@@ -178,6 +178,195 @@ spec:
178178 x-kubernetes-map-type : atomic
179179 type : object
180180 type : array
181+ additionalNetworkPolicyIngress :
182+ description : AdditionalNetworkPolicyIngress lists additional ingress
183+ rules to append to created NetworkPolicy object. Useful for opening
184+ ports for ExtraContainers.
185+ items :
186+ description : NetworkPolicyIngressRule describes a particular set
187+ of traffic that is allowed to the pods matched by a NetworkPolicySpec's
188+ podSelector. The traffic must match both ports and from.
189+ properties :
190+ from :
191+ description : from is a list of sources which should be able
192+ to access the pods selected for this rule. Items in this list
193+ are combined using a logical OR operation. If this field is
194+ empty or missing, this rule matches all sources (traffic not
195+ restricted by source). If this field is present and contains
196+ at least one item, this rule allows traffic only if the traffic
197+ matches at least one item in the from list.
198+ items :
199+ description : NetworkPolicyPeer describes a peer to allow traffic
200+ to/from. Only certain combinations of fields are allowed
201+ properties :
202+ ipBlock :
203+ description : ipBlock defines policy on a particular IPBlock.
204+ If this field is set then neither of the other fields
205+ can be.
206+ properties :
207+ cidr :
208+ description : cidr is a string representing the IPBlock
209+ Valid examples are "192.168.1.0/24" or "2001:db8::/64"
210+ type : string
211+ except :
212+ description : except is a slice of CIDRs that should
213+ not be included within an IPBlock Valid examples
214+ are "192.168.1.0/24" or "2001:db8::/64" Except values
215+ will be rejected if they are outside the cidr range
216+ items :
217+ type : string
218+ type : array
219+ required :
220+ - cidr
221+ type : object
222+ namespaceSelector :
223+ description : " namespaceSelector selects namespaces using
224+ cluster-scoped labels. This field follows standard label
225+ selector semantics; if present but empty, it selects
226+ all namespaces. \n If podSelector is also set, then
227+ the NetworkPolicyPeer as a whole selects the pods matching
228+ podSelector in the namespaces selected by namespaceSelector.
229+ Otherwise it selects all pods in the namespaces selected
230+ by namespaceSelector."
231+ properties :
232+ matchExpressions :
233+ description : matchExpressions is a list of label selector
234+ requirements. The requirements are ANDed.
235+ items :
236+ description : A label selector requirement is a selector
237+ that contains values, a key, and an operator that
238+ relates the key and values.
239+ properties :
240+ key :
241+ description : key is the label key that the selector
242+ applies to.
243+ type : string
244+ operator :
245+ description : operator represents a key's relationship
246+ to a set of values. Valid operators are In,
247+ NotIn, Exists and DoesNotExist.
248+ type : string
249+ values :
250+ description : values is an array of string values.
251+ If the operator is In or NotIn, the values
252+ array must be non-empty. If the operator is
253+ Exists or DoesNotExist, the values array must
254+ be empty. This array is replaced during a
255+ strategic merge patch.
256+ items :
257+ type : string
258+ type : array
259+ required :
260+ - key
261+ - operator
262+ type : object
263+ type : array
264+ matchLabels :
265+ additionalProperties :
266+ type : string
267+ description : matchLabels is a map of {key,value} pairs.
268+ A single {key,value} in the matchLabels map is equivalent
269+ to an element of matchExpressions, whose key field
270+ is "key", the operator is "In", and the values array
271+ contains only "value". The requirements are ANDed.
272+ type : object
273+ type : object
274+ x-kubernetes-map-type : atomic
275+ podSelector :
276+ description : " podSelector is a label selector which selects
277+ pods. This field follows standard label selector semantics;
278+ if present but empty, it selects all pods. \n If namespaceSelector
279+ is also set, then the NetworkPolicyPeer as a whole selects
280+ the pods matching podSelector in the Namespaces selected
281+ by NamespaceSelector. Otherwise it selects the pods
282+ matching podSelector in the policy's own namespace."
283+ properties :
284+ matchExpressions :
285+ description : matchExpressions is a list of label selector
286+ requirements. The requirements are ANDed.
287+ items :
288+ description : A label selector requirement is a selector
289+ that contains values, a key, and an operator that
290+ relates the key and values.
291+ properties :
292+ key :
293+ description : key is the label key that the selector
294+ applies to.
295+ type : string
296+ operator :
297+ description : operator represents a key's relationship
298+ to a set of values. Valid operators are In,
299+ NotIn, Exists and DoesNotExist.
300+ type : string
301+ values :
302+ description : values is an array of string values.
303+ If the operator is In or NotIn, the values
304+ array must be non-empty. If the operator is
305+ Exists or DoesNotExist, the values array must
306+ be empty. This array is replaced during a
307+ strategic merge patch.
308+ items :
309+ type : string
310+ type : array
311+ required :
312+ - key
313+ - operator
314+ type : object
315+ type : array
316+ matchLabels :
317+ additionalProperties :
318+ type : string
319+ description : matchLabels is a map of {key,value} pairs.
320+ A single {key,value} in the matchLabels map is equivalent
321+ to an element of matchExpressions, whose key field
322+ is "key", the operator is "In", and the values array
323+ contains only "value". The requirements are ANDed.
324+ type : object
325+ type : object
326+ x-kubernetes-map-type : atomic
327+ type : object
328+ type : array
329+ ports :
330+ description : ports is a list of ports which should be made accessible
331+ on the pods selected for this rule. Each item in this list
332+ is combined using a logical OR. If this field is empty or
333+ missing, this rule matches all ports (traffic not restricted
334+ by port). If this field is present and contains at least one
335+ item, then this rule allows traffic only if the traffic matches
336+ at least one port in the list.
337+ items :
338+ description : NetworkPolicyPort describes a port to allow traffic
339+ on
340+ properties :
341+ endPort :
342+ description : endPort indicates that the range of ports
343+ from port to endPort if set, inclusive, should be allowed
344+ by the policy. This field cannot be defined if the port
345+ field is not defined or if the port field is defined
346+ as a named (string) port. The endPort must be equal
347+ or greater than port.
348+ format : int32
349+ type : integer
350+ port :
351+ anyOf :
352+ - type : integer
353+ - type : string
354+ description : port represents the port on the given protocol.
355+ This can either be a numerical or named port on a pod.
356+ If this field is not provided, this matches all port
357+ names and numbers. If present, only traffic on the specified
358+ protocol AND port will be matched.
359+ x-kubernetes-int-or-string : true
360+ protocol :
361+ default : TCP
362+ description : protocol represents the protocol (TCP, UDP,
363+ or SCTP) which traffic must match. If not specified,
364+ this field defaults to TCP.
365+ type : string
366+ type : object
367+ type : array
368+ type : object
369+ type : array
181370 affinity :
182371 description : If specified, the pod's scheduling constraints
183372 properties :
0 commit comments