Skip to content

Commit 0819387

Browse files
tssuryatssurya
committed
Add support for selecting nodes as peers
Some FTR things: 1) As a peer a user can selector either namespaces, or pods or nodes. In a given rule more than 1 type of selection is not allowed. 2) An empty node selector means it selects all nodes in the cluster. Signed-off-by: Surya Seetharaman <[email protected]>
1 parent 639f674 commit 0819387

File tree

4 files changed

+206
-0
lines changed

4 files changed

+206
-0
lines changed

apis/v1alpha1/shared_types.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -109,6 +109,11 @@ type AdminNetworkPolicyPeer struct {
109109
// in a set of namespaces.
110110
// +optional
111111
Pods *NamespacedPodPeer `json:"pods,omitempty"`
112+
// Nodes defines a way to select a set of nodes in
113+
// in the cluster. This field follows standard label selector
114+
// semantics; if present but empty, it selects all Nodes.
115+
// +optional
116+
Nodes *metav1.LabelSelector `json:"nodes,omitempty"`
112117
}
113118

114119
// NamespacedPeer defines a flexible way to select Namespaces in a cluster.

apis/v1alpha1/zz_generated.deepcopy.go

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

config/crd/policy.networking.k8s.io_adminnetworkpolicies.yaml

Lines changed: 98 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -240,6 +240,55 @@ spec:
240240
maxItems: 100
241241
type: array
242242
type: object
243+
nodes:
244+
description: Nodes defines a way to select a set of nodes
245+
in in the cluster. This field follows standard label
246+
selector semantics; if present but empty, it selects
247+
all Nodes.
248+
properties:
249+
matchExpressions:
250+
description: matchExpressions is a list of label selector
251+
requirements. The requirements are ANDed.
252+
items:
253+
description: A label selector requirement is a selector
254+
that contains values, a key, and an operator that
255+
relates the key and values.
256+
properties:
257+
key:
258+
description: key is the label key that the selector
259+
applies to.
260+
type: string
261+
operator:
262+
description: operator represents a key's relationship
263+
to a set of values. Valid operators are In,
264+
NotIn, Exists and DoesNotExist.
265+
type: string
266+
values:
267+
description: values is an array of string values.
268+
If the operator is In or NotIn, the values
269+
array must be non-empty. If the operator is
270+
Exists or DoesNotExist, the values array must
271+
be empty. This array is replaced during a
272+
strategic merge patch.
273+
items:
274+
type: string
275+
type: array
276+
required:
277+
- key
278+
- operator
279+
type: object
280+
type: array
281+
matchLabels:
282+
additionalProperties:
283+
type: string
284+
description: matchLabels is a map of {key,value} pairs.
285+
A single {key,value} in the matchLabels map is equivalent
286+
to an element of matchExpressions, whose key field
287+
is "key", the operator is "In", and the values array
288+
contains only "value". The requirements are ANDed.
289+
type: object
290+
type: object
291+
x-kubernetes-map-type: atomic
243292
pods:
244293
description: Pods defines a way to select a set of pods
245294
in in a set of namespaces.
@@ -513,6 +562,55 @@ spec:
513562
maxItems: 100
514563
type: array
515564
type: object
565+
nodes:
566+
description: Nodes defines a way to select a set of nodes
567+
in in the cluster. This field follows standard label
568+
selector semantics; if present but empty, it selects
569+
all Nodes.
570+
properties:
571+
matchExpressions:
572+
description: matchExpressions is a list of label selector
573+
requirements. The requirements are ANDed.
574+
items:
575+
description: A label selector requirement is a selector
576+
that contains values, a key, and an operator that
577+
relates the key and values.
578+
properties:
579+
key:
580+
description: key is the label key that the selector
581+
applies to.
582+
type: string
583+
operator:
584+
description: operator represents a key's relationship
585+
to a set of values. Valid operators are In,
586+
NotIn, Exists and DoesNotExist.
587+
type: string
588+
values:
589+
description: values is an array of string values.
590+
If the operator is In or NotIn, the values
591+
array must be non-empty. If the operator is
592+
Exists or DoesNotExist, the values array must
593+
be empty. This array is replaced during a
594+
strategic merge patch.
595+
items:
596+
type: string
597+
type: array
598+
required:
599+
- key
600+
- operator
601+
type: object
602+
type: array
603+
matchLabels:
604+
additionalProperties:
605+
type: string
606+
description: matchLabels is a map of {key,value} pairs.
607+
A single {key,value} in the matchLabels map is equivalent
608+
to an element of matchExpressions, whose key field
609+
is "key", the operator is "In", and the values array
610+
contains only "value". The requirements are ANDed.
611+
type: object
612+
type: object
613+
x-kubernetes-map-type: atomic
516614
pods:
517615
description: Pods defines a way to select a set of pods
518616
in in a set of namespaces.

config/crd/policy.networking.k8s.io_baselineadminnetworkpolicies.yaml

Lines changed: 98 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -233,6 +233,55 @@ spec:
233233
maxItems: 100
234234
type: array
235235
type: object
236+
nodes:
237+
description: Nodes defines a way to select a set of nodes
238+
in in the cluster. This field follows standard label
239+
selector semantics; if present but empty, it selects
240+
all Nodes.
241+
properties:
242+
matchExpressions:
243+
description: matchExpressions is a list of label selector
244+
requirements. The requirements are ANDed.
245+
items:
246+
description: A label selector requirement is a selector
247+
that contains values, a key, and an operator that
248+
relates the key and values.
249+
properties:
250+
key:
251+
description: key is the label key that the selector
252+
applies to.
253+
type: string
254+
operator:
255+
description: operator represents a key's relationship
256+
to a set of values. Valid operators are In,
257+
NotIn, Exists and DoesNotExist.
258+
type: string
259+
values:
260+
description: values is an array of string values.
261+
If the operator is In or NotIn, the values
262+
array must be non-empty. If the operator is
263+
Exists or DoesNotExist, the values array must
264+
be empty. This array is replaced during a
265+
strategic merge patch.
266+
items:
267+
type: string
268+
type: array
269+
required:
270+
- key
271+
- operator
272+
type: object
273+
type: array
274+
matchLabels:
275+
additionalProperties:
276+
type: string
277+
description: matchLabels is a map of {key,value} pairs.
278+
A single {key,value} in the matchLabels map is equivalent
279+
to an element of matchExpressions, whose key field
280+
is "key", the operator is "In", and the values array
281+
contains only "value". The requirements are ANDed.
282+
type: object
283+
type: object
284+
x-kubernetes-map-type: atomic
236285
pods:
237286
description: Pods defines a way to select a set of pods
238287
in in a set of namespaces.
@@ -501,6 +550,55 @@ spec:
501550
maxItems: 100
502551
type: array
503552
type: object
553+
nodes:
554+
description: Nodes defines a way to select a set of nodes
555+
in in the cluster. This field follows standard label
556+
selector semantics; if present but empty, it selects
557+
all Nodes.
558+
properties:
559+
matchExpressions:
560+
description: matchExpressions is a list of label selector
561+
requirements. The requirements are ANDed.
562+
items:
563+
description: A label selector requirement is a selector
564+
that contains values, a key, and an operator that
565+
relates the key and values.
566+
properties:
567+
key:
568+
description: key is the label key that the selector
569+
applies to.
570+
type: string
571+
operator:
572+
description: operator represents a key's relationship
573+
to a set of values. Valid operators are In,
574+
NotIn, Exists and DoesNotExist.
575+
type: string
576+
values:
577+
description: values is an array of string values.
578+
If the operator is In or NotIn, the values
579+
array must be non-empty. If the operator is
580+
Exists or DoesNotExist, the values array must
581+
be empty. This array is replaced during a
582+
strategic merge patch.
583+
items:
584+
type: string
585+
type: array
586+
required:
587+
- key
588+
- operator
589+
type: object
590+
type: array
591+
matchLabels:
592+
additionalProperties:
593+
type: string
594+
description: matchLabels is a map of {key,value} pairs.
595+
A single {key,value} in the matchLabels map is equivalent
596+
to an element of matchExpressions, whose key field
597+
is "key", the operator is "In", and the values array
598+
contains only "value". The requirements are ANDed.
599+
type: object
600+
type: object
601+
x-kubernetes-map-type: atomic
504602
pods:
505603
description: Pods defines a way to select a set of pods
506604
in in a set of namespaces.

0 commit comments

Comments
 (0)