com>
2020-03-01 18:17:09 -08:00
Kubernetes Prow Robot
0c6470115e
Merge pull request #86578 from tnqn/except-validation
Validate Except of IPBlock for NetworkPolicy spec
2020-02-08 14:45:53 -08:00
Quan Tian
ea693833c8 Validate Except of IPBlock for NetworkPolicy spec
This patch enhances the validation of Except field that the values will
be rejected if they are not strictly within the CIDR range.
2020-02-05 01:35:44 +08:00
wojtekt
1fc80c57ee Autogenerated 2020-02-04 16:06:36 +01:00
Antonio Ojea
31e59fd5e3
Add ipv6 examples for network policy API
Add IPv6 examples to the network policy API
2019-12-27 22:47:20 +01:00
Kubernetes Prow Robot
5cb1ec5fea
Merge pull request #86298 from aojea/netpolicyv6
networkPolicy ipv6 unit tests validation
2019-12-18 10:37:57 -08:00
Antonio Ojea
f401d711aa
networkPolicy validation ipv6 unit tests
Add ipv6 cases to the validation unit tests.
2019-12-16 08:46:53 +01:00
Quan Tian
d07dd4bbed Fix NetworkPolicy PolicyTypes validation
The validation had an excess nested loop and also caused wrong
error feedback that all policyTypes input will be reported as
unsupported if any of them is wrong.
2019-11-29 16:02:38 +08:00
misakazhou
f0323a2030 Fix broken link to api-conventions doc.
Signed-off-by: misakazhou <misakazhou@tencent.com>
2019-08-29 08:35:16 +08:00
Johannes M. Scheuermann
94ce517212 Fix typo in network policy ingress rule 2019-06-26 19:27:09 +02:00
Chao Xu
369314959c generated 2019-05-24 18:14:53 -07:00
Andrew Kim
c919139245 update import of generic featuregate code from k8s.io/apiserver/pkg/util/feature -> k8s.io/component-base/featuregate 2019-05-08 10:01:50 -04:00
Christopher M. Luciano
b785f95130
organize sig-net-api-{reviewers,approvers} in OWNERS_ALIASES
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
2019-05-06 12:04:04 -04:00
Kubernetes Prow Robot
a2afe45366
Merge pull request #76991 from yue9944882/chore/cleanup-hub-genclient-tags
Clean up genclient tags for hub types
2019-04-30 14:11:12 -07:00
SataQiu
73ec7ad2d6 fix golint failures of pkg/apis/networking 2019-04-24 18:08:18 +08:00
yue9944882
71a58de48b clean up genclient tags for hub types 2019-04-24 16:53:21 +08:00
Jordan Liggitt
f139218ac0 generated files 2019-02-20 23:32:46 -05:00
Jordan Liggitt
8c28d3f63c Add networking.k8s.io/v1beta1 Ingress 2019-02-20 16:41:14 -05:00
Jordan Liggitt
6c0b1b87f0 generated files 2019-02-20 16:41:14 -05:00
Jordan Liggitt
47cb9559be Move internal Ingress type from extensions to networking 2019-02-20 16:41:12 -05:00
Kubernetes Prow Robot
7a5ea30b3d
Merge pull request #73961 from mattjmcnaughton/mattjmcnaughton/clarify-NetworkPolicy-policyTypes-in-docs
Clarify NetworkPolicy policyTypes in docs
2019-02-18 20:16:25 -08:00
Kubernetes Prow Robot
808f2cf0ef
Merge pull request #72525 from justinsb/owners_should_not_be_executable
Remove executable file permission from OWNERS files
2019-02-14 23:55:45 -08:00
mattjmcnaughton
41f05222e1 Clarify NetworkPolicy policyTypes in docs
Update the NetWorkPolicy `policyTypes` definition in the spec documentation so its
clear there are only three options: "Ingress", "Egress", and
"Ingress,Egress".
2019-02-14 09:28:50 -05:00
Kubernetes Prow Robot
5b7a790d35
Merge pull request #72185 from dcbw/owners-label-sig-network
OWNERS: add label:sig/network to a bunch of places
2019-02-08 10:36:16 -08:00
Kubernetes Prow Robot
b50c643be0
Merge pull request #73540 from rlenferink/patch-5
Updated OWNERS files to include link to docs
2019-02-08 09:05:56 -08:00
Jordan Liggitt
34ac165a44 Move conditional validation for SCTPSupport to validation functions with knowledge of old objects 2019-02-05 23:09:31 -05:00
Roy Lenferink
b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Justin SB
dd19b923b7
Remove executable file permission from OWNERS files 2019-01-11 16:42:59 -08:00
Dan Williams
2e339188ed OWNERS: add label:sig/network to a bunch of places 2018-12-19 00:00:02 -06:00
Jingyi Hu
61117761cd *: Remove comment tags in GoDoc
Adding blank line between comment tag and package name in doc.go. So
that the comment tags such as '+k8s:deepcopy-gen=package' do not show up
in GoDoc.
2018-09-13 20:27:32 -07:00
Laszlo Janosi
ebc16c31af bazel definition updated for pkg/apis/networking/validation/ 2018-08-27 05:59:50 +00:00
Laszlo Janosi
cbe94df8c6 gofmt update 2018-08-27 05:59:50 +00:00
Laszlo Janosi
e466bdc67e Changes according to the approved KEP. SCTP is supported for HostPort and LoadBalancer. Alpha feature flag SCTPSupport controls the support of SCTP. Kube-proxy config parameter is removed. 2018-08-27 05:58:36 +00:00